last executing test programs: 12m14.399625816s ago: executing program 2 (id=1734): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='./file1\x00', &(0x7f00000001c0)='gfs2\x00', 0x0, 0x0) ioctl$int_out(0xffffffffffffffff, 0x5460, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000004c0)=[{0x6, 0x2, 0x80, 0xe, @time={0x3, 0x80000001}, {0x5, 0xf}, {0x7, 0x7}, @queue={0xd0, {0x35c, 0x7}}}], 0x1c) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x358, 0x128, 0x5802, 0x294, 0x0, 0x294, 0x288, 0x378, 0x378, 0x288, 0x378, 0x3, 0x0, {[{{@uncond, 0xf202, 0x108, 0x128, 0x52020000, {0x0, 0x600}, [@common=@frag={{0x30}}, @common=@srh={{0x30}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@empty, @private0, [], [], 'team_slave_1\x00', 'erspan0\x00', {}, {}, 0x87}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@mh={{0x28}, {"123a"}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20}}, 0x0) bind$can_j1939(r4, &(0x7f0000000100)={0x1d, r6, 0x1, {}, 0xff}, 0x18) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$can_j1939(r4, &(0x7f0000000140)={&(0x7f0000000180)={0x1d, 0x0, 0x0, {0x2, 0xfe, 0x4}, 0xff}, 0x18, &(0x7f0000000080)={0x0}, 0x4, 0xfffffffffffffff5, 0x0, 0x40805}, 0x8001) 12m11.956164677s ago: executing program 2 (id=1737): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xa}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0xff84}]}, 0x74}}, 0x0) 12m11.781104301s ago: executing program 2 (id=1739): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20c01, 0x82) io_setup(0x1fe, &(0x7f0000000200)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) brk(0x20ffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x2101) pread64(r6, 0x0, 0x0, 0x0) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIO_WAITFORVSYNC(r7, 0x40044620, 0x0) ioctl$FBIO_WAITFORVSYNC(r7, 0x40044620, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r6, 0x6, 0x1d, &(0x7f0000000180), &(0x7f0000000080)=0x14) syz_open_dev$vcsu(&(0x7f00000005c0), 0x56c4, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000ff03000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf09000000000000550901000000000095000000f7ff0000bf0000b702000000000000850000b6c2000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201010200000040cb06f6734000010203010902240001010c000009040002020101f8092106000301229209090581031000070707"], &(0x7f0000000500)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x7, 0x1, 0xfd, 0x10, 0x3}, 0xf, &(0x7f0000000180)=ANY=[]}) io_submit(r1, 0x1, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x20, 0x1, 0x0, r0, 0x0, 0x0, 0x10}]) 12m8.511348063s ago: executing program 2 (id=1746): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000001300000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b400000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001010000850000000600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 12m6.843737466s ago: executing program 2 (id=1751): r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='hsr0\x00', 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r6, 0x0, 0x0) r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$bt_rfcomm_RFCOMM_LM(r7, 0x12, 0x3, &(0x7f0000000300)=0x9c3cc356e0b08a4a, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r2, 0x0, 0x60, 0x0, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={&(0x7f00000002c0)={0x14, r8, 0x1}, 0x14}}, 0x0) sendmmsg$inet6(r0, &(0x7f0000002480)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x1, @private0, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=[@hoplimit_2292={{0x10, 0x29, 0x37, 0x12c}}], 0x10}}], 0x1, 0x800) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="c50a00000000000061139c00000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$tipc(r6, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x2, {0x2, 0x3, 0x3}}, 0x10) 12m5.39908922s ago: executing program 2 (id=1754): ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, 0x0, 0x40) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) epoll_create1(0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000211dc29e2b73792929a049964c10764f5ccdae8cbc7418d07eed27fc92d4d9e6dc7c40c53f77b4e9c1538b3662c23ecf6233954cf8abd25e72be8f5b09e796f302042b613de1443fb6e3418374463fb1c33676f292cef80b5d9023073c5cc640e0947347df3494a1e0"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1411, 0xffffffffffffffff, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x20}}, 0x40) syz_emit_ethernet(0x0, 0x0, 0x0) 11m50.311306132s ago: executing program 32 (id=1754): ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, 0x0, 0x40) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) epoll_create1(0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000211dc29e2b73792929a049964c10764f5ccdae8cbc7418d07eed27fc92d4d9e6dc7c40c53f77b4e9c1538b3662c23ecf6233954cf8abd25e72be8f5b09e796f302042b613de1443fb6e3418374463fb1c33676f292cef80b5d9023073c5cc640e0947347df3494a1e0"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1411, 0xffffffffffffffff, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x20}}, 0x40) syz_emit_ethernet(0x0, 0x0, 0x0) 7m14.938203984s ago: executing program 3 (id=2576): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendto$x25(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) socket$pptp(0x18, 0x1, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0xffffffffffffffdd) 7m11.984044323s ago: executing program 3 (id=2581): openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/key-users\x00', 0x0, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x4010, 0xffffffffffffffff, 0xfacd7000) (async) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432}) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000040)=""/14, 0xe}], 0x1) (async) r1 = socket$kcm(0x2, 0xa, 0x2) (async) socket$igmp6(0xa, 0x3, 0x2) (async) r2 = socket(0x2, 0x0, 0xaf12) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'team_slave_1\x00', {0x100000}, 0xc}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffff83d40100000e88a800008100000086dd604d462800101100fe8000000000000000000000000000000000000000000000000000000000000000004e220010907802000000000000007cbf15ac2b0e04df0d4a075cab44cac7b3f272d1f16cf7ed82fa38e1bee4e1f8b5b163282b956077956596ac747b9bfe81915a983dae12f3cd9d0b076254d1f7eba95a442b6c2422d97b75efd33f65e5366b34e356c5b0672dbb4cdcb1b43c2400"], 0x4e) (async) socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$inet(0x2, 0x2, 0x0) (async) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0xa, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x400c040}, 0x20000040) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) (async) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) r6 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'}) (async) writev(r6, &(0x7f0000000780)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff010000000100000056000000250000001900040004e0144000000007fd17e5ffff0800040000000000", 0x39}], 0x1) (async) r7 = socket$pppl2tp(0x18, 0x1, 0x1) (async) r8 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_LOOPBACK(r8, 0x65, 0x3, &(0x7f0000000080), 0xffffffffffffffc4) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000180)={'lo\x00'}) 7m10.037384755s ago: executing program 3 (id=2587): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20c01, 0x82) io_setup(0x1fe, &(0x7f0000000200)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) brk(0x20ffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x2101) pread64(r6, 0x0, 0x0, 0x0) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIO_WAITFORVSYNC(r7, 0x40044620, 0x0) ioctl$FBIO_WAITFORVSYNC(r7, 0x40044620, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r6, 0x6, 0x1d, &(0x7f0000000180), &(0x7f0000000080)=0x14) syz_open_dev$vcsu(&(0x7f00000005c0), 0x56c4, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000ff03000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf09000000000000550901000000000095000000f7ff0000bf0000b702000000000000850000b6c2000000b7000000000000009500"/96], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)=ANY=[], &(0x7f0000000500)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x7, 0x1, 0xfd, 0x10, 0x3}, 0xf, &(0x7f0000000180)=ANY=[]}) io_submit(r1, 0x1, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x20, 0x1, 0x0, r0, 0x0, 0x0, 0x10}]) 7m5.996812021s ago: executing program 3 (id=2598): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15", 0x4) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xff, &(0x7f0000000380)=0x0) sendmsg$alg(r1, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0xfdef, 0x0, 0x0, r1, &(0x7f0000000340), 0xfdef}]) 7m4.638610373s ago: executing program 3 (id=2603): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x78, 0x30, 0x17b, 0x0, 0x0, {0x0, 0x0, 0x4000}, [{0x64, 0x1, [@m_bpf={0x60, 0x1, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0x0, 0x10000000}}, @TCA_ACT_BPF_OPS={0x14, 0x4, [{}, {0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x20011814) 7m4.393484994s ago: executing program 3 (id=2605): r0 = socket$inet_sctp(0x2, 0x1, 0x84) ioperm(0x2, 0xb8b8, 0x7fffffffffffffff) ioperm(0x2, 0x8144, 0xcb) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000440)={&(0x7f0000000080)="350e9b3db1e033edacd07f9a0b02d43e42dbc3d08bc7058f5b409f33a1f13ebb7e7c0a24c89b693a670226ae4fb63a51b407d738065be5818732ab63cbbfac1634787d79dd475c66fe4b9ec426aa6cb00deb115bda788e15a7154da62fc642f8dbc3f63d5658a6b365c1842cdd21af7bc0a8e4774a465602c4ba2d2e8a42f0db6f8286f14d0005ac3f51755da233663a3e14285385915660b37cf67bdf2b98bcdb35726cf4acaed9c0c2f7d6f18ed5d739f4a08cf8de16ce2dd0001ebb1c42ceec2ff5618197d31d39c822ef10925aafbf00680c04cb9852b1a0719af821a4a24754", &(0x7f0000000180)=""/194, &(0x7f0000000280)="4283fc2678f5dd7e5a5fc96179b449a0b5a19f49cd919737c512fb6ae557420e77245720bde701c48c9f9cbd84bf71ad2c40f9d4296bfac95f68b8b20ec2bf9472ee2e62ea65", &(0x7f0000000300)="74c0b24ea74be65544e0f94dd13caed3907c25af90b742df9bcc8861c42f4dda7a680ae27c1bdbca360d4a965f36196bafacb7671110da81232eb6a9c5cc0841b8e8f56eda8819df8c6abab413e4fc51ff933b13f3e300546e5d972ded6ed8853674506db392c661567a4fcd2e8a5c786dc87c584769a6fdfeb27b18588d671a91bfb854a14ec5d406dc8a3853d4b3e408e3d4fbd8d0c525c88e119a7f20e5058c53ba085ef54401f23f9751272f3207b567d4", 0x5, r1}, 0x38) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000240)={0xc}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x749bc, 0x2}) accept4(r3, 0x0, 0x0, 0x0) personality(0xeaffffffffffffff) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c) r8 = socket$inet_tcp(0x2, 0x1, 0x0) set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x2, 0x0}, 0x4e21, 0x3, 'lc\x00', 0x4, 0xb, 0x5}, {@rand_addr=0x64010102, 0x4e2a, 0x0, 0xcb, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r8, 0x0, 0x485, 0x0, 0x0) 6m49.113187926s ago: executing program 33 (id=2605): r0 = socket$inet_sctp(0x2, 0x1, 0x84) ioperm(0x2, 0xb8b8, 0x7fffffffffffffff) ioperm(0x2, 0x8144, 0xcb) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000440)={&(0x7f0000000080)="350e9b3db1e033edacd07f9a0b02d43e42dbc3d08bc7058f5b409f33a1f13ebb7e7c0a24c89b693a670226ae4fb63a51b407d738065be5818732ab63cbbfac1634787d79dd475c66fe4b9ec426aa6cb00deb115bda788e15a7154da62fc642f8dbc3f63d5658a6b365c1842cdd21af7bc0a8e4774a465602c4ba2d2e8a42f0db6f8286f14d0005ac3f51755da233663a3e14285385915660b37cf67bdf2b98bcdb35726cf4acaed9c0c2f7d6f18ed5d739f4a08cf8de16ce2dd0001ebb1c42ceec2ff5618197d31d39c822ef10925aafbf00680c04cb9852b1a0719af821a4a24754", &(0x7f0000000180)=""/194, &(0x7f0000000280)="4283fc2678f5dd7e5a5fc96179b449a0b5a19f49cd919737c512fb6ae557420e77245720bde701c48c9f9cbd84bf71ad2c40f9d4296bfac95f68b8b20ec2bf9472ee2e62ea65", &(0x7f0000000300)="74c0b24ea74be65544e0f94dd13caed3907c25af90b742df9bcc8861c42f4dda7a680ae27c1bdbca360d4a965f36196bafacb7671110da81232eb6a9c5cc0841b8e8f56eda8819df8c6abab413e4fc51ff933b13f3e300546e5d972ded6ed8853674506db392c661567a4fcd2e8a5c786dc87c584769a6fdfeb27b18588d671a91bfb854a14ec5d406dc8a3853d4b3e408e3d4fbd8d0c525c88e119a7f20e5058c53ba085ef54401f23f9751272f3207b567d4", 0x5, r1}, 0x38) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000240)={0xc}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x749bc, 0x2}) accept4(r3, 0x0, 0x0, 0x0) personality(0xeaffffffffffffff) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c) r8 = socket$inet_tcp(0x2, 0x1, 0x0) set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x2, 0x0}, 0x4e21, 0x3, 'lc\x00', 0x4, 0xb, 0x5}, {@rand_addr=0x64010102, 0x4e2a, 0x0, 0xcb, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r8, 0x0, 0x485, 0x0, 0x0) 2.566922936s ago: executing program 1 (id=3924): syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp\x00', 0x5) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000000), 0x6) writev(r1, &(0x7f0000000680)=[{&(0x7f0000000140)="adc7edd2", 0x4}, {0x0}], 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0xffffff03, @local, 0x1}, {0xa, 0x4, 0x0, @mcast1, 0xb}, 0x0, {[0xe, 0x0, 0x4]}}, 0x5c) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r3, 0x8b2c, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800) listen(r4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.280674323s ago: executing program 1 (id=3925): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="340000003b0007010000000000000000047c0000ec0000000c000180"], 0x34}}, 0xc000) 2.099333366s ago: executing program 1 (id=3929): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) write(r1, &(0x7f0000000540)="8e1ea2", 0x3) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x24000010) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r3 = socket$l2tp6(0xa, 0x2, 0x73) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000080)=0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r6, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PEER_V6={0x14, 0x9, @loopback={0xfec0ffffffffffff}}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x38}}, 0x0) sendmsg$FOU_CMD_GET(r4, &(0x7f0000001980)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001940)={&(0x7f0000001900)={0x1c, r6, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x1) ioctl$EXT4_IOC_MOVE_EXT(r4, 0x4030582a, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x4}) r7 = accept$unix(r4, &(0x7f00000019c0)=@abs, &(0x7f0000001a40)=0x6e) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000001a80)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='rpcgss_svc_seqno_low\x00', r4, 0x0, 0x1}, 0x18) sendmmsg$inet6(r3, &(0x7f0000000000)=[{{&(0x7f0000000080)={0xa, 0x0, 0x3e, @dev={0xfe, 0x80, '\x00', 0x21}}, 0x1c, 0x0, 0x0, 0x0, 0xf}}, {{&(0x7f00000006c0)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xa4}, 0x1c, 0x0, 0x0, &(0x7f0000000d40)=[@pktinfo={{0x24, 0x29, 0x32, {@loopback={0xff00000000000000}}}}], 0x28}}], 0x2, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=@migrate={0xec, 0x21, 0x1, 0x70bd2d, 0x25dfdbfe, {{@in=@multicast1, @in=@rand_addr=0x64010100, 0x4e22, 0x8001, 0x7, 0x0, 0xa, 0x80, 0x80, 0x3b}, 0x6e6bb3, 0x1}, [@migrate={0x9c, 0x11, [{@in6=@empty, @in=@loopback, @in=@multicast1, @in6=@private0, 0x2b, 0x3, 0x0, 0x34ff, 0x2, 0xa}, {@in=@loopback, @in=@dev={0xac, 0x14, 0x14, 0x19}, @in=@multicast1, @in=@dev={0xac, 0x14, 0x14, 0x42}, 0xff, 0x3, 0x0, 0x3501, 0x5, 0x2}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000000) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 1.940193303s ago: executing program 0 (id=3931): sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="200000001814010000001000000000000800010000000000080003"], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) 1.811379997s ago: executing program 0 (id=3933): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002cc0)=@newtfilter={0x84, 0x2c, 0xd27, 0x3, 0x0, {0x0, 0x0, 0x0, r1, {0x8}, {}, {0x5}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x54, 0x2, [@TCA_CGROUP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5c3, 0x3, 0x7fffffff, 0xfff, 0x7, {0x4, 0x2, 0x6, 0xb8, 0xe8}, {0x7, 0x0, 0x6, 0xe139, 0xfffd, 0x80000000}, 0x3, 0x10000, 0x2}}]}, @TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2f0d}}]}]}}]}, 0x84}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.611290973s ago: executing program 0 (id=3936): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00'}) socket$key(0xf, 0x3, 0x2) r1 = socket$inet(0x2, 0x3, 0x2) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x28}}, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0) 1.378439149s ago: executing program 0 (id=3939): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b04200000000000000002000000540004803c0001800a0001006c696d69740000002c0002800c000240000000000000000008000540000000020c00014000000000000000010800044000000001140001800b0001007470726f78790000040002800900010073797a30000000000900020073797a32"], 0xa8}}, 0x0) 1.164568986s ago: executing program 0 (id=3942): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1}, &(0x7f0000000140), &(0x7f0000000200)}, 0x20) r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f00000027c0)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x100, 0x0) 1.158560185s ago: executing program 4 (id=3943): sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="200000001814010000001000000000000800010000000000080003"], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) 1.09460333s ago: executing program 4 (id=3944): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_DELETE_ELEM(0x4, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newlink={0x64, 0x10, 0xffffff1f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x35288}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}]}}}, @IFLA_MTU={0x8, 0x4, 0x8d3}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080) 1.044242647s ago: executing program 5 (id=3945): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000180)={@ipv4={'\x00', '\xff\xff', @private=0xa010100}, r2}, 0x14) 979.758091ms ago: executing program 6 (id=3946): unshare(0x600) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x2000141a) 877.247374ms ago: executing program 5 (id=3947): bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup=r1, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000001c0)) socket(0x29, 0x1, 0xffff8001) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x4e23, 0x0, @mcast2, 0x2}}, {{0xa, 0x0, 0x0, @remote, 0x5}}}, 0x108) r3 = socket(0x80000000000000a, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x2004c044) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x108) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xfffc}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x17, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x88}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r7, 0x0, 0x33, 0x0, &(0x7f00000000c0)) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}], {0x14}}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) 784.276339ms ago: executing program 6 (id=3948): socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x8982, 0x20000000) 761.460256ms ago: executing program 4 (id=3949): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000002295"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0103000000000000000001"], 0x34}}, 0x0) 655.929893ms ago: executing program 5 (id=3950): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x300f000, 0xe, 0x0, &(0x7f0000000400)="1069c2704a075e307300ac14dd46", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 580.056493ms ago: executing program 6 (id=3951): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@ipv6_getaddr={0x18, 0x16, 0x3c2be10bca706f15, 0x0, 0x0, {0xa, 0x0, 0x2c}}, 0x18}}, 0x0) 554.893992ms ago: executing program 4 (id=3952): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b04200000000000000002000000540004803c0001800a0001006c696d69740000002c0002800c000240000000000000000008000540000000020c00014000000000000000010800044000000001140001800b0001007470726f78790000040002800900010073797a30000000000900020073797a32"], 0xa8}}, 0x0) 462.373776ms ago: executing program 5 (id=3953): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000001900)={@fallback, 0xffffffffffffffff, 0x2f, 0x0, 0x0, @void, @value}, 0x20) 447.118801ms ago: executing program 6 (id=3954): sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="200000001814010000001000000000000800010000000000080003"], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) 412.495656ms ago: executing program 1 (id=3955): socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 363.006388ms ago: executing program 4 (id=3956): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback, 0x580d5476}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0xffffffff, @loopback}, 0x1c) sendmsg$inet(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="98e9", 0x2}], 0x1}, 0x8001) socketpair$unix(0x1, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) sendto(r0, &(0x7f0000000640)="a80e9c09f5", 0x5, 0x20000800, &(0x7f0000000000)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@null, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x80) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000c2b000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000005380)=""/226, 0xe2, 0x0, 0x0}, &(0x7f00000064c0)=0x40) socket$inet(0x2, 0x2, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0x8, 0x3, 0x268, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x1f8, 0x194, 0x194, 0x1f8, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @local, 0xff000000, 0xff, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xd0, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}, {[0x2], [], 0x22, 0x0, 0x20}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x3, 0x0, 0xb}, {0x2, 0x5, 0x3}, 0xfffffff7, 0x101}}}, {{@ip={@multicast2, @multicast2, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xd}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x8, 0x2, 0x69a, 0x3, 'syz0\x00', 'syz1\x00', {0x4e2}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c8) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES32], 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b0014000000006ed588400004000000000000004024b5e1bf07ca21a5cb867568ba33c0b8bc253a9f02a5a19479617d75e661356ef5d947240a32bbef037c0f888fa53c987866f84a1f272806599208291e61d1b1518c24906ea574fdbaebad318de4b2cb5883906cc5a936a80aff136323a672de5afbc12f04cc691aaf747111b3220a08992a1448a5481c528cb58b647a6e4a24a2962c3c139336486613f483b903d3e90ff758579f8c10", @ANYRES32=r2, @ANYBLOB="1000"/19, @ANYRES32=0x0, @ANYBLOB="08000000010000000500"/28], 0x50) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(r0, &(0x7f0000008a40)=[{{0x0, 0x0, &(0x7f0000002940)=[{0x0}, {&(0x7f0000005480)="22f7802037a3c377d75a7d5379e2cc8106aa7c20bddae8f5ccdf51dd7be051b29e95dc685669ea9ff01b5d58196a16e5b1fa19008099b00366bd991f9903b8e3ffe5ac08481c358cc1ec67e5aa033001acfe3ba8804f14603ac945dbad07dce4b6b95ad9aeb91d3db91e3805d05340b0fa2618c17e5b90a4be5f0d71d0dea86b57378a830615cc317f1fecdf8bcbd2b16a8f2ca635b4faebe4eddf6efbd4ec0f7c0259a67c58abd658ba4cd796ea1c2bfa2da4cf04b209292d6166b464dd9724af13fb7d6ee62d840933debe7a335db462fbb5199aba75245e5dd220096136af7c76e14bd001b19f4021cfd4f52d240d221a457e40d672696b5741adf60ad2b575583d91a8e5b9f2320153b6e38ddf0fddc61f155cbe6c983c4b12b5351f57902454fe35d81df369136c8c10f65fdfb03a78b14b7907f347c9910b428df2bfbecee3f5f655fdfa4e6cd308e85ebdae7b576dd63a2f33d3e440c2dfbe604b4ab16aab9d25ac5c3a03b971f9340b99156f55aa54ef99133753cf23a589c5afe56be28c48f0eae3012ae6fed4b1142593604f61c10fe2b6827dc861b9b711e133c1b95a6d25ce15352328e0d69cd09779d0d7dc48ea45edd07a1f2dc601cc684dac84e9ec4c8413f7e31249010b1fc82bbb5aca0cee08b45a4e4eb959e757a745e06ac445280ffe82394e35dea7f4d6f45a32b84379e383c0ff38c887ecdb29b609f09d4620a35a305936e613c22462ac744c0dbd4816c93711e880767bea7396ba7062cfc218e369d8042dfbde814d0d3267bd240cf362661be18a64d95a201a2f3f3a100b3011b9be0dcc858c222041c5a3fc7391f37cf6cf1f3742e07ac3a1d072d78d0edef2aaab3ebe1559a12ccc515be6cc5a00955107e30a4f75155c4bb3053113ab5884b2276e2d7cbef4dc949665fc8cc9899be667e87f1e6db4cd089345fc6a092b174244692f4763ba41e3e0c0f403ed75e37570ec6dbc83a4ad7b308a31b5f7a4632b8a99573297550d1848d39cab6ba814b7b64320bad2eac73482f3e44d1304d5e5d96d3a99e4b22a59b06f966b7adc0ae966262da3da7ce0e5705d8c5ec0d28f5918b9859f1dd7f755b136946c4bd2ad845ebb9d9a789fbc875c87478b2b2f444e4044c73ff0af4828f9b5257b6a7c8e07c835d64d0540b7fc89a94908f50da502a73cb15f59077f2d3c4984b950e2a37a24154f7a7c96f5d5b61de08d1b76ad6f29d073ed256d5ad37f9792eceacc4b8be6f651734b78f8bdf1a55a1ba478f3fe65746f1a45d5f40d862cb67c8cb34ccc7cb9796f0ab1b39a62795bf3e2c684ea533bf1687d2a634960001c379a3dfffc830649eea7ae04f24d8b5d1aaf4ab0e72ee1e6a2c71cb91dd1dadf214e0adcb6fbae3ee1f8463a78fbd41b8c954ea93f9db517d2cff77d2783e4b4f330c98753ae3b27f1aac6e6eb120addbc3a90112d1247fcca7471f6b1bd4ca576a4ada30a794580876b8525a3d99a23e1f05eca9197a7bca8ba40cb77e127943694df8a929dfa9dae9798f42992befb4d8b68ffc756fd147e42db34122e41ecc3ec79cda43b6fc49e3a83be881eda90a55dab12fcb00a29119fdf436921c4da29a4e5aebe57aa46efd899041544e1675405ce36238f14f230f498862a25aeca660f06df0fe0f0d8497566ef244cc03cc2ad9e6c0ada493e06922af3783d5fedede65fbd53098a7ed1e241cc34bb388e2a158de8aa3a421ca28fd47a554e3357b81a449bb8ca39305cb724686d2202ee8a79d3bd0325282afdd5d4dbd1def861e416313411281dd384879dff116d804fbd1f480cccbcdd828baceca9c6ac070ecb311e05821a80037f6e22ed263bef019d1b08d92da3d07817dc789e6d7676458e89051680d4b8628e9282754e6bc675a73b69c56400d8938260c1f2a499282a752a955265ed83a0eefa22c1a56fbba0ac957bd2e65dc00ee17532d86fbfb246db770b3070b74da5a1b15b669ff169500659e834ef021eea379e20c1fecb695dd1d193d5fe596662f770ab9410d46eb7bf73b408864c924f3251f5942c6ed17a8da45118902029c3bb9c8700aa961eec086393cee7247d77a33f3d144bcb4d2578f76018cfa08cb5671b87926cfba84ffb310e43012c3a547631ab31ee99d87f7b3ec59f39bd9f9834af896e3e4a3aeb44ab9b1b884d198550aeeae65f128ab7eafb1e4490d306cc2a39b1dff7520a22bd15e20534630123cb9c283fbe011a1050a7f7bfd4dbe1b2715d16f099429203dbdc3245b436ec8a318510aaf9321fbaa571c3bd739f27ca3e4847ad05af76e564063cc365adea4e1560f1d47ef11532455a39854b2cdd477a669ad6b20ae294373a429cc81773f65fe27cd348c6859fe4e5e47ad1e9a0cc81d0924954bcc6b7e93ad05a2bfc6ee4a4d3a5bdc352c032a338415844f610308ab50f7db207fe76d739b64dc99b493b639ae0f1226f714891ee115225926a6c4f3d4352592d32a22a462d84a8e493bcaa00a1b2b71ac50f5e02101d23f20584cadc21cf7eafd69a2d19aacf7983fba52b5fa201ac9d3827d1a369ef2512cbeb68927a1fa297a0b4cd77e3c97fd2efa95bffb4072e2aaac23d02b19acf6e935ddaef049562c1efa5892364fbe4fd06df8845", 0x74c}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0xc0001) 316.346904ms ago: executing program 6 (id=3957): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000000000000850000007100000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 289.523381ms ago: executing program 5 (id=3958): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback={0x300}}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) 214.731767ms ago: executing program 1 (id=3959): getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x13, &(0x7f00000000c0)=""/154, &(0x7f0000000000)=0x9a) 100.240799ms ago: executing program 6 (id=3960): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x81, @void, @value}, 0x94) 99.665399ms ago: executing program 5 (id=3961): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="be38", 0x2}, {0x0}], 0x2, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @dev}}}], 0x20}, 0xc0) 298.133µs ago: executing program 0 (id=3962): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f00000018c0)=[{{&(0x7f0000000100)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000001ac0)="0561ce7e42cea4dc22f0dc9db04ccdd5268478bfb820459d80d37db29af373d4f43776135dafc401a50b43638bf1956441491ed40b2d894c3b1217f24398ea1ec3763a3e8763ddfcaa86632ff7312c5678c99c01fed94f62749a09f30450f216b121b4daf30ebe721ebe245b5d21985af3ed12913734e0fe1aee7b9c17cac7e185fd2df902e93f5d702f489c6bb2f13cf6fe762b80093023c69ef05d58f73ed8ef7a07b0e3a86854754c7b0088bc8ced64dcb2f7958b5171a1931802504b1a535e249ed25d841af22cac0a622459c0d2a2b307638ec88f0e9a9e648d777d709d8244fe1d1acdfd1fe9c00f1bcae449b0eb8a0272a330483f343762da6d63fc44d3a5a9be6f97483cbc70c39373e67909fd92be3c05996142fe5187d808f3e3ea8771e7b119b91488aa5d5314280762a55165d2a23d1fd1639011d81715259086b4bc7f0b5e6274dcc0472f16b94745c9f151b629ac4567fe63425e31f1ca9198e8df7b34f1bd65c5cfa77dc4af80787963665fd3223ab429ad2ad1f3f7cee5c3830d7090ecd70c28c5b0e1829bbbcff38e06345aa8b95189cdfaa84099c74e55106c3e68bbef58df00a069fba429853df50c5c7e053d5cf7610b1265021dc4c9ec39e333ca359ec24e23c3f22e5b8028b7abe96e9647b3037b11a77d89fcaa799d84d4dfb15a0fda3f2ee641d341aaf1e55d08f6a55e4a2cfcb780c44ce89bd6059c3b8c334f572e8f17f75b820eff6e7e7849ed4242569afa4dd01e15db2f687f8bae86548047e7b2fdc748e5df628a72e992ed8d942fd2dd224dd39e0f12f8071afed2f814d45f09592e679f8b670f56b3d9ec187e9ea8fff560f765a87b4a2abfcff8f751218aee3fdf0f7dbe9fb81d619e3454365ae6994c5918b822546db1d979bc83e63b5a34f18e5ce48d33270ca2e17bbd7523473adca2251b86d9926ac844bcbd85b6fb0f30299f72c61dc71fad6d3c410b51cd7a09946e4b9640375eaae7508cc3af7bb5856670869a78b8b7ffca1b67aa33b9b1c9c0dbbcf63c0625e4a5ec57d6a52332c3ae13307b39a17814b055e9e27ed6782f8b3f3911199a6bec0eeb9e0eb2bf7877b80981d9d600b3b894d01885c1f9c1a71a47a79d615e931c4aa6725d34834704aff578d6aed11b86ee3c4fe48fe286178a3fc5567ce4ce7106acba8ab41993ec3d18b7e8c0fe83098da102415308976b339ccb9bcf3ab4ff71498361bb5a19c289d3dddeb278dde9fbd49159931fdc7618e70261a9262a0412b8ee69bf0444ec60821f1ac8a5d3847bb7db544acb6b0c08a3817514e8e48cad3fde3152e48e6af25c6d6150cae421f2f10124831a3d6d621a69045f06a69be15efaa7d02074f7ce43eec410a49dbd7d098a41ed5da587785e3f6c5efcc5278fb7f274d3f969924c5c968ce9cb0d593e4da6a95f721ddb0447da7ed1490db67c6c4441c17f76e22a3069bf4e0fa6c86a1329fa0613cb8bddba2745a3c23996eb5e06b648101d859948a228c5190a7d8ae1ee2560b095ee8239f2234f4b56f066a0975ebece106c585d806f476142d767ac0a05b7b0d114b18a0053bfc59bbe96c1f15a6fe2208ec7b6aaca0a4db3fdedb48cdafbb5a7eae19eaf0c4631038b6f4f55d940461da4bffec664ec1b10bdf19f4d1d3b9d2691bffe913212cfc0d15674cbb0b353249a74a72fe8846a9bbe78c6be7cda51daef615805e8ab7a8ab319e94222af72591d7ce0d909bc7c6745d03695548d696cce0f86664331c27d167a01f0c59c214e33e45ceb72946b9ea7a34d2c16bc0dd60cb868e2701f54945215fbd35da46fa3477b760df846f0f67af3be77950f3b880a5076c6a9f6adb98d18f7d7d875bb9831fb64559ffd5ac204b153093a6ff9dadd60563edf2febfdaf69e2b7934893744301b2b52bc4c85f06465082163436fe9cab926f990ab34d50c305babcc52f288a1e3263d653727d2f8fae46b254308a3bd66f530c299d6afda45f11c05e42ba57df59745ddd62b8f2c7bf33e4bbc65da7e385554349bb8c1669ac2a0137cf8964a977e7513096d84d7359b51fb94bbf58363f43fe23386a", 0x5c1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000180)="9246b6abfd93", 0x6}], 0x1}}], 0x3, 0x240080e4) sendto$inet(r0, 0x0, 0x0, 0x20000000, 0x0, 0x0) 144.911µs ago: executing program 1 (id=3963): r0 = socket$inet_sctp(0x2, 0x1, 0x84) pselect6(0x40, &(0x7f0000000000)={0x9}, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x1e, 0x4, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0) listen(r0, 0xda90) accept4(r0, 0x0, 0x0, 0x0) 0s ago: executing program 4 (id=3964): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000440)='a', 0x1}], 0x1, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = openat$cgroup_devices(r2, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0) splice(r0, 0x0, r3, 0x0, 0x10500, 0x0) kernel console output (not intermixed with test programs): 9][ T8938] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1219.207547][ T8938] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1219.241544][ T8938] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1219.269255][ T8938] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.302866][T16862] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1219.332102][T16862] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1219.365882][T16862] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1219.405960][T16862] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1219.412991][T15424] Bluetooth: hci1: command tx timeout [ 1219.474838][T16242] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1219.484453][T16242] pwc: recv_control_msg error -32 req 02 val 2700 [ 1219.501696][T16242] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1219.521647][T16942] nfs: Unknown parameter ' ' [ 1219.536773][T16242] pwc: recv_control_msg error -32 req 04 val 1000 [ 1219.550592][ T8938] usb 6-1: usb_control_msg returned -32 [ 1219.556552][ T8938] usbtmc 6-1:16.0: can't read capabilities [ 1219.574672][ T8938] usb 6-1: USB disconnect, device number 25 [ 1219.596916][T16242] pwc: recv_control_msg error -32 req 04 val 1300 [ 1220.035704][T16242] pwc: recv_control_msg error -71 req 02 val 2000 [ 1220.101665][T16242] pwc: recv_control_msg error -71 req 02 val 2100 [ 1220.201904][T16242] pwc: recv_control_msg error -71 req 04 val 1500 [ 1220.262627][T16242] pwc: recv_control_msg error -71 req 02 val 2500 [ 1220.285176][T16242] pwc: recv_control_msg error -71 req 02 val 2400 [ 1220.306373][T16242] pwc: recv_control_msg error -71 req 02 val 2600 [ 1220.330201][T16242] pwc: recv_control_msg error -71 req 02 val 2900 [ 1220.362896][T16242] pwc: recv_control_msg error -71 req 02 val 2800 [ 1220.391422][T16862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1220.399520][T16242] pwc: recv_control_msg error -71 req 04 val 1100 [ 1220.417865][T16242] pwc: recv_control_msg error -71 req 04 val 1200 [ 1220.449978][T16242] pwc: Registered as video103. [ 1220.505000][T16242] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input40 [ 1220.517686][T16862] 8021q: adding VLAN 0 to HW filter on device team0 [ 1220.552768][T16242] usb 7-1: USB disconnect, device number 9 [ 1220.686109][T16862] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1220.696870][T16862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1220.715852][T16654] bridge0: port 1(bridge_slave_0) entered blocking state [ 1220.723126][T16654] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1220.732384][T16654] bridge0: port 2(bridge_slave_1) entered blocking state [ 1220.739586][T16654] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1222.341906][ T29] audit: type=1804 audit(1733850193.861:287): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3095" name="/newroot/73/file1" dev="fuse" ino=1 res=1 errno=0 [ 1222.822881][ T29] audit: type=1800 audit(1733850193.861:288): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.3095" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1222.849762][T16862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1222.947476][ T29] audit: type=1804 audit(1733850193.861:289): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3095" name="/newroot/73/file1" dev="fuse" ino=1 res=1 errno=0 [ 1222.979866][ T29] audit: type=1804 audit(1733850193.861:290): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3095" name="/newroot/73/file1" dev="fuse" ino=1 res=1 errno=0 [ 1223.047294][ T29] audit: type=1800 audit(1733850193.861:291): pid=16995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.3095" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1223.978210][T16862] veth0_vlan: entered promiscuous mode [ 1224.020685][T16862] veth1_vlan: entered promiscuous mode [ 1224.089105][T16862] veth0_macvtap: entered promiscuous mode [ 1224.121926][T16862] veth1_macvtap: entered promiscuous mode [ 1224.137835][ T5904] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1224.163845][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.174516][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.184578][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.195414][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.205682][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.216585][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.226915][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.237454][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.247845][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.258440][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.268624][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1224.279387][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.290911][T16862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1224.321349][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.331952][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.342570][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.353597][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.363708][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.383632][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.401276][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.418739][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.429962][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.451588][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.478114][T16862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1224.499233][T16862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1224.522631][ T5904] usb 6-1: Using ep0 maxpacket: 8 [ 1224.529412][ T5904] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1224.542346][T16862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1224.563163][ T5904] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1224.590030][T16862] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.608087][ T5904] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1224.621312][T16862] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.640454][ T5904] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1224.647167][ T5904] usb 6-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 1224.656735][T16862] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.672785][T16862] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.681898][ T5904] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1224.706999][ T5904] usb 6-1: config 0 descriptor?? [ 1224.768630][T13177] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1224.865214][T16693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1224.873116][T16693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1224.930968][T16693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1224.952607][T16693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1224.979461][T13177] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1225.013130][T13177] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1225.046949][T13177] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1225.069439][T13177] usb 2-1: config 0 descriptor?? [ 1225.093888][T13177] pwc: Askey VC010 type 2 USB webcam detected. [ 1225.166157][ T5904] nintendo 0003:057E:200E.001C: unknown main item tag 0x0 [ 1225.173431][ T5904] nintendo 0003:057E:200E.001C: unknown main item tag 0x0 [ 1225.191804][ T5904] nintendo 0003:057E:200E.001C: unknown main item tag 0x0 [ 1225.199226][ T5904] nintendo 0003:057E:200E.001C: unknown main item tag 0x0 [ 1225.207060][ T5904] nintendo 0003:057E:200E.001C: unknown main item tag 0x0 [ 1225.216647][ T5904] nintendo 0003:057E:200E.001C: hidraw0: USB HID v80.04 Device [HID 057e:200e] on usb-dummy_hcd.5-1/input0 [ 1225.688791][ T5904] nintendo 0003:057E:200E.001C: Failed charging grip handshake [ 1225.832223][T13177] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1225.983497][T13177] pwc: recv_control_msg error -32 req 02 val 2700 [ 1225.991173][ T5904] nintendo 0003:057E:200E.001C: Failed to initialize controller; ret=-110 [ 1226.008262][T13177] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1226.038729][T13177] pwc: recv_control_msg error -32 req 04 val 1000 [ 1226.040329][T17027] nfs: Unknown parameter ' ' [ 1226.049059][ T5904] nintendo 0003:057E:200E.001C: probe - fail = -110 [ 1226.093132][ T5904] nintendo 0003:057E:200E.001C: probe with driver nintendo failed with error -110 [ 1226.151193][T13177] pwc: recv_control_msg error -32 req 04 val 1300 [ 1226.194435][ T29] audit: type=1326 audit(1733850197.528:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17036 comm="syz.0.3105" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x0 [ 1226.688918][T17044] erofs (device erofs): cannot find valid erofs superblock [ 1227.279166][T13177] pwc: recv_control_msg error -71 req 02 val 2000 [ 1227.613625][T13177] pwc: recv_control_msg error -71 req 02 val 2100 [ 1227.634578][T13177] pwc: recv_control_msg error -71 req 04 val 1500 [ 1227.641639][T13177] pwc: recv_control_msg error -71 req 02 val 2500 [ 1227.650566][T13177] pwc: recv_control_msg error -71 req 02 val 2400 [ 1227.657599][T13177] pwc: recv_control_msg error -71 req 02 val 2600 [ 1227.665090][T13177] pwc: recv_control_msg error -71 req 02 val 2900 [ 1227.672981][T13177] pwc: recv_control_msg error -71 req 02 val 2800 [ 1227.680058][T13177] pwc: recv_control_msg error -71 req 04 val 1100 [ 1227.687332][T13177] pwc: recv_control_msg error -71 req 04 val 1200 [ 1227.696867][T13177] pwc: Registered as video103. [ 1227.699803][T13896] usb 6-1: USB disconnect, device number 26 [ 1227.717299][T13177] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input41 [ 1227.762768][T13177] usb 2-1: USB disconnect, device number 64 [ 1228.125943][T16242] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1228.287581][T16242] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1228.299738][T16242] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1228.328452][T16242] usb 5-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 1228.348605][T16242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1228.510798][T16242] usb 5-1: config 0 descriptor?? [ 1228.520834][T16242] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1230.169857][T16242] usb 5-1: USB disconnect, device number 71 [ 1231.549159][T17090] Cannot find add_set index 0 as target [ 1232.786679][ T5904] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1233.717621][ T5904] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1233.731099][ T5904] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1233.741276][ T5904] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1233.761198][ T5904] usb 6-1: config 0 descriptor?? [ 1233.772533][ T5904] pwc: Askey VC010 type 2 USB webcam detected. [ 1234.202686][ T5904] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1234.253093][ T5904] pwc: recv_control_msg error -32 req 02 val 2700 [ 1234.260405][ T5904] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1235.225863][ T5904] pwc: recv_control_msg error -32 req 04 val 1000 [ 1235.500941][T17136] nfs: Unknown parameter '' [ 1235.962039][ T5904] pwc: recv_control_msg error -32 req 04 val 1300 [ 1236.068710][T17140] openvswitch: netlink: Message has 4 unknown bytes. [ 1236.099354][T17140] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1236.255269][T17146] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3136'. [ 1236.284067][ T5904] pwc: recv_control_msg error -71 req 02 val 2000 [ 1236.292358][ T5904] pwc: recv_control_msg error -71 req 02 val 2100 [ 1236.335658][ T5904] pwc: recv_control_msg error -71 req 04 val 1500 [ 1236.346760][ T5904] pwc: recv_control_msg error -71 req 02 val 2500 [ 1236.357507][ T5904] pwc: recv_control_msg error -71 req 02 val 2400 [ 1236.367892][ T5904] pwc: recv_control_msg error -71 req 02 val 2600 [ 1236.378822][ T5904] pwc: recv_control_msg error -71 req 02 val 2900 [ 1236.391576][ T5904] pwc: recv_control_msg error -71 req 02 val 2800 [ 1236.400863][ T5904] pwc: recv_control_msg error -71 req 04 val 1100 [ 1236.409754][ T5904] pwc: recv_control_msg error -71 req 04 val 1200 [ 1236.419847][ T5904] pwc: Registered as video103. [ 1236.426023][ T5904] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input42 [ 1236.438957][ T5904] usb 6-1: USB disconnect, device number 27 [ 1239.831534][ T8] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1241.245254][T17178] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3145'. [ 1241.253483][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1241.274817][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1241.285379][ T8] usb 5-1: New USB device found, idVendor=07c0, idProduct=1524, bcdDevice= 0.00 [ 1241.319257][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1241.771049][ T8] usb 5-1: config 0 descriptor?? [ 1242.123321][ T8] usb 5-1: can't set config #0, error -71 [ 1242.142846][ T8] usb 5-1: USB disconnect, device number 72 [ 1242.996672][T16242] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1243.017745][ T2149] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1243.194298][T16242] usb 5-1: Using ep0 maxpacket: 32 [ 1243.257410][T16242] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1243.308246][T16242] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 1243.470733][T16242] usb 5-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1243.541258][T16242] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1243.558859][T16242] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 1243.568811][T16242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1243.582636][T16242] usb 5-1: config 0 descriptor?? [ 1243.840786][T13896] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1244.197273][T13896] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1244.312200][T13896] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1244.321632][T13896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1244.509578][T13896] usb 2-1: config 0 descriptor?? [ 1244.538450][T13896] pwc: Askey VC010 type 2 USB webcam detected. [ 1244.764293][T17221] netlink: 'syz.5.3158': attribute type 1 has an invalid length. [ 1244.772665][T17221] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3158'. [ 1244.984477][T16242] hid-thrustmaster 0003:044F:B65D.001D: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 1244.984798][T17223] netlink: 'syz.0.3159': attribute type 25 has an invalid length. [ 1245.004589][T17223] netlink: 'syz.0.3159': attribute type 44 has an invalid length. [ 1245.032691][T13896] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1245.039990][T13896] pwc: recv_control_msg error -32 req 02 val 2700 [ 1245.047182][T13896] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1245.055418][T13896] pwc: recv_control_msg error -32 req 04 val 1000 [ 1245.071146][T13896] pwc: recv_control_msg error -32 req 04 val 1300 [ 1245.211609][T16242] hid-thrustmaster 0003:044F:B65D.001D: setup data couldn't be sent [ 1245.213964][T13896] pwc: recv_control_msg error -32 req 04 val 1400 [ 1245.255385][ C1] hid-thrustmaster 0003:044F:B65D.001D: URB to get model id failed with error -71 [ 1245.434783][T16242] usb 5-1: USB disconnect, device number 73 [ 1245.781930][T13896] pwc: recv_control_msg error -71 req 02 val 2100 [ 1245.825964][T13896] pwc: recv_control_msg error -71 req 04 val 1500 [ 1245.833280][T13896] pwc: recv_control_msg error -71 req 02 val 2500 [ 1245.841418][T13896] pwc: recv_control_msg error -71 req 02 val 2400 [ 1245.848306][T13896] pwc: recv_control_msg error -71 req 02 val 2600 [ 1245.855857][T13896] pwc: recv_control_msg error -71 req 02 val 2900 [ 1245.868031][T13896] pwc: recv_control_msg error -71 req 02 val 2800 [ 1245.875344][T13896] pwc: recv_control_msg error -71 req 04 val 1100 [ 1245.883371][T13896] pwc: recv_control_msg error -71 req 04 val 1200 [ 1245.896732][T13896] pwc: Registered as video103. [ 1245.902855][T13896] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input43 [ 1245.965177][T13896] usb 2-1: USB disconnect, device number 65 [ 1247.198396][T17245] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1247.429459][T17245] netlink: 'syz.6.3166': attribute type 10 has an invalid length. [ 1247.485038][T17245] team0: Device hsr_slave_0 failed to register rx_handler [ 1247.630540][T17241] netlink: 'syz.5.3165': attribute type 8 has an invalid length. [ 1248.290687][T17258] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3169'. [ 1248.386710][T17261] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1251.619957][T17301] overlayfs: missing 'workdir' [ 1252.917836][ T29] audit: type=1804 audit(1733850222.512:293): pid=17314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3183" name="/newroot/90/file1" dev="fuse" ino=1 res=1 errno=0 [ 1253.538269][ T29] audit: type=1800 audit(1733850222.512:294): pid=17314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.3183" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1253.560270][ T29] audit: type=1804 audit(1733850222.512:295): pid=17314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3183" name="/newroot/90/file1" dev="fuse" ino=1 res=1 errno=0 [ 1253.581738][ T29] audit: type=1804 audit(1733850222.512:296): pid=17314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3183" name="/newroot/90/file1" dev="fuse" ino=1 res=1 errno=0 [ 1253.602048][ T29] audit: type=1800 audit(1733850222.512:297): pid=17314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.3183" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1253.772177][ T2149] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1253.951132][T17325] netlink: zone id is out of range [ 1253.955703][ T2149] usb 6-1: config 14 has an invalid interface number: 41 but max is 1 [ 1253.965926][T17325] netlink: zone id is out of range [ 1253.973986][ T2149] usb 6-1: config 14 has an invalid interface number: 170 but max is 1 [ 1253.986984][T15424] Bluetooth: hci0: command 0x0406 tx timeout [ 1254.010493][ T2149] usb 6-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config [ 1254.017941][T17325] netlink: zone id is out of range [ 1254.032467][T17325] netlink: zone id is out of range [ 1254.094352][ T2149] usb 6-1: config 14 has no interface number 0 [ 1254.126733][ T2149] usb 6-1: config 14 has no interface number 1 [ 1254.151073][ T2149] usb 6-1: config 14 interface 41 altsetting 6 has an endpoint descriptor with address 0x58, changing to 0x8 [ 1254.156900][T17325] netlink: zone id is out of range [ 1254.200610][T17325] netlink: zone id is out of range [ 1254.205836][T17325] netlink: zone id is out of range [ 1254.210483][ T2149] usb 6-1: config 14 interface 41 altsetting 6 has a duplicate endpoint with address 0x8, skipping [ 1254.244619][ T2149] usb 6-1: config 14 interface 41 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 1254.288600][ T2149] usb 6-1: config 14 interface 41 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1254.290853][T17325] netlink: zone id is out of range [ 1254.338730][ T2149] usb 6-1: config 14 interface 170 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 1254.349388][T17325] netlink: zone id is out of range [ 1254.364310][T17325] netlink: zone id is out of range [ 1254.370360][T17329] ipvlan2: entered promiscuous mode [ 1254.388855][T17329] ipvlan2: entered allmulticast mode [ 1254.394613][ T2149] usb 6-1: config 14 interface 41 has no altsetting 0 [ 1254.412986][T17329] bond0: entered allmulticast mode [ 1254.418687][T17329] bond_slave_0: entered allmulticast mode [ 1254.447135][T17329] bond_slave_1: entered allmulticast mode [ 1254.460678][ T2149] usb 6-1: string descriptor 0 read error: -22 [ 1254.478279][ T2149] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0004, bcdDevice=97.d0 [ 1254.490898][T17329] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1254.511339][ T2149] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1254.543789][ T2149] kvaser_usb 6-1:14.41: error -ENODEV: Cannot get usb endpoint(s) [ 1254.581326][ T2149] kvaser_usb 6-1:14.170: error -ENODEV: Cannot get usb endpoint(s) [ 1255.696752][ T29] audit: type=1804 audit(1733850225.103:298): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.3194" name="/newroot/28/file1" dev="fuse" ino=1 res=1 errno=0 [ 1256.151738][ T29] audit: type=1800 audit(1733850225.103:299): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.3194" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1256.256128][ T29] audit: type=1804 audit(1733850225.103:300): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.3194" name="/newroot/28/file1" dev="fuse" ino=1 res=1 errno=0 [ 1256.350752][ T2149] usb 6-1: USB disconnect, device number 29 [ 1256.359473][ T29] audit: type=1804 audit(1733850225.103:301): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.3194" name="/newroot/28/file1" dev="fuse" ino=1 res=1 errno=0 [ 1256.445053][ T29] audit: type=1800 audit(1733850225.103:302): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.3194" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1258.527232][T17382] Cannot find set identified by id 0 to match [ 1259.430332][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 1259.430382][ T29] audit: type=1804 audit(1733850228.574:308): pid=17395 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.3207" name="/newroot/293/file1" dev="fuse" ino=1 res=1 errno=0 [ 1259.674015][ T29] audit: type=1800 audit(1733850228.574:309): pid=17395 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.3207" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1259.777926][ T29] audit: type=1804 audit(1733850228.574:310): pid=17394 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.3207" name="/newroot/293/file1" dev="fuse" ino=1 res=1 errno=0 [ 1259.919827][ T29] audit: type=1804 audit(1733850228.574:311): pid=17394 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.5.3207" name="/newroot/293/file1" dev="fuse" ino=1 res=1 errno=0 [ 1259.948820][ T29] audit: type=1800 audit(1733850228.574:312): pid=17394 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.3207" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1261.103664][T17416] Bluetooth: MGMT ver 1.23 [ 1262.308277][T17431] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3220'. [ 1262.337339][T17431] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3220'. [ 1262.367487][T17431] netlink: 'syz.6.3220': attribute type 12 has an invalid length. [ 1262.376126][T17431] netlink: 'syz.6.3220': attribute type 11 has an invalid length. [ 1263.347890][T17457] FAULT_INJECTION: forcing a failure. [ 1263.347890][T17457] name failslab, interval 1, probability 0, space 0, times 0 [ 1263.361943][T17457] CPU: 0 UID: 0 PID: 17457 Comm: syz.0.3232 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1263.372782][T17457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1263.382896][T17457] Call Trace: [ 1263.386209][T17457] [ 1263.389189][T17457] dump_stack_lvl+0x241/0x360 [ 1263.393934][T17457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1263.399200][T17457] ? __pfx__printk+0x10/0x10 [ 1263.403819][T17457] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1263.409406][T17457] ? __pfx___might_resched+0x10/0x10 [ 1263.414723][T17457] should_fail_ex+0x3b0/0x4e0 [ 1263.419439][T17457] should_failslab+0xac/0x100 [ 1263.424180][T17457] ? getname_flags+0xb7/0x540 [ 1263.428896][T17457] kmem_cache_alloc_noprof+0x70/0x380 [ 1263.434433][T17457] getname_flags+0xb7/0x540 [ 1263.438996][T17457] user_path_at+0x24/0x60 [ 1263.443357][T17457] __se_sys_mount+0x297/0x3c0 [ 1263.448056][T17457] ? __pfx___se_sys_mount+0x10/0x10 [ 1263.453272][T17457] ? do_syscall_64+0x100/0x230 [ 1263.458244][T17457] ? __x64_sys_mount+0x20/0xc0 [ 1263.463028][T17457] do_syscall_64+0xf3/0x230 [ 1263.467577][T17457] ? clear_bhb_loop+0x35/0x90 [ 1263.472306][T17457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1263.478240][T17457] RIP: 0033:0x7fe5b737ff19 [ 1263.482685][T17457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1263.502327][T17457] RSP: 002b:00007fe5b8140058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1263.510786][T17457] RAX: ffffffffffffffda RBX: 00007fe5b7545fa0 RCX: 00007fe5b737ff19 [ 1263.518792][T17457] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000 [ 1263.526782][T17457] RBP: 00007fe5b81400a0 R08: 0000000020000080 R09: 0000000000000000 [ 1263.534774][T17457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1263.542774][T17457] R13: 0000000000000000 R14: 00007fe5b7545fa0 R15: 00007ffc437cccc8 [ 1263.550957][T17457] [ 1263.662365][T17463] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3234'. [ 1263.676472][T17463] bridge0: entered promiscuous mode [ 1263.687610][T17463] bridge0: left promiscuous mode [ 1263.810747][T16242] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1263.944468][T17471] xt_TCPMSS: Only works on TCP SYN packets [ 1263.983232][T16242] usb 5-1: Using ep0 maxpacket: 8 [ 1263.999599][T16242] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1264.009731][T16242] usb 5-1: config 1 interface 0 altsetting 49 endpoint 0x81 has an invalid bInterval 247, changing to 11 [ 1264.046077][T16242] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1264.058951][T16242] usb 5-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.40 [ 1264.109843][T16242] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=5 [ 1264.131601][T16242] usb 5-1: Product: syz [ 1264.135836][T16242] usb 5-1: Manufacturer: syz [ 1264.176053][T16242] usb 5-1: SerialNumber: syz [ 1265.670889][ T29] audit: type=1804 audit(1733850233.728:313): pid=17490 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3244" name="/newroot/104/file1" dev="fuse" ino=1 res=1 errno=0 [ 1266.419036][ T29] audit: type=1800 audit(1733850233.728:314): pid=17490 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.3244" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1266.457735][ T29] audit: type=1804 audit(1733850233.728:315): pid=17490 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3244" name="/newroot/104/file1" dev="fuse" ino=1 res=1 errno=0 [ 1266.477750][ T29] audit: type=1804 audit(1733850233.728:316): pid=17490 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.6.3244" name="/newroot/104/file1" dev="fuse" ino=1 res=1 errno=0 [ 1266.497696][ T29] audit: type=1800 audit(1733850233.728:317): pid=17490 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.3244" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1266.580534][T17497] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge_slave_0, syncid = 2, id = 0 [ 1266.588189][T16242] usbhid 5-1:1.0: can't add hid device: -22 [ 1266.596844][T16242] usbhid 5-1:1.0: probe with driver usbhid failed with error -22 [ 1266.628198][T16242] usb 5-1: USB disconnect, device number 74 [ 1266.644297][T17500] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.653774][T17500] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.921839][T13896] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1267.081834][T13896] usb 6-1: Using ep0 maxpacket: 32 [ 1267.090848][T13896] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1267.102522][T13896] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1267.121830][T13896] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.f8 [ 1267.131742][T13896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1267.149739][T13896] usb 6-1: Product: syz [ 1267.160207][T13896] usb 6-1: Manufacturer: syz [ 1267.165352][T13896] usb 6-1: SerialNumber: syz [ 1267.173956][T13896] usb 6-1: config 0 descriptor?? [ 1267.422634][T17489] netlink: 'syz.5.3243': attribute type 1 has an invalid length. [ 1267.465934][T17489] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.3243'. [ 1267.484171][T17514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1267.513008][T17514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1267.546123][T13896] usb 6-1: USB disconnect, device number 30 [ 1267.853900][T17520] netlink: 'syz.4.3251': attribute type 10 has an invalid length. [ 1267.878983][T17520] bond0: (slave bond_slave_0): Releasing backup interface [ 1272.157963][T17589] tipc: Started in network mode [ 1272.163445][T17589] tipc: Node identity 00000000000000003a31bb0000000001, cluster identity 4711 [ 1272.213596][T17589] tipc: Enabling of bearer rejected, failed to enable media [ 1272.286754][T17593] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3272'. [ 1272.328208][T17593] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3272'. [ 1272.431526][T17596] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3272'. [ 1272.615760][T17602] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3273'. [ 1273.224575][T17612] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3278'. [ 1274.670592][ T5876] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1275.967184][ T5876] usb 2-1: Using ep0 maxpacket: 16 [ 1276.009960][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1276.032760][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1276.084266][ T5876] usb 2-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00 [ 1276.110875][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.192517][ T5876] usb 2-1: config 0 descriptor?? [ 1276.340028][T16242] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 1276.532571][ T5904] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 1276.544044][T16242] usb 6-1: Using ep0 maxpacket: 32 [ 1276.641886][T16242] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1276.651928][T16242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.663982][T16242] usb 6-1: config 0 descriptor?? [ 1276.693532][T16242] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1276.714331][ T5904] usb 7-1: Using ep0 maxpacket: 8 [ 1276.738899][ T5904] usb 7-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1276.750007][ T5904] usb 7-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1276.779457][ T5876] microsoft 0003:045E:00F9.001E: invalid report_size 1086189314 [ 1276.787634][ T5904] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1277.592530][ T5876] microsoft 0003:045E:00F9.001E: item 0 4 1 7 parsing failed [ 1277.600811][ T5876] microsoft 0003:045E:00F9.001E: parse failed [ 1277.607121][ T5904] usb 7-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 1277.616594][ T5876] microsoft 0003:045E:00F9.001E: probe with driver microsoft failed with error -22 [ 1277.628473][ T5904] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1277.642181][ T5904] usb 7-1: config 0 descriptor?? [ 1277.648162][ T5876] usb 2-1: USB disconnect, device number 66 [ 1277.764166][T17663] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3295'. [ 1278.890255][ T5904] aquacomputer_d5next 0003:0C70:F010.001F: unknown main item tag 0x0 [ 1278.898757][ T5904] aquacomputer_d5next 0003:0C70:F010.001F: unknown main item tag 0x0 [ 1278.916325][ T5904] aquacomputer_d5next 0003:0C70:F010.001F: unknown main item tag 0x0 [ 1278.927238][ T5904] aquacomputer_d5next 0003:0C70:F010.001F: unknown main item tag 0x0 [ 1278.935567][ T5904] aquacomputer_d5next 0003:0C70:F010.001F: unknown main item tag 0x0 [ 1278.975919][ T5904] aquacomputer_d5next 0003:0C70:F010.001F: hidraw0: USB HID v0.00 Device [HID 0c70:f010] on usb-dummy_hcd.6-1/input0 [ 1279.055006][T17675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3299'. [ 1279.219882][ T5904] usb 7-1: USB disconnect, device number 10 [ 1279.304380][T16242] gspca_vc032x: reg_r err -71 [ 1279.309216][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.314830][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.320183][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.326088][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.331458][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.336839][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.342163][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.347635][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.352966][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.358376][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.363739][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.369253][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.374637][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.380074][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.385431][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.390820][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.396235][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.401688][T16242] gspca_vc032x: I2c Bus Busy Wait 00 [ 1279.407019][T16242] gspca_vc032x: Unknown sensor... [ 1279.412247][T16242] vc032x 6-1:0.0: probe with driver vc032x failed with error -22 [ 1279.473531][T16242] usb 6-1: USB disconnect, device number 31 [ 1281.733532][T17695] FAULT_INJECTION: forcing a failure. [ 1281.733532][T17695] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1281.747057][T17695] CPU: 0 UID: 0 PID: 17695 Comm: syz.5.3306 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1281.757872][T17695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1281.767979][T17695] Call Trace: [ 1281.771294][T17695] [ 1281.774258][T17695] dump_stack_lvl+0x241/0x360 [ 1281.779007][T17695] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1281.784485][T17695] ? __pfx__printk+0x10/0x10 [ 1281.789231][T17695] ? __pfx_lock_release+0x10/0x10 [ 1281.794298][T17695] ? __lock_acquire+0x1397/0x2100 [ 1281.799372][T17695] should_fail_ex+0x3b0/0x4e0 [ 1281.804112][T17695] _copy_from_user+0x2f/0xc0 [ 1281.808764][T17695] kstrtouint_from_user+0xc6/0x190 [ 1281.813935][T17695] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1281.819705][T17695] ? __pfx_lock_acquire+0x10/0x10 [ 1281.824781][T17695] proc_fail_nth_write+0xaa/0x2d0 [ 1281.829851][T17695] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1281.835786][T17695] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1281.841450][T17695] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1281.847113][T17695] vfs_write+0x2a3/0xd30 [ 1281.851400][T17695] ? __pfx_vfs_write+0x10/0x10 [ 1281.856212][T17695] ? __fget_files+0x2a/0x410 [ 1281.860828][T17695] ? __fget_files+0x395/0x410 [ 1281.865522][T17695] ? __fget_files+0x2a/0x410 [ 1281.870135][T17695] ksys_write+0x18f/0x2b0 [ 1281.874488][T17695] ? __pfx_ksys_write+0x10/0x10 [ 1281.879388][T17695] ? do_syscall_64+0x100/0x230 [ 1281.884181][T17695] ? do_syscall_64+0xb6/0x230 [ 1281.888885][T17695] do_syscall_64+0xf3/0x230 [ 1281.893422][T17695] ? clear_bhb_loop+0x35/0x90 [ 1281.898128][T17695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1281.904045][T17695] RIP: 0033:0x7f7990b7e9cf [ 1281.908486][T17695] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1281.928118][T17695] RSP: 002b:00007f7991910050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1281.936558][T17695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7990b7e9cf [ 1281.944576][T17695] RDX: 0000000000000001 RSI: 00007f79919100b0 RDI: 0000000000000003 [ 1281.952560][T17695] RBP: 00007f79919100a0 R08: 0000000000000000 R09: 0000000000000000 [ 1281.960546][T17695] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001 [ 1281.968565][T17695] R13: 0000000000000001 R14: 00007f7990d45fa0 R15: 00007ffe16774038 [ 1281.976572][T17695] [ 1282.883228][T16242] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 1284.036173][T16242] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1284.050683][T16242] usb 7-1: config 1 has no interface number 1 [ 1284.057043][T16242] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1284.070254][T16242] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 7 [ 1284.084065][T16242] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1284.094591][T16242] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1284.103011][T16242] usb 7-1: Product: syz [ 1284.107240][T16242] usb 7-1: Manufacturer: syz [ 1284.112244][T16242] usb 7-1: SerialNumber: syz [ 1284.120709][T17707] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1284.585166][T16242] usb 7-1: 2:1 : no or invalid class specific endpoint descriptor [ 1284.614755][T16242] usb 7-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 1284.832974][T16242] usb 7-1: USB disconnect, device number 11 [ 1284.876607][T17736] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1285.720435][T17748] netdevsim netdevsim0: Direct firmware load for / [ 1285.720435][T17748] failed with error -2 [ 1285.899326][T17748] netdevsim netdevsim0: Falling back to sysfs fallback for: / [ 1285.899326][T17748] [ 1286.486409][T17755] Bluetooth: MGMT ver 1.23 [ 1286.566884][T17758] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3327'. [ 1287.045065][T17766] ubi0: attaching mtd0 [ 1287.049224][T17766] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208) [ 1287.060462][T17766] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1288.035963][T17030] usb 2-1: new full-speed USB device number 67 using dummy_hcd [ 1288.283685][T17030] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1288.345576][T17030] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 1288.366896][T17030] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 1288.382062][T17030] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64 [ 1288.393273][T17030] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1288.529906][T17030] usb 2-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 1288.539333][T17030] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8 [ 1288.596412][T17030] usb 2-1: Product: syz [ 1288.600655][T17030] usb 2-1: Manufacturer: syz [ 1288.626564][T17030] usb 2-1: SerialNumber: syz [ 1288.644654][T17782] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1288.679778][T17030] usb 2-1: config 0 descriptor?? [ 1288.688411][T17766] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1288.765233][T17030] ati_remote 2-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 1291.563461][T16242] usb 2-1: USB disconnect, device number 67 [ 1292.944564][ T29] audit: type=1804 audit(1733850259.404:318): pid=17812 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.3339" name="/newroot/111/file1" dev="fuse" ino=1 res=1 errno=0 [ 1293.016555][ T29] audit: type=1800 audit(1733850259.404:319): pid=17812 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.3339" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1293.091179][T17815] Invalid logical block size (1163001856) [ 1293.109342][ T29] audit: type=1804 audit(1733850259.414:320): pid=17812 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.3339" name="/newroot/111/file1" dev="fuse" ino=1 res=1 errno=0 [ 1293.209715][ T29] audit: type=1804 audit(1733850259.414:321): pid=17812 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.3339" name="/newroot/111/file1" dev="fuse" ino=1 res=1 errno=0 [ 1293.274124][ T29] audit: type=1800 audit(1733850259.414:322): pid=17812 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.3339" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1294.375926][T17828] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1294.495761][T17830] netlink: 'syz.5.3345': attribute type 4 has an invalid length. [ 1295.186645][T13896] IPVS: starting estimator thread 0... [ 1295.294817][T17840] IPVS: using max 20 ests per chain, 48000 per kthread [ 1300.580350][T17882] net_ratelimit: 1 callbacks suppressed [ 1300.580377][T17882] openvswitch: netlink: Message has 4 unknown bytes. [ 1300.593174][T17882] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1300.681747][T17872] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3360'. [ 1300.921424][T13896] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1301.445008][T17890] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1301.454002][T17890] bond1: entered promiscuous mode [ 1301.460016][T17890] team0: Port device bond1 added [ 1304.450038][T13896] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 1304.460245][T13896] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1304.470129][T13896] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1304.480173][T13896] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1304.810154][T13896] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1304.819969][T13896] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 1304.874690][T13896] usb 6-1: string descriptor 0 read error: -71 [ 1304.880989][T13896] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1304.891469][T13896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1304.917617][T13896] usb 6-1: can't set config #1, error -71 [ 1304.934642][T13896] usb 6-1: USB disconnect, device number 32 [ 1306.202948][T17930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3376'. [ 1306.846915][T17944] FAULT_INJECTION: forcing a failure. [ 1306.846915][T17944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1306.943865][T17944] CPU: 1 UID: 0 PID: 17944 Comm: syz.6.3379 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1306.954719][T17944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1306.964827][T17944] Call Trace: [ 1306.968137][T17944] [ 1306.971099][T17944] dump_stack_lvl+0x241/0x360 [ 1306.975823][T17944] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1306.981062][T17944] ? __pfx__printk+0x10/0x10 [ 1306.985695][T17944] ? __pfx_lock_release+0x10/0x10 [ 1306.990759][T17944] should_fail_ex+0x3b0/0x4e0 [ 1306.995595][T17944] _copy_from_user+0x2f/0xc0 [ 1307.000226][T17944] copy_msghdr_from_user+0xae/0x680 [ 1307.005491][T17944] ? __pfx___might_resched+0x10/0x10 [ 1307.010826][T17944] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1307.016695][T17944] ? do_recvmmsg+0x44e/0xab0 [ 1307.021327][T17944] ? __might_fault+0xaa/0x120 [ 1307.026144][T17944] do_recvmmsg+0x3bd/0xab0 [ 1307.030620][T17944] ? __pfx_do_recvmmsg+0x10/0x10 [ 1307.035624][T17944] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1307.041562][T17944] ? ksys_write+0x22a/0x2b0 [ 1307.046196][T17944] ? __pfx_lock_release+0x10/0x10 [ 1307.051351][T17944] ? vfs_write+0x730/0xd30 [ 1307.055837][T17944] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1307.061867][T17944] ? __fget_files+0x2a/0x410 [ 1307.066509][T17944] __x64_sys_recvmmsg+0x199/0x250 [ 1307.071580][T17944] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1307.077165][T17944] ? do_syscall_64+0x100/0x230 [ 1307.081977][T17944] ? do_syscall_64+0xb6/0x230 [ 1307.086720][T17944] do_syscall_64+0xf3/0x230 [ 1307.091277][T17944] ? clear_bhb_loop+0x35/0x90 [ 1307.096002][T17944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1307.101941][T17944] RIP: 0033:0x7f4ca077ff19 [ 1307.106411][T17944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1307.126148][T17944] RSP: 002b:00007f4ca159d058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1307.134628][T17944] RAX: ffffffffffffffda RBX: 00007f4ca0945fa0 RCX: 00007f4ca077ff19 [ 1307.142646][T17944] RDX: 0000000000000a0d RSI: 00000000200066c0 RDI: 0000000000000003 [ 1307.150651][T17944] RBP: 00007f4ca159d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1307.158663][T17944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1307.166855][T17944] R13: 0000000000000000 R14: 00007f4ca0945fa0 R15: 00007ffe044edf08 [ 1307.174891][T17944] [ 1308.249753][T17952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1308.344299][T17952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1308.496293][ T5904] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 1308.705234][T15424] Bluetooth: hci3: command 0x0406 tx timeout [ 1309.062498][T17967] netlink: 'syz.1.3388': attribute type 1 has an invalid length. [ 1309.913426][T17967] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1310.208822][T17973] bond1: (slave veth3): Enslaving as an active interface with a down link [ 1310.265043][T17967] batadv1: entered promiscuous mode [ 1310.288782][T17967] batadv1: entered allmulticast mode [ 1310.309077][T17967] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1310.320093][T17967] bond1: (slave batadv1): making interface the new active one [ 1310.329514][T17967] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 1310.556244][T17988] Cannot find set identified by id 0 to match [ 1310.678341][ T5904] usb 7-1: device descriptor read/64, error -71 [ 1310.951354][ T5904] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1312.142985][ T5904] usb 7-1: Using ep0 maxpacket: 8 [ 1312.185926][ T5904] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1312.202678][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 1312.221743][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1312.559923][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 1312.571350][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1312.582367][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1312.838063][ T5904] usb 7-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 1312.847395][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1312.855513][ T5904] usb 7-1: Product: syz [ 1312.860251][ T5904] usb 7-1: Manufacturer: syz [ 1312.864900][ T5904] usb 7-1: SerialNumber: syz [ 1312.872396][ T5904] usb 7-1: config 0 descriptor?? [ 1312.891651][T17981] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1314.278604][T18022] 9pnet_fd: Insufficient options for proto=fd [ 1316.954276][ T5904] rc_core: IR keymap rc-snapstream-firefly not found [ 1316.961088][ T5904] Registered IR keymap rc-empty [ 1316.975674][ T5904] rc rc0: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 1316.999523][T18049] tipc: Started in network mode [ 1317.004467][T18049] tipc: Node identity ffffffff, cluster identity 4711 [ 1317.011427][ T5904] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input44 [ 1317.017498][ T5904] input: syz syz mouse as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input45 [ 1317.039003][ C1] ati_remote 7-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 1317.046731][ T5904] usb 7-1: USB disconnect, device number 13 [ 1317.062125][T18049] tipc: Node number set to 4294967295 [ 1317.605956][T13896] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1317.769902][T13896] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1317.784510][T13896] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1317.812255][T13896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.058131][T13896] usb 2-1: config 0 descriptor?? [ 1318.066634][T13896] pwc: Askey VC010 type 2 USB webcam detected. [ 1318.232794][T18069] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3422'. [ 1318.374765][T18072] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3423'. [ 1318.383935][T18072] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3423'. [ 1318.454583][T18076] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3423'. [ 1318.495966][T13896] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1318.505817][T13896] pwc: recv_control_msg error -32 req 02 val 2700 [ 1318.516365][T13896] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1318.526787][T18054] nfs: Unknown parameter '' [ 1318.536382][T13896] pwc: recv_control_msg error -32 req 04 val 1000 [ 1318.543821][T13896] pwc: recv_control_msg error -32 req 04 val 1300 [ 1318.566260][T13896] pwc: recv_control_msg error -32 req 04 val 1400 [ 1318.823696][T13896] pwc: recv_control_msg error -71 req 02 val 2100 [ 1318.846632][T13896] pwc: recv_control_msg error -71 req 04 val 1500 [ 1318.867702][T13896] pwc: recv_control_msg error -71 req 02 val 2500 [ 1318.886246][T13896] pwc: recv_control_msg error -71 req 02 val 2400 [ 1318.897323][T13896] pwc: recv_control_msg error -71 req 02 val 2600 [ 1318.905600][T13896] pwc: recv_control_msg error -71 req 02 val 2900 [ 1318.914253][T13896] pwc: recv_control_msg error -71 req 02 val 2800 [ 1318.923839][T13896] pwc: recv_control_msg error -71 req 04 val 1100 [ 1318.942124][T13896] pwc: recv_control_msg error -71 req 04 val 1200 [ 1319.003274][T13896] pwc: Registered as video103. [ 1319.015103][T13896] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input46 [ 1319.045185][T13896] usb 2-1: USB disconnect, device number 68 [ 1319.221646][T15424] Bluetooth: hci2: command 0x1003 tx timeout [ 1319.241424][ T5828] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1319.942437][T18090] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1319.968273][T18090] bond0: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 1319.988450][T18090] bond0: (slave ipvlan3): Error -95 calling set_mac_address [ 1321.565067][T18098] overlayfs: invalid origin (0000) [ 1322.106928][T18119] 9pnet_fd: Insufficient options for proto=fd [ 1322.300286][ T8] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 1324.061502][ T8] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1324.094061][ T8] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1324.141198][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1324.205833][ T8] usb 6-1: config 0 descriptor?? [ 1324.526662][ T8] pwc: Askey VC010 type 2 USB webcam detected. [ 1325.277254][ T8] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1325.284788][ T8] pwc: recv_control_msg error -32 req 02 val 2700 [ 1325.293705][ T8] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1325.313285][T18116] nfs: Unknown parameter '' [ 1325.319057][ T8] pwc: recv_control_msg error -32 req 04 val 1000 [ 1325.326589][ T8] pwc: recv_control_msg error -32 req 04 val 1300 [ 1325.338215][ T8] pwc: recv_control_msg error -32 req 04 val 1400 [ 1325.559569][ T5904] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 1325.659416][ T8] pwc: recv_control_msg error -71 req 02 val 2100 [ 1325.667409][ T8] pwc: recv_control_msg error -71 req 04 val 1500 [ 1325.674364][ T8] pwc: recv_control_msg error -71 req 02 val 2500 [ 1325.681297][ T8] pwc: recv_control_msg error -71 req 02 val 2400 [ 1325.688242][ T8] pwc: recv_control_msg error -71 req 02 val 2600 [ 1325.695074][ T8] pwc: recv_control_msg error -71 req 02 val 2900 [ 1325.702257][ T8] pwc: recv_control_msg error -71 req 02 val 2800 [ 1325.719934][ T8] pwc: recv_control_msg error -71 req 04 val 1100 [ 1325.726875][ T8] pwc: recv_control_msg error -71 req 04 val 1200 [ 1325.735126][ T8] pwc: Registered as video103. [ 1325.741813][ T5904] usb 7-1: Using ep0 maxpacket: 8 [ 1325.742598][ T8] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input47 [ 1325.753298][ T5904] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1325.762171][ T8] usb 6-1: USB disconnect, device number 33 [ 1325.779600][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 1325.791573][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1325.803066][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 1325.805586][T13896] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1325.819738][ T5904] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1325.833711][ T5904] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1325.840950][T18155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3449'. [ 1325.857662][ T5904] usb 7-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 1325.868183][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1325.876502][ T5904] usb 7-1: Product: syz [ 1325.882787][ T5904] usb 7-1: Manufacturer: syz [ 1325.887787][ T5904] usb 7-1: SerialNumber: syz [ 1325.916303][ T5904] usb 7-1: config 0 descriptor?? [ 1325.922058][T18142] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 1326.190232][T13896] usb 5-1: Using ep0 maxpacket: 16 [ 1326.197450][T13896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1326.207754][T13896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1326.219323][T13896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1326.229395][T13896] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1326.239412][T13896] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1326.269776][T13896] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1326.279073][T13896] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1326.287436][T13896] usb 5-1: Manufacturer: syz [ 1326.300115][T13896] usb 5-1: config 0 descriptor?? [ 1326.671346][ T8] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1326.869856][ T8] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1326.885637][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1326.897095][ T8] usb 6-1: config 0 descriptor?? [ 1327.130703][T18163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1327.167765][T18163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1327.492589][ T8] ath6kl: Failed to submit usb control message: -71 [ 1327.680758][ T8] ath6kl: unable to send the bmi data to the device: -71 [ 1327.714988][ T8] ath6kl: Unable to send get target info: -71 [ 1327.840896][ T8] ath6kl: Failed to init ath6kl core: -71 [ 1327.854119][ T8] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1328.127364][ T8] usb 6-1: USB disconnect, device number 34 [ 1328.435383][ T5904] rc_core: IR keymap rc-snapstream-firefly not found [ 1328.442584][ T5904] Registered IR keymap rc-empty [ 1328.460338][ T5904] rc rc0: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 1328.490143][ T5904] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input48 [ 1328.585321][ T5904] input: syz syz mouse as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input49 [ 1328.620141][ T5904] usb 7-1: USB disconnect, device number 14 [ 1328.626263][ C1] ati_remote 7-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 1328.767676][T13896] rc_core: IR keymap rc-hauppauge not found [ 1328.773658][T13896] Registered IR keymap rc-empty [ 1328.779057][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1328.798876][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1328.832525][T13896] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc1 [ 1328.870202][T13896] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc1/input50 [ 1329.002322][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1329.061243][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1329.097330][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1329.190181][T18201] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1329.355531][T17030] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 1329.718257][T17030] usb 6-1: Using ep0 maxpacket: 8 [ 1329.726134][T17030] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1329.758528][T17030] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 1329.809544][T17030] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1329.857253][T17030] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 1329.885919][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1329.917880][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1329.963723][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1329.996201][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1330.083243][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1330.094816][T17030] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1330.105874][T17030] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1331.012379][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1331.035807][T13896] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1331.056370][T13896] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 1331.064463][T13896] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1331.106245][T13896] usb 5-1: USB disconnect, device number 75 [ 1331.134223][T17030] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 1331.145662][T17030] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1331.153948][T17030] usb 6-1: Product: syz [ 1331.158164][T17030] usb 6-1: Manufacturer: syz [ 1331.163100][T17030] usb 6-1: SerialNumber: syz [ 1331.181360][T17030] usb 6-1: config 0 descriptor?? [ 1331.236034][T18200] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1331.684187][T13896] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1332.093150][T13896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1332.111319][T13896] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1332.127585][T13896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1332.355588][T13896] usb 5-1: config 0 descriptor?? [ 1332.497817][T13896] usb 5-1: can't set config #0, error -71 [ 1332.613644][T13896] usb 5-1: USB disconnect, device number 76 [ 1333.060017][T18235] overlayfs: failed to resolve './file0': -2 [ 1334.975207][T17030] rc_core: IR keymap rc-snapstream-firefly not found [ 1334.982115][T17030] Registered IR keymap rc-empty [ 1334.987690][T17030] rc rc0: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 1334.997510][T17030] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input51 [ 1335.013219][T17030] input: syz syz mouse as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input52 [ 1335.030208][T17030] usb 6-1: USB disconnect, device number 35 [ 1335.036572][ C1] ati_remote 6-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 1335.227745][T18249] FAULT_INJECTION: forcing a failure. [ 1335.227745][T18249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1335.535526][T18249] CPU: 0 UID: 0 PID: 18249 Comm: syz.5.3477 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1335.546378][T18249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1335.556479][T18249] Call Trace: [ 1335.559790][T18249] [ 1335.562756][T18249] dump_stack_lvl+0x241/0x360 [ 1335.567496][T18249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1335.572742][T18249] ? __pfx__printk+0x10/0x10 [ 1335.577386][T18249] ? snprintf+0xda/0x120 [ 1335.581759][T18249] should_fail_ex+0x3b0/0x4e0 [ 1335.586494][T18249] _copy_to_user+0x31/0xb0 [ 1335.590969][T18249] simple_read_from_buffer+0xca/0x150 [ 1335.596412][T18249] proc_fail_nth_read+0x1e9/0x250 [ 1335.601585][T18249] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1335.607200][T18249] ? rw_verify_area+0x568/0x6f0 [ 1335.612112][T18249] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1335.617722][T18249] vfs_read+0x1fc/0xb70 [ 1335.621953][T18249] ? __pfx___mutex_lock+0x10/0x10 [ 1335.627058][T18249] ? __pfx_vfs_read+0x10/0x10 [ 1335.631792][T18249] ? __fget_files+0x2a/0x410 [ 1335.636433][T18249] ? __fget_files+0x395/0x410 [ 1335.641155][T18249] ? __fget_files+0x2a/0x410 [ 1335.645821][T18249] ksys_read+0x18f/0x2b0 [ 1335.650124][T18249] ? __pfx_ksys_read+0x10/0x10 [ 1335.654969][T18249] ? do_syscall_64+0x100/0x230 [ 1335.659805][T18249] ? do_syscall_64+0xb6/0x230 [ 1335.664555][T18249] do_syscall_64+0xf3/0x230 [ 1335.669121][T18249] ? clear_bhb_loop+0x35/0x90 [ 1335.673837][T18249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1335.679759][T18249] RIP: 0033:0x7f7990b7e92c [ 1335.684193][T18249] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1335.703847][T18249] RSP: 002b:00007f7991910050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1335.712285][T18249] RAX: ffffffffffffffda RBX: 00007f7990d45fa0 RCX: 00007f7990b7e92c [ 1335.720278][T18249] RDX: 000000000000000f RSI: 00007f79919100b0 RDI: 0000000000000007 [ 1335.728268][T18249] RBP: 00007f79919100a0 R08: 0000000000000000 R09: 0000000000000000 [ 1335.736250][T18249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1335.744233][T18249] R13: 0000000000000000 R14: 00007f7990d45fa0 R15: 00007ffe16774038 [ 1335.752239][T18249] [ 1340.226049][T18289] overlayfs: missing 'lowerdir' [ 1340.681089][T18295] 9pnet_fd: Insufficient options for proto=fd [ 1341.977546][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 1342.298315][T13896] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 1342.516485][T13896] usb 6-1: device descriptor read/64, error -71 [ 1342.948982][T13896] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 1343.114134][T13896] usb 6-1: device descriptor read/64, error -71 [ 1343.285619][T13896] usb usb6-port1: attempt power cycle [ 1344.182770][T13896] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1344.215289][T13896] usb 6-1: device descriptor read/8, error -71 [ 1346.293479][T18360] random: crng reseeded on system resumption [ 1346.409540][T18361] overlayfs: missing 'lowerdir' [ 1348.481342][T13896] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1348.676850][T13896] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 1348.705117][ T2149] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 1348.724294][T13896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 1348.780538][T13896] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1348.791859][T13896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1348.807863][T13896] usb 2-1: config 0 descriptor?? [ 1349.450511][T13896] ath6kl: Failed to submit usb control message: -71 [ 1349.457883][T13896] ath6kl: unable to send the bmi data to the device: -71 [ 1349.465370][T13896] ath6kl: Unable to send get target info: -71 [ 1349.478385][ T2149] usb 6-1: not running at top speed; connect to a high speed hub [ 1349.489079][T13896] ath6kl: Failed to init ath6kl core: -71 [ 1349.496346][T13896] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1349.509887][T13896] usb 2-1: USB disconnect, device number 69 [ 1349.578337][ T2149] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1349.588135][ T2149] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1349.599524][ T2149] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1349.623626][ T2149] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1349.644725][ T2149] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1349.700198][ T2149] usb 6-1: Product: ᐭ [ 1349.704442][ T2149] usb 6-1: Manufacturer: Ꙟ吊좫ើᮗ繣ꨲ㊀饌䟯ꜝ﬍贓㉼ꣻ㰍솿ಘ횿づⷬᯮ妒箍╼탟腒台㻕캕錧酪⨼ఙ쐹䅛奛㌙답 [ 1349.734978][ T2149] usb 6-1: SerialNumber: 萸뭪鴎礶튗随䵱胮巬爑 [ 1351.344309][T18413] syz.5.3517: attempt to access beyond end of device [ 1351.344309][T18413] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1355.583458][ T2149] usb 6-1: 0:2 : does not exist [ 1355.603083][ T2149] usb 6-1: USB disconnect, device number 40 [ 1356.113484][T18446] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3530'. [ 1356.528322][T18445] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3532'. [ 1361.691151][ T29] audit: type=1326 audit(1733850324.265:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1361.789943][ T29] audit: type=1326 audit(1733850324.265:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1361.803024][T18500] x_tables: duplicate entry at hook 1 [ 1361.843144][T18500] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3551'. [ 1361.875919][ T29] audit: type=1326 audit(1733850324.265:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.060067][ T29] audit: type=1326 audit(1733850324.265:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.068366][ T5904] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1362.103971][ T29] audit: type=1326 audit(1733850324.274:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.126823][ T29] audit: type=1326 audit(1733850324.274:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.175866][T17030] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1362.270606][ T29] audit: type=1326 audit(1733850324.274:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.314059][ T5904] usb 6-1: Using ep0 maxpacket: 32 [ 1362.341913][ T5904] usb 6-1: config 0 has an invalid interface number: 16 but max is 0 [ 1362.368330][ T5904] usb 6-1: config 0 has no interface number 0 [ 1362.372243][ T29] audit: type=1326 audit(1733850324.274:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.377250][ T5904] usb 6-1: New USB device found, idVendor=eb1a, idProduct=e305, bcdDevice=43.53 [ 1362.412772][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1362.421403][ T5904] usb 6-1: Product: syz [ 1362.426259][ T5904] usb 6-1: Manufacturer: syz [ 1362.431048][ T5904] usb 6-1: SerialNumber: syz [ 1362.457920][T17030] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1362.468184][T17030] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1362.486553][ T5904] usb 6-1: config 0 descriptor?? [ 1362.493084][ T29] audit: type=1326 audit(1733850324.274:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.495702][T17030] usb 2-1: New USB device found, idVendor=5032, idProduct=0bc7, bcdDevice=9c.bb [ 1362.569193][ T5904] em28xx 6-1:0.16: New device syz syz @ 480 Mbps (eb1a:e305, interface 16, class 16) [ 1362.578220][ T29] audit: type=1326 audit(1733850324.274:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18476 comm="syz.0.3543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5b737ff19 code=0x7ffc0000 [ 1362.587459][ T5904] em28xx 6-1:0.16: Video interface 16 found: bulk [ 1362.608292][T17030] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1362.712384][T17030] usb 2-1: config 0 descriptor?? [ 1362.823636][T17030] dvb-usb: found a 'GRAND - USB2.0 DVB-T adapter' in warm state. [ 1362.836265][T17030] dvb-usb: bulk message failed: -90 (3/0) [ 1362.942371][T17030] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1362.955854][T17030] dvbdev: DVB: registering new adapter (GRAND - USB2.0 DVB-T adapter) [ 1362.965078][T17030] usb 2-1: media controller created [ 1362.977627][ T5904] em28xx 6-1:0.16: unknown em28xx chip ID (0) [ 1363.144791][ T5904] em28xx 6-1:0.16: reading from i2c device at 0xa0 failed (error=-5) [ 1363.169214][ T5904] em28xx 6-1:0.16: board has no eeprom [ 1363.255712][ T5904] em28xx 6-1:0.16: Identified as KWorld DVB-T 305U (card=47) [ 1363.263876][ T5904] em28xx 6-1:0.16: analog set to bulk mode. [ 1363.388214][T16242] em28xx 6-1:0.16: Registering V4L2 extension [ 1363.420246][T17030] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1363.558161][ T5904] usb 6-1: USB disconnect, device number 41 [ 1363.613317][ T5904] em28xx 6-1:0.16: Disconnecting em28xx [ 1363.671190][T17030] dvb-usb: bulk message failed: -90 (6/0) [ 1363.684505][T17030] dvb-usb: bulk message failed: -90 (6/0) [ 1363.690501][T17030] dvb-usb: no frontend was attached by 'GRAND - USB2.0 DVB-T adapter' [ 1363.741333][T16242] em28xx 6-1:0.16: Config register raw data: 0xffffffed [ 1363.749692][T16242] em28xx 6-1:0.16: AC97 chip type couldn't be determined [ 1363.757306][T16242] em28xx 6-1:0.16: No AC97 audio processor [ 1363.780224][T17030] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input53 [ 1364.006754][T16242] usb 6-1: Decoder not found [ 1364.011436][T16242] em28xx 6-1:0.16: failed to create media graph [ 1364.018170][T16242] em28xx 6-1:0.16: V4L2 device video103 deregistered [ 1364.029715][T17030] dvb-usb: schedule remote query interval to 150 msecs. [ 1364.037385][T17030] dvb-usb: GRAND - USB2.0 DVB-T adapter successfully initialized and connected. [ 1364.051933][T17030] usb 2-1: USB disconnect, device number 70 [ 1365.070672][T16242] em28xx 6-1:0.16: Remote control support is not available for this card. [ 1365.080555][ T5904] em28xx 6-1:0.16: Closing input extension [ 1366.187590][ T5904] em28xx 6-1:0.16: Freeing device [ 1367.502285][T17030] dvb-usb: GRAND - USB2.0 DVB-T adapter successfully deinitialized and disconnected. [ 1367.578844][T18544] fuse: Bad value for 'fd' [ 1368.856633][T13177] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1369.198713][T13177] usb 5-1: Using ep0 maxpacket: 32 [ 1369.205954][T13177] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1369.228749][T13177] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1369.255944][T13177] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1370.217098][T17030] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1370.226152][T13177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1370.275611][T13177] usb 5-1: can't set config #4, error -71 [ 1370.374070][T13177] usb 5-1: USB disconnect, device number 77 [ 1371.123059][T17030] usb 2-1: device not accepting address 71, error -71 [ 1371.580296][T18577] FAULT_INJECTION: forcing a failure. [ 1371.580296][T18577] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1372.543986][T18583] lo speed is unknown, defaulting to 1000 [ 1372.553023][T18583] lo speed is unknown, defaulting to 1000 [ 1372.555591][T18577] CPU: 1 UID: 0 PID: 18577 Comm: syz.1.3573 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1372.559474][T18583] lo speed is unknown, defaulting to 1000 [ 1372.569569][T18577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1372.569593][T18577] Call Trace: [ 1372.569604][T18577] [ 1372.569616][T18577] dump_stack_lvl+0x241/0x360 [ 1372.569655][T18577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1372.569686][T18577] ? __pfx__printk+0x10/0x10 [ 1372.569717][T18577] ? __pfx_lock_release+0x10/0x10 [ 1372.611465][T18577] should_fail_ex+0x3b0/0x4e0 [ 1372.616300][T18577] _copy_to_iter+0x440/0x1c50 [ 1372.621045][T18577] ? __pfx__copy_to_iter+0x10/0x10 [ 1372.626200][T18577] ? __virt_addr_valid+0x183/0x530 [ 1372.631350][T18577] ? __virt_addr_valid+0x183/0x530 [ 1372.636490][T18577] ? __virt_addr_valid+0x45f/0x530 [ 1372.641688][T18577] ? __phys_addr_symbol+0x2f/0x70 [ 1372.646764][T18577] seq_read_iter+0xb80/0xd70 [ 1372.651406][T18577] seq_read+0x3a9/0x4f0 [ 1372.655603][T18577] ? __pfx_seq_read+0x10/0x10 [ 1372.660330][T18577] ? __mutex_trylock_common+0x183/0x2e0 [ 1372.665932][T18577] ? __pfx_seq_read+0x10/0x10 [ 1372.670635][T18577] proc_reg_read+0x201/0x2f0 [ 1372.675253][T18577] ? __pfx_proc_reg_read+0x10/0x10 [ 1372.680386][T18577] vfs_read+0x1fc/0xb70 [ 1372.684569][T18577] ? __pfx___mutex_lock+0x10/0x10 [ 1372.689714][T18577] ? __pfx_vfs_read+0x10/0x10 [ 1372.694440][T18577] ? __fget_files+0x2a/0x410 [ 1372.699063][T18577] ? __fget_files+0x395/0x410 [ 1372.703761][T18577] ? __fget_files+0x2a/0x410 [ 1372.708386][T18577] ksys_read+0x18f/0x2b0 [ 1372.712653][T18577] ? __pfx_ksys_read+0x10/0x10 [ 1372.717437][T18577] ? do_syscall_64+0x100/0x230 [ 1372.722230][T18577] ? do_syscall_64+0xb6/0x230 [ 1372.726933][T18577] do_syscall_64+0xf3/0x230 [ 1372.731461][T18577] ? clear_bhb_loop+0x35/0x90 [ 1372.736165][T18577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1372.742083][T18577] RIP: 0033:0x7f860717ff19 [ 1372.746516][T18577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1372.766146][T18577] RSP: 002b:00007f8607edf058 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1372.774787][T18577] RAX: ffffffffffffffda RBX: 00007f8607345fa0 RCX: 00007f860717ff19 [ 1372.782836][T18577] RDX: 0000000000002020 RSI: 00000000200042c0 RDI: 0000000000000003 [ 1372.790835][T18577] RBP: 00007f8607edf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1372.798820][T18577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1372.806806][T18577] R13: 0000000000000000 R14: 00007f8607345fa0 R15: 00007ffde080fff8 [ 1372.814822][T18577] [ 1372.904296][T18583] infiniband sz1: set active [ 1372.909152][T18583] infiniband sz1: added lo [ 1373.034896][T18581] : renamed from lo (while UP) [ 1373.813754][T18583] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 1373.821714][T18583] infiniband sz1: Couldn't open port 1 [ 1373.901988][ T8] speed is unknown, defaulting to 1000 [ 1373.904387][T18583] RDS/IB: sz1: added [ 1373.912203][T18583] smc: adding ib device sz1 with port count 1 [ 1373.918515][T18583] smc: ib device sz1 port 1 has pnetid [ 1373.925377][T18583] speed is unknown, defaulting to 1000 [ 1374.046975][T18583] speed is unknown, defaulting to 1000 [ 1374.169311][T18583] speed is unknown, defaulting to 1000 [ 1374.291523][T18583] speed is unknown, defaulting to 1000 [ 1374.412696][T18583] speed is unknown, defaulting to 1000 [ 1374.535465][T18583] speed is unknown, defaulting to 1000 [ 1374.657591][T18583] speed is unknown, defaulting to 1000 [ 1374.781116][T18583] speed is unknown, defaulting to 1000 [ 1374.903648][T18583] speed is unknown, defaulting to 1000 [ 1374.935088][ T5904] speed is unknown, defaulting to 1000 [ 1375.321332][T18584] siw: device registration error -23 [ 1377.171188][T18597] trusted_key: encrypted_key: insufficient parameters specified [ 1377.958869][ T5876] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1378.211194][ T5876] usb 2-1: Using ep0 maxpacket: 32 [ 1378.226634][ T5876] usb 2-1: config 0 has an invalid interface number: 247 but max is 0 [ 1378.236437][ T5876] usb 2-1: config 0 has no interface number 0 [ 1378.244846][ T5876] usb 2-1: config 0 interface 247 altsetting 0 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 1378.259444][ T5876] usb 2-1: config 0 interface 247 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 1378.288790][ T5876] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=34.05 [ 1378.300499][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1378.308801][ T5876] usb 2-1: Product: syz [ 1378.424647][ T5876] usb 2-1: Manufacturer: syz [ 1378.445906][ T5876] usb 2-1: SerialNumber: syz [ 1378.691654][ T5876] usb 2-1: config 0 descriptor?? [ 1379.040610][ T5876] usbhid 2-1:0.247: couldn't find an input interrupt endpoint [ 1379.668118][T18619] netlink: 52 bytes leftover after parsing attributes in process `syz.6.3583'. [ 1379.699411][ T8] usb 2-1: USB disconnect, device number 73 [ 1379.728838][T18619] netdevsim netdevsim6 netdevsim0: entered promiscuous mode [ 1380.088494][T18628] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3586'. [ 1381.632511][T18636] sp0: Synchronizing with TNC [ 1381.791195][ T29] kauditd_printk_skb: 42 callbacks suppressed [ 1381.791215][ T29] audit: type=1326 audit(1733850343.076:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18637 comm="syz.4.3590" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd7eb7ff19 code=0x0 [ 1382.545005][T18632] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3586'. [ 1382.554663][T18632] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3586'. [ 1382.607001][T18648] tipc: Started in network mode [ 1382.623231][T18648] tipc: Node identity ffffffff, cluster identity 4711 [ 1382.632724][T18648] tipc: Node number set to 4294967295 [ 1382.977773][T18656] sp0: Synchronizing with TNC [ 1383.001500][ T8] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1383.670934][ T5876] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1383.670934][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1383.685729][ T8] usb 5-1: too many configurations: 217, using maximum allowed: 8 [ 1383.696036][ T8] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1383.704229][ T8] usb 5-1: can't read configurations, error -61 [ 1383.748738][ T2149] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1383.819076][T18663] tipc: Started in network mode [ 1383.827032][T18663] tipc: Node identity 10000, cluster identity 4711 [ 1383.834077][T18663] tipc: Node number set to 65536 [ 1383.834211][ T5876] usb 2-1: Using ep0 maxpacket: 32 [ 1383.844957][ T8] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1383.859345][ T5876] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1383.870815][ T5876] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 1383.882797][ T5876] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1383.898935][ T5876] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1383.908169][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1383.917690][ T5876] usb 2-1: Product: syz [ 1383.922475][ T5876] usb 2-1: Manufacturer: syz [ 1383.927221][ T5876] usb 2-1: SerialNumber: syz [ 1383.931128][ T2149] usb 7-1: Using ep0 maxpacket: 16 [ 1383.940026][ T2149] usb 7-1: config 0 has an invalid descriptor of length 52, skipping remainder of the config [ 1383.954918][ T2149] usb 7-1: New USB device found, idVendor=04dd, idProduct=9031, bcdDevice=c9.be [ 1383.994991][T18657] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1384.004418][ T2149] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1384.006062][ T5876] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input54 [ 1384.013387][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1384.101330][ T2149] usb 7-1: Product: syz [ 1384.106419][ T8] usb 5-1: too many configurations: 217, using maximum allowed: 8 [ 1384.120191][ T2149] usb 7-1: Manufacturer: syz [ 1384.133633][ T2149] usb 7-1: SerialNumber: syz [ 1384.135660][ T8] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1384.150766][ T2149] usb 7-1: config 0 descriptor?? [ 1384.163448][ T8] usb 5-1: can't read configurations, error -61 [ 1384.175535][ T2149] cdc_ether 7-1:0.0: skipping garbage [ 1384.181526][ T8] usb usb5-port1: attempt power cycle [ 1384.187956][ T2149] usb 7-1: bad CDC descriptors [ 1384.196133][ T2149] usb 7-1: unsupported MDLM descriptors [ 1384.392794][ T5876] usb 7-1: USB disconnect, device number 15 [ 1384.399417][T18654] [U] [ 1384.448807][ T2149] usb 2-1: USB disconnect, device number 74 [ 1384.459378][ T2149] appletouch 2-1:1.0: input: appletouch disconnected [ 1384.667898][ T8] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1384.678095][T18667] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1384.700458][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1384.710848][ T8] usb 5-1: too many configurations: 217, using maximum allowed: 8 [ 1384.754811][ T8] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1384.762453][ T8] usb 5-1: can't read configurations, error -61 [ 1384.913857][ T8] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1384.946466][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 1384.961805][ T8] usb 5-1: too many configurations: 217, using maximum allowed: 8 [ 1384.983384][ T8] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1385.047284][ T8] usb 5-1: can't read configurations, error -61 [ 1385.075492][ T8] usb usb5-port1: unable to enumerate USB device [ 1387.664336][T17030] usb 5-1: new full-speed USB device number 82 using dummy_hcd [ 1389.126225][T17030] usb 5-1: device descriptor read/all, error -71 [ 1389.917253][T17030] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1390.071828][T17030] usb 5-1: device descriptor read/64, error -71 [ 1390.202300][T17030] usb usb5-port1: attempt power cycle [ 1390.729805][T17030] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1390.752094][T17030] usb 5-1: device descriptor read/8, error -71 [ 1391.092420][T18726] sctp: [Deprecated]: syz.5.3618 (pid 18726) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1391.092420][T18726] Use struct sctp_sack_info instead [ 1391.093294][T17030] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1391.152805][T17030] usb 5-1: device descriptor read/8, error -71 [ 1391.275673][T17030] usb usb5-port1: unable to enumerate USB device [ 1392.122529][T18739] 9pnet: p9_errstr2errno: server reported unknown error @hQ$ [ 1392.603547][T18746] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1392.811028][ T29] audit: type=1326 audit(1733850353.262:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18738 comm="syz.5.3624" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7990b7ff19 code=0x0 [ 1392.894867][T18742] vlan2: entered allmulticast mode [ 1393.276357][T18748] kvm: pic: non byte write [ 1393.447958][T18764] ipt_REJECT: ECHOREPLY no longer supported. [ 1396.427676][ T5876] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1396.491436][T18785] netlink: 10 bytes leftover after parsing attributes in process `syz.4.3634'. [ 1396.802962][ T5876] usb 6-1: Using ep0 maxpacket: 16 [ 1396.833513][ T5876] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1396.908997][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1397.058033][ T5876] usb 6-1: Product: syz [ 1397.079082][ T5876] usb 6-1: Manufacturer: syz [ 1397.104067][ T5876] usb 6-1: SerialNumber: syz [ 1397.116503][ T5876] usb 6-1: config 0 descriptor?? [ 1397.364119][ T5876] usb 6-1: USB disconnect, device number 42 [ 1398.042037][ T8] usb 2-1: new full-speed USB device number 75 using dummy_hcd [ 1398.379328][ T8] usb 2-1: not running at top speed; connect to a high speed hub [ 1398.400037][ T8] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1398.409499][ T8] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1398.420319][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1398.431355][T18806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3640'. [ 1398.445310][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1398.455070][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1398.464939][ T8] usb 2-1: Product: ᐭ [ 1398.470025][ T8] usb 2-1: Manufacturer: Ꙟ吊좫ើᮗ繣ꨲ㊀饌䟯ꜝ﬍贓㉼ꣻ㰍솿ಘ횿づⷬᯮ妒箍╼탟腒台㻕캕錧酪⨼ఙ쐹䅛奛㌙답 [ 1398.601514][ T8] usb 2-1: SerialNumber: 萸뭪鴎礶튗随䵱胮巬爑 [ 1398.646968][T18811] @: renamed from vlan0 (while UP) [ 1399.084129][ T2149] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1399.285839][T18825] syz.1.3636: attempt to access beyond end of device [ 1399.285839][T18825] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1399.339914][T13896] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1400.474214][ T2149] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1400.489627][ T2149] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1400.513112][ T2149] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1400.523024][ T2149] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1400.534697][ T2149] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1400.691220][ T2149] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1400.700887][ T2149] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1400.731664][ T2149] usb 7-1: Product: syz [ 1400.736589][ T2149] usb 7-1: Manufacturer: syz [ 1400.751445][ T2149] cdc_wdm 7-1:1.0: skipping garbage [ 1400.756989][ T2149] cdc_wdm 7-1:1.0: skipping garbage [ 1400.777605][ T2149] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 1400.790082][ T2149] cdc_wdm 7-1:1.0: Unknown control protocol [ 1400.800424][T13896] usb 5-1: Using ep0 maxpacket: 8 [ 1400.842593][T13896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1400.853422][T13896] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 1400.865300][T13896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1400.876923][T13896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 1400.888716][T13896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1400.900079][T13896] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1400.921240][T13896] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 1400.931525][T13896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1400.940117][T13896] usb 5-1: Product: syz [ 1400.944644][T13896] usb 5-1: Manufacturer: syz [ 1400.949751][T13896] usb 5-1: SerialNumber: syz [ 1400.963386][T13896] usb 5-1: config 0 descriptor?? [ 1400.964701][ T5876] usb 7-1: USB disconnect, device number 16 [ 1400.975749][T18821] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 1401.908854][ T8] usb 2-1: 0:2 : does not exist [ 1402.738639][ T8] usb 2-1: USB disconnect, device number 75 [ 1403.623881][ T8] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1403.832796][T13896] rc_core: IR keymap rc-snapstream-firefly not found [ 1403.839977][T13896] Registered IR keymap rc-empty [ 1403.845489][T13896] rc rc0: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 1403.867147][T13896] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input55 [ 1403.914762][T13896] input: syz syz mouse as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input56 [ 1403.948381][T13896] usb 5-1: USB disconnect, device number 86 [ 1403.954475][ C0] ati_remote 5-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 1403.986220][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 1403.997037][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1404.028731][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1404.139810][ T8] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1404.229179][T18889] overlayfs: missing 'lowerdir' [ 1404.443146][T18892] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3668'. [ 1404.852869][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1404.861074][ T8] usb 2-1: Product: syz [ 1404.865395][ T8] usb 2-1: Manufacturer: syz [ 1404.870109][ T8] usb 2-1: SerialNumber: syz [ 1404.893987][ T8] usb 2-1: config 0 descriptor?? [ 1405.110531][ T5906] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 1405.147929][ T8] usb 2-1: USB disconnect, device number 76 [ 1405.222431][T18907] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma? [ 1405.284519][ T5906] usb 7-1: config 0 has an invalid interface number: 50 but max is 0 [ 1405.294288][ T5906] usb 7-1: config 0 has no interface number 0 [ 1405.301140][ T5906] usb 7-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1405.313778][ T5906] usb 7-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 1405.332296][ T5906] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 1405.352823][ T5906] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1405.360365][T18914] FAULT_INJECTION: forcing a failure. [ 1405.360365][T18914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1405.366703][ T5906] usb 7-1: Product: syz [ 1405.379072][ T5906] usb 7-1: Manufacturer: syz [ 1405.383796][ T5906] usb 7-1: SerialNumber: syz [ 1405.391601][T18914] CPU: 1 UID: 0 PID: 18914 Comm: syz.4.3676 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1405.402429][T18914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1405.404312][ T5906] usb 7-1: config 0 descriptor?? [ 1405.412535][T18914] Call Trace: [ 1405.412556][T18914] [ 1405.412569][T18914] dump_stack_lvl+0x241/0x360 [ 1405.412609][T18914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1405.412640][T18914] ? __pfx__printk+0x10/0x10 [ 1405.412671][T18914] ? __pfx_lock_release+0x10/0x10 [ 1405.412705][T18914] should_fail_ex+0x3b0/0x4e0 [ 1405.418775][T18883] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 1405.420962][T18914] _copy_from_user+0x2f/0xc0 [ 1405.429105][ T5906] yurex 7-1:0.50: USB YUREX device now attached to Yurex #0 [ 1405.433821][T18914] copy_msghdr_from_user+0xae/0x680 [ 1405.433871][T18914] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1405.478184][T18914] ? __fget_files+0x2a/0x410 [ 1405.482825][T18914] ? __fget_files+0x2a/0x410 [ 1405.487435][T18914] __sys_sendmsg+0x209/0x350 [ 1405.492042][T18914] ? __pfx_lock_release+0x10/0x10 [ 1405.497085][T18914] ? __pfx___sys_sendmsg+0x10/0x10 [ 1405.502228][T18914] ? __pfx_vfs_write+0x10/0x10 [ 1405.507039][T18914] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1405.513385][T18914] ? do_syscall_64+0x100/0x230 [ 1405.518181][T18914] ? do_syscall_64+0xb6/0x230 [ 1405.523024][T18914] do_syscall_64+0xf3/0x230 [ 1405.527555][T18914] ? clear_bhb_loop+0x35/0x90 [ 1405.532259][T18914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1405.538176][T18914] RIP: 0033:0x7efd7eb7ff19 [ 1405.542605][T18914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1405.562232][T18914] RSP: 002b:00007efd7f9b1058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1405.570672][T18914] RAX: ffffffffffffffda RBX: 00007efd7ed46080 RCX: 00007efd7eb7ff19 [ 1405.578666][T18914] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1405.586660][T18914] RBP: 00007efd7f9b10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1405.594666][T18914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1405.602676][T18914] R13: 0000000000000000 R14: 00007efd7ed46080 R15: 00007ffdf8f18008 [ 1405.610739][T18914] [ 1405.818404][ T5906] usb 7-1: USB disconnect, device number 17 [ 1405.827090][ T5906] yurex 7-1:0.50: USB YUREX #0 now disconnected [ 1407.307842][T18936] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.3681'. [ 1407.354197][T18936] openvswitch: netlink: Missing key (keys=40, expected=80) [ 1409.278744][ T29] audit: type=1326 audit(1733850368.715:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18959 comm="syz.6.3689" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ca077ff19 code=0x0 [ 1411.029880][T18990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3697'. [ 1411.059591][T18977] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 1411.097773][T18987] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3696'. [ 1411.121465][T18987] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3696'. [ 1411.152292][T18987] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3696'. [ 1411.405702][T18987] bond0: (slave bond_slave_0): Releasing backup interface [ 1412.249688][ T5906] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1412.356736][ T8] usb 2-1: new low-speed USB device number 77 using dummy_hcd [ 1412.444583][ T5906] usb 6-1: Using ep0 maxpacket: 8 [ 1412.726045][ T5906] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1412.773905][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1412.795710][ T5906] usb 6-1: Product: syz [ 1412.802673][ T5906] usb 6-1: Manufacturer: syz [ 1412.861999][ T8] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 1412.876370][ T5906] usb 6-1: SerialNumber: syz [ 1412.891844][ T8] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 1412.924175][ T5906] usb 6-1: config 0 descriptor?? [ 1412.935191][ T8] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1413.030226][ T8] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 1413.072835][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 1413.104795][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1413.126197][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 1413.169251][ T8] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 1413.178520][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1413.200319][ T8] usb 2-1: Product: 吮 [ 1413.204816][ T5906] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1413.225184][ T8] usb 2-1: config 0 descriptor?? [ 1413.237139][ T8] hub 2-1:0.0: bad descriptor, ignoring hub [ 1413.276955][ T8] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1413.299621][ T8] input: 吮 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input57 [ 1413.621794][ T8] usb 2-1: USB disconnect, device number 77 [ 1415.041878][T19044] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3710'. [ 1415.058542][T19044] @: renamed from vlan0 (while UP) [ 1415.962921][T19049] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3712'. [ 1416.181322][T19052] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3714'. [ 1416.206037][T19052] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3714'. [ 1416.307819][T19061] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3714'. [ 1416.418181][T19059] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1416.438370][T19059] team0: Port device bond1 added [ 1417.008953][ T5906] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 1417.427308][T17030] usb 6-1: USB disconnect, device number 43 [ 1417.774482][T19082] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3722'. [ 1417.865024][ T5904] usb 5-1: new full-speed USB device number 87 using dummy_hcd [ 1419.120549][ T5904] usb 5-1: not running at top speed; connect to a high speed hub [ 1419.132062][ T5904] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1419.270510][ T5904] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1419.281055][ T5904] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1419.370516][ T5904] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1419.379674][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1419.395286][ T5904] usb 5-1: Product: ᐭ [ 1419.399531][ T5904] usb 5-1: Manufacturer: Ꙟ吊좫ើᮗ繣ꨲ㊀饌䟯ꜝ﬍贓㉼ꣻ㰍솿ಘ횿づⷬᯮ妒箍╼탟腒台㻕캕錧酪⨼ఙ쐹䅛奛㌙답 [ 1419.415248][ T5904] usb 5-1: SerialNumber: 萸뭪鴎礶튗随䵱胮巬爑 [ 1419.549658][T19097] FAULT_INJECTION: forcing a failure. [ 1419.549658][T19097] name failslab, interval 1, probability 0, space 0, times 0 [ 1419.648303][T19097] CPU: 1 UID: 0 PID: 19097 Comm: syz.1.3726 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1419.659158][T19097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1419.669263][T19097] Call Trace: [ 1419.672581][T19097] [ 1419.675549][T19097] dump_stack_lvl+0x241/0x360 [ 1419.680281][T19097] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1419.685529][T19097] ? __pfx__printk+0x10/0x10 [ 1419.690180][T19097] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1419.695796][T19097] ? __pfx___might_resched+0x10/0x10 [ 1419.701235][T19097] should_fail_ex+0x3b0/0x4e0 [ 1419.705976][T19097] should_failslab+0xac/0x100 [ 1419.710722][T19097] ? vm_area_alloc+0x10e/0x1d0 [ 1419.715540][T19097] kmem_cache_alloc_noprof+0x70/0x380 [ 1419.721064][T19097] vm_area_alloc+0x10e/0x1d0 [ 1419.725744][T19097] __mmap_region+0x196e/0x2cd0 [ 1419.730586][T19097] ? __pfx_lock_release+0x10/0x10 [ 1419.735665][T19097] ? __pfx_validate_chain+0x10/0x10 [ 1419.740913][T19097] ? __pfx___mmap_region+0x10/0x10 [ 1419.746238][T19097] ? arch_get_unmapped_area_topdown+0x28e/0xc50 [ 1419.752554][T19097] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 1419.759213][T19097] ? cap_mmap_addr+0x163/0x2c0 [ 1419.764035][T19097] mmap_region+0x1d0/0x2c0 [ 1419.768510][T19097] do_mmap+0x8f0/0x1000 [ 1419.773163][T19097] ? __pfx_do_mmap+0x10/0x10 [ 1419.777797][T19097] ? __pfx_down_write_killable+0x10/0x10 [ 1419.783479][T19097] ? __fget_files+0x2a/0x410 [ 1419.788118][T19097] vm_mmap_pgoff+0x1dd/0x3d0 [ 1419.792774][T19097] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1419.797933][T19097] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1419.804304][T19097] ? do_syscall_64+0x100/0x230 [ 1419.809120][T19097] ? ksys_mmap_pgoff+0xdf/0x720 [ 1419.814021][T19097] ? __x64_sys_mmap+0x7f/0x140 [ 1419.818836][T19097] do_syscall_64+0xf3/0x230 [ 1419.823398][T19097] ? clear_bhb_loop+0x35/0x90 [ 1419.828219][T19097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1419.834310][T19097] RIP: 0033:0x7f860717ff19 [ 1419.838777][T19097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1419.858507][T19097] RSP: 002b:00007f8607edf058 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1419.866947][T19097] RAX: ffffffffffffffda RBX: 00007f8607345fa0 RCX: 00007f860717ff19 [ 1419.874936][T19097] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 0000000020001000 [ 1419.882921][T19097] RBP: 00007f8607edf0a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1419.890903][T19097] R10: 0000000000003032 R11: 0000000000000246 R12: 0000000000000001 [ 1419.898888][T19097] R13: 0000000000000000 R14: 00007f8607345fa0 R15: 00007ffde080fff8 [ 1419.906887][T19097] [ 1421.283501][T19109] syz.4.3716: attempt to access beyond end of device [ 1421.283501][T19109] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1422.922842][ T5904] usb 5-1: 0:2 : does not exist [ 1422.999035][ T5904] usb 5-1: USB disconnect, device number 87 [ 1423.837287][T19125] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1423.916662][T19125] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1426.215499][ T29] audit: type=1326 audit(1733850384.636:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19147 comm="syz.5.3738" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7990b7ff19 code=0x0 [ 1426.958046][T19160] QAT: failed to copy from user. [ 1427.005558][T19159] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3741'. [ 1428.271910][T19169] netlink: 165 bytes leftover after parsing attributes in process `syz.0.3744'. [ 1428.358184][T19171] openvswitch: netlink: Message has 4 unknown bytes. [ 1428.366362][T19171] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1428.467353][ T5904] usb 6-1: new full-speed USB device number 44 using dummy_hcd [ 1428.639210][ T5904] usb 6-1: not running at top speed; connect to a high speed hub [ 1428.651229][ T5904] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1428.664819][ T5904] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1428.712984][ T5904] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1428.752766][ T5904] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1428.780463][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1428.809595][ T5904] usb 6-1: Product: ᐭ [ 1428.824405][ T5904] usb 6-1: Manufacturer: Ꙟ吊좫ើᮗ繣ꨲ㊀饌䟯ꜝ﬍贓㉼ꣻ㰍솿ಘ횿づⷬᯮ妒箍╼탟腒台㻕캕錧酪⨼ఙ쐹䅛奛㌙답 [ 1428.931909][T19174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3747'. [ 1430.295400][ T5904] usb 6-1: SerialNumber: 萸뭪鴎礶튗随䵱胮巬爑 [ 1431.082856][T19192] syz.5.3742: attempt to access beyond end of device [ 1431.082856][T19192] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1434.774122][T19198] lo speed is unknown, defaulting to 1000 [ 1435.773829][ T5904] usb 6-1: 0:2 : does not exist [ 1435.785788][ T5904] usb 6-1: USB disconnect, device number 44 [ 1437.228778][T19198] speed is unknown, defaulting to 1000 [ 1437.422045][T19224] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0002 with DS=0x9 [ 1438.484670][T19233] FAULT_INJECTION: forcing a failure. [ 1438.484670][T19233] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1438.516607][T19233] CPU: 1 UID: 0 PID: 19233 Comm: syz.5.3760 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1438.527456][T19233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1438.537559][T19233] Call Trace: [ 1438.540876][T19233] [ 1438.543845][T19233] dump_stack_lvl+0x241/0x360 [ 1438.548579][T19233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1438.553834][T19233] ? __pfx__printk+0x10/0x10 [ 1438.558476][T19233] ? validate_chain+0x11e/0x5920 [ 1438.563472][T19233] should_fail_ex+0x3b0/0x4e0 [ 1438.568208][T19233] prepare_alloc_pages+0x1da/0x5b0 [ 1438.573384][T19233] __alloc_pages_noprof+0x16f/0x710 [ 1438.578642][T19233] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1438.584450][T19233] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1438.589987][T19233] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1438.596042][T19233] vma_alloc_folio_noprof+0x12e/0x230 [ 1438.601475][T19233] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1438.607434][T19233] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1438.612719][T19233] folio_prealloc+0x2e/0x170 [ 1438.617387][T19233] do_wp_page+0x1253/0x49b0 [ 1438.621972][T19233] ? __pfx_do_wp_page+0x10/0x10 [ 1438.627065][T19233] ? __pfx_lock_acquire+0x10/0x10 [ 1438.632147][T19233] ? rcu_is_watching+0x15/0xb0 [ 1438.637058][T19233] ? do_raw_spin_lock+0x14f/0x370 [ 1438.642156][T19233] ? __pfx___pte_offset_map+0x10/0x10 [ 1438.647602][T19233] handle_pte_fault+0xfa5/0x5ed0 [ 1438.652688][T19233] ? tcp_recvmsg_locked+0x330f/0x3c80 [ 1438.658171][T19233] ? mark_lock+0x9a/0x360 [ 1438.662550][T19233] ? __pfx_handle_pte_fault+0x10/0x10 [ 1438.668021][T19233] ? __lock_acquire+0x1397/0x2100 [ 1438.673131][T19233] ? mt_find+0x2a9/0x920 [ 1438.677426][T19233] ? __pfx_lock_release+0x10/0x10 [ 1438.682508][T19233] handle_mm_fault+0x1053/0x1ad0 [ 1438.687523][T19233] ? __pfx_handle_mm_fault+0x10/0x10 [ 1438.692895][T19233] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1438.699372][T19233] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 1438.704724][T19233] exc_page_fault+0x2b9/0x8b0 [ 1438.709467][T19233] asm_exc_page_fault+0x26/0x30 [ 1438.714377][T19233] RIP: 0010:__put_user_nocheck_4+0x7/0x20 [ 1438.720170][T19233] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 [ 1438.739823][T19233] RSP: 0018:ffffc9000dce78f8 EFLAGS: 00050246 [ 1438.745933][T19233] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020007030 [ 1438.753957][T19233] RDX: ffff88802cdabc00 RSI: 0000000000000000 RDI: 00000000ffffffff [ 1438.761986][T19233] RBP: ffffc9000dce7a70 R08: ffffffff8981622f R09: 1ffffffff203075e [ 1438.770014][T19233] R10: dffffc0000000000 R11: fffffbfff203075f R12: 0000000020007000 [ 1438.778215][T19233] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc9000dce7d00 [ 1438.786247][T19233] ? ____sys_recvmsg+0x28f/0x480 [ 1438.791344][T19233] ____sys_recvmsg+0x2a7/0x480 [ 1438.796181][T19233] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1438.801544][T19233] ? do_recvmmsg+0x44e/0xab0 [ 1438.806192][T19233] ? __might_fault+0xaa/0x120 [ 1438.810933][T19233] do_recvmmsg+0x426/0xab0 [ 1438.815404][T19233] ? __pfx_do_recvmmsg+0x10/0x10 [ 1438.820403][T19233] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1438.826338][T19233] ? ksys_write+0x22a/0x2b0 [ 1438.830882][T19233] ? __pfx_lock_release+0x10/0x10 [ 1438.835941][T19233] ? vfs_write+0x730/0xd30 [ 1438.840501][T19233] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1438.846605][T19233] ? __fget_files+0x2a/0x410 [ 1438.851234][T19233] __x64_sys_recvmmsg+0x199/0x250 [ 1438.856286][T19233] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1438.861864][T19233] ? do_syscall_64+0x100/0x230 [ 1438.866660][T19233] ? do_syscall_64+0xb6/0x230 [ 1438.871366][T19233] do_syscall_64+0xf3/0x230 [ 1438.875897][T19233] ? clear_bhb_loop+0x35/0x90 [ 1438.880690][T19233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1438.886605][T19233] RIP: 0033:0x7f7990b7ff19 [ 1438.891040][T19233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1438.910674][T19233] RSP: 002b:00007f7991910058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1438.919119][T19233] RAX: ffffffffffffffda RBX: 00007f7990d45fa0 RCX: 00007f7990b7ff19 [ 1438.927121][T19233] RDX: 0000000000000a0d RSI: 00000000200066c0 RDI: 0000000000000003 [ 1438.935281][T19233] RBP: 00007f79919100a0 R08: 0000000000000000 R09: 0000000000000000 [ 1438.943274][T19233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1438.951264][T19233] R13: 0000000000000000 R14: 00007f7990d45fa0 R15: 00007ffe16774038 [ 1438.959270][T19233] [ 1438.962355][ C1] vkms_vblank_simulate: vblank timer overrun [ 1440.718022][T19256] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3768'. [ 1440.718984][ T5876] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 1440.746486][T19256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3768'. [ 1441.580566][ T5876] usb 6-1: not running at top speed; connect to a high speed hub [ 1441.747325][ T5876] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1441.756650][ T5876] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1441.828321][ T5876] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1441.977292][ T5876] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1441.987313][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1441.996592][ T5876] usb 6-1: Product: ᐭ [ 1442.001265][ T5876] usb 6-1: Manufacturer: Ꙟ吊좫ើᮗ繣ꨲ㊀饌䟯ꜝ﬍贓㉼ꣻ㰍솿ಘ횿づⷬᯮ妒箍╼탟腒台㻕캕錧酪⨼ఙ쐹䅛奛㌙답 [ 1442.017215][ T5876] usb 6-1: SerialNumber: 萸뭪鴎礶튗随䵱胮巬爑 [ 1442.254871][T19272] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1442.297179][T19272] team0: Port device bond2 added [ 1443.565643][T19281] syz.5.3765: attempt to access beyond end of device [ 1443.565643][T19281] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1445.048405][ C1] hrtimer: interrupt took 133463 ns [ 1445.500591][T19282] tty tty20: ldisc open failed (-12), clearing slot 19 [ 1446.154773][ T5876] usb 6-1: 0:2 : does not exist [ 1446.223985][ T5876] usb 6-1: USB disconnect, device number 45 [ 1446.485720][T19297] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1446.655231][T19302] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1446.809891][T19304] lo: entered promiscuous mode [ 1447.121831][T19303] lo: left promiscuous mode [ 1451.070030][ T5906] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1453.503927][T19343] syz_tun: entered promiscuous mode [ 1453.917307][T19347] overlayfs: missing 'workdir' [ 1454.403285][T19343] syz_tun: left promiscuous mode [ 1455.781287][T19345] syz_tun: entered promiscuous mode [ 1456.007243][T19345] syz_tun: left promiscuous mode [ 1456.164913][T19361] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3794'. [ 1456.241509][ T5876] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1456.350371][T19370] FAULT_INJECTION: forcing a failure. [ 1456.350371][T19370] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.374316][T19370] CPU: 0 UID: 0 PID: 19370 Comm: syz.0.3796 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1456.385198][T19370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1456.395305][T19370] Call Trace: [ 1456.398629][T19370] [ 1456.401607][T19370] dump_stack_lvl+0x241/0x360 [ 1456.403768][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1456.406322][T19370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1456.422414][T19370] ? __pfx__printk+0x10/0x10 [ 1456.427111][T19370] ? fs_reclaim_acquire+0x93/0x130 [ 1456.429419][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1456.432257][T19370] ? __pfx___might_resched+0x10/0x10 [ 1456.447433][T19370] should_fail_ex+0x3b0/0x4e0 [ 1456.452175][T19370] should_failslab+0xac/0x100 [ 1456.456921][T19370] __kmalloc_noprof+0xdd/0x4c0 [ 1456.461767][T19370] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1456.467562][T19370] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1456.473174][T19370] tomoyo_mount_permission+0x3bf/0xb80 [ 1456.476803][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1456.478665][T19370] ? stack_depot_save_flags+0x37/0x940 [ 1456.497079][T19370] ? tomoyo_mount_permission+0x298/0xb80 [ 1456.502744][T19370] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 1456.508786][T19370] ? hook_sb_mount+0x10b/0x420 [ 1456.513569][T19370] ? security_sb_mount+0x22/0x2f0 [ 1456.518620][T19370] security_sb_mount+0xe0/0x2f0 [ 1456.523502][T19370] path_mount+0xb9/0xfa0 [ 1456.527774][T19370] ? kmem_cache_free+0x195/0x410 [ 1456.532737][T19370] ? user_path_at+0x44/0x60 [ 1456.537272][T19370] __se_sys_mount+0x2d6/0x3c0 [ 1456.541985][T19370] ? __pfx___se_sys_mount+0x10/0x10 [ 1456.547199][T19370] ? do_syscall_64+0x100/0x230 [ 1456.551986][T19370] ? __x64_sys_mount+0x20/0xc0 [ 1456.556765][T19370] do_syscall_64+0xf3/0x230 [ 1456.561292][T19370] ? clear_bhb_loop+0x35/0x90 [ 1456.565996][T19370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1456.571913][T19370] RIP: 0033:0x7fe5b737ff19 [ 1456.576348][T19370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1456.595974][T19370] RSP: 002b:00007fe5b8140058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1456.604423][T19370] RAX: ffffffffffffffda RBX: 00007fe5b7545fa0 RCX: 00007fe5b737ff19 [ 1456.612415][T19370] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000 [ 1456.620405][T19370] RBP: 00007fe5b81400a0 R08: 0000000020000080 R09: 0000000000000000 [ 1456.628389][T19370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1456.636373][T19370] R13: 0000000000000000 R14: 00007fe5b7545fa0 R15: 00007ffc437cccc8 [ 1456.644378][T19370] [ 1456.648550][ T5876] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1456.658011][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1456.681130][T19370] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1456.701946][ T5876] usb 2-1: config 0 descriptor?? [ 1457.455234][ T5876] plantronics 0003:047F:FFFF.0020: No inputs registered, leaving [ 1457.544860][ T5876] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1458.292320][T19380] netlink: 'syz.4.3801': attribute type 8 has an invalid length. [ 1458.738537][T19396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1458.747802][T19396] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1459.074738][ T5906] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1459.149491][ T5876] usb 5-1: new full-speed USB device number 88 using dummy_hcd [ 1459.258111][ T5906] usb 6-1: config 4 has an invalid interface number: 95 but max is 0 [ 1459.289644][ T5906] usb 6-1: config 4 has an invalid descriptor of length 181, skipping remainder of the config [ 1459.310524][ T5906] usb 6-1: config 4 has no interface number 0 [ 1459.313283][ T5876] usb 5-1: not running at top speed; connect to a high speed hub [ 1459.331335][ T5906] usb 6-1: too many endpoints for config 4 interface 95 altsetting 115: 118, using maximum allowed: 30 [ 1459.333065][ T5876] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1459.357653][ T5876] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1459.374073][ T5906] usb 6-1: config 4 interface 95 altsetting 115 has 0 endpoint descriptors, different from the interface descriptor's value: 118 [ 1459.376808][ T5876] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1459.427329][ T5906] usb 6-1: config 4 interface 95 has no altsetting 0 [ 1459.427601][ T5876] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1459.434084][ T5906] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1459.434119][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1459.462449][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1459.478351][ T5876] usb 5-1: Product: ᐭ [ 1459.483453][ T5876] usb 5-1: Manufacturer: Ꙟ吊좫ើᮗ繣ꨲ㊀饌䟯ꜝ﬍贓㉼ꣻ㰍솿ಘ횿づⷬᯮ妒箍╼탟腒台㻕캕錧酪⨼ఙ쐹䅛奛㌙답 [ 1459.498883][ T5876] usb 5-1: SerialNumber: 萸뭪鴎礶튗随䵱胮巬爑 [ 1459.673419][ T5904] usb 2-1: reset high-speed USB device number 79 using dummy_hcd [ 1459.696056][ T5906] usb 6-1: string descriptor 0 read error: -71 [ 1459.706081][ T5906] ath6kl: Failed to submit usb control message: -71 [ 1459.712777][ T5906] ath6kl: unable to send the bmi data to the device: -71 [ 1459.720035][ T5906] ath6kl: Unable to send get target info: -71 [ 1459.727531][ T5906] ath6kl: Failed to init ath6kl core: -71 [ 1459.733829][ T5906] ath6kl_usb 6-1:4.95: probe with driver ath6kl_usb failed with error -71 [ 1459.750079][ T5906] usb 6-1: USB disconnect, device number 46 [ 1459.964106][ T29] audit: type=1326 audit(1733850416.206:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19352 comm="syz.1.3793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860717ff19 code=0x7fc00000 [ 1460.016941][ T5904] usb 2-1: device descriptor read/64, error -32 [ 1460.068245][T19412] syz.4.3804: attempt to access beyond end of device [ 1460.068245][T19412] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1460.169875][T19414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3810'. [ 1460.589723][T19418] netlink: 'syz.1.3811': attribute type 8 has an invalid length. [ 1460.639065][T19421] ipt_rpfilter: unknown options [ 1460.968793][T17030] usb 2-1: USB disconnect, device number 79 [ 1461.772282][T19441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3822'. [ 1462.047709][T19443] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 1462.407228][T19453] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22 [ 1462.453023][T19453] netdevsim netdevsim5: Direct firmware load for . failed with error -22 [ 1462.464255][T19453] netdevsim netdevsim5: Falling back to sysfs fallback for: . [ 1462.708440][ T5876] usb 5-1: 0:2 : does not exist [ 1462.725582][T19460] netlink: 152 bytes leftover after parsing attributes in process `syz.6.3829'. [ 1462.846227][ T5876] usb 5-1: USB disconnect, device number 88 [ 1462.900697][T19466] IPVS: length: 124 != 24 [ 1463.321151][T19482] vlan1: entered promiscuous mode [ 1463.326501][T19482] vlan1: entered allmulticast mode [ 1463.335543][T19482] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 1463.720196][T19500] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3849'. [ 1464.491048][T19528] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3858'. [ 1464.528931][T19528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3858'. [ 1464.558456][T19528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3858'. [ 1464.593949][T19528] netlink: 'syz.0.3858': attribute type 13 has an invalid length. [ 1464.605226][T19528] netlink: 'syz.0.3858': attribute type 11 has an invalid length. [ 1465.391935][T19570] tipc: Failed to remove unknown binding: 66,1,1/0:488246818/488246820 [ 1465.638610][T19576] tipc: Failed to remove unknown binding: 66,1,1/0:488246818/488246820 [ 1465.647874][T19576] tipc: Failed to remove unknown binding: 66,1,1/0:488246818/488246820 [ 1466.406813][T19609] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3883'. [ 1466.453862][T19611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3884'. [ 1466.893205][T19623] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3888'. [ 1466.938178][T19621] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3889'. [ 1467.244537][T19630] netlink: 'syz.1.3891': attribute type 12 has an invalid length. [ 1467.280006][T19632] __nla_validate_parse: 1 callbacks suppressed [ 1467.280029][T19632] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3893'. [ 1468.055120][T19649] bond0: (slave syz_tun): Releasing backup interface [ 1468.514760][T19667] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.698256][T19667] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.975455][T19667] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1469.227111][T19667] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1469.249234][T19704] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3921'. [ 1469.380353][T19711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3923'. [ 1469.550036][T19704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1469.558197][T19704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1469.574748][T19704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1469.582631][T19704] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1469.750059][T19721] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3925'. [ 1469.831967][T19667] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1469.915628][T19667] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1469.972183][T19667] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1469.998413][T19667] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.066171][T19730] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3928'. [ 1470.210351][T19736] Cannot find del_set index 286 as target [ 1470.477656][T19746] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3935'. [ 1470.502932][T19746] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3935'. [ 1471.004004][T19764] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3944'. [ 1471.210167][T19770] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3947'. [ 1471.764737][T19792] tipc: Enabling of bearer rejected, failed to enable media [ 1471.978091][T19801] [ 1471.980496][T19801] ====================================================== [ 1471.987546][T19801] WARNING: possible circular locking dependency detected [ 1471.994598][T19801] 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 Not tainted [ 1472.001744][T19801] ------------------------------------------------------ [ 1472.008795][T19801] syz.4.3964/19801 is trying to acquire lock: [ 1472.014895][T19801] ffff8880310c2c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1ea/0x500 [ 1472.024253][T19801] [ 1472.024253][T19801] but task is already holding lock: [ 1472.031659][T19801] ffff888025235068 (&pipe->mutex){+.+.}-{4:4}, at: iter_file_splice_write+0x330/0x1510 [ 1472.041403][T19801] [ 1472.041403][T19801] which lock already depends on the new lock. [ 1472.041403][T19801] [ 1472.051841][T19801] [ 1472.051841][T19801] the existing dependency chain (in reverse order) is: [ 1472.060977][T19801] [ 1472.060977][T19801] -> #3 (&pipe->mutex){+.+.}-{4:4}: [ 1472.068513][T19801] lock_acquire+0x1ed/0x550 [ 1472.073551][T19801] __mutex_lock+0x1ac/0xee0 [ 1472.078596][T19801] iter_file_splice_write+0x330/0x1510 [ 1472.084625][T19801] do_splice+0xd68/0x18e0 [ 1472.089529][T19801] __se_sys_splice+0x2e0/0x450 [ 1472.094979][T19801] do_syscall_64+0xf3/0x230 [ 1472.100025][T19801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.106475][T19801] [ 1472.106475][T19801] -> #2 (sb_writers#5){.+.+}-{0:0}: [ 1472.113909][T19801] lock_acquire+0x1ed/0x550 [ 1472.118944][T19801] sb_start_write+0x4d/0x1c0 [ 1472.124068][T19801] mnt_want_write+0x3f/0x90 [ 1472.129104][T19801] ovl_create_object+0x13a/0x3a0 [ 1472.134574][T19801] path_openat+0x1c03/0x3590 [ 1472.139711][T19801] do_filp_open+0x27f/0x4e0 [ 1472.144779][T19801] do_sys_openat2+0x13e/0x1d0 [ 1472.150025][T19801] __x64_sys_creat+0x123/0x170 [ 1472.155401][T19801] do_syscall_64+0xf3/0x230 [ 1472.160470][T19801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.166911][T19801] [ 1472.166911][T19801] -> #1 (&ovl_i_mutex_dir_key[depth]#3){++++}-{4:4}: [ 1472.175937][T19801] lock_acquire+0x1ed/0x550 [ 1472.181002][T19801] down_read+0xb1/0xa40 [ 1472.185755][T19801] lookup_slow+0x45/0x70 [ 1472.190545][T19801] walk_component+0x2e1/0x410 [ 1472.195766][T19801] path_lookupat+0x16f/0x450 [ 1472.200927][T19801] filename_lookup+0x2a3/0x670 [ 1472.206260][T19801] kern_path+0x35/0x50 [ 1472.210883][T19801] lookup_bdev+0xc5/0x290 [ 1472.215755][T19801] resume_store+0x1a0/0x710 [ 1472.220981][T19801] kernfs_fop_write_iter+0x3a0/0x500 [ 1472.226811][T19801] vfs_write+0xaeb/0xd30 [ 1472.231601][T19801] ksys_write+0x18f/0x2b0 [ 1472.236476][T19801] do_syscall_64+0xf3/0x230 [ 1472.241532][T19801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.248157][T19801] [ 1472.248157][T19801] -> #0 (&of->mutex){+.+.}-{4:4}: [ 1472.255402][T19801] validate_chain+0x18ef/0x5920 [ 1472.260833][T19801] __lock_acquire+0x1397/0x2100 [ 1472.266222][T19801] lock_acquire+0x1ed/0x550 [ 1472.271373][T19801] __mutex_lock+0x1ac/0xee0 [ 1472.276430][T19801] kernfs_fop_write_iter+0x1ea/0x500 [ 1472.282337][T19801] iter_file_splice_write+0xbfa/0x1510 [ 1472.288337][T19801] do_splice+0xd68/0x18e0 [ 1472.293209][T19801] __se_sys_splice+0x2e0/0x450 [ 1472.298950][T19801] do_syscall_64+0xf3/0x230 [ 1472.304024][T19801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.310491][T19801] [ 1472.310491][T19801] other info that might help us debug this: [ 1472.310491][T19801] [ 1472.320735][T19801] Chain exists of: [ 1472.320735][T19801] &of->mutex --> sb_writers#5 --> &pipe->mutex [ 1472.320735][T19801] [ 1472.332867][T19801] Possible unsafe locking scenario: [ 1472.332867][T19801] [ 1472.340329][T19801] CPU0 CPU1 [ 1472.345704][T19801] ---- ---- [ 1472.351079][T19801] lock(&pipe->mutex); [ 1472.355264][T19801] lock(sb_writers#5); [ 1472.361973][T19801] lock(&pipe->mutex); [ 1472.368674][T19801] lock(&of->mutex); [ 1472.372673][T19801] [ 1472.372673][T19801] *** DEADLOCK *** [ 1472.372673][T19801] [ 1472.380819][T19801] 2 locks held by syz.4.3964/19801: [ 1472.386021][T19801] #0: ffff88807dc70420 (sb_writers#11){.+.+}-{0:0}, at: do_splice+0xce4/0x18e0 [ 1472.395214][T19801] #1: ffff888025235068 (&pipe->mutex){+.+.}-{4:4}, at: iter_file_splice_write+0x330/0x1510 [ 1472.405562][T19801] [ 1472.405562][T19801] stack backtrace: [ 1472.411476][T19801] CPU: 1 UID: 0 PID: 19801 Comm: syz.4.3964 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 1472.422268][T19801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1472.432336][T19801] Call Trace: [ 1472.435635][T19801] [ 1472.438577][T19801] dump_stack_lvl+0x241/0x360 [ 1472.443276][T19801] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1472.448580][T19801] ? __pfx__printk+0x10/0x10 [ 1472.453192][T19801] print_circular_bug+0x13a/0x1b0 [ 1472.458247][T19801] check_noncircular+0x36a/0x4a0 [ 1472.463209][T19801] ? __pfx_validate_chain+0x10/0x10 [ 1472.468447][T19801] ? __pfx_check_noncircular+0x10/0x10 [ 1472.473934][T19801] ? lockdep_lock+0x123/0x2b0 [ 1472.478632][T19801] validate_chain+0x18ef/0x5920 [ 1472.483517][T19801] ? __lock_acquire+0x1397/0x2100 [ 1472.488561][T19801] ? __pfx_validate_chain+0x10/0x10 [ 1472.493791][T19801] ? look_up_lock_class+0x77/0x170 [ 1472.498921][T19801] ? register_lock_class+0x102/0x980 [ 1472.504260][T19801] ? __pfx_validate_chain+0x10/0x10 [ 1472.509474][T19801] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1472.515470][T19801] ? __pfx_register_lock_class+0x10/0x10 [ 1472.521222][T19801] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1472.527567][T19801] ? mark_lock+0x9a/0x360 [ 1472.531911][T19801] __lock_acquire+0x1397/0x2100 [ 1472.536784][T19801] lock_acquire+0x1ed/0x550 [ 1472.541300][T19801] ? kernfs_fop_write_iter+0x1ea/0x500 [ 1472.546777][T19801] ? __pfx_lock_acquire+0x10/0x10 [ 1472.551837][T19801] ? __pfx___might_resched+0x10/0x10 [ 1472.557167][T19801] ? __virt_addr_valid+0x183/0x530 [ 1472.562341][T19801] __mutex_lock+0x1ac/0xee0 [ 1472.566867][T19801] ? kernfs_fop_write_iter+0x1ea/0x500 [ 1472.572347][T19801] ? _copy_from_iter+0x8c2/0x1c20 [ 1472.577409][T19801] ? kernfs_fop_write_iter+0x1ea/0x500 [ 1472.582882][T19801] ? __pfx___mutex_lock+0x10/0x10 [ 1472.587933][T19801] ? __pfx__copy_from_iter+0x10/0x10 [ 1472.593240][T19801] ? __virt_addr_valid+0x183/0x530 [ 1472.598394][T19801] ? __virt_addr_valid+0x45f/0x530 [ 1472.603539][T19801] ? __phys_addr_symbol+0x2f/0x70 [ 1472.608593][T19801] ? __check_object_size+0x47a/0x730 [ 1472.613917][T19801] kernfs_fop_write_iter+0x1ea/0x500 [ 1472.619222][T19801] iter_file_splice_write+0xbfa/0x1510 [ 1472.624713][T19801] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1472.630630][T19801] ? rcu_read_lock_any_held+0xb7/0x160 [ 1472.636113][T19801] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1472.642026][T19801] do_splice+0xd68/0x18e0 [ 1472.646380][T19801] ? __pfx_lock_release+0x10/0x10 [ 1472.651504][T19801] ? do_sys_openat2+0x17a/0x1d0 [ 1472.656368][T19801] ? kmem_cache_free+0x195/0x410 [ 1472.661318][T19801] ? do_futex+0x33b/0x560 [ 1472.665668][T19801] ? pipe_clear_nowait+0x196/0x220 [ 1472.670824][T19801] ? __pfx_do_splice+0x10/0x10 [ 1472.675607][T19801] ? __fget_files+0x2a/0x410 [ 1472.680210][T19801] __se_sys_splice+0x2e0/0x450 [ 1472.684995][T19801] ? __pfx___se_sys_splice+0x10/0x10 [ 1472.690832][T19801] ? do_syscall_64+0x100/0x230 [ 1472.695710][T19801] ? __x64_sys_splice+0x21/0xf0 [ 1472.700583][T19801] do_syscall_64+0xf3/0x230 [ 1472.705105][T19801] ? clear_bhb_loop+0x35/0x90 [ 1472.709804][T19801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.715725][T19801] RIP: 0033:0x7efd7eb7ff19 [ 1472.720172][T19801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1472.739810][T19801] RSP: 002b:00007efd7f9d2058 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 1472.748250][T19801] RAX: ffffffffffffffda RBX: 00007efd7ed45fa0 RCX: 00007efd7eb7ff19 [ 1472.756239][T19801] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000003 [ 1472.764219][T19801] RBP: 00007efd7ebf3cc8 R08: 0000000000010500 R09: 0000000000000000 [ 1472.772207][T19801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1472.780191][T19801] R13: 0000000000000000 R14: 00007efd7ed45fa0 R15: 00007ffdf8f18008 [ 1472.788185][T19801]