last executing test programs: 17m11.310306239s ago: executing program 3 (id=201): sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @hoplimit={{0x14}}, @hopopts={{0xb0, 0x29, 0x36, {0x5e, 0x12, '\x00', [@generic={0xff, 0x22, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c3"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x20, {0x3, 0x6, 0x0, 0xfff, [0x2, 0x4, 0x966]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8}, @calipso={0x7, 0x20, {0x3, 0x6, 0x3, 0x7, [0x0, 0x8000, 0xffffffffffffff04]}}, @generic={0x1, 0x8, "2bdb86d1ce6a20c2"}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x11, 0x2, 0x2, 0x70, 0x0, [@mcast1]}}}], 0x150}}], 0x1, 0x810) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2000001, &(0x7f0000000300)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d339566b6d410", @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB="5a05"]) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/fib_triestat\x00') r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 17m10.371892654s ago: executing program 3 (id=205): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000fcffffff000000000800000018110000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) syz_open_dev$usbfs(&(0x7f0000000180), 0x6, 0x800) r1 = socket$tipc(0x1e, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000001c0)={0xfa, 0x3, 0x81}) sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) request_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)='GPL\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="0900000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="0200000001"], 0x48) fchdir(0xffffffffffffffff) 17m9.001416439s ago: executing program 3 (id=209): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) fsopen(0x0, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40081, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0xf9) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010027bd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000021000008001b00000000001c001a80"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) unshare(0x6a040400) 17m6.74392831s ago: executing program 3 (id=211): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) fsopen(0x0, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40081, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0xf9) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010027bd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000021000008001b00000000001c001a80"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) unshare(0x6a040400) 16m58.7045536s ago: executing program 3 (id=226): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) fsopen(0x0, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40081, 0x0) ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000000c0)=0xf9) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010027bd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000021000008001b00000000001c001a80"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) unshare(0x6a040400) 16m53.972547061s ago: executing program 3 (id=232): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsopen(0x0, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40081, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000000c0)=0xf9) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010027bd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000021000008001b00000000001c001a80"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 16m38.562699254s ago: executing program 32 (id=232): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsopen(0x0, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0cc5605, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40081, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x7) ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000000c0)=0xf9) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010027bd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000021000008001b00000000001c001a80"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 10m50.88623094s ago: executing program 5 (id=954): openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000010027bd70010000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000021000008001b00000000001c001a80"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 10m48.365162829s ago: executing program 5 (id=957): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3}, 0x18) connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3}, 0x18) sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='data', 0x4}}, 0x0) recvmsg$can_j1939(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/4, 0x4}], 0x1}, 0x0) (fail_nth: 3) 10m47.923740347s ago: executing program 5 (id=960): syz_80211_inject_frame(&(0x7f0000001280)=@broadcast, &(0x7f00000012c0)=@mgmt_frame=@assoc_resp={{{}, {0x3db8}, @device_b, @device_b, @from_mac=@device_b, {0x9, 0x8}}, 0x80, 0x53, @random=0x1, @val, @val={0x2d, 0x1a, {0x40, 0x2, 0x0, 0x0, {0x100000000, 0x80, 0x0, 0xa, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x6, 0xfffffff9, 0x1}}}, 0x3c) 10m46.880674949s ago: executing program 5 (id=964): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x24, &(0x7f0000000280)=0x80000001, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) socket(0x2, 0x805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f000001a400)=""/102384, 0x18ff0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) 10m44.205547909s ago: executing program 5 (id=968): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x25, 0x0, 0x3, 0xfffffffe}, {0x20}, {0x28, 0x0, 0x81, 0x1}]}) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="180000007800911fdabcf8b3077fa54a07"], 0xfe33) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) (async) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') (async) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0x401, 0x70bd29, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_SCI={0xc, 0x1, 0xffffffffffffffff}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) 10m42.019201862s ago: executing program 5 (id=980): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES8], 0x54}}, 0x8040) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28) socket(0x10, 0x3, 0x0) r2 = bpf$ITER_CREATE(0xb, 0x0, 0x0) close(r2) socket$kcm(0x29, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x60900, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x10000000000, 0x3, 0xfffffffffffffffe, 0x2, 0x7fffffff, 0x1, 0x8}, 0x0, &(0x7f00000002c0)={0x3fc, 0xfffffffffffffffe, 0x8, 0x2, 0x0, 0x0, 0x471d}, 0x0, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) lseek(r4, 0x4, 0x3) fsopen(&(0x7f0000000280)='incremental-fs\x00', 0x1) landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2, 0x3}, 0x18, 0x0) r5 = fanotify_init(0x40, 0x80000) readv(r5, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0xa880, 0x97) fanotify_mark(r5, 0x1, 0x40001019, r6, 0x0) 10m26.994045656s ago: executing program 33 (id=980): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES8], 0x54}}, 0x8040) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28) socket(0x10, 0x3, 0x0) r2 = bpf$ITER_CREATE(0xb, 0x0, 0x0) close(r2) socket$kcm(0x29, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x60900, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x10000000000, 0x3, 0xfffffffffffffffe, 0x2, 0x7fffffff, 0x1, 0x8}, 0x0, &(0x7f00000002c0)={0x3fc, 0xfffffffffffffffe, 0x8, 0x2, 0x0, 0x0, 0x471d}, 0x0, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) lseek(r4, 0x4, 0x3) fsopen(&(0x7f0000000280)='incremental-fs\x00', 0x1) landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2, 0x3}, 0x18, 0x0) r5 = fanotify_init(0x40, 0x80000) readv(r5, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0xa880, 0x97) fanotify_mark(r5, 0x1, 0x40001019, r6, 0x0) 9.068604195s ago: executing program 1 (id=2553): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000000)={0x3ff, 0xfffffffffffffff9, 0x1000000000000, 0xdc21, 0x0, 0x2000000f, 0x3}, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x101, &(0x7f00000002c0)) ioctl$TIOCL_SCROLLCONSOLE(r3, 0x541c, &(0x7f00000001c0)={0xd, 0xfae}) epoll_pwait(0xffffffffffffffff, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}], 0x6, 0x1c, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x11, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x437, 0x4, 0x0, {0x0, 0x0, 0x0, r5, 0x50483}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r5, 0x4400, 0x8002}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x9005}, 0x4000000) clock_gettime(0x3, 0x0) chmod(0x0, 0x22) mount$tmpfs(0x0, 0x0, &(0x7f0000000280), 0x2000001, 0x0) ioctl$USBDEVFS_WAIT_FOR_RESUME(0xffffffffffffffff, 0x5523) getegid() 8.998937244s ago: executing program 6 (id=2555): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) unshare(0x60040000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r3, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) r4 = fcntl$dupfd(r3, 0x406, r3) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r3, 0x29, 0x37, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x18) write$binfmt_elf64(r4, &(0x7f00000004c0)=ANY=[], 0xfffffdcf) 7.878533846s ago: executing program 6 (id=2557): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) unshare(0x60040000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) r5 = fcntl$dupfd(r4, 0x406, r4) setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) write$binfmt_elf64(r5, &(0x7f00000004c0)=ANY=[], 0xfffffdcf) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x17, 0x0, 'lblcr\x00', 0xd, 0x38, 0x5d}, 0x2c) socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local}) 5.722404013s ago: executing program 1 (id=2561): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) unshare(0x60040000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c) r5 = fcntl$dupfd(r4, 0x406, r4) setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) write$binfmt_elf64(r5, &(0x7f00000004c0)=ANY=[], 0xfffffdcf) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x17, 0x0, 'lblcr\x00', 0xd, 0x38, 0x5d}, 0x2c) socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local}) 3.896191674s ago: executing program 2 (id=2565): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x190) 3.838530615s ago: executing program 1 (id=2566): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r5, &(0x7f0000004200)='t', 0x1) sendfile(r5, r4, 0x0, 0x7fffffff) 3.60571963s ago: executing program 2 (id=2568): syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2ced, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x5, 0x77, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0xa, 0x64}}}}}]}}]}}, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x804}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x248) close(r2) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000340)=ANY=[]) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1020, 0x40000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) 3.451469951s ago: executing program 6 (id=2569): r0 = syz_clone(0xd000400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x4208, r0) 2.568217767s ago: executing program 6 (id=2572): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x100, @empty, 0x9}, 0x1c) close(0x3) 2.287361637s ago: executing program 6 (id=2575): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x40000000, @empty, 0x57}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x8, 0x4) writev(r0, 0x0, 0x0) 2.115196708s ago: executing program 6 (id=2577): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0xffff25d8, 0x0, 0xfffffffd}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private2}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24040081}, 0x880) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) writev(r1, &(0x7f00000005c0)=[{&(0x7f0000000100)="2e1221b24302ddf06712e9000d2f8db0049d90491c3248040000dba8a100"/42, 0x2a}, {&(0x7f0000000080)="00005d0eef08", 0x6}, {&(0x7f0000000240)="a43b2eaab40000000000", 0xa}], 0x100000000000011c) openat$iommufd(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r2 = socket$phonet(0x23, 0x2, 0x1) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000004240)={&(0x7f0000004100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000004200)={0x0}, 0x1, 0x0, 0x0, 0x840}, 0x40) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$phonet_pipe(0x23, 0x5, 0x2) r3 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$MRT6(r3, 0x29, 0xce, &(0x7f0000000040), &(0x7f00000000c0)=0x4) syz_usb_connect(0x0, 0x90, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cbe8d0205e040307c06e0102030109027e00010000000009044400000e0100000a240140000d0201020c240205010205090100010e0c240804010000a401883db20d240703020007e24dd0feeb710c24020603013f07ff00ea0e092403050101050109052406000005240000000d240f018d040000800004000f06241a0500180c"], 0x0) listen(0xffffffffffffffff, 0x7) 1.825774175s ago: executing program 2 (id=2579): r0 = socket(0x40000000015, 0x5, 0x0) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x123880, 0x0) ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f0000000300)) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) listen(r2, 0xf5f) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2140088, &(0x7f00000001c0)={[{@metacopy_off, 0x3a}], [], 0x2f}) mount$overlay(0x8c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x80480, 0xcd) r6 = socket$kcm(0xa, 0x1, 0x106) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0xfffffffd, @empty}, 0x80, 0x0}, 0x20000001) sendmsg$sock(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)}, 0x400c0) close_range(r0, 0xffffffffffffffff, 0x0) 930.87956ms ago: executing program 0 (id=2584): fchdir(0xffffffffffffffff) r0 = fanotify_init(0x40, 0x80000) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0xa880, 0x97) fanotify_mark(r0, 0x1, 0x40001019, r2, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) getdents64(r2, &(0x7f0000000200)=""/32, 0x20) 869.27222ms ago: executing program 4 (id=2585): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="210429bd7000fbdbdf250201000004000500050002000a00000014000700fc01"], 0x34}, 0x1, 0x0, 0x0, 0x4040}, 0x48014) 724.332198ms ago: executing program 4 (id=2586): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x4) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r2, 0x4, 0x3, 0x7, 0x4, 0x5}, 0x14) 703.466478ms ago: executing program 4 (id=2587): socket(0x10, 0x803, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/74, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) socket$vsock_stream(0x28, 0x1, 0x0) 700.897957ms ago: executing program 0 (id=2588): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800040000000000000000000000000085002000430000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x21, 0xffffffffffffffff, 0x0, 0x3, '\x00', 0x0, 0x38}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000080000006a0a01"], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x284}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) 603.407264ms ago: executing program 0 (id=2589): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xfffffffc, @empty, 0x7fffffff}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100030c1000ffffffa6224e0000", 0x58}], 0x1) 504.236927ms ago: executing program 4 (id=2590): r0 = socket(0x2, 0x3, 0x11) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x5, "bd6a44d869"}, &(0x7f0000000180)=0x29) 470.13081ms ago: executing program 0 (id=2591): r0 = socket(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0x10}], 0x1, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83a00fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe) 467.921894ms ago: executing program 2 (id=2592): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x14b}}]}, &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc641}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000080)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 402.361752ms ago: executing program 4 (id=2593): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e23, 0xdb, @empty}}, 0xffb, 0x203, 0xffff18b6, 0x6, 0x330, 0x80000001, 0xdb}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4c24, @empty}}, 0x6, 0x6}, 0x90) sendmsg$inet6(r1, &(0x7f0000000540)={&(0x7f0000000000)={0xa, 0x4e24, 0x8004, @ipv4={'\x00', '\xff\xff', @loopback}, 0x6}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000040)="f0", 0x1}], 0x1}, 0x20044004) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000001380)={0x0, @in={{0x2, 0x4e24, @loopback}}, 0xabb8, 0x67, 0xa4f, 0x0, 0x28, 0xffffff85, 0xa9}, 0x9c) 318.501273ms ago: executing program 4 (id=2594): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x400000c, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/address_bits', 0x40200, 0xf) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000000000000ffd, 0x0, 0x0, 0xd, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}}) semop(0x0, &(0x7f00000002c0), 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000200)={r0, 0x5, {0x0, 0x0, 0x0, 0x2c4e, 0xfd, 0x0, 0x12, 0x16, 0x0, "852585e0bbaec238fd2a8c6b3e651b7c12e252c66a45a7578e8311e1f995f132d314a3ce9ffb233623bb735117a2dc657c0b139e47e83b74d980775c690800", "7ea78b106f5310f928115f9f019be2b3158c04aaabac9ba8a434012e26918ba3e594ca029faec2621e97bf6720e45611e19676704464b9071c485c4b3225f160", "3cdddb333347780bbe72212c46051e24466c2808ed9cd74c8397ab886ab95e6d", [0x5, 0xeed]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 263.929692ms ago: executing program 2 (id=2595): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18cb88ff826aaa0a0f0000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000200)="63e4ed8e46080000003389f7f986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 258.143793ms ago: executing program 1 (id=2596): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000004000000b708000000000000dbaaf8fff1000000b50800006d0800007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000007200000085000000d000000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x1e, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) 197.659517ms ago: executing program 2 (id=2597): socket(0x2, 0x80805, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000940), 0x1, 0x100) ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x0, 0x0}, 0x6) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r1, 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x20, &(0x7f0000000280)={&(0x7f0000000080)=""/238, 0xffffffffffffff80, 0x0, 0x0}}, 0x1e) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f000012d000/0x3000)=nil, &(0x7f0000ffa000/0x3000)=nil, 0x0}, 0x68) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x274}, 0x10) r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x9315, 0x1f480, 0x0, 0x39d}) io_uring_enter(r3, 0x12a, 0xffffffdc, 0x17, 0x0, 0x0) 87.112516ms ago: executing program 0 (id=2598): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00') read$FUSE(r0, &(0x7f00000006c0)={0x2020}, 0x2020) lseek(r0, 0xffffffffffffffff, 0x1) 86.30501ms ago: executing program 1 (id=2599): socket$netlink(0x10, 0x3, 0x4) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb911"], 0xfdef) 272.11µs ago: executing program 0 (id=2600): r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0xee01, r1, 0x0) r2 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_LOCK(r2, 0xb) 0s ago: executing program 1 (id=2601): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x4}], 0x1, 0x0, 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x1) kernel console output (not intermixed with test programs): 295] ieee802154 phy0 wpan0: encryption failed: -22 [ 864.631443][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 865.133352][T13956] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 865.473019][T13955] FAULT_INJECTION: forcing a failure. [ 865.473019][T13955] name failslab, interval 1, probability 0, space 0, times 0 [ 865.596317][T13955] CPU: 0 UID: 0 PID: 13955 Comm: syz.2.1745 Tainted: G L syzkaller #0 PREEMPT(full) [ 865.596347][T13955] Tainted: [L]=SOFTLOCKUP [ 865.596353][T13955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 865.596363][T13955] Call Trace: [ 865.596369][T13955] [ 865.596375][T13955] dump_stack_lvl+0x100/0x190 [ 865.596407][T13955] should_fail_ex.cold+0x5/0xa [ 865.596429][T13955] ? tomoyo_encode2+0xfb/0x3c0 [ 865.596451][T13955] should_failslab+0xc2/0x120 [ 865.596466][T13955] __kmalloc_noprof+0xe0/0x850 [ 865.596482][T13955] ? d_absolute_path+0x136/0x1b0 [ 865.596501][T13955] tomoyo_encode2+0xfb/0x3c0 [ 865.596518][T13955] tomoyo_encode+0x29/0x50 [ 865.596533][T13955] tomoyo_realpath_from_path+0x18c/0x690 [ 865.596552][T13955] tomoyo_path_number_perm+0x23c/0x580 [ 865.596565][T13955] ? tomoyo_path_number_perm+0x22e/0x580 [ 865.596579][T13955] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 865.596606][T13955] ? find_held_lock+0x2b/0x80 [ 865.596620][T13955] ? __fget_files+0x215/0x3d0 [ 865.596630][T13955] ? hook_file_ioctl_common+0x146/0x410 [ 865.596651][T13955] ? __fget_files+0x21f/0x3d0 [ 865.596664][T13955] security_file_ioctl+0xd3/0x230 [ 865.596680][T13955] __x64_sys_ioctl+0xb7/0x210 [ 865.596697][T13955] do_syscall_64+0x106/0xf80 [ 865.596711][T13955] ? clear_bhb_loop+0x40/0x90 [ 865.596724][T13955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.596736][T13955] RIP: 0033:0x7fe10559c799 [ 865.596746][T13955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 865.596756][T13955] RSP: 002b:00007fe10637b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 865.596767][T13955] RAX: ffffffffffffffda RBX: 00007fe105815fa0 RCX: 00007fe10559c799 [ 865.596774][T13955] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000003 [ 865.596780][T13955] RBP: 00007fe10637b090 R08: 0000000000000000 R09: 0000000000000000 [ 865.596786][T13955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 865.596792][T13955] R13: 00007fe105816038 R14: 00007fe105815fa0 R15: 00007ffd096f5fb8 [ 865.596806][T13955] [ 865.596817][T13955] ERROR: Out of memory at tomoyo_realpath_from_path. [ 866.211907][ T30] audit: type=1400 audit(1773654211.632:588): avc: denied { ioctl } for pid=13954 comm="syz.2.1745" path="/dev/sg0" dev="devtmpfs" ino=764 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 866.336136][T13963] SELinux: failed to load policy [ 866.362031][ T30] audit: type=1400 audit(1773654211.832:589): avc: denied { load_policy } for pid=13962 comm="syz.1.1747" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 866.765662][T13970] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13970 comm=syz.2.1749 [ 867.118016][T13971] 9p: Bad value for 'rfdno' [ 867.613805][T13978] sp0: Synchronizing with TNC [ 868.026307][T13979] lo speed is unknown, defaulting to 1000 [ 869.905058][T13989] 9p: Bad value for 'rfdno' [ 870.201942][T11906] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 870.272980][T14000] sp1: Synchronizing with TNC [ 871.893099][T14001] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 871.922055][T11906] usb 5-1: Using ep0 maxpacket: 32 [ 872.236345][T11906] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 872.261853][T11906] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 872.270539][T11906] usb 5-1: config 0 has no interface number 0 [ 872.307948][T11906] usb 5-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 872.481849][T11906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 872.492097][T11906] usb 5-1: Product: syz [ 872.496261][T11906] usb 5-1: Manufacturer: syz [ 872.865322][T11906] usb 5-1: SerialNumber: syz [ 872.885466][T11906] usb 5-1: config 0 descriptor?? [ 872.930570][T11906] usb 5-1: can't set config #0, error -71 [ 872.948734][T11906] usb 5-1: USB disconnect, device number 33 [ 872.960177][ T30] audit: type=1400 audit(1773654218.572:590): avc: denied { read } for pid=14014 comm="syz.2.1762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 873.091957][ T10] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 873.251322][ T30] audit: type=1400 audit(1773654218.862:591): avc: denied { write } for pid=14023 comm="syz.6.1765" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 873.310383][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 873.341277][T14031] block nbd4: NBD_DISCONNECT [ 873.364203][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 873.402064][ T10] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 873.459733][ T10] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 873.498425][ T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 873.600492][ T5866] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 873.608479][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 873.621991][ T10] usb 2-1: Product: syz [ 873.626184][ T10] usb 2-1: Manufacturer: syz [ 873.630793][ T10] usb 2-1: SerialNumber: syz [ 873.640588][T14013] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 873.648792][ T10] cdc_mbim 2-1:1.0: skipping garbage [ 874.179676][T14039] kAFS: unable to lookup cell '' [ 874.186717][T14039] kAFS: unable to lookup cell '(,c' [ 874.238443][ T5866] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 874.280492][ T29] usb 5-1: new full-speed USB device number 34 using dummy_hcd [ 874.307359][ T5866] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 874.654133][ T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 874.665123][ T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 874.677089][ T5866] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 874.689961][ T29] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 874.694067][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 874.735469][ T5866] usb 1-1: Product: syz [ 874.739896][ T29] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 874.743537][ T5866] usb 1-1: Manufacturer: syz [ 874.763048][ T5866] usb 1-1: SerialNumber: syz [ 874.769168][T14044] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 874.830554][ T5866] usb 1-1: config 0 descriptor?? [ 874.831038][ T29] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 874.849955][ T5866] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 874.879339][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 875.006308][ T29] usb 5-1: Product: syz [ 875.010486][ T29] usb 5-1: Manufacturer: syz [ 875.027957][ T29] usb 5-1: SerialNumber: syz [ 875.473708][T14037] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 875.482869][ T29] cdc_mbim 5-1:1.0: skipping garbage [ 875.483242][ T10] cdc_mbim 2-1:1.0: bind() failure [ 875.526945][ T10] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 875.547426][ T10] cdc_ncm 2-1:1.1: bind() failure [ 875.583202][ T10] usb 2-1: USB disconnect, device number 36 [ 875.895405][T14053] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14053 comm=syz.1.1773 [ 876.012623][ T5866] gspca_sunplus: reg_r err -110 [ 876.375187][ T5866] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 877.651938][ T29] cdc_mbim 5-1:1.0: bind() failure [ 877.730408][ T29] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 877.781204][ T29] cdc_ncm 5-1:1.1: bind() failure [ 878.184440][ T29] usb 5-1: USB disconnect, device number 34 [ 878.215472][T14077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1777'. [ 878.231577][T14077] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1777'. [ 878.244914][T14077] kAFS: unable to lookup cell '(,c' [ 878.356766][T14078] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1776'. [ 878.540632][T14080] 9p: Bad value for 'rfdno' [ 878.736246][T14078] kAFS: unable to lookup cell '(,c' [ 878.798715][T14084] 9p: Bad value for 'rfdno' [ 879.066197][T11906] usb 1-1: USB disconnect, device number 32 [ 879.109862][T14090] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 879.273287][T14092] 9p: Bad value for 'rfdno' [ 880.162064][T11906] usb 3-1: new full-speed USB device number 36 using dummy_hcd [ 880.453577][T11906] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 880.884980][T11906] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 880.926489][T11906] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 881.042205][T11906] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 881.080415][T11906] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 881.089775][T11906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 881.106749][T11906] usb 3-1: Product: syz [ 881.125626][T11906] usb 3-1: Manufacturer: syz [ 881.140946][T11906] usb 3-1: SerialNumber: syz [ 881.172944][T14105] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 881.191447][T11906] cdc_mbim 3-1:1.0: skipping garbage [ 881.311882][ T10] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 881.602417][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 881.809031][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 881.869374][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 881.880452][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 881.890566][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 881.907555][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 881.920863][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 882.148585][ T10] usb 5-1: GET_CAPABILITIES returned 0 [ 882.155524][ T10] usbtmc 5-1:16.0: can't read capabilities [ 882.354221][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 882.479022][T14146] overlayfs: failed to clone lowerpath [ 882.788391][T14145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 882.835840][T14148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 882.914972][T14145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 882.935226][T11906] cdc_mbim 3-1:1.0: bind() failure [ 882.970455][T11906] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 883.131008][ T10] usb 5-1: USB disconnect, device number 35 [ 883.139430][T11906] cdc_ncm 3-1:1.1: bind() failure [ 883.165424][T11906] usb 3-1: USB disconnect, device number 36 [ 883.268326][T14158] sp0: Synchronizing with TNC [ 884.192120][ T7233] udevd[7233]: setting owner of /dev/bus/usb/003/036 to uid=0, gid=0 failed: No such file or directory [ 884.913307][T14162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1793'. [ 885.140362][T14168] FAULT_INJECTION: forcing a failure. [ 885.140362][T14168] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 885.220580][T14169] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14169 comm=syz.4.1797 [ 885.319835][T14168] CPU: 1 UID: 0 PID: 14168 Comm: syz.0.1796 Tainted: G L syzkaller #0 PREEMPT(full) [ 885.319864][T14168] Tainted: [L]=SOFTLOCKUP [ 885.319871][T14168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 885.319881][T14168] Call Trace: [ 885.319887][T14168] [ 885.319894][T14168] dump_stack_lvl+0x100/0x190 [ 885.319926][T14168] should_fail_ex.cold+0x5/0xa [ 885.319948][T14168] _copy_from_user+0x2e/0xd0 [ 885.319967][T14168] __sys_bpf+0x243/0x4b90 [ 885.319989][T14168] ? __pfx___sys_bpf+0x10/0x10 [ 885.320005][T14168] ? proc_fail_nth_write+0x9f/0x220 [ 885.320029][T14168] ? find_held_lock+0x2b/0x80 [ 885.320056][T14168] ? find_held_lock+0x2b/0x80 [ 885.320076][T14168] ? ksys_write+0x190/0x250 [ 885.320107][T14168] ? __mutex_unlock_slowpath+0x15c/0x790 [ 885.320132][T14168] ? __fget_files+0x215/0x3d0 [ 885.320162][T14168] ? fput+0x79/0x100 [ 885.320181][T14168] ? ksys_write+0x1ac/0x250 [ 885.320206][T14168] ? __pfx_ksys_write+0x10/0x10 [ 885.320236][T14168] __x64_sys_bpf+0x7b/0xc0 [ 885.320253][T14168] ? lockdep_hardirqs_on+0x78/0x100 [ 885.320275][T14168] do_syscall_64+0x106/0xf80 [ 885.320295][T14168] ? clear_bhb_loop+0x40/0x90 [ 885.320317][T14168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.320334][T14168] RIP: 0033:0x7ff99d79c799 [ 885.320349][T14168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 885.320365][T14168] RSP: 002b:00007ff99e6a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 885.320383][T14168] RAX: ffffffffffffffda RBX: 00007ff99da15fa0 RCX: 00007ff99d79c799 [ 885.320394][T14168] RDX: 0000000000000050 RSI: 00002000000009c0 RDI: 0000000000000000 [ 885.320405][T14168] RBP: 00007ff99e6a1090 R08: 0000000000000000 R09: 0000000000000000 [ 885.320415][T14168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 885.320425][T14168] R13: 00007ff99da16038 R14: 00007ff99da15fa0 R15: 00007ffca39fece8 [ 885.320448][T14168] [ 885.760777][ T30] audit: type=1400 audit(1773654231.372:592): avc: denied { bind } for pid=14172 comm="syz.6.1799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 887.207461][T14188] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 887.263598][T11906] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 887.461868][T11906] usb 5-1: Using ep0 maxpacket: 32 [ 887.471642][T11906] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 887.481276][T11906] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 887.508508][T11906] usb 5-1: config 0 has no interface number 0 [ 888.103938][T11906] usb 5-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 888.141882][T11906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 888.160179][T11906] usb 5-1: Product: syz [ 888.170139][T11906] usb 5-1: Manufacturer: syz [ 888.180218][T11906] usb 5-1: SerialNumber: syz [ 888.232413][T11906] usb 5-1: config 0 descriptor?? [ 888.367891][T14194] xt_TPROXY: Can be used only with -p tcp or -p udp [ 888.446394][T11906] uvcvideo 5-1:0.68: Found Unit with invalid ID 0 [ 888.462919][T11906] uvcvideo 5-1:0.68: Found UVC 0.40 device syz (045e:0703) [ 888.502062][T11906] uvcvideo 5-1:0.68: No valid video chain found. [ 888.535912][T11906] usb 5-1: USB disconnect, device number 36 [ 888.641245][ T30] audit: type=1326 audit(1773654234.252:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14172 comm="syz.6.1799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdba999c799 code=0x7fc00000 [ 889.221884][ T10] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 889.540707][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 889.620981][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 890.045156][ T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 890.069338][ T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 890.089216][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 890.101018][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 890.109694][ T10] usb 1-1: Product: syz [ 890.251877][ T10] usb 1-1: Manufacturer: syz [ 890.256492][ T10] usb 1-1: SerialNumber: syz [ 890.605118][T14218] lo speed is unknown, defaulting to 1000 [ 892.095357][T14224] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14224 comm=syz.4.1811 [ 892.852006][ T10] usb 1-1: can't set config #1, error -71 [ 892.858828][ T10] usb 1-1: USB disconnect, device number 33 [ 893.074908][T14234] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 896.123898][T14262] 9p: Bad value for 'rfdno' [ 898.700857][ T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 899.077579][T14288] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 899.200514][ T9] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 899.214338][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 900.345440][ T9] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 900.502844][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 900.521098][ T9] usb 5-1: Product: syz [ 900.541354][ T9] usb 5-1: Manufacturer: syz [ 900.582185][ T9] usb 5-1: SerialNumber: syz [ 900.613021][ T9] usb 5-1: config 0 descriptor?? [ 900.845556][ T9] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 901.669642][ T9] gspca_sunplus: reg_r err -110 [ 901.674614][ T9] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 901.884518][ T10] usb 5-1: USB disconnect, device number 37 [ 902.144637][T14316] netlink: 'syz.2.1833': attribute type 4 has an invalid length. [ 902.198275][T14317] autofs: Unknown parameter '' [ 902.222283][T14316] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1833'. [ 902.461845][T14317] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 902.563917][T14316] .`: renamed from bond0 (while UP) [ 902.741873][ T30] audit: type=1400 audit(1773654248.352:594): avc: denied { connect } for pid=14320 comm="syz.6.1835" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 902.811890][ T30] audit: type=1400 audit(1773654248.352:595): avc: denied { setopt } for pid=14320 comm="syz.6.1835" laddr=::1 lport=56213 faddr=::1 fport=19998 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 902.971028][ T30] audit: type=1400 audit(1773654248.352:596): avc: denied { write } for pid=14320 comm="syz.6.1835" laddr=::1 lport=56213 faddr=::1 fport=19998 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 903.832876][ T24] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 903.892689][T14331] netlink: 'syz.4.1838': attribute type 8 has an invalid length. [ 904.381891][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 904.405607][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 904.421858][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 904.434571][ T24] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 904.661249][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 904.678275][ T24] usb 3-1: config 0 descriptor?? [ 905.829514][T14357] autofs: Unknown parameter '' [ 906.077803][T14358] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 906.306427][T14366] 9p: Bad value for 'rfdno' [ 906.448190][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 906.454591][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 906.477395][ T24] usb 3-1: USB disconnect, device number 37 [ 908.979049][ T30] audit: type=1400 audit(1773654253.312:597): avc: denied { mount } for pid=14378 comm="syz.0.1850" name="/" dev="ramfs" ino=51779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 909.278562][ T30] audit: type=1804 audit(1773654253.332:598): pid=14383 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.1850" name="bus" dev="ramfs" ino=51780 res=1 errno=0 [ 910.092604][T14399] 9p: Bad value for 'rfdno' [ 910.114148][T14399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 910.216000][T14400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 910.287850][T14400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 910.306899][T14399] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1855'. [ 910.574026][ T10] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 912.260290][T14408] FAULT_INJECTION: forcing a failure. [ 912.260290][T14408] name failslab, interval 1, probability 0, space 0, times 0 [ 912.374550][T14408] CPU: 1 UID: 0 PID: 14408 Comm: syz.4.1857 Tainted: G L syzkaller #0 PREEMPT(full) [ 912.374578][T14408] Tainted: [L]=SOFTLOCKUP [ 912.374583][T14408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 912.374592][T14408] Call Trace: [ 912.374597][T14408] [ 912.374603][T14408] dump_stack_lvl+0x100/0x190 [ 912.374635][T14408] should_fail_ex.cold+0x5/0xa [ 912.374658][T14408] should_failslab+0xc2/0x120 [ 912.374675][T14408] __kmalloc_cache_noprof+0x7a/0x6f0 [ 912.374696][T14408] ? xdp_umem_create+0x4f/0x11e0 [ 912.374713][T14408] ? find_held_lock+0x2b/0x80 [ 912.374738][T14408] xdp_umem_create+0x4f/0x11e0 [ 912.374762][T14408] xsk_setsockopt+0x7d8/0xab0 [ 912.374779][T14408] ? __pfx_xsk_setsockopt+0x10/0x10 [ 912.374796][T14408] ? find_held_lock+0x2b/0x80 [ 912.374816][T14408] ? __fget_files+0x215/0x3d0 [ 912.374838][T14408] ? selinux_socket_setsockopt+0x6a/0x80 [ 912.374865][T14408] ? __pfx_xsk_setsockopt+0x10/0x10 [ 912.374882][T14408] do_sock_setsockopt+0xf3/0x1d0 [ 912.374910][T14408] __sys_setsockopt+0x195/0x220 [ 912.374935][T14408] __x64_sys_setsockopt+0xbd/0x160 [ 912.374955][T14408] ? do_syscall_64+0x95/0xf80 [ 912.374976][T14408] ? lockdep_hardirqs_on+0x78/0x100 [ 912.374998][T14408] do_syscall_64+0x106/0xf80 [ 912.375018][T14408] ? clear_bhb_loop+0x40/0x90 [ 912.375040][T14408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.375056][T14408] RIP: 0033:0x7f5d2a79c799 [ 912.375070][T14408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 912.375086][T14408] RSP: 002b:00007f5d2b660028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 912.375103][T14408] RAX: ffffffffffffffda RBX: 00007f5d2aa15fa0 RCX: 00007f5d2a79c799 [ 912.375114][T14408] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 912.375124][T14408] RBP: 00007f5d2b660090 R08: 0000000000000020 R09: 0000000000000000 [ 912.375133][T14408] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 912.375143][T14408] R13: 00007f5d2aa16038 R14: 00007f5d2aa15fa0 R15: 00007ffe858e9538 [ 912.375168][T14408] [ 912.459557][T14409] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1853'. [ 912.662012][T14409] netlink: 'syz.6.1853': attribute type 5 has an invalid length. [ 912.690229][T14409] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1853'. [ 912.701590][ T9688] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 912.720562][ T9688] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 912.750494][T14409] netlink: 'syz.6.1853': attribute type 5 has an invalid length. [ 912.764413][ T9688] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 912.831913][ T9688] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 912.883186][T14422] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1860'. [ 912.971900][T14423] kAFS: unable to lookup cell '' [ 913.014809][T14422] kAFS: unable to lookup cell '(,c' [ 915.014535][ T30] audit: type=1804 audit(1773654258.972:599): pid=14429 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1862" name="bus" dev="ramfs" ino=51930 res=1 errno=0 [ 915.412444][T14437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1863'. [ 915.424621][T14437] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1863'. [ 915.508584][T14437] kAFS: unable to lookup cell '' [ 915.522135][T14440] kAFS: unable to lookup cell '(,c' [ 915.650970][T14443] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1866'. [ 915.696141][T14443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 915.711720][T14438] SELinux: failed to load policy [ 915.924592][T14448] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 916.023483][T14448] SELinux: failed to load policy [ 917.130498][T14459] bad cache= option: no[dCȞXXޜ߽ew>jz"@ [ 917.130498][T14459] [ 917.205867][T14459] CIFS: VFS: bad cache= option: no[dCȞXXޜ߽ew>jz"@ [ 917.820156][ T30] audit: type=1804 audit(1773654263.432:600): pid=14474 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1874" name="bus" dev="ramfs" ino=51990 res=1 errno=0 [ 919.166364][ T29] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 919.181238][T14480] 9p: Bad value for 'rfdno' [ 919.780315][T14488] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14488 comm=syz.4.1879 [ 919.841409][ T29] usb 1-1: Using ep0 maxpacket: 16 [ 919.893871][ T29] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 919.967794][ T29] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 920.191771][ T29] usb 1-1: config 0 has no interface number 0 [ 920.205248][ T29] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 920.228924][ T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 920.237489][ T29] usb 1-1: Product: syz [ 920.241648][ T29] usb 1-1: Manufacturer: syz [ 920.246527][ T29] usb 1-1: SerialNumber: syz [ 920.262026][ T29] usb 1-1: config 0 descriptor?? [ 920.279300][ T29] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08d3) [ 920.417483][ T29] uvcvideo 1-1:0.105: No valid video chain found. [ 920.647232][ T29] usb 1-1: USB disconnect, device number 35 [ 921.359594][T14512] netlink: 'syz.2.1885': attribute type 4 has an invalid length. [ 921.367587][T14512] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1885'. [ 925.689993][T14540] 9p: Bad value for 'rfdno' [ 925.950230][T14547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14547 comm=syz.1.1894 [ 926.840802][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 926.849359][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 926.991948][T14548] sp0: Synchronizing with TNC [ 927.166981][T14549] lo speed is unknown, defaulting to 1000 [ 928.673287][T14558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1896'. [ 929.178487][ T30] audit: type=1400 audit(1773654274.792:601): avc: denied { bind } for pid=14559 comm="syz.4.1897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 929.207368][ T30] audit: type=1400 audit(1773654274.792:602): avc: denied { read } for pid=14559 comm="syz.4.1897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 929.514566][T14568] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14568 comm=syz.0.1898 [ 932.787392][T14600] block nbd2: NBD_DISCONNECT [ 934.610500][T14622] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14622 comm=syz.1.1912 [ 935.323859][T14626] 9p: Bad value for 'rfdno' [ 936.670090][ T10] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 936.873169][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 936.896528][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 936.917531][ T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 936.939998][ T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 937.022271][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 937.031287][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 937.066330][ T10] usb 1-1: Product: syz [ 937.080138][ T10] usb 1-1: Manufacturer: syz [ 937.190822][ T10] usb 1-1: SerialNumber: syz [ 937.652215][T14645] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 937.661621][ T10] cdc_mbim 1-1:1.0: skipping garbage [ 937.865160][ T10] cdc_mbim 1-1:1.0: bind() failure [ 937.872604][ T10] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 937.888551][ T10] cdc_ncm 1-1:1.1: bind() failure [ 937.942339][ T10] usb 1-1: USB disconnect, device number 36 [ 938.964125][T14673] 9p: Bad value for 'rfdno' [ 939.227399][T14678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14678 comm=syz.2.1926 [ 940.051437][T14688] overlayfs: failed to clone lowerpath [ 941.367807][ T30] audit: type=1400 audit(1773654286.982:603): avc: denied { name_connect } for pid=14697 comm="syz.0.1931" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 941.773896][ T30] audit: type=1400 audit(1773654287.392:604): avc: denied { setcurrent } for pid=14701 comm="syz.6.1930" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 942.385048][T14709] kAFS: unable to lookup cell '' [ 942.424630][T14709] kAFS: unable to lookup cell '(,c' [ 943.459510][ T10] usb 5-1: new full-speed USB device number 38 using dummy_hcd [ 943.709633][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 943.740603][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 943.752037][ T10] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 943.763855][ T10] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 943.823740][T14733] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14733 comm=syz.2.1938 [ 944.261026][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 944.300068][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 944.326028][ T10] usb 5-1: Product: syz [ 944.343589][ T10] usb 5-1: Manufacturer: syz [ 944.354652][ T10] usb 5-1: SerialNumber: syz [ 944.375724][T14717] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 944.421649][ T10] cdc_mbim 5-1:1.0: skipping garbage [ 944.611130][T14739] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 946.025102][T14756] 9p: Bad value for 'rfdno' [ 946.411955][ T10] cdc_mbim 5-1:1.0: bind() failure [ 946.420740][ T10] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 946.519325][ T10] cdc_ncm 5-1:1.1: bind() failure [ 946.547319][ T10] usb 5-1: USB disconnect, device number 38 [ 947.259197][T14774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 947.323309][T14776] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 947.393498][T14777] kAFS: unable to lookup cell '' [ 947.415423][T14775] 9p: Bad value for 'rfdno' [ 947.424116][T14777] kAFS: unable to lookup cell '(,c' [ 947.650633][T14784] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14784 comm=syz.0.1950 [ 948.526518][T14799] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 948.875448][T14797] futex_wake_op: syz.0.1954 tries to shift op by 32; fix this program [ 949.227909][T14804] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 950.033386][ T5886] usb 2-1: new full-speed USB device number 37 using dummy_hcd [ 950.051480][T14820] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1961'. [ 950.337501][T14820] kAFS: unable to lookup cell '' [ 950.379335][T14820] kAFS: unable to lookup cell '(,c' [ 950.421267][ T5886] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 950.501850][ T5886] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 950.565040][ T5886] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 950.613389][ T5886] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 950.745226][ T5886] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 950.754531][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 950.772247][ T5886] usb 2-1: Product: syz [ 950.780508][ T5886] usb 2-1: Manufacturer: syz [ 950.786464][ T5886] usb 2-1: SerialNumber: syz [ 950.805176][T14814] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 950.837417][ T5886] cdc_mbim 2-1:1.0: skipping garbage [ 951.232053][T14826] kAFS: unable to lookup cell '' [ 951.271659][T14826] kAFS: unable to lookup cell '(,c' [ 952.411963][ T29] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 952.542531][ T10] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 952.590894][ T29] usb 5-1: unable to get BOS descriptor or descriptor too short [ 952.600550][ T29] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 952.608327][ T29] usb 5-1: can't read configurations, error -71 [ 953.231934][ T5886] cdc_mbim 2-1:1.0: bind() failure [ 953.239375][ T5886] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 953.322003][ T5886] cdc_ncm 2-1:1.1: bind() failure [ 953.371916][ T5886] usb 2-1: USB disconnect, device number 37 [ 954.506953][T14853] FAULT_INJECTION: forcing a failure. [ 954.506953][T14853] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 954.520691][T14853] CPU: 0 UID: 0 PID: 14853 Comm: syz.0.1970 Tainted: G L syzkaller #0 PREEMPT(full) [ 954.520717][T14853] Tainted: [L]=SOFTLOCKUP [ 954.520723][T14853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 954.520733][T14853] Call Trace: [ 954.520739][T14853] [ 954.520745][T14853] dump_stack_lvl+0x100/0x190 [ 954.520778][T14853] should_fail_ex.cold+0x5/0xa [ 954.520797][T14853] ? prepare_alloc_pages+0x16d/0x5f0 [ 954.520819][T14853] should_fail_alloc_page+0xeb/0x140 [ 954.520838][T14853] prepare_alloc_pages+0x1f0/0x5f0 [ 954.520857][T14853] ? rcu_is_watching+0x12/0xc0 [ 954.520880][T14853] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 954.520905][T14853] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 954.520940][T14853] ? find_held_lock+0x2b/0x80 [ 954.520967][T14853] ? is_bpf_text_address+0x8a/0x1a0 [ 954.520992][T14853] ? is_bpf_text_address+0x8a/0x1a0 [ 954.521015][T14853] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 954.521038][T14853] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 954.521066][T14853] ? is_bpf_text_address+0x94/0x1a0 [ 954.521090][T14853] ? kernel_text_address+0x8d/0x100 [ 954.521110][T14853] ? __kernel_text_address+0xd/0x30 [ 954.521139][T14853] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 954.521164][T14853] ? policy_nodemask+0xed/0x4f0 [ 954.521184][T14853] alloc_pages_mpol+0x1fb/0x550 [ 954.521202][T14853] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 954.521219][T14853] ? do_raw_spin_lock+0x128/0x260 [ 954.521238][T14853] ? find_held_lock+0x2b/0x80 [ 954.521258][T14853] ? __pud_alloc+0x529/0x6e0 [ 954.521280][T14853] alloc_pages_noprof+0x131/0x390 [ 954.521298][T14853] __pmd_alloc+0x3b/0x950 [ 954.521315][T14853] ? __pud_alloc+0x52e/0x6e0 [ 954.521335][T14853] __handle_mm_fault+0xa99/0x2b60 [ 954.521361][T14853] ? mt_find+0x45e/0x8e0 [ 954.521386][T14853] ? __pfx___handle_mm_fault+0x10/0x10 [ 954.521406][T14853] ? __pfx_mt_find+0x10/0x10 [ 954.521443][T14853] ? find_vma+0xbf/0x140 [ 954.521459][T14853] ? __pfx_find_vma+0x10/0x10 [ 954.521478][T14853] handle_mm_fault+0x36d/0xa20 [ 954.521505][T14853] do_user_addr_fault+0x74c/0x12f0 [ 954.521533][T14853] exc_page_fault+0x6f/0xd0 [ 954.521555][T14853] asm_exc_page_fault+0x26/0x30 [ 954.521572][T14853] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 954.521599][T14853] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 954.521616][T14853] RSP: 0018:ffffc9000fd0fbe8 EFLAGS: 00050206 [ 954.521631][T14853] RAX: 0000000000000001 RBX: 0000000000000090 RCX: 0000000000000090 [ 954.521641][T14853] RDX: 0000000000000001 RSI: ffffc9000fd0fc60 RDI: 0000200000000240 [ 954.521652][T14853] RBP: 0000200000000240 R08: 0000000000000000 R09: fffff52001fa1f9d [ 954.521662][T14853] R10: ffffc9000fd0fcef R11: 0000000000000000 R12: ffffc9000fd0fc60 [ 954.521673][T14853] R13: 00002000000002d0 R14: 00007ffffffff000 R15: 0000000000000000 [ 954.521696][T14853] _copy_to_user+0xa4/0xd0 [ 954.521715][T14853] cp_new_stat+0x467/0x5c0 [ 954.521736][T14853] ? __pfx_cp_new_stat+0x10/0x10 [ 954.521766][T14853] ? find_held_lock+0x2b/0x80 [ 954.521790][T14853] ? ksys_write+0x190/0x250 [ 954.521813][T14853] ? ksys_write+0x190/0x250 [ 954.521838][T14853] ? putname+0xb6/0x110 [ 954.521860][T14853] __do_sys_newfstatat+0xbe/0x120 [ 954.521882][T14853] ? __pfx___do_sys_newfstatat+0x10/0x10 [ 954.521901][T14853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 954.521938][T14853] ? __pfx_ksys_write+0x10/0x10 [ 954.521977][T14853] do_syscall_64+0x106/0xf80 [ 954.521997][T14853] ? clear_bhb_loop+0x40/0x90 [ 954.522018][T14853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 954.522036][T14853] RIP: 0033:0x7ff99d79c799 [ 954.522050][T14853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 954.522066][T14853] RSP: 002b:00007ff99e6a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 954.522081][T14853] RAX: ffffffffffffffda RBX: 00007ff99da15fa0 RCX: 00007ff99d79c799 [ 954.522092][T14853] RDX: 0000200000000240 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 954.522103][T14853] RBP: 00007ff99e6a1090 R08: 0000000000000000 R09: 0000000000000000 [ 954.522112][T14853] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 954.522122][T14853] R13: 00007ff99da16038 R14: 00007ff99da15fa0 R15: 00007ffca39fece8 [ 954.522146][T14853] [ 955.301874][T12971] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 955.544766][T14864] sp0: Synchronizing with TNC [ 955.641515][T14864] lo speed is unknown, defaulting to 1000 [ 956.632098][T12971] usb 2-1: Using ep0 maxpacket: 16 [ 956.779167][T14868] kAFS: unable to lookup cell '' [ 956.784969][T14868] kAFS: unable to lookup cell '(,c' [ 956.873615][T12971] usb 2-1: device descriptor read/all, error -71 [ 957.144445][T14874] can: request_module (can-proto-0) failed. [ 957.361880][ T5886] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 957.516776][ T5886] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 957.540608][ T5886] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 957.559349][T14881] siw: device registration error -23 [ 957.593012][ T5886] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 957.604456][ T5886] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 957.703151][T14888] sp0: Synchronizing with TNC [ 957.718134][T14888] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1980'. [ 957.885936][T14889] lo speed is unknown, defaulting to 1000 [ 958.563295][T12971] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 958.606462][ T5886] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 958.615841][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 958.892538][T12971] usb 2-1: Using ep0 maxpacket: 32 [ 958.917835][T12971] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 958.988430][T12971] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 959.015395][ T5886] usb 1-1: Product: syz [ 959.020375][ T5886] usb 1-1: Manufacturer: syz [ 959.025746][ T5886] usb 1-1: SerialNumber: syz [ 959.033929][T14880] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 959.058173][ T5886] cdc_mbim 1-1:1.0: skipping garbage [ 959.061499][T12971] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 959.075218][T12971] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 959.093992][T12971] usb 2-1: config 0 descriptor?? [ 959.104041][T12971] hub 2-1:0.0: USB hub found [ 959.258212][ T5886] cdc_mbim 1-1:1.0: bind() failure [ 959.296235][ T5886] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 959.308035][T12971] hub 2-1:0.0: config failed, can't read hub descriptor (err -90) [ 959.320528][ T5886] cdc_ncm 1-1:1.1: bind() failure [ 959.336646][ T5886] usb 1-1: USB disconnect, device number 37 [ 959.513935][T12971] usbhid 2-1:0.0: can't add hid device: -71 [ 959.519949][T12971] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 959.554405][T12971] usb 2-1: USB disconnect, device number 39 [ 962.020688][T14927] block nbd6: NBD_DISCONNECT [ 962.918284][T14938] can: request_module (can-proto-0) failed. [ 963.137511][T14941] siw: device registration error -23 [ 963.716679][T14953] 9p: Bad value for 'rfdno' [ 963.722235][T14952] 9p: Bad value for 'rfdno' [ 963.911915][ T792] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 964.150099][ T792] usb 5-1: Using ep0 maxpacket: 32 [ 964.159056][ T792] usb 5-1: unable to get BOS descriptor or descriptor too short [ 964.168051][ T792] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 964.181866][ T792] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 964.211043][ T792] usb 5-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 964.243934][ T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.284301][ T792] usb 5-1: Product: syz [ 964.307643][ T792] usb 5-1: Manufacturer: syz [ 964.470336][ T792] usb 5-1: SerialNumber: syz [ 964.772082][T14948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 964.786337][T14948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 965.809465][T14979] fuse: Unknown parameter '000000000000000000070x0000000000000005' [ 966.054849][T14983] 9p: Bad value for 'rfdno' [ 966.077709][T14983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 966.187995][T14984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 966.263386][T14984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 966.285935][T14983] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2007'. [ 966.457932][ T792] usb 5-1: USB disconnect, device number 41 [ 967.541885][T10454] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 967.738050][T10454] usb 1-1: Using ep0 maxpacket: 8 [ 967.774062][T10454] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 967.784442][T10454] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 967.807050][T10454] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 967.824578][T10454] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 967.839727][T10454] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 967.931541][T10454] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 968.351904][T10454] usb 1-1: GET_CAPABILITIES returned 0 [ 968.370669][T10454] usbtmc 1-1:16.0: can't read capabilities [ 968.617506][T15019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 968.637134][T15019] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 968.655425][T15002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 968.703786][ T29] usb 1-1: USB disconnect, device number 38 [ 969.481184][ T29] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 969.649817][ T29] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 969.873398][ T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 969.896748][ T29] usb 5-1: config 0 descriptor?? [ 970.168599][T15038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15038 comm=syz.1.2022 [ 970.521605][T15037] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0 [ 970.538847][T15037] PKCS7: Only support pkcs7_signedData type [ 970.558106][T15037] loop2: detected capacity change from 0 to 7 [ 970.577248][ T7233] loop2: p1 [ 970.583610][ T7233] loop2: partition table partially beyond EOD, truncated [ 970.597692][ T7233] loop2: p1 size 1919251295 extends beyond EOD, truncated [ 970.640732][T15037] loop2: p1 [ 970.644086][T15037] loop2: partition table partially beyond EOD, truncated [ 970.651663][T15037] loop2: p1 size 1919251295 extends beyond EOD, truncated [ 970.733939][ T7233] udevd[7233]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 970.832535][ T7233] udevd[7233]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 971.730136][T15023] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2020'. [ 971.739292][T15023] netlink: 'syz.4.2020': attribute type 5 has an invalid length. [ 971.827839][T15023] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2020'. [ 971.842677][T15023] netlink: 'syz.4.2020': attribute type 5 has an invalid length. [ 971.863511][ T29] usb 5-1: Cannot set autoneg [ 971.868269][ T29] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 971.888359][ T29] usb 5-1: USB disconnect, device number 42 [ 973.625684][T15074] 9p: Bad value for 'rfdno' [ 973.689974][T15076] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size. [ 975.234471][T15096] 9p: Bad value for 'wfdno' [ 975.801007][T15102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 975.855783][ T30] audit: type=1400 audit(1773654321.472:605): avc: denied { mount } for pid=15089 comm="syz.1.2037" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 976.281263][T15113] 9p: Bad value for 'rfdno' [ 976.378610][ T30] audit: type=1400 audit(1773654321.992:606): avc: denied { unmount } for pid=5803 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 976.640969][T15124] 9p: Bad value for 'rfdno' [ 977.090005][T15129] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2043'. [ 977.186088][T15131] mkiss: ax0: crc mode is auto. [ 977.205018][ T30] audit: type=1400 audit(1773654322.812:607): avc: denied { name_bind } for pid=15130 comm="syz.0.2046" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 977.831181][T15148] 9p: Bad value for 'rfdno' [ 979.021852][T15163] 9p: Bad value for 'wfdno' [ 979.244293][T15168] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15168 comm=syz.0.2055 [ 980.908406][T15186] netlink: 'syz.6.2059': attribute type 23 has an invalid length. [ 981.272532][ T30] audit: type=1400 audit(1773654326.372:608): avc: denied { write } for pid=15185 comm="syz.6.2059" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 981.602873][T15195] FAULT_INJECTION: forcing a failure. [ 981.602873][T15195] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 981.662686][T15195] CPU: 1 UID: 0 PID: 15195 Comm: syz.4.2063 Tainted: G L syzkaller #0 PREEMPT(full) [ 981.662714][T15195] Tainted: [L]=SOFTLOCKUP [ 981.662721][T15195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 981.662730][T15195] Call Trace: [ 981.662736][T15195] [ 981.662742][T15195] dump_stack_lvl+0x100/0x190 [ 981.662773][T15195] should_fail_ex.cold+0x5/0xa [ 981.662795][T15195] _copy_from_user+0x2e/0xd0 [ 981.662812][T15195] sg_io+0x2c7/0xd60 [ 981.662839][T15195] scsi_cdrom_send_packet+0x265/0x620 [ 981.662864][T15195] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 981.662898][T15195] ? avc_has_extended_perms+0x484/0x1080 [ 981.662922][T15195] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 981.662944][T15195] scsi_ioctl+0x4b5/0x1840 [ 981.662963][T15195] ? __pfx___might_resched+0x10/0x10 [ 981.662978][T15195] ? __pfx_scsi_ioctl+0x10/0x10 [ 981.662994][T15195] ? tomoyo_path_number_perm+0x188/0x580 [ 981.663008][T15195] ? __pfx_scsi_block_when_processing_errors+0x10/0x10 [ 981.663032][T15195] sg_ioctl+0x966/0x2730 [ 981.663049][T15195] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 981.663067][T15195] ? __pfx_sg_ioctl+0x10/0x10 [ 981.663083][T15195] ? __fget_files+0x215/0x3d0 [ 981.663094][T15195] ? hook_file_ioctl_common+0x146/0x410 [ 981.663115][T15195] ? selinux_file_ioctl+0x139/0x290 [ 981.663129][T15195] ? selinux_file_ioctl+0xb4/0x290 [ 981.663145][T15195] ? __pfx_sg_ioctl+0x10/0x10 [ 981.663160][T15195] __x64_sys_ioctl+0x18e/0x210 [ 981.663177][T15195] do_syscall_64+0x106/0xf80 [ 981.663191][T15195] ? clear_bhb_loop+0x40/0x90 [ 981.663204][T15195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.663215][T15195] RIP: 0033:0x7f5d2a79c799 [ 981.663225][T15195] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 981.663234][T15195] RSP: 002b:00007f5d2b660028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 981.663246][T15195] RAX: ffffffffffffffda RBX: 00007f5d2aa15fa0 RCX: 00007f5d2a79c799 [ 981.663253][T15195] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000003 [ 981.663259][T15195] RBP: 00007f5d2b660090 R08: 0000000000000000 R09: 0000000000000000 [ 981.663265][T15195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 981.663271][T15195] R13: 00007f5d2aa16038 R14: 00007f5d2aa15fa0 R15: 00007ffe858e9538 [ 981.663284][T15195] [ 981.910160][ T10] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 982.071861][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 982.128561][ T10] usb 3-1: config 8 has an invalid interface number: 39 but max is 0 [ 982.260384][T15208] sp0: Synchronizing with TNC [ 983.121840][ T10] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 983.136113][ T10] usb 3-1: config 8 has no interface number 0 [ 983.142675][ T10] usb 3-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 983.900894][ T10] usb 3-1: config 8 interface 39 has no altsetting 0 [ 984.033010][ T10] usb 3-1: string descriptor 0 read error: -71 [ 984.063723][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 984.124099][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 984.187946][T15220] 9p: Bad value for 'rfdno' [ 984.197913][ T10] usb 3-1: can't set config #8, error -71 [ 984.227152][ T10] usb 3-1: USB disconnect, device number 39 [ 985.118442][T15231] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 985.144417][T15231] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2073'. [ 986.048593][ T30] audit: type=1400 audit(1773654331.642:609): avc: denied { create } for pid=15240 comm="syz.1.2075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 986.104056][T15245] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2074'. [ 986.294402][T15245] kAFS: unable to lookup cell '' [ 986.310011][T15245] kAFS: unable to lookup cell '(,c' [ 987.071843][ T10] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 987.505148][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 987.511467][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 988.882033][ T792] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 988.895847][T15277] block nbd0: NBD_DISCONNECT [ 989.066020][ T792] usb 3-1: Using ep0 maxpacket: 16 [ 989.083597][ T792] usb 3-1: config 8 has an invalid interface number: 39 but max is 0 [ 989.097906][T15283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 989.103019][ T792] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 989.154967][ T792] usb 3-1: config 8 has no interface number 0 [ 989.183671][ T792] usb 3-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 989.504442][ T792] usb 3-1: config 8 interface 39 has no altsetting 0 [ 989.538347][ T792] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 989.557271][ T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 989.571968][ T792] usb 3-1: Product: syz [ 989.576170][ T792] usb 3-1: Manufacturer: syz [ 989.586319][ T792] usb 3-1: SerialNumber: syz [ 989.724882][T15289] kAFS: unable to lookup cell '' [ 989.732409][T15289] kAFS: unable to lookup cell '(,c' [ 991.217428][T15300] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 991.468941][ T792] ipheth 3-1:8.39: Unable to find endpoints [ 991.676988][ T792] usb 3-1: USB disconnect, device number 40 [ 991.801973][ T29] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 992.163347][ T29] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 992.262790][ T29] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 992.302242][ T29] usb 2-1: config 0 descriptor?? [ 992.458110][T15315] sp0: Synchronizing with TNC [ 992.926874][T15316] lo speed is unknown, defaulting to 1000 [ 994.049524][T15319] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2095'. [ 994.061145][T15319] kAFS: unable to lookup cell '' [ 994.066668][T15319] kAFS: unable to lookup cell '(,c' [ 994.753153][ T29] usb 2-1: Cannot set autoneg [ 994.757946][ T29] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 994.940332][T15327] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 995.119433][T15305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2093'. [ 995.142037][T15305] netlink: 'syz.1.2093': attribute type 5 has an invalid length. [ 995.213430][T15305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2093'. [ 995.266797][T15305] netlink: 'syz.1.2093': attribute type 5 has an invalid length. [ 995.809383][ T792] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 996.031838][ T792] usb 5-1: Using ep0 maxpacket: 8 [ 996.042175][ T792] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 996.057216][ T792] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 996.081317][ T792] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 996.194539][ T792] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 996.211154][ T792] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 996.220406][ T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 996.329257][T10538] usb 2-1: USB disconnect, device number 40 [ 996.547722][T15350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 996.617672][T15353] siw: device registration error -23 [ 996.690786][T15352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 996.981518][T15350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 997.024473][ T792] usb 5-1: usb_control_msg returned -71 [ 997.041594][ T792] usbtmc 5-1:16.0: can't read capabilities [ 997.071055][ T792] usb 5-1: USB disconnect, device number 44 [ 998.091839][ T5866] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 998.329986][ T5866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 998.402677][ T5866] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 998.845189][T15375] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 998.949238][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 999.116523][ T5866] usb 1-1: config 0 descriptor?? [ 999.153619][ T5866] pwc: Askey VC010 type 2 USB webcam detected. [ 999.226752][T15380] 9p: Bad value for 'rfdno' [ 999.606669][T15391] sp0: Synchronizing with TNC [ 1001.454041][ T5866] pwc: recv_control_msg error -71 req 02 val 2b00 [ 1001.470065][ T5866] pwc: recv_control_msg error -71 req 02 val 2700 [ 1001.551154][ T5866] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1001.680863][ T5866] pwc: recv_control_msg error -71 req 04 val 1000 [ 1001.694942][ T5866] pwc: recv_control_msg error -71 req 04 val 1300 [ 1001.701888][ T5866] pwc: recv_control_msg error -71 req 04 val 1400 [ 1001.712117][ T5866] pwc: recv_control_msg error -71 req 02 val 2000 [ 1001.721906][ T5866] pwc: recv_control_msg error -71 req 02 val 2100 [ 1001.728827][ T5866] pwc: recv_control_msg error -71 req 04 val 1500 [ 1001.750811][ T5866] pwc: recv_control_msg error -71 req 02 val 2500 [ 1001.810620][ T5866] pwc: recv_control_msg error -71 req 02 val 2400 [ 1001.818248][ T5866] pwc: recv_control_msg error -71 req 02 val 2600 [ 1001.828644][ T5866] pwc: recv_control_msg error -71 req 02 val 2900 [ 1001.837638][T15393] vivid-000: disconnect [ 1001.842242][ T5866] pwc: recv_control_msg error -71 req 02 val 2800 [ 1001.853057][ T5866] pwc: recv_control_msg error -71 req 04 val 1100 [ 1001.982283][ T5866] pwc: recv_control_msg error -71 req 04 val 1200 [ 1001.998320][ T5866] pwc: Registered as video103. [ 1002.018346][ T5866] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input76 [ 1002.196343][ T30] audit: type=1400 audit(1773654347.722:610): avc: denied { map } for pid=15392 comm="syz.0.2114" path="/dev/swradio0" dev="devtmpfs" ino=956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1002.474860][ T5866] usb 1-1: USB disconnect, device number 39 [ 1002.481983][ T10] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1002.538687][T15400] can: request_module (can-proto-0) failed. [ 1002.561882][T15392] vivid-000: reconnect [ 1002.733280][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1002.814129][T15405] siw: device registration error -23 [ 1003.149342][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1003.162347][ T10] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1003.171389][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1003.219080][ T10] usb 3-1: config 0 descriptor?? [ 1003.248312][ T10] hdpvr 3-1:0.0: Could not find bulk-in endpoint [ 1003.257910][ T10] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 1004.624169][T15396] 9p: Bad value for 'rfdno' [ 1005.954943][ T5866] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 1006.674039][ T5886] usb 3-1: USB disconnect, device number 41 [ 1006.871053][T15429] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1008.192036][ T30] audit: type=1400 audit(1773654353.802:611): avc: denied { append } for pid=15440 comm="syz.1.2126" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1008.312860][T15448] sp0: Synchronizing with TNC [ 1011.005479][T15455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2126'. [ 1011.024691][T15455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2126'. [ 1011.037926][T15455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2126'. [ 1011.050244][T15455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2126'. [ 1011.069048][T15455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2126'. [ 1012.241841][ T5886] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1012.479580][ T5886] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1012.488717][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1012.506493][ T5886] usb 2-1: config 0 descriptor?? [ 1014.041986][ T792] usb 3-1: new full-speed USB device number 42 using dummy_hcd [ 1014.049616][T10538] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1014.274586][T15470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2132'. [ 1014.296008][T15470] netlink: 'syz.1.2132': attribute type 5 has an invalid length. [ 1014.327696][T10538] usb 5-1: Using ep0 maxpacket: 32 [ 1014.364198][T15470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2132'. [ 1014.437530][T10538] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 1014.498503][T15470] netlink: 'syz.1.2132': attribute type 5 has an invalid length. [ 1014.624275][T10538] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1014.635757][T10538] usb 5-1: config 0 has no interface number 0 [ 1014.821092][T10538] usb 5-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 1014.830771][ T5886] usb 2-1: Cannot set autoneg [ 1014.836032][ T5886] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1014.840501][T10538] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1014.962002][T10454] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1014.962035][T10538] usb 5-1: Product: syz [ 1014.974213][T10538] usb 5-1: Manufacturer: syz [ 1014.978836][T10538] usb 5-1: SerialNumber: syz [ 1014.992812][T10538] usb 5-1: config 0 descriptor?? [ 1014.993196][ T5886] usb 2-1: USB disconnect, device number 41 [ 1015.272272][T10538] uvcvideo 5-1:0.68: Found Unit with invalid ID 0 [ 1015.302654][T10454] usb 1-1: Using ep0 maxpacket: 32 [ 1015.305989][T10538] uvcvideo 5-1:0.68: Found UVC 0.40 device syz (045e:0703) [ 1015.437057][T10538] uvcvideo 5-1:0.68: No valid video chain found. [ 1015.462992][T10538] usb 5-1: USB disconnect, device number 45 [ 1015.664561][T10454] usb 1-1: config 0 has an invalid interface number: 68 but max is 0 [ 1015.678327][T10454] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1015.700839][T10454] usb 1-1: config 0 has no interface number 0 [ 1016.662293][T10454] usb 1-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 1016.671343][T10454] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1016.679710][T10454] usb 1-1: Product: syz [ 1016.683884][T10454] usb 1-1: Manufacturer: syz [ 1016.688453][T10454] usb 1-1: SerialNumber: syz [ 1016.769689][T15528] sp0: Synchronizing with TNC [ 1017.670672][T10454] usb 1-1: config 0 descriptor?? [ 1018.841352][T10454] usb 1-1: can't set config #0, error -71 [ 1018.914930][T10454] usb 1-1: USB disconnect, device number 41 [ 1019.715623][T15539] overlayfs: failed to clone lowerpath [ 1020.472549][T15551] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1022.189527][T15565] sp0: Synchronizing with TNC [ 1022.203089][T15565] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2150'. [ 1022.305195][T15566] lo speed is unknown, defaulting to 1000 [ 1025.262550][ T10] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 1026.886259][ T30] audit: type=1400 audit(1773654372.182:612): avc: denied { append } for pid=15585 comm="syz.2.2158" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1026.909505][T15599] kAFS: unable to lookup cell '' [ 1026.915161][T15600] kAFS: unable to lookup cell '(,c' [ 1027.216400][T15602] 9p: Bad value for 'rfdno' [ 1027.532025][ T10] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1027.541855][T15378] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1027.830276][T15615] 9p: Bad value for 'rfdno' [ 1027.842179][T15378] usb 5-1: Using ep0 maxpacket: 8 [ 1027.848421][ T10] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1027.869659][T15378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1027.883918][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1027.911253][T15378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1027.931722][T15378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1027.942909][ T10] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1027.952020][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1027.961723][T15378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1027.982217][ T10] usb 1-1: Product: syz [ 1027.986480][ T10] usb 1-1: Manufacturer: syz [ 1027.991098][ T10] usb 1-1: SerialNumber: syz [ 1027.997865][T15378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1028.010305][ T10] usb 1-1: config 0 descriptor?? [ 1028.025636][T15378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1028.039442][ T10] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1028.279098][T15378] usb 5-1: GET_CAPABILITIES returned 0 [ 1028.758224][T15378] usbtmc 5-1:16.0: can't read capabilities [ 1028.825312][ T30] audit: type=1400 audit(1773654374.442:613): avc: denied { execute } for pid=15607 comm="syz.4.2163" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=58355 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 1028.852323][ T10] gspca_sunplus: reg_r err -110 [ 1028.858033][ T10] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 1029.012145][T15629] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1029.045247][T15631] comedi comedi3: comedi_config --init_data is deprecated [ 1029.067760][T15607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1029.202326][T10538] usb 5-1: USB disconnect, device number 47 [ 1029.620316][ T30] audit: type=1400 audit(1773654375.232:614): avc: denied { create } for pid=15638 comm="syz.6.2170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1029.775716][ T30] audit: type=1400 audit(1773654375.262:615): avc: denied { setopt } for pid=15638 comm="syz.6.2170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1030.236731][T15649] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1030.565632][ T10] usb 1-1: USB disconnect, device number 42 [ 1030.761175][T15651] 9p: Bad value for 'rfdno' [ 1031.201560][T15657] 9p: Bad value for 'rfdno' [ 1031.691293][T15675] 9p: Bad value for 'rfdno' [ 1032.355264][ T10] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1032.471317][T15688] 9p: Bad value for 'rfdno' [ 1032.512087][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 1032.527544][ T10] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 1032.546277][ T10] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1032.563947][ T10] usb 5-1: config 0 has no interface number 0 [ 1032.590664][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 1032.660446][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.743231][ T10] usb 5-1: Product: syz [ 1032.842083][ T10] usb 5-1: Manufacturer: syz [ 1032.846695][ T10] usb 5-1: SerialNumber: syz [ 1032.878022][ T10] usb 5-1: config 0 descriptor?? [ 1032.947453][T15698] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15698 comm=syz.1.2187 [ 1033.552551][T15705] kAFS: unable to lookup cell '' [ 1033.560328][T15705] kAFS: unable to lookup cell '(,c' [ 1033.567782][ T10] uvcvideo 5-1:0.68: Found Unit with invalid ID 0 [ 1033.785787][ T10] uvcvideo 5-1:0.68: Found UVC 0.40 device syz (045e:0703) [ 1033.798738][ T10] uvcvideo 5-1:0.68: No valid video chain found. [ 1033.808050][ T10] usb 5-1: USB disconnect, device number 48 [ 1035.041964][T10538] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1035.292851][T10538] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1035.301552][T10538] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1035.332031][T10538] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1035.341294][T10538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1035.360371][T10538] usb 1-1: Product: syz [ 1035.374816][T10538] usb 1-1: Manufacturer: syz [ 1035.379441][T10538] usb 1-1: SerialNumber: syz [ 1035.412432][T10538] usb 1-1: config 0 descriptor?? [ 1035.428795][T10538] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1036.528788][T10538] gspca_sunplus: reg_r err -110 [ 1036.534143][T10538] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 1036.953369][T15742] tmpfs: Bad value for 'mpol' [ 1037.215068][T15740] tmpfs: Bad value for 'mpol' [ 1037.548453][T15742] futex_wake_op: syz.2.2198 tries to shift op by 32; fix this program [ 1037.560757][T15742] syzkaller1: entered promiscuous mode [ 1037.566269][T15742] syzkaller1: entered allmulticast mode [ 1037.730445][T15740] futex_wake_op: syz.1.2199 tries to shift op by 32; fix this program [ 1037.840016][T15752] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1039.541260][T15780] 9p: Bad value for 'rfdno' [ 1039.587677][T10538] usb 1-1: USB disconnect, device number 43 [ 1040.121980][T10538] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1040.309382][T10538] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1040.329673][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2214'. [ 1040.329802][T10538] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1040.368593][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2214'. [ 1040.379135][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2214'. [ 1040.390451][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2214'. [ 1040.400570][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2214'. [ 1040.600750][T10538] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1040.620316][T10538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1040.631050][T10538] usb 1-1: Product: syz [ 1040.735452][T10538] usb 1-1: Manufacturer: syz [ 1040.740127][T10538] usb 1-1: SerialNumber: syz [ 1040.768686][T10538] usb 1-1: config 0 descriptor?? [ 1040.777044][T10538] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1041.752366][T10538] gspca_sunplus: reg_r err -110 [ 1041.818078][T15378] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 1041.845513][T10538] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 1042.013244][T15378] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1042.025504][T15378] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1042.052065][T15378] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 1042.303450][T15378] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1042.429317][T15378] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1042.581899][T15378] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1042.676235][T15821] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1043.011044][T15378] usb 2-1: Product: syz [ 1043.015298][T15378] usb 2-1: Manufacturer: syz [ 1043.019910][T15378] usb 2-1: SerialNumber: syz [ 1043.261027][T15378] usb 2-1: can't set config #1, error -71 [ 1043.382013][T15378] usb 2-1: USB disconnect, device number 42 [ 1043.487544][ T5886] usb 1-1: USB disconnect, device number 44 [ 1045.311989][T15837] lo speed is unknown, defaulting to 1000 [ 1045.422830][T12971] IPVS: starting estimator thread 0... [ 1045.504658][T10538] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1045.682051][T15843] IPVS: using max 56 ests per chain, 134400 per kthread [ 1046.073710][T10538] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1046.103478][T10538] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.142883][T10538] usb 3-1: config 0 descriptor?? [ 1046.292989][T12971] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 1046.454765][T12971] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1046.491841][T12971] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1046.537593][T12971] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 1046.558503][T12971] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1046.591087][T12971] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1046.620640][T12971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1046.643405][T12971] usb 2-1: Product: syz [ 1046.647614][T12971] usb 2-1: Manufacturer: syz [ 1046.665500][T12971] usb 2-1: SerialNumber: syz [ 1046.707642][T15850] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1046.710260][T15861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2232'. [ 1046.732027][T12971] cdc_mbim 2-1:1.0: skipping garbage [ 1047.171275][T15835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2226'. [ 1047.186587][T15835] netlink: 'syz.2.2226': attribute type 5 has an invalid length. [ 1047.223163][T15500] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1047.233221][T15835] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2226'. [ 1047.246499][T15500] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1047.257644][T15835] netlink: 'syz.2.2226': attribute type 5 has an invalid length. [ 1047.271687][T15500] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1047.298480][T15500] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1047.501596][T10538] usb 3-1: Cannot set autoneg [ 1047.508766][T10538] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1047.538266][T10538] usb 3-1: USB disconnect, device number 43 [ 1047.991856][T10538] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1048.232707][T10538] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1048.241466][T10538] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1048.253638][T10538] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1048.262853][T10538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1048.270850][T10538] usb 1-1: Product: syz [ 1048.275500][T10538] usb 1-1: Manufacturer: syz [ 1048.282654][T10538] usb 1-1: SerialNumber: syz [ 1048.410076][T10538] usb 1-1: config 0 descriptor?? [ 1048.653016][T12971] cdc_mbim 2-1:1.0: bind() failure [ 1048.748462][T12971] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 1048.791053][T12971] cdc_ncm 2-1:1.1: bind() failure [ 1048.802213][T10538] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1048.826351][T12971] usb 2-1: USB disconnect, device number 43 [ 1048.995300][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1049.003367][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1049.645271][T10538] gspca_sunplus: reg_r err -110 [ 1049.655378][T10538] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 1051.334685][T15904] 9p: Bad value for 'rfdno' [ 1051.340072][T15904] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2241'. [ 1051.350562][T15904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1051.424527][T15906] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1051.520446][T15906] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1051.585019][T15904] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2241'. [ 1051.774810][T15915] 9p: Bad value for 'rfdno' [ 1052.190095][T10538] usb 1-1: USB disconnect, device number 45 [ 1052.368448][T15927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2247'. [ 1052.606789][T15936] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1052.971379][T15938] 9p: Bad value for 'rfdno' [ 1053.511265][T15947] lo speed is unknown, defaulting to 1000 [ 1053.786711][T10538] IPVS: starting estimator thread 0... [ 1053.937182][T15950] IPVS: using max 43 ests per chain, 103200 per kthread [ 1054.942013][ T10] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 1055.253559][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1055.335065][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1055.371155][ T10] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 1055.533350][ T10] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1056.506708][ T30] audit: type=1804 audit(1773654401.242:616): pid=15967 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.2255" name="bus" dev="ramfs" ino=60497 res=1 errno=0 [ 1057.709444][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1057.721276][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1057.744092][ T10] usb 3-1: Product: syz [ 1057.753466][ T10] usb 3-1: Manufacturer: syz [ 1057.768184][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2256'. [ 1057.779239][ T10] usb 3-1: SerialNumber: syz [ 1058.567034][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2256'. [ 1058.684317][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2256'. [ 1058.773911][ T10] usb 3-1: can't set config #1, error -71 [ 1058.810266][ T10] usb 3-1: USB disconnect, device number 44 [ 1058.834918][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2256'. [ 1058.920064][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2256'. [ 1059.771863][T11906] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1059.934627][T11906] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1059.958889][T11906] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1059.979789][T11906] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1059.995968][T11906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.014858][T11906] usb 5-1: Product: syz [ 1060.025652][T11906] usb 5-1: Manufacturer: syz [ 1060.035446][T11906] usb 5-1: SerialNumber: syz [ 1060.055617][T11906] usb 5-1: config 0 descriptor?? [ 1060.075246][T11906] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1060.086341][T15990] tmpfs: Bad value for 'mpol' [ 1060.168028][T15994] 9p: Bad value for 'rfdno' [ 1060.319365][T15996] futex_wake_op: syz.1.2262 tries to shift op by 32; fix this program [ 1060.771814][T16001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2264'. [ 1060.800921][T16001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2264'. [ 1060.811897][T16001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2264'. [ 1060.821930][T16001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2264'. [ 1060.831469][T16001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2264'. [ 1061.027268][T11906] gspca_sunplus: reg_r err -110 [ 1061.035621][T11906] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 1061.219684][T16004] 9p: Bad value for 'wfdno' [ 1062.427677][ T5886] usb 5-1: USB disconnect, device number 49 [ 1062.503763][ T30] audit: type=1400 audit(1773654408.122:617): avc: denied { create } for pid=16019 comm="syz.1.2270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1063.495530][ T30] audit: type=1400 audit(1773654409.112:618): avc: denied { append } for pid=16019 comm="syz.1.2270" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1063.986545][T16039] lo speed is unknown, defaulting to 1000 [ 1064.775995][T16043] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1065.405157][ T30] audit: type=1400 audit(1773654411.012:619): avc: denied { ioctl } for pid=16019 comm="syz.1.2270" path="socket:[60315]" dev="sockfs" ino=60315 ioctlcmd=0x8902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1066.640457][T16064] lo speed is unknown, defaulting to 1000 [ 1067.729345][T16072] 9p: Bad value for 'rfdno' [ 1069.940288][T16078] hub 9-0:1.0: USB hub found [ 1069.948245][T16078] hub 9-0:1.0: 1 port detected [ 1070.971159][T16112] 9p: Bad value for 'rfdno' [ 1070.971838][T12971] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1071.193519][T16114] 9p: Bad value for 'rfdno' [ 1071.202565][T12971] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1071.297679][T12971] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1071.313971][T12971] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1071.324698][T12971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1071.333045][T12971] usb 5-1: Product: syz [ 1071.337324][T12971] usb 5-1: Manufacturer: syz [ 1071.807732][T12971] usb 5-1: SerialNumber: syz [ 1071.815960][T12971] usb 5-1: config 0 descriptor?? [ 1071.829608][T12971] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1072.097047][T16126] sp0: Synchronizing with TNC [ 1072.282462][T16127] lo speed is unknown, defaulting to 1000 [ 1073.529165][T12971] gspca_sunplus: reg_r err -110 [ 1073.535622][T12971] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 1074.286807][ T5866] usb 5-1: USB disconnect, device number 50 [ 1075.057323][T16148] 9p: Bad value for 'rfdno' [ 1075.636343][T16161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1075.704157][T16162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1075.862387][ T792] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1076.041897][ T792] usb 2-1: Using ep0 maxpacket: 32 [ 1076.050249][ T792] usb 2-1: config 0 has an invalid interface number: 68 but max is 0 [ 1076.064669][ T792] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1076.081250][ T792] usb 2-1: config 0 has no interface number 0 [ 1076.116758][ T792] usb 2-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 1076.515357][ T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1076.538874][ T792] usb 2-1: Product: syz [ 1076.550334][ T792] usb 2-1: Manufacturer: syz [ 1076.561960][ T792] usb 2-1: SerialNumber: syz [ 1076.577418][ T792] usb 2-1: config 0 descriptor?? [ 1076.869503][ T792] uvcvideo 2-1:0.68: Found Unit with invalid ID 0 [ 1076.878132][ T792] uvcvideo 2-1:0.68: Found UVC 0.40 device syz (045e:0703) [ 1076.906177][ T792] uvcvideo 2-1:0.68: No valid video chain found. [ 1076.931423][ T792] usb 2-1: USB disconnect, device number 44 [ 1076.992383][ T5866] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1077.231855][ T5866] usb 1-1: Using ep0 maxpacket: 16 [ 1077.350062][T16181] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2303'. [ 1077.407726][T16181] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2303'. [ 1077.420902][T16181] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2303'. [ 1077.433057][T16181] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2303'. [ 1077.443815][T16181] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2303'. [ 1077.540234][ T5866] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1077.570249][ T5866] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1077.589371][ T5866] usb 1-1: New USB device found, idVendor=04b4, idProduct=931c, bcdDevice= 0.40 [ 1077.599323][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1077.622506][ T5866] usb 1-1: Product: syz [ 1077.629384][ T5866] usb 1-1: Manufacturer: syz [ 1077.648243][ T5866] usb 1-1: SerialNumber: syz [ 1077.884166][T16171] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2301'. [ 1078.310121][ T5866] usb 1-1: unit 2 not found! [ 1078.358508][ T5866] usb 1-1: can't set first interface for hiFace device. [ 1078.366521][ T5866] snd-usb-hiface 1-1:1.1: probe with driver snd-usb-hiface failed with error -5 [ 1078.391347][ T5866] usb 1-1: can't set first interface for hiFace device. [ 1078.404306][ T5866] snd-usb-hiface 1-1:1.2: probe with driver snd-usb-hiface failed with error -5 [ 1078.432323][T16189] 9p: Bad value for 'rfdno' [ 1078.439085][ T5866] usb 1-1: USB disconnect, device number 46 [ 1078.821267][T16194] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16194 comm=syz.1.2307 [ 1078.836511][T16198] 9p: Bad value for 'rfdno' [ 1078.965674][T16199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2306'. [ 1078.981493][T16199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2306'. [ 1078.992760][T16199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2306'. [ 1079.005032][T16199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2306'. [ 1079.577138][T16210] lo speed is unknown, defaulting to 1000 [ 1079.998673][ T5866] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1080.373535][ T5866] usb 2-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1080.396695][ T5866] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1080.424416][ T5866] usb 2-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1080.424485][T16217] 9p: Bad value for 'rfdno' [ 1080.451634][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.618976][T16219] can: request_module (can-proto-0) failed. [ 1080.627883][ T5866] usb 2-1: Product: syz [ 1080.776582][T16226] siw: device registration error -23 [ 1081.679371][ T5866] usb 2-1: Manufacturer: syz [ 1081.682816][ T30] audit: type=1804 audit(1773654426.392:620): pid=16225 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.2315" name="bus" dev="ramfs" ino=61889 res=1 errno=0 [ 1081.684058][ T5866] usb 2-1: SerialNumber: syz [ 1081.869679][ T5866] usb 2-1: config 0 descriptor?? [ 1082.043482][ T5866] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1083.400842][T16243] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1083.627909][ T5866] gspca_sunplus: reg_r err -110 [ 1083.639732][ T5866] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 1084.269748][T10538] usb 2-1: USB disconnect, device number 45 [ 1085.349325][T16268] __nla_validate_parse: 6 callbacks suppressed [ 1085.349350][T16268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'. [ 1085.368077][T16268] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2324'. [ 1085.430900][T16268] kAFS: unable to lookup cell '' [ 1085.437032][T16268] kAFS: unable to lookup cell '(,c' [ 1088.083774][ T30] audit: type=1804 audit(1773654431.522:621): pid=16273 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.2326" name="bus" dev="ramfs" ino=61955 res=1 errno=0 [ 1090.177480][T16270] tmpfs: Bad value for 'mpol' [ 1091.833271][T16286] tmpfs: Bad value for 'mpol' [ 1092.114065][T16286] futex_wake_op: syz.2.2330 tries to shift op by 32; fix this program [ 1092.122977][T16286] syzkaller1: entered promiscuous mode [ 1092.128421][T16286] syzkaller1: entered allmulticast mode [ 1092.701069][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2334'. [ 1092.736949][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2334'. [ 1092.749074][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2334'. [ 1092.761429][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2334'. [ 1092.771802][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2334'. [ 1094.158693][T16315] 9p: Bad value for 'rfdno' [ 1094.190259][T16317] tmpfs: Bad value for 'mpol' [ 1094.471959][T10538] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1094.756085][T10538] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1094.783041][T10538] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1095.262581][T10538] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1095.271846][T10538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.279843][T10538] usb 1-1: Product: syz [ 1095.284088][T10538] usb 1-1: Manufacturer: syz [ 1095.288679][T10538] usb 1-1: SerialNumber: syz [ 1095.308739][T16332] 9p: Bad value for 'rfdno' [ 1095.374892][ T29] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1095.399636][T10538] usb 1-1: config 0 descriptor?? [ 1095.411179][T10538] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1096.001925][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 1096.009457][ T29] usb 5-1: config 8 has an invalid interface number: 39 but max is 0 [ 1096.018254][ T29] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1096.028942][ T29] usb 5-1: config 8 has no interface number 0 [ 1096.035178][ T29] usb 5-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1096.801084][T10538] gspca_sunplus: reg_r err -110 [ 1096.806081][T10538] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 1096.815993][ T29] usb 5-1: config 8 interface 39 has no altsetting 0 [ 1096.828422][ T29] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 1096.838449][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.846550][ T29] usb 5-1: Product: syz [ 1096.859682][ T29] usb 5-1: Manufacturer: syz [ 1096.871379][ T29] usb 5-1: SerialNumber: syz [ 1096.881985][ T5866] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1097.055926][ T5866] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1097.074225][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1097.087722][ T5866] usb 3-1: config 0 descriptor?? [ 1097.473439][T15378] usb 1-1: USB disconnect, device number 47 [ 1097.505897][T16338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2344'. [ 1097.515905][T16338] netlink: 'syz.2.2344': attribute type 5 has an invalid length. [ 1097.527632][T16338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2344'. [ 1097.537130][T16338] netlink: 'syz.2.2344': attribute type 5 has an invalid length. [ 1097.548353][ T5866] usb 3-1: Cannot read MAC address [ 1097.557271][ T5866] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1097.596123][ T5866] usb 3-1: USB disconnect, device number 45 [ 1098.216467][ T29] ipheth 5-1:8.39: Unable to find endpoints [ 1098.230766][ T29] usb 5-1: USB disconnect, device number 51 [ 1098.619328][T16353] 9p: Bad value for 'rfdno' [ 1098.829407][T16363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1098.952617][T16362] tmpfs: Bad value for 'mpol' [ 1099.966177][T16375] 9p: Bad value for 'rfdno' [ 1101.415515][T15378] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 1101.773929][T15378] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1101.791531][T15378] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1101.802634][T15378] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 1101.813615][T15378] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1101.827585][T15378] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1101.837381][T15378] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.845693][T15378] usb 3-1: Product: syz [ 1101.849940][T15378] usb 3-1: Manufacturer: syz [ 1101.854893][T15378] usb 3-1: SerialNumber: syz [ 1101.871184][T16387] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1101.896924][T15378] cdc_mbim 3-1:1.0: skipping garbage [ 1101.953960][ T10] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1102.121845][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 1102.138029][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1102.159431][ T10] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1102.175521][ T10] usb 5-1: New USB device found, idVendor=04b4, idProduct=931c, bcdDevice= 0.40 [ 1102.185487][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.194061][ T10] usb 5-1: Product: syz [ 1102.198353][ T10] usb 5-1: Manufacturer: syz [ 1102.203756][ T10] usb 5-1: SerialNumber: syz [ 1102.281922][ T29] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1102.432248][ T29] usb 2-1: Using ep0 maxpacket: 32 [ 1102.447625][ T29] usb 2-1: config 0 has an invalid interface number: 68 but max is 0 [ 1102.458285][ T29] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1102.469015][ T29] usb 2-1: config 0 has no interface number 0 [ 1102.478305][ T29] usb 2-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 1102.488127][ T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1102.496847][ T29] usb 2-1: Product: syz [ 1102.501397][ T29] usb 2-1: Manufacturer: syz [ 1102.506347][ T29] usb 2-1: SerialNumber: syz [ 1102.518511][ T29] usb 2-1: config 0 descriptor?? [ 1102.550094][T16400] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2359'. [ 1102.572999][ T10] usb 5-1: unit 2 not found! [ 1102.600235][ T10] usb 5-1: can't set first interface for hiFace device. [ 1102.607916][ T10] snd-usb-hiface 5-1:1.1: probe with driver snd-usb-hiface failed with error -5 [ 1102.619517][ T10] usb 5-1: can't set first interface for hiFace device. [ 1102.627742][ T10] snd-usb-hiface 5-1:1.2: probe with driver snd-usb-hiface failed with error -5 [ 1102.642012][ T10] usb 5-1: USB disconnect, device number 52 [ 1102.675054][ T7233] udevd[7233]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1102.730672][ T29] uvcvideo 2-1:0.68: Found Unit with invalid ID 0 [ 1102.742228][ T29] uvcvideo 2-1:0.68: Found UVC 0.40 device syz (045e:0703) [ 1102.749560][ T29] uvcvideo 2-1:0.68: No valid video chain found. [ 1102.758472][ T29] usb 2-1: USB disconnect, device number 46 [ 1102.762026][ T5866] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1102.923064][ T5866] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1102.932234][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1102.942014][ T5866] usb 1-1: config 0 descriptor?? [ 1103.260693][T15378] cdc_mbim 3-1:1.0: bind() failure [ 1103.269656][T15378] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1103.313527][T15378] cdc_ncm 3-1:1.1: bind() failure [ 1103.323414][T15378] usb 3-1: USB disconnect, device number 46 [ 1103.354285][T16405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2361'. [ 1103.430031][T16413] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1103.492256][T16405] netlink: 'syz.0.2361': attribute type 5 has an invalid length. [ 1103.855047][T15517] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1103.931996][T16405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2361'. [ 1104.470313][T16419] kAFS: unable to lookup cell '' [ 1104.486459][T16405] netlink: 'syz.0.2361': attribute type 5 has an invalid length. [ 1104.566264][ T5866] usb 1-1: Cannot read MAC address [ 1104.578079][T15517] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1104.597765][ T5866] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1104.617561][T15517] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1104.725318][T15511] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1104.776695][ T5866] usb 1-1: USB disconnect, device number 48 [ 1104.788809][T16429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2366'. [ 1104.801291][T16429] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2366'. [ 1105.065397][T16429] kAFS: unable to lookup cell '' [ 1105.071396][T16429] kAFS: unable to lookup cell '(,c' [ 1105.873699][T16440] 9p: Bad value for 'rfdno' [ 1107.231972][T10538] usb 5-1: new full-speed USB device number 53 using dummy_hcd [ 1107.424287][T10538] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1107.446503][T10538] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1107.467321][T10538] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 1107.479740][T10538] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1107.495522][T10538] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1107.505373][T10538] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1107.515955][T10538] usb 5-1: Product: syz [ 1107.520188][T10538] usb 5-1: Manufacturer: syz [ 1107.527178][T10538] usb 5-1: SerialNumber: syz [ 1107.551282][T16464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 1107.574345][T16464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 1107.595291][T16464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 1107.604410][T16455] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1107.615818][T16464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 1107.616866][T10538] cdc_mbim 5-1:1.0: skipping garbage [ 1107.629225][T16464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2374'. [ 1108.001845][ T792] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 1108.201859][ T792] usb 1-1: Using ep0 maxpacket: 16 [ 1108.208271][ T792] usb 1-1: config 8 has an invalid interface number: 39 but max is 0 [ 1108.219176][ T792] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1108.240568][ T792] usb 1-1: config 8 has no interface number 0 [ 1108.250808][ T792] usb 1-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1108.264284][ T792] usb 1-1: config 8 interface 39 has no altsetting 0 [ 1108.377505][ T792] usb 1-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 1108.382057][ T5886] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1108.394421][ T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1108.402714][ T792] usb 1-1: Product: syz [ 1108.406867][ T792] usb 1-1: Manufacturer: syz [ 1108.411444][ T792] usb 1-1: SerialNumber: syz [ 1108.520170][T16475] sp0: Synchronizing with TNC [ 1108.537410][T16475] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2377'. [ 1108.718857][T16476] lo speed is unknown, defaulting to 1000 [ 1109.544309][T10538] cdc_mbim 5-1:1.0: bind() failure [ 1109.567618][T10538] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1109.579537][T10538] cdc_ncm 5-1:1.1: bind() failure [ 1109.597189][T10538] usb 5-1: USB disconnect, device number 53 [ 1109.812265][ T5886] usb 3-1: Using ep0 maxpacket: 16 [ 1109.839219][ T5886] usb 3-1: config 8 has an invalid interface number: 39 but max is 0 [ 1109.871967][ T5886] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1110.084258][ T5886] usb 3-1: config 8 has no interface number 0 [ 1110.099422][ T5886] usb 3-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1110.116434][ T5886] usb 3-1: config 8 interface 39 has no altsetting 0 [ 1110.271862][T16484] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1111.073636][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1111.079945][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1111.223460][ T792] ipheth 1-1:8.39: Unable to find endpoints [ 1111.236757][ T5886] usb 3-1: string descriptor 0 read error: -71 [ 1111.256075][ T5886] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 1111.324050][ T792] usb 1-1: USB disconnect, device number 49 [ 1111.358329][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1111.424317][ T5886] usb 3-1: can't set config #8, error -71 [ 1111.449725][ T5886] usb 3-1: USB disconnect, device number 47 [ 1111.689525][T16504] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1112.632509][ T5886] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1112.759329][T16519] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1112.830857][T16517] tmpfs: Bad value for 'mpol' [ 1112.972485][ T5886] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1112.982245][ T5886] usb 3-1: config 0 has no interface number 0 [ 1112.997866][T16522] futex_wake_op: syz.0.2389 tries to shift op by 32; fix this program [ 1113.025281][ T5886] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1113.045962][T16522] syzkaller1: entered promiscuous mode [ 1113.051570][T16522] syzkaller1: entered allmulticast mode [ 1113.106980][ T5886] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1113.178324][ T5886] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1113.207449][ T5886] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 1113.242432][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1113.295158][ T5886] usb 3-1: config 0 descriptor?? [ 1113.704169][T16539] sp0: Synchronizing with TNC [ 1113.716603][T16539] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2394'. [ 1113.855165][T16540] lo speed is unknown, defaulting to 1000 [ 1114.581929][ T792] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1114.609812][T16531] 9p: Bad value for 'rfdno' [ 1115.191854][ T792] usb 5-1: Using ep0 maxpacket: 16 [ 1115.198575][ T792] usb 5-1: config 8 has an invalid interface number: 39 but max is 0 [ 1115.211129][ T792] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1115.231404][ T792] usb 5-1: config 8 has no interface number 0 [ 1115.251242][ T792] usb 5-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1115.376582][ T792] usb 5-1: config 8 interface 39 has no altsetting 0 [ 1115.535814][ T792] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 1115.571157][ T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1115.579495][ T792] usb 5-1: Product: syz [ 1115.584005][ T792] usb 5-1: Manufacturer: syz [ 1115.588594][ T792] usb 5-1: SerialNumber: syz [ 1115.740652][T16555] 9p: Bad value for 'rfdno' [ 1116.604278][T16567] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2400'. [ 1116.642373][T16567] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2400'. [ 1116.692507][T16567] kAFS: unable to lookup cell '' [ 1116.698483][T16567] kAFS: unable to lookup cell '(,c' [ 1116.951831][T16571] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1117.236904][ T792] ipheth 5-1:8.39: Unable to find endpoints [ 1117.332133][ T792] usb 5-1: USB disconnect, device number 54 [ 1117.941844][T15378] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 1118.218848][T16588] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1118.651829][ T5886] usbhid 3-1:0.1: can't add hid device: -32 [ 1118.657861][ T5886] usbhid 3-1:0.1: probe with driver usbhid failed with error -32 [ 1118.987964][T15378] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1119.018171][T15378] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1119.048435][T15378] usb 2-1: can't read configurations, error -71 [ 1119.358867][T16601] lo speed is unknown, defaulting to 1000 [ 1120.012798][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2407'. [ 1120.042509][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2407'. [ 1120.057168][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2407'. [ 1120.068820][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2407'. [ 1120.078706][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2407'. [ 1120.454764][ T5866] usb 3-1: USB disconnect, device number 48 [ 1121.961440][T16618] lo speed is unknown, defaulting to 1000 [ 1124.434233][T16650] lo speed is unknown, defaulting to 1000 [ 1125.841087][T16660] lo speed is unknown, defaulting to 1000 [ 1125.973692][T16662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1127.083647][ T30] audit: type=1804 audit(1773654471.802:622): pid=16669 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.2424" name="bus" dev="ramfs" ino=63945 res=1 errno=0 [ 1127.237078][T16662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1129.128752][T16662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1129.526603][T16685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2427'. [ 1129.780818][T16685] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2427'. [ 1129.947429][T16685] kAFS: unable to lookup cell '' [ 1130.023291][T16691] kAFS: unable to lookup cell '(,c' [ 1130.518332][T16700] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1131.912229][T16719] lo speed is unknown, defaulting to 1000 [ 1132.424987][T11906] IPVS: starting estimator thread 0... [ 1132.511889][T16723] IPVS: using max 47 ests per chain, 112800 per kthread [ 1132.557144][T16727] 9p: Bad value for 'rfdno' [ 1133.705797][ T30] audit: type=1804 audit(1773654478.362:623): pid=16730 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2437" name="bus" dev="ramfs" ino=64034 res=1 errno=0 [ 1135.231926][ T5879] usb 1-1: new full-speed USB device number 50 using dummy_hcd [ 1135.865853][T16740] tmpfs: Bad value for 'mpol' [ 1136.032847][T15501] smc: removing ib device syz2 [ 1136.219387][T16742] 9p: Bad value for 'rfdno' [ 1138.670601][T16768] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2446'. [ 1139.371668][T16766] sp0: Synchronizing with TNC [ 1139.400222][T16770] lo speed is unknown, defaulting to 1000 [ 1139.603160][T16762] 9p: Bad value for 'rfdno' [ 1140.244314][T16782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1140.406992][ T5879] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1140.422629][T16787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1140.434000][ T5879] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 1140.502554][ T5879] usb 1-1: can't read configurations, error -71 [ 1141.994480][T16803] sp0: Synchronizing with TNC [ 1142.019942][T16803] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2453'. [ 1144.439608][T16808] 9p: Bad value for 'rfdno' [ 1145.121937][ T10] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1145.294081][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 1145.304201][ T10] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1145.334312][ T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1145.385443][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1145.526756][T16823] SELinux: failed to load policy [ 1145.688824][T16830] tmpfs: Bad value for 'mpol' [ 1145.792845][ T10] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 1145.818768][T16831] syzkaller1: entered promiscuous mode [ 1145.825318][T16831] syzkaller1: entered allmulticast mode [ 1146.042703][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1146.068389][T16834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1146.109311][ T10] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1146.118555][T16834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1146.131353][T16834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1146.152678][ T10] usb 2-1: can't read configurations, error -71 [ 1146.430198][T16839] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1147.488839][ T10] usb 3-1: USB disconnect, device number 49 [ 1148.481858][ T29] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1149.111786][ T29] usb 3-1: Using ep0 maxpacket: 32 [ 1149.176127][ T29] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 1149.459036][ T29] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1149.626404][T16879] lo speed is unknown, defaulting to 1000 [ 1149.957544][ T29] usb 3-1: config 0 has no interface number 0 [ 1149.966491][ T29] usb 3-1: New USB device found, idVendor=045e, idProduct=0703, bcdDevice=6e.c0 [ 1150.008098][ T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1150.036480][ T29] usb 3-1: Product: syz [ 1150.054545][ T29] usb 3-1: Manufacturer: syz [ 1150.059171][ T29] usb 3-1: SerialNumber: syz [ 1150.104806][ T29] usb 3-1: config 0 descriptor?? [ 1150.613490][ T29] uvcvideo 3-1:0.68: Found Unit with invalid ID 0 [ 1150.674663][ T29] uvcvideo 3-1:0.68: Found UVC 0.40 device syz (045e:0703) [ 1150.752611][ T29] uvcvideo 3-1:0.68: No valid video chain found. [ 1150.779168][ T29] usb 3-1: USB disconnect, device number 50 [ 1151.155597][T16897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'. [ 1151.220796][T16897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'. [ 1151.237215][T16897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'. [ 1151.248852][T16897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'. [ 1151.259679][T16897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'. [ 1151.901900][T16620] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1151.981848][ T29] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1152.006400][T16906] 9p: Bad value for 'rfdno' [ 1152.051799][T16620] usb 3-1: Using ep0 maxpacket: 8 [ 1152.058375][T16620] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1152.075843][T16620] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1152.085038][T16620] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1152.141977][ T29] usb 5-1: Using ep0 maxpacket: 16 [ 1152.156002][ T29] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1152.166769][ T29] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1152.183816][ T29] usb 5-1: New USB device found, idVendor=04b4, idProduct=931c, bcdDevice= 0.40 [ 1152.194305][ T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1152.207265][ T29] usb 5-1: Product: syz [ 1152.223710][ T29] usb 5-1: Manufacturer: syz [ 1152.232040][ T29] usb 5-1: SerialNumber: syz [ 1152.810534][T16916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1152.864066][T16916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1152.896313][T16913] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2480'. [ 1152.971092][T16916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1153.139070][ T29] usb 5-1: unit 2 not found! [ 1153.200177][ T29] usb 5-1: can't set first interface for hiFace device. [ 1153.218161][ T29] snd-usb-hiface 5-1:1.1: probe with driver snd-usb-hiface failed with error -5 [ 1153.250567][ T29] usb 5-1: can't set first interface for hiFace device. [ 1153.267896][ T29] snd-usb-hiface 5-1:1.2: probe with driver snd-usb-hiface failed with error -5 [ 1153.298499][ T29] usb 5-1: USB disconnect, device number 55 [ 1153.347145][ T7233] udevd[7233]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1154.891900][T16620] usb 3-1: USB disconnect, device number 51 [ 1155.520369][T16945] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1155.938646][T16934] 9p: Bad value for 'wfdno' [ 1156.523591][T16964] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2495'. [ 1156.652726][ T10] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 1157.837177][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1157.848877][ T10] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1157.892604][T16974] tmpfs: Bad value for 'mpol' [ 1157.897369][ T10] usb 3-1: can't read configurations, error -71 [ 1158.736462][T16982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2500'. [ 1158.758519][T16982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2500'. [ 1158.769170][T16982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2500'. [ 1158.780972][T16982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2500'. [ 1158.791935][T16982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2500'. [ 1159.123826][ T10] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1159.551751][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 1159.579532][ T10] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1159.604187][ T10] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1159.668619][ T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1159.687980][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1159.709553][ T10] usbtmc 3-1:16.0: bulk endpoints not found [ 1160.548062][T17013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1160.600769][T17013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1160.638929][T17013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1161.766848][ T10] usb 3-1: USB disconnect, device number 53 [ 1171.824658][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1171.830947][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.085611][T17028] 9p: Bad value for 'wfdno' [ 1179.098993][T17033] tmpfs: Bad value for 'mpol' [ 1181.530531][T17065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2519'. [ 1181.542076][ T792] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1181.545467][T17065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2519'. [ 1181.562626][T17065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2519'. [ 1181.573439][T17065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2519'. [ 1181.583048][T17065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2519'. [ 1181.842263][ T792] usb 2-1: Using ep0 maxpacket: 16 [ 1181.856395][ T792] usb 2-1: config 8 has an invalid interface number: 39 but max is 0 [ 1181.867651][ T792] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1181.883310][ T792] usb 2-1: config 8 has no interface number 0 [ 1181.891961][ T792] usb 2-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1181.915551][ T792] usb 2-1: config 8 interface 39 has no altsetting 0 [ 1181.943538][ T792] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 1181.953009][ T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1181.961222][ T792] usb 2-1: Product: syz [ 1181.982184][ T792] usb 2-1: Manufacturer: syz [ 1181.988008][T17071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17071 comm=syz.6.2516 [ 1182.000924][ T792] usb 2-1: SerialNumber: syz [ 1182.109679][ T5879] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1182.277294][ T5879] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1182.410564][ T5879] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1182.634036][ T5879] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1182.658030][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.707581][ T5879] usb 5-1: Product: syz [ 1182.717478][ T5879] usb 5-1: Manufacturer: syz [ 1182.730154][ T5879] usb 5-1: SerialNumber: syz [ 1182.893272][ T5879] usb 5-1: config 0 descriptor?? [ 1182.909817][ T5879] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1183.028337][T17082] lo speed is unknown, defaulting to 1000 [ 1183.284757][T16620] IPVS: starting estimator thread 0... [ 1183.456504][ T5879] gspca_sunplus: reg_r err -110 [ 1183.461475][ T5879] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 1183.477547][T17086] IPVS: using max 41 ests per chain, 98400 per kthread [ 1183.526036][T17088] 9p: Bad value for 'rfdno' [ 1183.857431][ T792] ipheth 2-1:8.39: Unable to find endpoints [ 1183.867142][ T792] usb 2-1: USB disconnect, device number 51 [ 1185.531300][T17107] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1185.890810][T16620] usb 5-1: USB disconnect, device number 56 [ 1188.114691][T17137] 9p: Bad value for 'rfdno' [ 1188.565497][T17151] zonefs (nullb0) ERROR: Not a zoned block device [ 1189.392036][ T30] audit: type=1400 audit(1773654534.982:624): avc: denied { connect } for pid=17154 comm="syz.4.2541" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1189.878165][T17165] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1189.902656][ T5879] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1190.323683][ T5879] usb 2-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1190.333559][ T5879] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1190.359410][ T5879] usb 2-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1190.399602][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1190.450353][ T5879] usb 2-1: Product: syz [ 1190.456837][ T5879] usb 2-1: Manufacturer: syz [ 1190.461892][ T5879] usb 2-1: SerialNumber: syz [ 1190.478304][ T5879] usb 2-1: config 0 descriptor?? [ 1190.489745][ T5879] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1191.903139][ T5879] gspca_sunplus: reg_r err -110 [ 1191.915551][ T5879] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 1193.085043][T15378] usb 3-1: new full-speed USB device number 54 using dummy_hcd [ 1193.772971][T17189] 9p: Bad value for 'rfdno' [ 1194.338844][T17196] openvswitch: netlink: Missing key (keys=2020040, expected=100) [ 1194.983896][ T5879] usb 2-1: USB disconnect, device number 52 [ 1195.014293][T17201] 9p: Bad value for 'rfdno' [ 1195.813419][T17207] tmpfs: Bad value for 'mpol' [ 1195.927818][T17214] lo speed is unknown, defaulting to 1000 [ 1198.061248][T17229] lo speed is unknown, defaulting to 1000 [ 1199.097692][T17242] lo speed is unknown, defaulting to 1000 [ 1199.466232][T17253] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received [ 1200.601661][ T30] audit: type=1804 audit(1773654546.212:625): pid=17264 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.2566" name="bus" dev="ramfs" ino=67629 res=1 errno=0 [ 1201.341825][ T9] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 1201.529875][T17265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2568'. [ 1201.705316][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1201.738595][ T9] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1201.766618][ T9] usb 3-1: can't read configurations, error -71 [ 1203.121925][ T30] audit: type=1400 audit(1773654548.742:626): avc: denied { getopt } for pid=17307 comm="syz.0.2583" lport=53055 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 1203.187314][ T30] audit: type=1400 audit(1773654548.802:627): avc: denied { audit_write } for pid=17309 comm="syz.0.2584" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1203.270097][ T30] audit: type=1400 audit(1773654548.882:628): avc: denied { watch watch_reads } for pid=17309 comm="syz.0.2584" path="/proc/2097/task" dev="proc" ino=68622 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 1203.348892][T17315] sctp: [Deprecated]: syz.4.2586 (pid 17315) Use of int in max_burst socket option. [ 1203.348892][T17315] Use struct sctp_assoc_value instead [ 1203.489264][ T30] audit: type=1400 audit(1773654549.102:629): avc: denied { ioctl } for pid=17318 comm="syz.4.2587" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 1203.706081][ T30] audit: type=1400 audit(1773654549.322:630): avc: denied { read } for pid=17325 comm="syz.0.2591" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1203.726790][T17327] Illegal XDP return value 4294967274 on prog (id 153) dev N/A, expect packet loss! [ 1203.832988][T17333] loop6: detected capacity change from 0 to 8 [ 1203.973568][T17333] Dev loop6: unable to read RDB block 8 [ 1203.979158][T17333] loop6: unable to read partition table [ 1204.023298][T17333] loop6: partition table beyond EOD, truncated [ 1204.029637][T17333] loop_reread_partitions: partition scan of loop6 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 1204.063107][T17340] [ 1204.065458][T17340] ====================================================== [ 1204.072470][T17340] WARNING: possible circular locking dependency detected [ 1204.079493][T17340] syzkaller #0 Tainted: G L [ 1204.085465][T17340] ------------------------------------------------------ [ 1204.092472][T17340] syz.4.2594/17340 is trying to acquire lock: [ 1204.098519][T17340] ffff88801cac8220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 1204.108693][T17340] [ 1204.108693][T17340] but task is already holding lock: [ 1204.116052][T17340] ffff888026de0060 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1204.127284][T17340] [ 1204.127284][T17340] which lock already depends on the new lock. [ 1204.127284][T17340] [ 1204.137677][T17340] [ 1204.137677][T17340] the existing dependency chain (in reverse order) is: [ 1204.146673][T17340] [ 1204.146673][T17340] -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 1204.155283][T17340] blk_alloc_queue+0x610/0x790 [ 1204.160554][T17340] blk_mq_alloc_queue+0x174/0x290 [ 1204.166083][T17340] __blk_mq_alloc_disk+0x29/0x120 [ 1204.171617][T17340] loop_add+0x498/0xb60 [ 1204.176272][T17340] loop_init+0x1d3/0x200 [ 1204.181038][T17340] do_one_initcall+0x11d/0x760 [ 1204.186322][T17340] kernel_init_freeable+0x6e5/0x7a0 [ 1204.192028][T17340] kernel_init+0x1f/0x1e0 [ 1204.196866][T17340] ret_from_fork+0x754/0xd80 [ 1204.201956][T17340] ret_from_fork_asm+0x1a/0x30 [ 1204.207224][T17340] [ 1204.207224][T17340] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 1204.214416][T17340] fs_reclaim_acquire+0xc4/0x100 [ 1204.219855][T17340] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 1204.225734][T17340] __kernfs_iattrs+0x126/0x400 [ 1204.231023][T17340] __kernfs_setattr+0x4d/0x3c0 [ 1204.236309][T17340] kernfs_iop_setattr+0xda/0x130 [ 1204.241758][T17340] notify_change+0xb25/0x1330 [ 1204.246944][T17340] do_truncate+0x1df/0x240 [ 1204.251858][T17340] path_openat+0x2a55/0x31a0 [ 1204.256954][T17340] do_file_open+0x20e/0x430 [ 1204.261959][T17340] do_sys_openat2+0x10d/0x1e0 [ 1204.267136][T17340] __x64_sys_openat+0x12d/0x210 [ 1204.272491][T17340] do_syscall_64+0x106/0xf80 [ 1204.277587][T17340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.283983][T17340] [ 1204.283983][T17340] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 1204.292471][T17340] __lock_acquire+0x14b8/0x2630 [ 1204.297832][T17340] lock_acquire+0x1cf/0x380 [ 1204.302834][T17340] down_read+0x99/0x460 [ 1204.307495][T17340] kernfs_iop_getattr+0x9c/0xf0 [ 1204.312850][T17340] vfs_getattr_nosec+0x2d4/0x430 [ 1204.318284][T17340] vfs_getattr+0x4a/0x60 [ 1204.323026][T17340] loop_query_min_dio_size.isra.0+0x117/0x250 [ 1204.329594][T17340] lo_ioctl+0x13aa/0x1bc0 [ 1204.334424][T17340] blkdev_ioctl+0x5ad/0x6f0 [ 1204.339430][T17340] __x64_sys_ioctl+0x18e/0x210 [ 1204.344703][T17340] do_syscall_64+0x106/0xf80 [ 1204.349800][T17340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.356189][T17340] [ 1204.356189][T17340] other info that might help us debug this: [ 1204.356189][T17340] [ 1204.366390][T17340] Chain exists of: [ 1204.366390][T17340] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#23 [ 1204.366390][T17340] [ 1204.380799][T17340] Possible unsafe locking scenario: [ 1204.380799][T17340] [ 1204.388221][T17340] CPU0 CPU1 [ 1204.393559][T17340] ---- ---- [ 1204.398898][T17340] lock(&q->q_usage_counter(io)#23); [ 1204.404252][T17340] lock(fs_reclaim); [ 1204.410729][T17340] lock(&q->q_usage_counter(io)#23); [ 1204.418600][T17340] rlock(&root->kernfs_iattr_rwsem); [ 1204.423948][T17340] [ 1204.423948][T17340] *** DEADLOCK *** [ 1204.423948][T17340] [ 1204.432064][T17340] 3 locks held by syz.4.2594/17340: [ 1204.437231][T17340] #0: ffff888026f0f448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 1204.447384][T17340] #1: ffff888026de0060 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1204.459020][T17340] #2: ffff888026de0098 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1204.470828][T17340] [ 1204.470828][T17340] stack backtrace: [ 1204.476693][T17340] CPU: 0 UID: 0 PID: 17340 Comm: syz.4.2594 Tainted: G L syzkaller #0 PREEMPT(full) [ 1204.476714][T17340] Tainted: [L]=SOFTLOCKUP [ 1204.476718][T17340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1204.476727][T17340] Call Trace: [ 1204.476733][T17340] [ 1204.476738][T17340] dump_stack_lvl+0x100/0x190 [ 1204.476760][T17340] print_circular_bug.cold+0x178/0x1c7 [ 1204.476783][T17340] check_noncircular+0x146/0x160 [ 1204.476811][T17340] __lock_acquire+0x14b8/0x2630 [ 1204.476826][T17340] lock_acquire+0x1cf/0x380 [ 1204.476837][T17340] ? kernfs_iop_getattr+0x9c/0xf0 [ 1204.476859][T17340] ? __pfx___might_resched+0x10/0x10 [ 1204.476877][T17340] down_read+0x99/0x460 [ 1204.476897][T17340] ? kernfs_iop_getattr+0x9c/0xf0 [ 1204.476916][T17340] ? find_held_lock+0x2b/0x80 [ 1204.476933][T17340] ? __pfx_down_read+0x10/0x10 [ 1204.476951][T17340] ? kernfs_root+0xee/0x2a0 [ 1204.476972][T17340] kernfs_iop_getattr+0x9c/0xf0 [ 1204.476993][T17340] vfs_getattr_nosec+0x2d4/0x430 [ 1204.477008][T17340] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 1204.477029][T17340] vfs_getattr+0x4a/0x60 [ 1204.477044][T17340] loop_query_min_dio_size.isra.0+0x117/0x250 [ 1204.477061][T17340] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 1204.477084][T17340] lo_ioctl+0x13aa/0x1bc0 [ 1204.477101][T17340] ? __pfx_lo_ioctl+0x10/0x10 [ 1204.477116][T17340] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 1204.477131][T17340] ? kasan_quarantine_put+0x104/0x240 [ 1204.477151][T17340] ? blk_get_meta_cap+0xd4/0x6c0 [ 1204.477167][T17340] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 1204.477184][T17340] ? blkdev_common_ioctl+0x515/0x2ba0 [ 1204.477202][T17340] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1204.477220][T17340] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1204.477241][T17340] ? do_vfs_ioctl+0x226/0x13e0 [ 1204.477261][T17340] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1204.477280][T17340] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1204.477302][T17340] ? __fget_files+0x215/0x3d0 [ 1204.477317][T17340] ? __pfx_lo_ioctl+0x10/0x10 [ 1204.477332][T17340] blkdev_ioctl+0x5ad/0x6f0 [ 1204.477348][T17340] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1204.477363][T17340] ? selinux_file_ioctl+0x139/0x290 [ 1204.477381][T17340] ? selinux_file_ioctl+0xb4/0x290 [ 1204.477399][T17340] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1204.477415][T17340] __x64_sys_ioctl+0x18e/0x210 [ 1204.477435][T17340] do_syscall_64+0x106/0xf80 [ 1204.477452][T17340] ? clear_bhb_loop+0x40/0x90 [ 1204.477467][T17340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1204.477482][T17340] RIP: 0033:0x7f5d2a79c799 [ 1204.477493][T17340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1204.477508][T17340] RSP: 002b:00007f5d2b61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1204.477521][T17340] RAX: ffffffffffffffda RBX: 00007f5d2aa16180 RCX: 00007f5d2a79c799 [ 1204.477531][T17340] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 1204.477539][T17340] RBP: 00007f5d2a832c99 R08: 0000000000000000 R09: 0000000000000000 [ 1204.477548][T17340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1204.477556][T17340] R13: 00007f5d2aa16218 R14: 00007f5d2aa16180 R15: 00007ffe858e9538 [ 1204.477570][T17340] [ 1204.853690][T17058] Dev loop6: unable to read RDB block 8 [ 1204.859330][T17058] loop6: unable to read partition table [ 1204.865128][T17058] loop6: partition table beyond EOD, truncated [ 1204.902102][T17340] Dev loop6: unable to read RDB block 8 [ 1204.907682][T17340] loop6: unable to read partition table [ 1204.913470][T17340] loop6: partition table beyond EOD, truncated [ 1204.919641][T17340] loop_reread_partitions: partition scan of loop6 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5)