last executing test programs: 6m43.073912352s ago: executing program 3 (id=76): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000200)={0x2, @pix={0x80, 0xfda, 0x3208ff26cf9c44b9, 0x7, 0x1007, 0x0, 0xa, 0x80, 0x0, 0x710, 0x1, 0x1}}) 6m42.91828617s ago: executing program 3 (id=77): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r0, &(0x7f0000000040)={0x0, 0x2000}, &(0x7f0000000080), 0x0) 6m42.452308191s ago: executing program 3 (id=78): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b3", 0x40}], 0x2}], 0x1, 0x40800) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000240)=0x9) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 6m42.358705385s ago: executing program 3 (id=79): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYRESOCT], 0x18}}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x100}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000005c40)=""/4100, 0x1004}], 0x2}, 0x7}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000004c40)=""/4096, 0x1000}, {&(0x7f0000000540)=""/163, 0xa3}, {&(0x7f00000008c0)=""/229, 0xe5}, {&(0x7f0000000700)=""/130, 0x82}, {&(0x7f0000000480)=""/124, 0x7c}, {&(0x7f0000002080)=""/4083, 0xff3}], 0x6}, 0x7ffffffe}, {{0x0, 0x0, 0x0}, 0x5}], 0x5, 0x40008062, 0x0) 6m42.179044837s ago: executing program 3 (id=80): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000440)={0x7}, 0x10) (async) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200410a00040000000000008000f4"], 0x20}}, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) (async) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 6m41.772257758s ago: executing program 3 (id=81): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000480)="98f358657d", 0x5}, {&(0x7f0000000040)="882348", 0x3}], 0x2, &(0x7f0000000880)=ANY=[], 0x138}}], 0x1, 0x24004888) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x222600, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905", @ANYRES8=r4], 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x4, 0xc}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x30004804}, 0x80c0) ioctl$SNDCTL_SEQ_TESTMIDI(r2, 0x40045108, &(0x7f00000000c0)=0x101) 6m41.321935991s ago: executing program 32 (id=81): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000480)="98f358657d", 0x5}, {&(0x7f0000000040)="882348", 0x3}], 0x2, &(0x7f0000000880)=ANY=[], 0x138}}], 0x1, 0x24004888) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x222600, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905", @ANYRES8=r4], 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x4, 0xc}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x30004804}, 0x80c0) ioctl$SNDCTL_SEQ_TESTMIDI(r2, 0x40045108, &(0x7f00000000c0)=0x101) 1m31.618689382s ago: executing program 1 (id=2274): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x18, 0x300f8, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x830200) 1m31.573185279s ago: executing program 1 (id=2275): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) setuid(0xee01) ioctl$KDGETLED(r3, 0x560c, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000080)={'wpan0\x00'}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x6c, r4, 0x7d243a6ea807936d, 0x10000012, 0x25df5bf8, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x600000006}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48891}, 0x880) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000240)={r7, 0x2, r6}) socket$alg(0x26, 0x5, 0x0) epoll_create1(0x0) r8 = socket$inet(0xa, 0x801, 0x84) connect$inet(r8, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r8, 0x8) r9 = accept4(r8, 0x0, 0x0, 0x0) sendto$inet(r9, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x4}, 0x8) sendmmsg$inet6(r9, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001700)='y', 0x1}], 0x1}}], 0x1, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c77666421983d462b5dcbaefdcd0b0bed315b6a8d01a7c240c3065c16e5756673a5adeaaa50360680165376d04e2db8cd14477dcacc27516b5785495ea636df7530f83b350062c25c6cacef95e78217c159ba7dc25e160db8416ed26ba6b9bf05a0bf66af31976ee3b50b493567f3f3e6d57b36f78d8f93672635710464171135", @ANYRESHEX=r2, @ANYBLOB=',directio,\x00']) 1m31.510793835s ago: executing program 1 (id=2276): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pwritev(r1, &(0x7f0000000a00), 0x1046, 0x1000, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'batadv0\x00', &(0x7f00000005c0)=@ethtool_wolinfo={0x6, 0x1ff, 0xad, "67d077aeb8b9"}}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000140)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x3, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x9) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) listen(0xffffffffffffffff, 0x8) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb813dd28b42bee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f"}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r6 = dup(r5) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TCSETS(r7, 0x545c, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, "43e6323cce19dc42a867c4e745c80552a700"}) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r6, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x42000, &(0x7f0000000380)=ANY=[@ANYRESDEC=0x0, @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYBLOB="b83a111f89a31934c1e55856a731cf56867b7cced152f686f54422bbfbf92eebda2d7eade3ca6a825c0c519f8f7c622377a0b75e40f60b4c571988292a470c943dac417b5e9a639cc08db8e509a9d661e7a9bf60130898fad9196099e7b1cd696a7040c171b4f181fb518a0a21b9991ca938fb25c9d3d818686ca4c83a4ad679b21c0f360143cc84141932020b303a1802dedaf6cd3abd4b366dfa419570774e84885f3804f9f68f28e7a3"]) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_RADAR_DETECT(r6, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r8, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x32b}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000090}, 0x44880) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0) 1m30.596270765s ago: executing program 1 (id=2277): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r0, @ANYRES32=r0], 0x14}, 0x1, 0x0, 0x0, 0x44000005}, 0x4000) 1m30.588780809s ago: executing program 1 (id=2278): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000400)={0xfffffffb, {{0xa, 0x4f21, 0x80, @empty}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYRESDEC=r3], 0x310) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x4, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) r4 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000600)=""/128, 0x80}], 0x1, 0xb6, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0xfffffffffffffd59) listen(r2, 0xfffffffc) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x81, @mcast2, 0xa02}, 0x1c) r7 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4}, {0x0, 0x1fffffffe, 0xfffffffffffffff7, 0x20000a0de, 0x40000000000004, 0x2, 0x200000003, 0x400}, {0x40000000000005, 0xe9, 0x1, 0x5}, 0x4, 0x0, 0x1}, {{@in=@broadcast, 0x80000004, 0x6c}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3502, 0x1, 0x8, 0x0, 0x9075, 0x0, 0x9945}}, 0xe8) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a0000"], 0x13c}}, 0x20040880) r9 = accept$inet(r5, &(0x7f0000000200), &(0x7f0000000340)=0x10) syz_usb_connect(0x6, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32=r9], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r11, 0x8910, &(0x7f0000000000)={'veth0_to_hsr\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r11, 0x89fa, &(0x7f0000000000)) connect$can_bcm(r1, &(0x7f0000000140)={0x1d, r10}, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0x0) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}]}, &(0x7f0000000240)=0x10) 1m29.979014122s ago: executing program 1 (id=2279): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) syz_open_dev$usbfs(&(0x7f0000000140), 0xd, 0x3501) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x228100) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) (async) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r2], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async) read$FUSE(r3, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = dup(r4) (async) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}, 0x8) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) (async) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) (async) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$UHID_INPUT(r7, &(0x7f0000001080)={0xd, {"f1f353f0c833097c27a892e9d357cff5f8dbe89627fac0c7baa3d2367d656bce7be2201f63550726fae46c98bb9d1015f4f6c630ca5fe559381741086cf09a276956cdc7e94dadd91d11e3b0870e56a7d3809b2f9b396da9527a975ed11798f36566468a95b4b5bee90b1dc6b83f9488e226e57be4eb015b2d2c87b4a9488e1f205eab5b424225cb6cb4a89a4f644fa5a17a96b6f1b989cee896f36037d03e5533f69dfd83cda70ce02910faf8777c0a2b88df10f0385e1bc828ff019eb5a450b1e05c738079972dfc58810132a59804b823355107214232b12efc8b93d69b777eb1e6db53d9f00a72d4634edf1a514fe9840f22c9af52a3273844507f4614bf298a072f1b0292c5461596f7daaab6e60ce35b40d84f5abf83b710420cfb9332c80c9205bace3d3f81bfeec61ae2537dbb854da4131e11a12f2939c46c119fcb9695c453380c41f08b77f4e3f56f4ceb9f12d12ff852642075ad082dbc7b6e0c4201b7f5b35846e7baf3ea591daa5e175b45f2fc93dfba95837f20dd701f829811f82ef2f71447df0390048fdded6e05838edb9fad4158751321d6452a67b6f11e87aaee34a5082fe86d2fe67b5ab0ba8b9a1023316dee0db52aac7c5eaeca00fcb7df6d82b1ee05e5f17729546e25fa6882f167137c761bf4179669859e027874d20c7584d4d4db23cebc32344ea2d4305215f0e13fa3cda44c00f200f1a95bf51288722b8ee15349fd12345f70f8502f54fb659da95677679697f30ebe4b1e0ff19b9873d6de900a89f11835afe90c42df20b80dd1cb1764482d3c2bc5151abb6c6027673f3d0e6f09a6704c6754ed50886f8726329b331a40955cacc11c3ddef202996302ce8cc90896dc848c7066e82a98def0741f008a8d2a68be8979daf97c645552aa06b57aef18db7a8135768fd829f852dc6e7ff64599717f7715d75c5056c4ec5b1b75c5f6d25d53810f8a72d5b79a21ef4e5aa97fcc00fd134e1520d225a6d8e72cd819d3f064bcf336ac26e133c359830d1b326ca62071e38d465913de34a93947e3d09db2e5ced544a3f30b89fd2e0ea3bc71172ff30273a3d5cbcd4f98bd884b83f7b447f9697cfcd4e4d52379aa8aaaa97b48feb0ea03c1a9318cc87bde35d753cfe997ca98a7c203424443a3b9b6098fbf061584eed12668be29bb7491fedb3debc8970c577c14ff9ecb8e2ad6b9e36447b35925b761267e7858b78a89b9f8e248b138700763a729213a32dae8bdc25243d94aa3d717be39737a3053ad2eb4a0c07953444a1206355f46207774634c35deb3b484ec1a4ccc0b532b620593ccfaf6ea298fe0cb62b4e92d80cd248fd9c18d518c29cb6af367d7094e93d9e9ab5c2aa95a12ceb885927cb05739b060843e8b47a454d42ad8a06211ac37fc830edfe811d434b38b7602af5a05a6e2dc4c85c6622b9df9bda2363e8b2aa0fdaa4eb32d2f70dcf08106ac9601ada331a6a7337df98cc342a52a998f8f9bf372531f10fd292c22f3dcf85551cc6a66531c699a1f37d64eb9c7788e912c5e7b3949d291a557bad3199db335cc7f8aecbb97fe00d80a12273dbab8b70c2c6159e8b8f7ffffffd273bd5534e0306078e0a4472f5282b71abdd2a6b1c74dccdc34f28053c024011994323d24784518e9edb57f09602cc1a1c06d88b7b171bb3f852401eb41089c547bdb5195a0c7e73a8c47d650fd0941a7ecc6e351e5dd4499baa9a81b4a28757b2408bbdf1267629778fc977224362326bf6820628b47f6a070152be1b9b41b20ce4d26064720585746a87bfb24b744612af89fe691777451d804355d5b103838e2381aadf191e70bf6a0fabe9cc84e029582c9683384afd49e08ed99dee0a3dabf879c2938b4c2fc4213e337ac56563d0a579c153f3821691d4b21f2ae3e1343604ce8d61b4b02438e6e3bbc766671250a6cd626ffb9c333d2e52414fad4bcdf36a0e84463618875600ad3bc5859e2e29bef9b8b0c3400490fab3deef256c4fb5d608c5cba570cd2f2b8e1517928e22bd508c43cffb630e080fa0cfb1d5fcb8d2fea44419a15b96f99aadb6212bf80f50b05650b8d82109973fd4e39f8272a7bdac7afa01338201ee45d80c0da849cf0ab77b5ea93b327dbebbc46aa795a966a4737dc84afc126aa54f501462e86c06f4b3052bad341174380d689475ee1790ff162239b427567ddf7ebac9c62034d2b8285fbe07be4e04c57e8462361d04e075be4e3dce985ff8c2c252685f8afe95f3d8b4961faf8c621c31fbd2a8af095ce9fc49a3ec84cf998a7b81069b03c1eef1f14a676a34039bcefeaa6d64d168b7282bc00676765788d5891f4617f22dbcb81d4f2fd7be7b42ae3b9818505d577e7f0dcd89f669d2c15d70e292c13b525d81beee6b6870c3c8a72f7d1e3b64472bbf9087f411d9b18f80cd42872f2caeaa3fc4ec777135752418b136892f4b2603a463bedfbf13dba2ca1bcaf41e74e807877eedf15551164b041e4dc9d3022e99c2e2fac9d15906ac6a7d63bfb57d8cfee8df66a00abce56e1424ecbda3b4a9dc5f381bb7ba38b57268750a0808d39c5cbf5cea7bc55ec1e8328206028c16abf2c3eeae79359777c53718d0c6ce3c9f1b093a3db834cfeb1e146e140465345d6f0a75de4a1a8a374c2467a641f5583907c5f1639eb16cc8156f4b7e1484be957cbe1b1fcb26d443bf759b738a86ccfdff4a6076cd5056f52126b3935cf2107be04033696ef408fcbebd73a10bf8f5d728d2729fd41bcb1bf1ec315216c8c5f9dfbf366f12945f648f901d968f6ee231b98bab2ccb31303c02cf32e065dd73cd81e2b0e99e5f64b2de44eeb477a3b370b9c7aa81ef780aa9f48dadd32cefab2070df2b52a6ac7077338e7269ce5608d1d109d66e307a2c82b411c1089a3afd99a56aab8f301cfc0e541afa853769154efa1d9901fae7b1b5a54e865de2eefc5a0b26dde5eacbc51d43920a9c0f212c27e16be26cccb2477b31aa5756054c985d84200f710cca0b091849890c4e87428217e2cbc211e1bd701cf9381de83b17b617daa7941a054534c9915d951dc9278974d9092e09fdb9978bad73ad989e3565b05fc7f3791be2d7e0b67fb904d9890e71152c168c58eb54a66d7d37fd2a9aa4ebd109adc946a7eb337e3a7afb50c7a959e55bb1933188c9019bee743102a845d3503f95b53248c480fc81b6afc21a5cc3fc81f19a2d438b152b648239460c420f5cb198582be439865acfb4e7e4ce5f4e12e1b267d293609a93a0c79949315e5195f511bc231ec9735cc5c94c473467cf6e341718392a9cd7a4dcff06369dbcc5f54be4345d70563aec33a4aec74bdd64fd86d902752e9dc65fd07c77b508309336cca5574542e234346dba7ddfa2e4a8c12806418b378a5b40dc19fa910c69a8850854007677f01d299a2c916be0cc554c3386febf013a10120ed0bbe636a6b6adeb40c30540ce7426078d7117354fc0e5974ee40345cc8f70970b4ba1e40a18b288bac7e920f0c3e1ec91ccabc01762f6e0d4c49d8a5760cee1c501b85ec6e3ca5c1911fa26b9ffb52f3b66417e889616b99e89be2ef781f49d8dafa599433f369c561d55494577468d8b5b0f3fdc0135cbd43ca79063d9a3e15f23ca1677eaf94fbcf3a81ea62fc8bca1422274644ec77368ef3e05cfa311ac3a8c1a8c132c3701f797c1f0d51ec72ce7a8fab44b9ff2e4e714b52caba8d198a42bd255be3723439faad37f050c06c9fcff2bd6d9393d61ba3efcafee71645159b8c1faad79d02a4d453b98d09c46288dcfafdf82c79b6404be1b9d45d5f7f56f39d50deb58647d5faee01ae3a6dcd4465bfd908e0cbbfa73ae5725503f70f022868950ce5c0f6cd9c10bf6019e9162447b58ab2c27f0eda060efc3c894ddf731d6964d1dac70c0085e397683757abcab5c9d55d2747c58817ec259eead68c112135707ee419ae042ad0a2947e84b4ae748b1f85a585b4d18bef8a9efa2e48e7aa5f5b42bbd1ae3851ad482c3d2042eecbffb63705d36aae2ee7c7110421e4cedb3ea6857b47e5d289b280286bc34c85bfc9677501fae389c14eb4d15f08359562da54cb3a8518b3d1308eeb2f678967098ea21a3d128e5bb623e3409a8acce6346208a386f3e4f2ddd4dc6234b373d9da0fd39ca0badf742767fc8708569352eb46d5ca588037fa8522e61c83209ac943685b262d8ef3d7fd4dd7dd14377494c0b542e23c4c95151c8e1395984ad2b6df2397e098f8415be65088651426abb5cd587c253a13054ee16e8dfd0f23f0a889db7529269e807cec75f7386a5844b789183341c705fcd2b96cf80ce14a4f6422948a6c8d3d8e9d455e2d6b8b87f4696993cbc010ce10614f1dff96dc18f865b26660d27229defa822953bf392c3d920a50eb2473aa94fbced152660d57159b33f2272fe6e7e1ce6e6ba1f948b59c277f185d9a686ac0445e15e20b46c8e0ea4656d715df96425b7d4b36cb856e7c7ba3aaf620c9d10d5d96370e463d2555e0085ba94d8ffd2973e6be31d7934e771b9b82d0066011da58f147744e747a240de1978a8eca86cfa845d8eca0aa9cabdc8668c43f9862c7ee85353d289d81d744877e22d67613673905e78cfaacde5f6e43ffcd6e7d9b9d15aea0dd922977ae87b0cb51a89ef15350309b43eb5c8e79e446d9ba2bb06d74fa6aed2431a5379da9776221130c87ac36b72bc1fc03f14c78cdb8a16f2d840b2bad04bf4655a2ab3c1ef4458e401fa817704b5a88e4bb8b15cf16383b9a7e2a64de19928b16e5f7f25be0ad126c3833ace7f36f3c3d9a6836d1a4710b4995ec0c9f10001f7dfc6410b29e9d031f1d3b4b34e9b4dc3a8fb08b49a29892e68dce9309c67874ecc75d477b59e2fbf4347f3c445e49126822f4301eaee1259475cfb22566e69d9ae0d436e402f8d100439a9ca6a518d457a91087e83663c413e339a0d8d4c31c083303b46b2982015227bd7e126976d7b26a670ba78f21a8c95b05450ee149c0ae1fb7397d179c6e295d0fc57dab28e5e9bdc99acd8596a928d6ebd97316b8c60cf657bc4ca1ffe8b9a445724842cb38681acc5d5eba455d5fa19cc8c5cac15a46d6a72c9b64983a686edff27b3669d46c005879949b1980a1456e8a85fe4969acd56415f144405ed99afb16d9d652fce35b9c800b8e217517690bed18e00051868dfe8acb5b10ff49d733316bcc7b8ba77265cda37e5faed1307f8a69338090f532f463f1a9740bbcc58851bc5c85b1a129596898667e55a6882f4d0d97c456697dbe282345dec80d76443e1ec7602f523607534f429d603bc087f9b189b15e9c389456ddc04b425a553fb7ec0fa0488b85afa75f624a4cd25f8454b620b0b4fd084a6f6750dcb0a6f3ceeb033fb9dd0f253a53bc4e1dfc7f03b5000cf1fa9c5f0ecbab3257146030f77f30b160b76262b8d3de2510e0984b8192caa7856a69b93f5f53db8190bb70c7daa2b052c56d38a644eb2c69d316d505848d9258c8934b1b870844e543b771f4969e25c8e9a5f825b9aaeeac6ff1cc4e956504fd07f834800413e22da22dfdc4a0c218dadd0442d305cb436dca3d835402e0362b12d02e52ae84c2e80c9fcd7a47efd6c4bc654c8148c47a2ae50f89e729676b4ee79c96991cb4484679eb8eda3517407dd402f0d1b48fcc9551275df982e34e1ee7dd2bb646b9f2ed45bc7e770cbce36566eced4dc3ddf8665232d029e9487d64848c10e8cd2b01415d3e80519cc9b2ff3218d6f239691e4800", 0x1000}}, 0x1006) (async) syz_open_dev$tty20(0xc, 0x4, 0x0) (async) ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000940)={0x0, 0x0, 0x0, 0xe, 0x0, "00120dd608f500001e2a000080c90a008000"}) 1m14.743978008s ago: executing program 33 (id=2279): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) syz_open_dev$usbfs(&(0x7f0000000140), 0xd, 0x3501) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x228100) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) (async) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r2], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f}) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async) read$FUSE(r3, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = dup(r4) (async) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}, 0x8) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) (async) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) (async) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$UHID_INPUT(r7, &(0x7f0000001080)={0xd, {"f1f353f0c833097c27a892e9d357cff5f8dbe89627fac0c7baa3d2367d656bce7be2201f63550726fae46c98bb9d1015f4f6c630ca5fe559381741086cf09a276956cdc7e94dadd91d11e3b0870e56a7d3809b2f9b396da9527a975ed11798f36566468a95b4b5bee90b1dc6b83f9488e226e57be4eb015b2d2c87b4a9488e1f205eab5b424225cb6cb4a89a4f644fa5a17a96b6f1b989cee896f36037d03e5533f69dfd83cda70ce02910faf8777c0a2b88df10f0385e1bc828ff019eb5a450b1e05c738079972dfc58810132a59804b823355107214232b12efc8b93d69b777eb1e6db53d9f00a72d4634edf1a514fe9840f22c9af52a3273844507f4614bf298a072f1b0292c5461596f7daaab6e60ce35b40d84f5abf83b710420cfb9332c80c9205bace3d3f81bfeec61ae2537dbb854da4131e11a12f2939c46c119fcb9695c453380c41f08b77f4e3f56f4ceb9f12d12ff852642075ad082dbc7b6e0c4201b7f5b35846e7baf3ea591daa5e175b45f2fc93dfba95837f20dd701f829811f82ef2f71447df0390048fdded6e05838edb9fad4158751321d6452a67b6f11e87aaee34a5082fe86d2fe67b5ab0ba8b9a1023316dee0db52aac7c5eaeca00fcb7df6d82b1ee05e5f17729546e25fa6882f167137c761bf4179669859e027874d20c7584d4d4db23cebc32344ea2d4305215f0e13fa3cda44c00f200f1a95bf51288722b8ee15349fd12345f70f8502f54fb659da95677679697f30ebe4b1e0ff19b9873d6de900a89f11835afe90c42df20b80dd1cb1764482d3c2bc5151abb6c6027673f3d0e6f09a6704c6754ed50886f8726329b331a40955cacc11c3ddef202996302ce8cc90896dc848c7066e82a98def0741f008a8d2a68be8979daf97c645552aa06b57aef18db7a8135768fd829f852dc6e7ff64599717f7715d75c5056c4ec5b1b75c5f6d25d53810f8a72d5b79a21ef4e5aa97fcc00fd134e1520d225a6d8e72cd819d3f064bcf336ac26e133c359830d1b326ca62071e38d465913de34a93947e3d09db2e5ced544a3f30b89fd2e0ea3bc71172ff30273a3d5cbcd4f98bd884b83f7b447f9697cfcd4e4d52379aa8aaaa97b48feb0ea03c1a9318cc87bde35d753cfe997ca98a7c203424443a3b9b6098fbf061584eed12668be29bb7491fedb3debc8970c577c14ff9ecb8e2ad6b9e36447b35925b761267e7858b78a89b9f8e248b138700763a729213a32dae8bdc25243d94aa3d717be39737a3053ad2eb4a0c07953444a1206355f46207774634c35deb3b484ec1a4ccc0b532b620593ccfaf6ea298fe0cb62b4e92d80cd248fd9c18d518c29cb6af367d7094e93d9e9ab5c2aa95a12ceb885927cb05739b060843e8b47a454d42ad8a06211ac37fc830edfe811d434b38b7602af5a05a6e2dc4c85c6622b9df9bda2363e8b2aa0fdaa4eb32d2f70dcf08106ac9601ada331a6a7337df98cc342a52a998f8f9bf372531f10fd292c22f3dcf85551cc6a66531c699a1f37d64eb9c7788e912c5e7b3949d291a557bad3199db335cc7f8aecbb97fe00d80a12273dbab8b70c2c6159e8b8f7ffffffd273bd5534e0306078e0a4472f5282b71abdd2a6b1c74dccdc34f28053c024011994323d24784518e9edb57f09602cc1a1c06d88b7b171bb3f852401eb41089c547bdb5195a0c7e73a8c47d650fd0941a7ecc6e351e5dd4499baa9a81b4a28757b2408bbdf1267629778fc977224362326bf6820628b47f6a070152be1b9b41b20ce4d26064720585746a87bfb24b744612af89fe691777451d804355d5b103838e2381aadf191e70bf6a0fabe9cc84e029582c9683384afd49e08ed99dee0a3dabf879c2938b4c2fc4213e337ac56563d0a579c153f3821691d4b21f2ae3e1343604ce8d61b4b02438e6e3bbc766671250a6cd626ffb9c333d2e52414fad4bcdf36a0e84463618875600ad3bc5859e2e29bef9b8b0c3400490fab3deef256c4fb5d608c5cba570cd2f2b8e1517928e22bd508c43cffb630e080fa0cfb1d5fcb8d2fea44419a15b96f99aadb6212bf80f50b05650b8d82109973fd4e39f8272a7bdac7afa01338201ee45d80c0da849cf0ab77b5ea93b327dbebbc46aa795a966a4737dc84afc126aa54f501462e86c06f4b3052bad341174380d689475ee1790ff162239b427567ddf7ebac9c62034d2b8285fbe07be4e04c57e8462361d04e075be4e3dce985ff8c2c252685f8afe95f3d8b4961faf8c621c31fbd2a8af095ce9fc49a3ec84cf998a7b81069b03c1eef1f14a676a34039bcefeaa6d64d168b7282bc00676765788d5891f4617f22dbcb81d4f2fd7be7b42ae3b9818505d577e7f0dcd89f669d2c15d70e292c13b525d81beee6b6870c3c8a72f7d1e3b64472bbf9087f411d9b18f80cd42872f2caeaa3fc4ec777135752418b136892f4b2603a463bedfbf13dba2ca1bcaf41e74e807877eedf15551164b041e4dc9d3022e99c2e2fac9d15906ac6a7d63bfb57d8cfee8df66a00abce56e1424ecbda3b4a9dc5f381bb7ba38b57268750a0808d39c5cbf5cea7bc55ec1e8328206028c16abf2c3eeae79359777c53718d0c6ce3c9f1b093a3db834cfeb1e146e140465345d6f0a75de4a1a8a374c2467a641f5583907c5f1639eb16cc8156f4b7e1484be957cbe1b1fcb26d443bf759b738a86ccfdff4a6076cd5056f52126b3935cf2107be04033696ef408fcbebd73a10bf8f5d728d2729fd41bcb1bf1ec315216c8c5f9dfbf366f12945f648f901d968f6ee231b98bab2ccb31303c02cf32e065dd73cd81e2b0e99e5f64b2de44eeb477a3b370b9c7aa81ef780aa9f48dadd32cefab2070df2b52a6ac7077338e7269ce5608d1d109d66e307a2c82b411c1089a3afd99a56aab8f301cfc0e541afa853769154efa1d9901fae7b1b5a54e865de2eefc5a0b26dde5eacbc51d43920a9c0f212c27e16be26cccb2477b31aa5756054c985d84200f710cca0b091849890c4e87428217e2cbc211e1bd701cf9381de83b17b617daa7941a054534c9915d951dc9278974d9092e09fdb9978bad73ad989e3565b05fc7f3791be2d7e0b67fb904d9890e71152c168c58eb54a66d7d37fd2a9aa4ebd109adc946a7eb337e3a7afb50c7a959e55bb1933188c9019bee743102a845d3503f95b53248c480fc81b6afc21a5cc3fc81f19a2d438b152b648239460c420f5cb198582be439865acfb4e7e4ce5f4e12e1b267d293609a93a0c79949315e5195f511bc231ec9735cc5c94c473467cf6e341718392a9cd7a4dcff06369dbcc5f54be4345d70563aec33a4aec74bdd64fd86d902752e9dc65fd07c77b508309336cca5574542e234346dba7ddfa2e4a8c12806418b378a5b40dc19fa910c69a8850854007677f01d299a2c916be0cc554c3386febf013a10120ed0bbe636a6b6adeb40c30540ce7426078d7117354fc0e5974ee40345cc8f70970b4ba1e40a18b288bac7e920f0c3e1ec91ccabc01762f6e0d4c49d8a5760cee1c501b85ec6e3ca5c1911fa26b9ffb52f3b66417e889616b99e89be2ef781f49d8dafa599433f369c561d55494577468d8b5b0f3fdc0135cbd43ca79063d9a3e15f23ca1677eaf94fbcf3a81ea62fc8bca1422274644ec77368ef3e05cfa311ac3a8c1a8c132c3701f797c1f0d51ec72ce7a8fab44b9ff2e4e714b52caba8d198a42bd255be3723439faad37f050c06c9fcff2bd6d9393d61ba3efcafee71645159b8c1faad79d02a4d453b98d09c46288dcfafdf82c79b6404be1b9d45d5f7f56f39d50deb58647d5faee01ae3a6dcd4465bfd908e0cbbfa73ae5725503f70f022868950ce5c0f6cd9c10bf6019e9162447b58ab2c27f0eda060efc3c894ddf731d6964d1dac70c0085e397683757abcab5c9d55d2747c58817ec259eead68c112135707ee419ae042ad0a2947e84b4ae748b1f85a585b4d18bef8a9efa2e48e7aa5f5b42bbd1ae3851ad482c3d2042eecbffb63705d36aae2ee7c7110421e4cedb3ea6857b47e5d289b280286bc34c85bfc9677501fae389c14eb4d15f08359562da54cb3a8518b3d1308eeb2f678967098ea21a3d128e5bb623e3409a8acce6346208a386f3e4f2ddd4dc6234b373d9da0fd39ca0badf742767fc8708569352eb46d5ca588037fa8522e61c83209ac943685b262d8ef3d7fd4dd7dd14377494c0b542e23c4c95151c8e1395984ad2b6df2397e098f8415be65088651426abb5cd587c253a13054ee16e8dfd0f23f0a889db7529269e807cec75f7386a5844b789183341c705fcd2b96cf80ce14a4f6422948a6c8d3d8e9d455e2d6b8b87f4696993cbc010ce10614f1dff96dc18f865b26660d27229defa822953bf392c3d920a50eb2473aa94fbced152660d57159b33f2272fe6e7e1ce6e6ba1f948b59c277f185d9a686ac0445e15e20b46c8e0ea4656d715df96425b7d4b36cb856e7c7ba3aaf620c9d10d5d96370e463d2555e0085ba94d8ffd2973e6be31d7934e771b9b82d0066011da58f147744e747a240de1978a8eca86cfa845d8eca0aa9cabdc8668c43f9862c7ee85353d289d81d744877e22d67613673905e78cfaacde5f6e43ffcd6e7d9b9d15aea0dd922977ae87b0cb51a89ef15350309b43eb5c8e79e446d9ba2bb06d74fa6aed2431a5379da9776221130c87ac36b72bc1fc03f14c78cdb8a16f2d840b2bad04bf4655a2ab3c1ef4458e401fa817704b5a88e4bb8b15cf16383b9a7e2a64de19928b16e5f7f25be0ad126c3833ace7f36f3c3d9a6836d1a4710b4995ec0c9f10001f7dfc6410b29e9d031f1d3b4b34e9b4dc3a8fb08b49a29892e68dce9309c67874ecc75d477b59e2fbf4347f3c445e49126822f4301eaee1259475cfb22566e69d9ae0d436e402f8d100439a9ca6a518d457a91087e83663c413e339a0d8d4c31c083303b46b2982015227bd7e126976d7b26a670ba78f21a8c95b05450ee149c0ae1fb7397d179c6e295d0fc57dab28e5e9bdc99acd8596a928d6ebd97316b8c60cf657bc4ca1ffe8b9a445724842cb38681acc5d5eba455d5fa19cc8c5cac15a46d6a72c9b64983a686edff27b3669d46c005879949b1980a1456e8a85fe4969acd56415f144405ed99afb16d9d652fce35b9c800b8e217517690bed18e00051868dfe8acb5b10ff49d733316bcc7b8ba77265cda37e5faed1307f8a69338090f532f463f1a9740bbcc58851bc5c85b1a129596898667e55a6882f4d0d97c456697dbe282345dec80d76443e1ec7602f523607534f429d603bc087f9b189b15e9c389456ddc04b425a553fb7ec0fa0488b85afa75f624a4cd25f8454b620b0b4fd084a6f6750dcb0a6f3ceeb033fb9dd0f253a53bc4e1dfc7f03b5000cf1fa9c5f0ecbab3257146030f77f30b160b76262b8d3de2510e0984b8192caa7856a69b93f5f53db8190bb70c7daa2b052c56d38a644eb2c69d316d505848d9258c8934b1b870844e543b771f4969e25c8e9a5f825b9aaeeac6ff1cc4e956504fd07f834800413e22da22dfdc4a0c218dadd0442d305cb436dca3d835402e0362b12d02e52ae84c2e80c9fcd7a47efd6c4bc654c8148c47a2ae50f89e729676b4ee79c96991cb4484679eb8eda3517407dd402f0d1b48fcc9551275df982e34e1ee7dd2bb646b9f2ed45bc7e770cbce36566eced4dc3ddf8665232d029e9487d64848c10e8cd2b01415d3e80519cc9b2ff3218d6f239691e4800", 0x1000}}, 0x1006) (async) syz_open_dev$tty20(0xc, 0x4, 0x0) (async) ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000940)={0x0, 0x0, 0x0, 0xe, 0x0, "00120dd608f500001e2a000080c90a008000"}) 8.959718832s ago: executing program 0 (id=2777): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x60}, 0x1, 0x7}, 0x0) 8.757825395s ago: executing program 0 (id=2779): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) 8.552161651s ago: executing program 0 (id=2784): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000b, 0xc3072, 0xffffffffffffffff, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000030c0), 0x89d01, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, 0x0, &(0x7f0000000300)=0x60) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) close(0x3) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x440440, 0x0) ppoll(&(0x7f0000000240)=[{r0, 0xd4}, {0xffffffffffffffff, 0x4140}], 0x2, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) lseek(0xffffffffffffffff, 0x2000000000004, 0x1) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x7d, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000180), 0x2, 0x2) ioctl$BLKCRYPTOPREPAREKEY(r0, 0xc040128b, &(0x7f0000000040)={&(0x7f0000000440)="0fdd3c10d47481568f3c3c8a707f1af04f7b342f81", 0x15, &(0x7f00000003c0)=""/87, 0x57}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r4, &(0x7f0000005140)={0x2020}, 0x2020) write$FUSE_DIRENT(r4, &(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=r2, @ANYBLOB="07000000ff9db29082df47ddb1df4237f293fc36490f9d7052"], 0x58) timer_create(0x3, &(0x7f0000000940)={0x0, 0x37, 0x4, @thr={&(0x7f00000001c0)="f4cb070d49e8b41719d371ad744a1fdc1ef5f15e79999ae87e0f02370451bdb77ec8cdf2c91966569b50c065eed48f6d41994ed49e934c2edb0de0824e642e", &(0x7f0000000280)="5d350f68e2936069a8205462ae2ba77cda5817cbd131a952c1c4c737be23f6b52fbdab57b2fc2d18ee0c84d177ef948c04f735459904abb813ff5be96280bb0a4ffa8cf3fc87d2c27b4c76843fcd3d5d77d4b80e8d599d3a6589561b5d78cf0af4bf4d7454088f1011d90df70b8232cc9a9c0db8631459c1efa8129b"}}, &(0x7f0000000980)) bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x80010, 0xffffffffffffffff, 0xa2bf000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 8.112151311s ago: executing program 0 (id=2788): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203fe020c00000000000000000000000300060000000000020000000000000000000000000000000200010000000000"], 0x60}, 0x1, 0x7}, 0x0) 7.81155411s ago: executing program 0 (id=2792): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$nl_generic(r0, 0x0, 0x0) 7.588224758s ago: executing program 0 (id=2794): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = gettid() timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) read$dsp(0xffffffffffffffff, &(0x7f00000000c0)=""/108, 0x6c) 5.013675918s ago: executing program 4 (id=2805): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 4.765694134s ago: executing program 4 (id=2807): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000b, 0xc3072, 0xffffffffffffffff, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000030c0), 0x89d01, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, 0x0, &(0x7f0000000300)=0x60) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) close(0x3) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x440440, 0x0) ppoll(&(0x7f0000000240)=[{r0, 0xd4}, {0xffffffffffffffff, 0x4140}], 0x2, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) lseek(0xffffffffffffffff, 0x2000000000004, 0x1) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x7d, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000180), 0x2, 0x2) ioctl$BLKCRYPTOPREPAREKEY(r0, 0xc040128b, &(0x7f0000000040)={&(0x7f0000000440)="0fdd3c10d47481568f3c3c8a707f1af04f7b342f81", 0x15, &(0x7f00000003c0)=""/87, 0x57}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r4, &(0x7f0000005140)={0x2020}, 0x2020) write$FUSE_DIRENT(r4, &(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=r2, @ANYBLOB="07000000ff9db29082df47ddb1df4237f293fc36490f9d7052"], 0x58) timer_create(0x3, &(0x7f0000000940)={0x0, 0x37, 0x4, @thr={&(0x7f00000001c0)="f4cb070d49e8b41719d371ad744a1fdc1ef5f15e79999ae87e0f02370451bdb77ec8cdf2c91966569b50c065eed48f6d41994ed49e934c2edb0de0824e642e", &(0x7f0000000280)="5d350f68e2936069a8205462ae2ba77cda5817cbd131a952c1c4c737be23f6b52fbdab57b2fc2d18ee0c84d177ef948c04f735459904abb813ff5be96280bb0a4ffa8cf3fc87d2c27b4c76843fcd3d5d77d4b80e8d599d3a6589561b5d78cf0af4bf4d7454088f1011d90df70b8232cc9a9c0db8631459c1efa8129b"}}, &(0x7f0000000980)) bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x6) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 4.339429649s ago: executing program 4 (id=2813): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) 3.870555397s ago: executing program 4 (id=2816): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203fe020c00000000000000000000000300060000000000020000000000000000000000000000000200010000000000000009107fffffff030005003c00000002000000ac1414aa"], 0x60}, 0x1, 0x7}, 0x0) 3.722345439s ago: executing program 4 (id=2818): syz_usb_connect(0x0, 0xa2a, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x94, 0xee, 0xee, 0x20, 0x2040, 0x7300, 0xf972, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa18, 0x3, 0x0, 0x3, 0x10, 0x0, [{{0x9, 0x4, 0x10, 0xe, 0xb, 0xe5, 0x67, 0x72, 0x5, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "27c5"}, {0x5, 0x24, 0x0, 0x65}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x8585, 0x354, 0x7}, {0x6, 0x24, 0x1a, 0xf}, [@network_terminal={0x7, 0x24, 0xa, 0xdd, 0xf, 0x5, 0x6}, @country_functional={0xe, 0x24, 0x7, 0xb, 0x0, [0xc, 0xd73, 0xfffe, 0x1a]}, @obex={0x5, 0x24, 0x15, 0x9076}]}, @hid_hid={0x9, 0x21, 0x3, 0x3, 0x1, {0x22, 0x57d}}], [{{0x9, 0x5, 0xd, 0xc, 0x8, 0x2, 0xdc, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x27, 0x100}]}}, {{0x9, 0x5, 0x5, 0x8, 0x10, 0x4, 0x8, 0xc9}}, {{0x9, 0x5, 0xa, 0x2, 0x3ff, 0x6, 0x0, 0x6}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x32, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xb2, 0x8026}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x101}]}}, {{0x9, 0x5, 0x4, 0x8, 0x1ff, 0x4f, 0x9, 0x94}}, {{0x9, 0x5, 0x4, 0x0, 0x8, 0x65, 0x6, 0xff}}, {{0x9, 0x5, 0x7, 0x1, 0x40, 0x7, 0xf9, 0x4, [@generic={0x12, 0x4a, "d726f7d08633fca401c66f671c7c862e"}, @generic={0xeb, 0x30, "465a0dc012fcd4da704228d58032f835d787e28bb5cc0cc78abc33247dfea560ad6e94b00b9ace5cee2d8c74f6fa81a0e9bd50c33592a98e8923a555a116fddeb8bff42d689dbc53cefe6fcb9e5379c6be6ce16c958ea8f6f827b90d8af8ef607bd597e28a01cb6ac5b5ffd36882eb770db22cc610473cc111208935778d67f35c6f752e2a40a41f750ca1390c49721617ea219392657218735cd9735a6fcb88b460a83fe615e68f6969934ae1b78fde6fb1457c2f7327caff2aefc574a36796ddeb76b5c06d8d9581f469341214a7146c6a22419a0cf7c5dda41adfe9735c092aa7a6b55f91e877ff"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x4, 0x2, 0x9, [@generic={0xd1, 0x30, "4d8c2e519c852276daf82b1690f27c6e40899a9f79eefd507567f92851d7541e21b1f42e741e1af935546c3b795de891cf2a11306db38904ede3487553ae8ddca8525ce6ad76fa5ce9ab79fd29e0e0155a2dcbce13aa19304d1536054d749f5952d1659a7c7eda49d0224a94be2fedf0e7c17d4e9bf97c9fd0f85cfe9b5f29b4912a8199296bbdb8d117c2ccae4e1ec895a61baf18c0b275a3111db76af348d1c00cebeb525096db37acf6a653f05ded004a79d7d03dfb380a62dadc14ae571476f366287be6e0b82b5349555a7738"}, @generic={0x57, 0x2, "95e39c5d93197074fccda36425244c7ce331e38acc0b24520177836a9c1a51d109ac71df5af559d1c308bda95d65d7dcbe7a1c0cd206e37f154c5c44f34227e240c3c3c36e3a558a460d937e07e96a39f959803d6a"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x20, 0x5, 0xf, 0x4, [@generic={0x7c, 0x22, "1cfca84dd7992308ebda5fc403eb31fbbc03e142ccd831d27ecfcf0afb2aed6ef9dcbd19f0ac5c7a64ddbbffef84b6cc62068a068c2582ce0a33417f78e12ab2e539b57e1f7d4c8d9333f99575d72c93e138a0c5ae621a01df4b04db4bce262dbec2adc21018a55dc069cc654fddf028fe1aa9169d26cee14aed"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x200, 0x0, 0xc7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0x1}]}}, {{0x9, 0x5, 0xf, 0x0, 0x20, 0x4, 0xd9, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xe9, 0x101}]}}]}}, {{0x9, 0x4, 0x85, 0xf1, 0xf, 0x68, 0x72, 0x26, 0x0, [@generic={0xfe, 0x3, "31a7059003271186fc9d775517e8e2f24c00e37a8e69f16bab0048123840530864928579d8b2013ba662b52b331a20f6538472fd4329162422c366173776d83d2ca4760e28b27889a3b0aa7bddb41a012a216619eff6733e145e5e36de5fff92a7ba5f010d3f8e087aa9183eed3a4dbc6cd244e581592617f75008566bf1fe088c1e3eb8685ecb7cc1205a184576c6da5f0ccc87aa39d990276da921423c93981980b2ca3ca992b5270ce3a25f4604bbb6da16dba5b87c23b1c6ab89357a517c8f2a409db8b06474c7cca80dff598db1bb34fea6cbbe56f00c23d0dad0c2773b681c8899b75efb71c896a154cfedfe897c255f87ca393d0ddfcae30a"}], [{{0x9, 0x5, 0x5144d242572bfdaf, 0x10, 0x10, 0xf8, 0x7, 0x6, [@generic={0xe6, 0x4, "b0c71def4c954d7080f85d8c067b673648285548e713088b82b4f633331c845af0ad04af677971095fbdfabbf488fbb89f810184e3972c70f4ad10791f77b38fb653134ae7e4c77b5a1006ac0e7783087e81192405f87089c47d8b5b0ac66b203a3ca14fe1ac469411d30d2146184e786c6ada3da8ed1498dfc7aa61a56af895e4924e4bff8c638c7660222841bf89212b4c79474013d6269760aca950c261069b01def12773dea9e273746d994e1faf3df8f6a5ec96a08c72e176bfab25286ffba9b6ccc2a314acd762b7be4fa04651d284407179f8e3f637b38bf510b9e4ccb46b78c7"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x9, 0x5}]}}, {{0x9, 0x5, 0xc, 0x298a418142232f74, 0x400, 0x2, 0xf4, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x27, 0x4}]}}, {{0x9, 0x5, 0xc, 0x12, 0x7f7, 0x5, 0xf7, 0x0, [@generic={0x89, 0xe, "e579f7d0695777ea44981f567a1ce37902ef2176b84889428715c06c22b74aac3e4273ca78ead5970188405230dc8b4e8786ce1b51cfb09e9ae39e7fced8dfe7604b4d8bd6f9eac9e05f9757acce7bb15f04b71361accdfabb3672ff877bc73160059c333b1a8184f9fae3385fd1844f7c1b0bae0b031b55ea3b15759aa6cb471e80e937641d6d"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x9}]}}, {{0x9, 0x5, 0x9, 0x1, 0x400, 0x1, 0x9b, 0x7f, [@generic={0x66, 0xa, "2aae528dd4cfaf3217136cbf2cc97e8f958fc3ed5e3443a4ad819a4c590a788afdfe2dd6682e698cb6a421c11ac7ad891b360149d06bda3029bb5598c810f04ce106df93b6cbe2addddbf985ac6ca95da15eea0030265232dfcc93d7f5fc1e675c9a1c92"}, @uac_iso={0x7, 0x25, 0x1, 0x1}]}}, {{0x9, 0x5, 0xe, 0x10, 0x200, 0xe, 0xa, 0x5, [@generic={0xb2, 0x27, "4c194ff328562e9f262e08e41aca1331ed6929aa9c3daac5b8830463ac4bcb8f90f231456cb0c4a5ad9d1b109b85bc6e925f9319d791dbe53107ff0db6433047f3c76efdb0c7235d2d0c098ffc4476d49cc45eeb492cf8f8ecae28a0c25ecb94052303348175c896db8361154b4820683d61a94f977b1d316a418e09ea6df50dab9848a7033ccdb19017f3f8c43769e520d87f4037a90eec487a23929c1d8f9aa63c557a01be8cc7001eff913c6f6661"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x7e, 0x9}]}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x6, 0x8, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x84, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x9a, 0xff80}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x10, 0xba, 0x1}}, {{0x9, 0x5, 0xa, 0x1, 0x40, 0xb, 0xf5, 0x2c}}, {{0x9, 0x5, 0xd, 0x0, 0x20, 0xa, 0xff, 0x7f}}, {{0x9, 0x5, 0x3, 0x10, 0x400, 0x2, 0x6, 0x5}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x9, 0x41, 0x3, [@generic={0x8a, 0x23, "42ebb62bd0a7a30b3f4d87e02c5c61fecfea379a14b3efd0b30e11356843d73ad17eb7bc7ec790a836a8a03b034f6392caaf250c224227207409641f25862683908d465fa24ab641e945f9d5ebc49fc204d4208def64ee69da270656f47a5aca7b0dc4e6bd92bf0d228c467318380744244a0fec45c40d2e37f07fcddd0cafb6c78ac35a2b5f93dd"}]}}, {{0x9, 0x5, 0x3, 0x8, 0x10, 0x5, 0x4, 0x4d, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x81}, @generic={0xec, 0x4, "11ae4f6a5e92e59a7a9bb51792de77e088ba45f0a06bd9d1f99bb7137c0da1c661b98d9d01f9ffe58e9d5797c88f0d7f48b61fc58dbde45e3318622e1271bd54b366c618aacddef41f092074dae124edb77ba0b64b30f4aad78cb5151dbbb0be7749180aa0d7765c3e682f2c42a0a9d2e1243f74c567161038ab737651cb1b435b5702190a2cfac168581d1851689faab91fae1ce106df9f3143a7d2c0d609c330fe733a81efeb494d48f97cde6e02825bf2a2fbc88a07942409af0efb8b51f93edf336e233cfd0aad05a171e43246d68e730bf60cc89cddffa6163570e1b13333b011c023aa0458fae5"}]}}, {{0x9, 0x5, 0xb, 0x2, 0x228, 0x80, 0x2, 0xff}}, {{0x9, 0x5, 0x8b, 0x10, 0x200, 0xb6, 0x5b, 0xe1}}, {{0x9, 0x5, 0x1, 0x3, 0x3ff, 0x0, 0x4a, 0x1}}]}}, {{0x9, 0x4, 0xbd, 0xca, 0x4, 0xf9, 0x4a, 0xdb, 0x5b, [], [{{0x9, 0x5, 0x9, 0x4, 0x3ff, 0x4, 0xf, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x81, 0x2}, @generic={0x6e, 0x24, "350e4f35debcfc5c5a2fe422463d53daaa5e7a901ab0cbcdaaeb124beee3c4ee043f9066641e7fb76ac1976a58c9671cba6b99577fdec6459fec203480733707d09faf88986e3321ece269fce493807311a28d59c9dbb76315e6f7ede8fc3504024865ae4ae158d8f68b2e4a"}]}}, {{0x9, 0x5, 0x84, 0x0, 0x10, 0x8, 0x81, 0x7, [@generic={0x1c, 0xe, "648dc212e1b249dcbe60ebf70e900fb9afff2974f1fd78b51879"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x40, 0x9, 0x8, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x8, 0x4}]}}, {{0x9, 0x5, 0x3, 0x10, 0x3ff, 0xc, 0x0, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xe, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x40, 0x9, 0xb}]}}]}}]}}]}}, 0x0) 1.892644068s ago: executing program 2 (id=2832): sysfs$1(0x1, 0x0) 1.872946974s ago: executing program 5 (id=2833): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000b, 0xc3072, 0xffffffffffffffff, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000030c0), 0x89d01, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, 0x0, &(0x7f0000000300)=0x60) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) close(0x3) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x440440, 0x0) ppoll(&(0x7f0000000240)=[{r0, 0xd4}, {0xffffffffffffffff, 0x4140}], 0x2, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) lseek(0xffffffffffffffff, 0x2000000000004, 0x1) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x7d, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000180), 0x2, 0x2) ioctl$BLKCRYPTOPREPAREKEY(r0, 0xc040128b, &(0x7f0000000040)={&(0x7f0000000440)="0fdd3c10d47481568f3c3c8a707f1af04f7b342f81", 0x15, &(0x7f00000003c0)=""/87, 0x57}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r4, &(0x7f0000005140)={0x2020}, 0x2020) write$FUSE_DIRENT(r4, &(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=r2, @ANYBLOB="07000000ff9db29082df47ddb1df4237f293fc36490f9d7052"], 0x58) timer_create(0x3, &(0x7f0000000940)={0x0, 0x37, 0x4, @thr={&(0x7f00000001c0)="f4cb070d49e8b41719d371ad744a1fdc1ef5f15e79999ae87e0f02370451bdb77ec8cdf2c91966569b50c065eed48f6d41994ed49e934c2edb0de0824e642e", &(0x7f0000000280)="5d350f68e2936069a8205462ae2ba77cda5817cbd131a952c1c4c737be23f6b52fbdab57b2fc2d18ee0c84d177ef948c04f735459904abb813ff5be96280bb0a4ffa8cf3fc87d2c27b4c76843fcd3d5d77d4b80e8d599d3a6589561b5d78cf0af4bf4d7454088f1011d90df70b8232cc9a9c0db8631459c1efa8129b"}}, &(0x7f0000000980)) bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 1.596461515s ago: executing program 2 (id=2834): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203fe020c00000000000000000000000300060000000000020000000000000000000000000000000200010000000000000009107fffffff030005003c00000002000000ac1414aa"], 0x60}, 0x1, 0x7}, 0x0) 1.462813569s ago: executing program 5 (id=2835): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 1.397734841s ago: executing program 2 (id=2836): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = gettid() timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$dsp(r1, &(0x7f00000000c0)=""/108, 0x6c) 1.286574941s ago: executing program 5 (id=2837): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) 1.247248508s ago: executing program 4 (id=2838): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xa2fe]}, &(0x7f0000000040), 0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x1, 0x2, 0x6, 0x80}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r2, 0x7, &(0x7f0000000000)={0x1, 0x2, 0x1b8, 0x2}) fcntl$lock(r2, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x1fd}) r3 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) faccessat2(0xffffffffffffff9c, 0x0, 0x0, 0x200) r4 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000040)) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0884113, &(0x7f0000000240)={0x1, 0xe5, 0x1, 0x100, 0x800, 0x8, 0x5, 0x200, 0x4, 0x200000000000002c, 0xfffffff9, 0x4}) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 1.060437079s ago: executing program 5 (id=2839): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, 0x0) r3 = getpgid(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000140)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x1c) sendmmsg$unix(r1, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000008c0)='\x00', 0x1}], 0x1}}], 0x1, 0x408b1) 881.311236ms ago: executing program 5 (id=2840): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1) writev(r1, &(0x7f0000000300), 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 627.546439ms ago: executing program 5 (id=2841): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000002a80)=[{&(0x7f0000000a00)="1b", 0x1}], 0x1) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98) splice(r0, 0x0, r4, 0x0, 0x80, 0x9) write(r2, 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) 549.252264ms ago: executing program 2 (id=2842): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000b, 0xc3072, 0xffffffffffffffff, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000030c0), 0x89d01, 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, 0x0, &(0x7f0000000300)=0x60) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) close(0x3) openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x440440, 0x0) ppoll(&(0x7f0000000240)=[{r0, 0xd4}, {0xffffffffffffffff, 0x4140}], 0x2, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) lseek(0xffffffffffffffff, 0x2000000000004, 0x1) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x7d, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000180), 0x2, 0x2) ioctl$BLKCRYPTOPREPAREKEY(r0, 0xc040128b, &(0x7f0000000040)={&(0x7f0000000440)="0fdd3c10d47481568f3c3c8a707f1af04f7b342f81", 0x15, &(0x7f00000003c0)=""/87, 0x57}) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r4, &(0x7f0000005140)={0x2020}, 0x2020) write$FUSE_DIRENT(r4, &(0x7f0000000380)=ANY=[@ANYBLOB='X\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=r2, @ANYBLOB="07000000ff9db29082df47ddb1df4237f293fc36490f9d7052"], 0x58) timer_create(0x3, &(0x7f0000000940)={0x0, 0x37, 0x4, @thr={&(0x7f00000001c0)="f4cb070d49e8b41719d371ad744a1fdc1ef5f15e79999ae87e0f02370451bdb77ec8cdf2c91966569b50c065eed48f6d41994ed49e934c2edb0de0824e642e", &(0x7f0000000280)="5d350f68e2936069a8205462ae2ba77cda5817cbd131a952c1c4c737be23f6b52fbdab57b2fc2d18ee0c84d177ef948c04f735459904abb813ff5be96280bb0a4ffa8cf3fc87d2c27b4c76843fcd3d5d77d4b80e8d599d3a6589561b5d78cf0af4bf4d7454088f1011d90df70b8232cc9a9c0db8631459c1efa8129b"}}, &(0x7f0000000980)) bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 198.683953ms ago: executing program 2 (id=2843): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203fe020c00000000000000000000000300060000000000020000000000000000000000000000000200010000000000000009107fffffff030005003c00000002000000ac1414aa000000000000000002000800"], 0x60}, 0x1, 0x7}, 0x0) 0s ago: executing program 2 (id=2844): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) kernel console output (not intermixed with test programs): t_fs_type+0x407/0x480 [ 454.146364][T13134] do_new_mount+0x10e/0xa40 [ 454.146402][T13134] __se_sys_mount+0x317/0x410 [ 454.146437][T13134] ? __pfx___se_sys_mount+0x10/0x10 [ 454.146472][T13134] ? do_syscall_64+0xbe/0x3b0 [ 454.146490][T13134] ? __x64_sys_mount+0x20/0xc0 [ 454.146522][T13134] do_syscall_64+0xfa/0x3b0 [ 454.146540][T13134] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.146569][T13134] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.146589][T13134] ? clear_bhb_loop+0x60/0xb0 [ 454.146612][T13134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.146631][T13134] RIP: 0033:0x7fef4598e929 [ 454.146649][T13134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.146667][T13134] RSP: 002b:00007fef4686c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 454.146688][T13134] RAX: ffffffffffffffda RBX: 00007fef45bb5fa0 RCX: 00007fef4598e929 [ 454.146703][T13134] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000200000000080 [ 454.146717][T13134] RBP: 00007fef4686c090 R08: 0000000000000000 R09: 0000000000000000 [ 454.146729][T13134] R10: 0000000002200000 R11: 0000000000000246 R12: 0000000000000002 [ 454.146741][T13134] R13: 0000000000000001 R14: 00007fef45bb5fa0 R15: 00007ffefa01c018 [ 454.146772][T13134] [ 454.374247][ C1] vkms_vblank_simulate: vblank timer overrun [ 454.465272][T13139] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 454.511481][ T92] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 454.532078][ T92] usb 5-1: device descriptor read/8, error -71 [ 454.641868][ T92] usb usb5-port1: unable to enumerate USB device [ 454.721481][ T5903] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 454.820123][T13146] kvm: kvm [13145]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1 [ 454.891464][ T5903] usb 6-1: Using ep0 maxpacket: 32 [ 454.899443][ T5903] usb 6-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 454.917827][ T5903] usb 6-1: config 1 interface 0 has no altsetting 0 [ 454.928211][ T5903] usb 6-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40 [ 454.942958][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.951189][ T5903] usb 6-1: Product: syz [ 454.958981][ T5903] usb 6-1: Manufacturer: syz [ 454.965523][ T5903] usb 6-1: SerialNumber: syz [ 454.993731][T13148] caif0 speed is unknown, defaulting to 1000 [ 455.812125][ T5903] usbhid 6-1:1.0: can't add hid device: -71 [ 455.819143][ T5903] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 455.845303][ T5903] usb 6-1: USB disconnect, device number 7 [ 455.903987][T13153] binder: BINDER_SET_CONTEXT_MGR already set [ 455.910052][T13153] binder: 13152:13153 ioctl 4018620d 200000000040 returned -16 [ 455.917997][T13153] binder: 13152:13153 ioctl c0306201 2000000003c0 returned -14 [ 455.954138][T13153] FAT-fs (rnullb0): bogus number of reserved sectors [ 455.960911][T13153] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 456.003962][T13154] FAT-fs (rnullb0): bogus number of reserved sectors [ 456.021858][T13154] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 456.167524][T13160] FAULT_INJECTION: forcing a failure. [ 456.167524][T13160] name failslab, interval 1, probability 0, space 0, times 0 [ 456.216201][T13160] CPU: 1 UID: 0 PID: 13160 Comm: syz.5.2428 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 456.216231][T13160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 456.216242][T13160] Call Trace: [ 456.216251][T13160] [ 456.216259][T13160] dump_stack_lvl+0x189/0x250 [ 456.216288][T13160] ? __pfx____ratelimit+0x10/0x10 [ 456.216317][T13160] ? __pfx_dump_stack_lvl+0x10/0x10 [ 456.216337][T13160] ? __pfx__printk+0x10/0x10 [ 456.216374][T13160] should_fail_ex+0x414/0x560 [ 456.216405][T13160] should_failslab+0xa8/0x100 [ 456.216433][T13160] kmem_cache_alloc_noprof+0x73/0x3c0 [ 456.216456][T13160] ? skb_clone+0x212/0x3a0 [ 456.216488][T13160] skb_clone+0x212/0x3a0 [ 456.216518][T13160] __netlink_deliver_tap+0x404/0x850 [ 456.216559][T13160] ? netlink_deliver_tap+0x2e/0x1b0 [ 456.216585][T13160] netlink_deliver_tap+0x19c/0x1b0 [ 456.216611][T13160] netlink_sendskb+0x68/0x140 [ 456.216636][T13160] netlink_rcv_skb+0x28c/0x470 [ 456.216661][T13160] ? __pfx_genl_rcv_msg+0x10/0x10 [ 456.216699][T13160] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 456.216741][T13160] ? down_read+0x1ad/0x2e0 [ 456.216766][T13160] genl_rcv+0x28/0x40 [ 456.216791][T13160] netlink_unicast+0x758/0x8d0 [ 456.216823][T13160] netlink_sendmsg+0x805/0xb30 [ 456.216858][T13160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 456.216886][T13160] ? aa_sock_msg_perm+0x94/0x160 [ 456.216910][T13160] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 456.216947][T13160] ? __pfx_netlink_sendmsg+0x10/0x10 [ 456.216972][T13160] __sock_sendmsg+0x219/0x270 [ 456.216996][T13160] ____sys_sendmsg+0x505/0x830 [ 456.217029][T13160] ? __pfx_____sys_sendmsg+0x10/0x10 [ 456.217062][T13160] ? import_iovec+0x74/0xa0 [ 456.217087][T13160] ___sys_sendmsg+0x21f/0x2a0 [ 456.217115][T13160] ? __pfx____sys_sendmsg+0x10/0x10 [ 456.217180][T13160] ? __fget_files+0x2a/0x420 [ 456.217207][T13160] ? __fget_files+0x3a0/0x420 [ 456.217247][T13160] __x64_sys_sendmsg+0x19b/0x260 [ 456.217278][T13160] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 456.217316][T13160] ? __pfx_ksys_write+0x10/0x10 [ 456.217340][T13160] ? rcu_is_watching+0x15/0xb0 [ 456.217368][T13160] ? do_syscall_64+0xbe/0x3b0 [ 456.217394][T13160] do_syscall_64+0xfa/0x3b0 [ 456.217410][T13160] ? lockdep_hardirqs_on+0x9c/0x150 [ 456.217438][T13160] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.217458][T13160] ? clear_bhb_loop+0x60/0xb0 [ 456.217482][T13160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.217501][T13160] RIP: 0033:0x7fef4598e929 [ 456.217521][T13160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.217537][T13160] RSP: 002b:00007fef4686c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 456.217560][T13160] RAX: ffffffffffffffda RBX: 00007fef45bb5fa0 RCX: 00007fef4598e929 [ 456.217575][T13160] RDX: 0000000000048810 RSI: 0000200000000140 RDI: 0000000000000003 [ 456.217588][T13160] RBP: 00007fef4686c090 R08: 0000000000000000 R09: 0000000000000000 [ 456.217601][T13160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 456.217614][T13160] R13: 0000000000000000 R14: 00007fef45bb5fa0 R15: 00007ffefa01c018 [ 456.217647][T13160] [ 456.530925][ C1] vkms_vblank_simulate: vblank timer overrun [ 456.881441][ T5882] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 456.964750][T13175] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2432'. [ 457.051603][ T5882] usb 5-1: Using ep0 maxpacket: 16 [ 457.060775][ T5882] usb 5-1: config 0 has an invalid interface number: 72 but max is 0 [ 457.083491][ T5882] usb 5-1: config 0 has no interface number 0 [ 457.089767][ T5882] usb 5-1: config 0 interface 72 has no altsetting 0 [ 457.099229][ T5882] usb 5-1: New USB device found, idVendor=0cf3, idProduct=0005, bcdDevice=cd.f3 [ 457.149873][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.182669][ T5882] usb 5-1: config 0 descriptor?? [ 457.204517][T13184] netlink: 'syz.0.2435': attribute type 1 has an invalid length. [ 457.257585][T13185] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2436'. [ 457.281545][T13185] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 457.442245][T13190] ptm ptm5: ldisc open failed (-12), clearing slot 5 [ 457.515298][T13193] FAULT_INJECTION: forcing a failure. [ 457.515298][T13193] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.541656][T13193] CPU: 0 UID: 0 PID: 13193 Comm: syz.5.2438 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 457.541687][T13193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 457.541699][T13193] Call Trace: [ 457.541708][T13193] [ 457.541717][T13193] dump_stack_lvl+0x189/0x250 [ 457.541746][T13193] ? __pfx____ratelimit+0x10/0x10 [ 457.541778][T13193] ? __pfx_dump_stack_lvl+0x10/0x10 [ 457.541801][T13193] ? __pfx__printk+0x10/0x10 [ 457.541837][T13193] should_fail_ex+0x414/0x560 [ 457.541867][T13193] _copy_to_user+0x31/0xb0 [ 457.541905][T13193] simple_read_from_buffer+0xe1/0x170 [ 457.541936][T13193] proc_fail_nth_read+0x1df/0x250 [ 457.541966][T13193] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 457.541988][T13193] ? rw_verify_area+0x258/0x650 [ 457.542011][T13193] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 457.542032][T13193] vfs_read+0x1fd/0x980 [ 457.542062][T13193] ? __pfx___mutex_lock+0x10/0x10 [ 457.542084][T13193] ? __pfx_vfs_read+0x10/0x10 [ 457.542111][T13193] ? __fget_files+0x2a/0x420 [ 457.542144][T13193] ? __fget_files+0x3a0/0x420 [ 457.542169][T13193] ? __fget_files+0x2a/0x420 [ 457.542207][T13193] ksys_read+0x145/0x250 [ 457.542236][T13193] ? __pfx_ksys_read+0x10/0x10 [ 457.542259][T13193] ? rcu_is_watching+0x15/0xb0 [ 457.542287][T13193] ? do_syscall_64+0xbe/0x3b0 [ 457.542312][T13193] do_syscall_64+0xfa/0x3b0 [ 457.542331][T13193] ? lockdep_hardirqs_on+0x9c/0x150 [ 457.542359][T13193] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.542380][T13193] ? clear_bhb_loop+0x60/0xb0 [ 457.542405][T13193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.542425][T13193] RIP: 0033:0x7fef4598d33c [ 457.542445][T13193] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 457.542463][T13193] RSP: 002b:00007fef4686c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 457.542484][T13193] RAX: ffffffffffffffda RBX: 00007fef45bb5fa0 RCX: 00007fef4598d33c [ 457.542499][T13193] RDX: 000000000000000f RSI: 00007fef4686c0a0 RDI: 0000000000000004 [ 457.542512][T13193] RBP: 00007fef4686c090 R08: 0000000000000000 R09: 0000000000000000 [ 457.542525][T13193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.542538][T13193] R13: 0000000000000000 R14: 00007fef45bb5fa0 R15: 00007ffefa01c018 [ 457.542571][T13193] [ 458.380363][ T5882] usb 5-1: string descriptor 0 read error: -71 [ 458.394565][ T5882] usb 5-1: Could not find all expected endpoints [ 458.447313][ T5882] usb 5-1: USB disconnect, device number 93 [ 458.576419][ T92] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 458.750958][ T92] usb 6-1: not running at top speed; connect to a high speed hub [ 458.762369][ T92] usb 6-1: config index 0 descriptor too short (expected 53361, got 36) [ 458.801608][ T92] usb 6-1: config 203 has too many interfaces: 147, using maximum allowed: 32 [ 458.810550][ T92] usb 6-1: config 203 has an invalid descriptor of length 234, skipping remainder of the config [ 458.867615][ T92] usb 6-1: config 203 has 0 interfaces, different from the descriptor's value: 147 [ 458.895126][ T92] usb 6-1: New USB device found, idVendor=0b0e, idProduct=ffff, bcdDevice= 0.40 [ 458.905679][ T92] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.921979][ T92] usb 6-1: Product: syz [ 458.931392][ T92] usb 6-1: Manufacturer: syz [ 458.936039][ T92] usb 6-1: SerialNumber: syz [ 458.954101][T13219] ieee802154 phy0 wpan0: encryption failed: -22 [ 459.225792][T13209] sp0: Synchronizing with TNC [ 459.255696][T13209] No source specified [ 459.270469][T13208] [U] è [ 459.366430][ T92] usb 6-1: USB disconnect, device number 8 [ 459.461593][ T5881] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 459.494870][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 459.511164][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 459.522808][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 459.534786][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 459.544391][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 459.567651][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 459.582958][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 459.590542][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 459.599244][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 459.608262][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 459.622652][ T5881] usb 5-1: Using ep0 maxpacket: 32 [ 459.668528][ T5881] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 459.697243][ T5881] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 459.727573][ T5881] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 459.745359][T13220] caif0 speed is unknown, defaulting to 1000 [ 459.758752][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.775818][ T5881] usb 5-1: Product: Ñ [ 459.790272][ T5881] usb 5-1: Manufacturer: ä¸á»ã®¯ê Šä½™ì¤³íŒ°ä®â¦¥äº’ᛢ⻇æ‹å¹·ã·™î¨€ì¯®è¾±ä¯šì¼¥á²¬ì¿®á¦îŸ—î·á¤§ë¶¡è†ç¬¥ã¹œè¹íŒ¹ë†‹ï˜˜ê‘١圤漼ïˆá”´é·’ꚶ톲⫥ꡅḟ깩൪ﳳꬄï¹äƒ…꒻ℬ뽠춠법ã±è“´é”¯î¸…Ò䲕詌∌⫎ä±Û–ážæ‘è¼è»ªâ´¢ã‘´éŒ™æ¥•ì…¥ì¹–귑ߴ旟䢬猒뙸皸￲䤒逴ۉç¿ØŠç‚±ê ¼â‹ºä˜žéž®î ¸î£¾ã®…襭8ꅈ孵瞴J [ 459.822464][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.872530][ T5881] usb 5-1: SerialNumber: 뵈䅔鞗쮥ꉹゃ늿ᴂ㜛ì“曩äŒâ©žä‡«î¦ç˜ˆá¶•á¤¾ï¿¹éŒœî«”âŸæ‰¡ì™é…“＀ᖽê°î±½à¸ªè”§ì¸²ë¯°èºäŠµã¡„慼쥤鑦騫룦丟ê¨è¡¿ã£‡ì¬½è‚¿à°«å«šë†‡èŽî…¸âŠè†¥ê˜¦ì—¶ì©«ë™‹ã±›í éƒ†á‚⤷ê‡ä¹é°¥ë•³á«¸é”櫠鷀⶿궾冄Π梯梵䧞쓔綠柳贄â–⾜峂莗﫾㎈䬯çŒî¦ªë¡ƒáƒ¬åŠ§æ¨©å˜³ëªŠà¥‹â¯²ë¢¯ìµ¸î•·î‹‰á€±ê¶Ÿã‘濙㹯쾠æµà´€çŠží‘€ê±™ [ 459.907856][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.500571][T13220] chnl_net:caif_netlink_parms(): no params data found [ 460.628983][T13220] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.637040][T13220] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.644414][T13220] bridge_slave_0: entered allmulticast mode [ 460.653235][T13220] bridge_slave_0: entered promiscuous mode [ 460.662177][T13220] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.669538][T13220] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.677748][T13220] bridge_slave_1: entered allmulticast mode [ 460.685724][T13220] bridge_slave_1: entered promiscuous mode [ 460.729031][T13220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.742666][T13220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.795082][T13220] team0: Port device team_slave_0 added [ 460.807545][T13220] team0: Port device team_slave_1 added [ 460.859926][T13220] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.867290][T13220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.895728][T13220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.927059][T13220] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.934528][T13220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.961176][T13220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 461.033312][T13220] hsr_slave_0: entered promiscuous mode [ 461.040202][T13220] hsr_slave_1: entered promiscuous mode [ 461.047185][T13220] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 461.055099][T13220] Cannot create hsr debugfs directory [ 461.371756][T13220] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.544157][T13220] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.562643][T13240] FAULT_INJECTION: forcing a failure. [ 461.562643][T13240] name failslab, interval 1, probability 0, space 0, times 0 [ 461.579925][T13240] CPU: 0 UID: 0 PID: 13240 Comm: syz.0.2452 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 461.579956][T13240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 461.579969][T13240] Call Trace: [ 461.579977][T13240] [ 461.579987][T13240] dump_stack_lvl+0x189/0x250 [ 461.580017][T13240] ? __pfx____ratelimit+0x10/0x10 [ 461.580049][T13240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 461.580073][T13240] ? __pfx__printk+0x10/0x10 [ 461.580110][T13240] should_fail_ex+0x414/0x560 [ 461.580141][T13240] should_failslab+0xa8/0x100 [ 461.580168][T13240] kmem_cache_alloc_noprof+0x73/0x3c0 [ 461.580192][T13240] ? skb_clone+0x212/0x3a0 [ 461.580223][T13240] skb_clone+0x212/0x3a0 [ 461.580253][T13240] __netlink_deliver_tap+0x404/0x850 [ 461.580293][T13240] ? netlink_deliver_tap+0x2e/0x1b0 [ 461.580319][T13240] netlink_deliver_tap+0x19c/0x1b0 [ 461.580345][T13240] netlink_sendskb+0x68/0x140 [ 461.580369][T13240] nfnetlink_rcv+0x2290/0x2520 [ 461.580427][T13240] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 461.580465][T13240] ? ref_tracker_free+0x63a/0x7d0 [ 461.580523][T13240] ? __netlink_deliver_tap+0x807/0x850 [ 461.580558][T13240] ? netlink_deliver_tap+0x2e/0x1b0 [ 461.580582][T13240] ? netlink_deliver_tap+0x2e/0x1b0 [ 461.580610][T13240] netlink_unicast+0x758/0x8d0 [ 461.580646][T13240] netlink_sendmsg+0x805/0xb30 [ 461.580681][T13240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 461.580710][T13240] ? aa_sock_msg_perm+0x94/0x160 [ 461.580733][T13240] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 461.580760][T13240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 461.580786][T13240] __sock_sendmsg+0x219/0x270 [ 461.580811][T13240] ____sys_sendmsg+0x505/0x830 [ 461.580843][T13240] ? __pfx_____sys_sendmsg+0x10/0x10 [ 461.580887][T13240] ? import_iovec+0x74/0xa0 [ 461.580913][T13240] ___sys_sendmsg+0x21f/0x2a0 [ 461.580942][T13240] ? __pfx____sys_sendmsg+0x10/0x10 [ 461.581010][T13240] ? __fget_files+0x2a/0x420 [ 461.581037][T13240] ? __fget_files+0x3a0/0x420 [ 461.581075][T13240] __x64_sys_sendmsg+0x19b/0x260 [ 461.581104][T13240] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 461.581140][T13240] ? __pfx_ksys_write+0x10/0x10 [ 461.581162][T13240] ? rcu_is_watching+0x15/0xb0 [ 461.581191][T13240] ? do_syscall_64+0xbe/0x3b0 [ 461.581215][T13240] do_syscall_64+0xfa/0x3b0 [ 461.581234][T13240] ? lockdep_hardirqs_on+0x9c/0x150 [ 461.581263][T13240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.581283][T13240] ? clear_bhb_loop+0x60/0xb0 [ 461.581312][T13240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.581330][T13240] RIP: 0033:0x7feaeb18e929 [ 461.581348][T13240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.581365][T13240] RSP: 002b:00007feaec08c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 461.581387][T13240] RAX: ffffffffffffffda RBX: 00007feaeb3b5fa0 RCX: 00007feaeb18e929 [ 461.581400][T13240] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 461.581413][T13240] RBP: 00007feaec08c090 R08: 0000000000000000 R09: 0000000000000000 [ 461.581424][T13240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 461.581434][T13240] R13: 0000000000000000 R14: 00007feaeb3b5fa0 R15: 00007fffcaab9948 [ 461.581466][T13240] [ 461.940966][ T5881] usb 5-1: 0:2 : does not exist [ 461.961545][ T51] Bluetooth: hci1: command tx timeout [ 462.008765][ T5881] usb 5-1: USB disconnect, device number 94 [ 462.086186][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 462.201645][T13220] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.240483][T13246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 462.292240][T13220] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.421586][ T5881] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 462.503791][T13220] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 462.517092][T13220] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 462.528916][T13220] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 462.540910][T13220] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 462.571876][ T5881] usb 5-1: Using ep0 maxpacket: 8 [ 462.594008][ T5881] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 462.602334][ T5881] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 462.621976][ T5881] usb 5-1: config 0 has no interface number 0 [ 462.636729][ T5881] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 462.661649][ T5881] usb 5-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 462.674512][T13220] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.694572][ T5881] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 462.724044][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.726409][T13220] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.749414][ T7928] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.756680][ T7928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.774073][ T5881] usb 5-1: config 0 descriptor?? [ 462.795400][ T5881] ldusb 5-1:0.55: Interrupt in endpoint not found [ 462.809312][ T7928] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.816580][ T7928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 463.006229][ T5882] usb 5-1: USB disconnect, device number 95 [ 463.023018][ T92] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 463.078741][T13220] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.124704][T13220] veth0_vlan: entered promiscuous mode [ 463.139095][T13220] veth1_vlan: entered promiscuous mode [ 463.173474][T13220] veth0_macvtap: entered promiscuous mode [ 463.186768][T13220] veth1_macvtap: entered promiscuous mode [ 463.203600][ T92] usb 6-1: Using ep0 maxpacket: 8 [ 463.207704][T13220] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 463.226096][ T92] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 463.229149][T13220] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 463.238950][ T92] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 463.257841][ T92] usb 6-1: config 0 has no interface number 0 [ 463.257864][T13220] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.271872][ T92] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 463.273506][T13220] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.290889][ T92] usb 6-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 463.298530][T13220] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.306307][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 463.314930][ T92] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 463.315873][T13220] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.326389][ T92] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.359965][ T92] usb 6-1: config 0 descriptor?? [ 463.370864][ T92] ldusb 6-1:0.55: Interrupt in endpoint not found [ 463.464333][ T7935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.475370][ T7935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.496418][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.505159][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.582318][T13261] syz.2.2446: attempt to access beyond end of device [ 463.582318][T13261] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 463.618702][ T92] usb 6-1: USB disconnect, device number 9 [ 463.627582][T13261] isofs_fill_super: bread failed, dev=nbd2, iso_blknum=16, block=32 [ 463.901901][ T5881] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 464.021816][ T51] Bluetooth: hci1: command tx timeout [ 464.054978][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 464.065291][ T5881] usb 5-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 464.074487][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.085449][ T5881] usb 5-1: config 0 descriptor?? [ 464.512921][ T5881] hid (null): bogus close delimiter [ 464.524827][ T5881] razer 0003:1532:010E.0015: bogus close delimiter [ 464.532390][ T5881] razer 0003:1532:010E.0015: item 0 0 2 10 parsing failed [ 464.540054][ T5881] razer 0003:1532:010E.0015: probe with driver razer failed with error -22 [ 465.109649][T13285] caif0 speed is unknown, defaulting to 1000 [ 465.276200][ T10] usb 5-1: USB disconnect, device number 96 [ 465.278168][T13289] /dev/nullb0: Can't open blockdev [ 465.572035][T13298] FAULT_INJECTION: forcing a failure. [ 465.572035][T13298] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 465.621701][T13298] CPU: 1 UID: 0 PID: 13298 Comm: syz.0.2470 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 465.621733][T13298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.621745][T13298] Call Trace: [ 465.621754][T13298] [ 465.621763][T13298] dump_stack_lvl+0x189/0x250 [ 465.621793][T13298] ? __pfx____ratelimit+0x10/0x10 [ 465.621833][T13298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 465.621857][T13298] ? __pfx__printk+0x10/0x10 [ 465.621893][T13298] should_fail_ex+0x414/0x560 [ 465.621924][T13298] _copy_to_user+0x31/0xb0 [ 465.621948][T13298] simple_read_from_buffer+0xe1/0x170 [ 465.621980][T13298] proc_fail_nth_read+0x1df/0x250 [ 465.622005][T13298] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 465.622028][T13298] ? rw_verify_area+0x258/0x650 [ 465.622052][T13298] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 465.622074][T13298] vfs_read+0x1fd/0x980 [ 465.622104][T13298] ? __pfx___mutex_lock+0x10/0x10 [ 465.622125][T13298] ? __pfx_vfs_read+0x10/0x10 [ 465.622152][T13298] ? __fget_files+0x2a/0x420 [ 465.622186][T13298] ? __fget_files+0x3a0/0x420 [ 465.622211][T13298] ? __fget_files+0x2a/0x420 [ 465.622248][T13298] ksys_read+0x145/0x250 [ 465.622276][T13298] ? __pfx_ksys_read+0x10/0x10 [ 465.622297][T13298] ? rcu_is_watching+0x15/0xb0 [ 465.622327][T13298] ? do_syscall_64+0xbe/0x3b0 [ 465.622351][T13298] do_syscall_64+0xfa/0x3b0 [ 465.622368][T13298] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.622397][T13298] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.622416][T13298] ? clear_bhb_loop+0x60/0xb0 [ 465.622441][T13298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.622459][T13298] RIP: 0033:0x7feaeb18d33c [ 465.622477][T13298] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 465.622493][T13298] RSP: 002b:00007feaec08c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 465.622515][T13298] RAX: ffffffffffffffda RBX: 00007feaeb3b5fa0 RCX: 00007feaeb18d33c [ 465.622529][T13298] RDX: 000000000000000f RSI: 00007feaec08c0a0 RDI: 0000000000000004 [ 465.622542][T13298] RBP: 00007feaec08c090 R08: 0000000000000000 R09: 0000000000000014 [ 465.622554][T13298] R10: 000000002000c004 R11: 0000000000000246 R12: 0000000000000001 [ 465.622567][T13298] R13: 0000000000000000 R14: 00007feaeb3b5fa0 R15: 00007fffcaab9948 [ 465.622599][T13298] [ 465.863153][ C1] vkms_vblank_simulate: vblank timer overrun [ 466.110890][ T51] Bluetooth: hci1: command tx timeout [ 466.144666][T13314] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2476'. [ 466.287092][T13317] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 466.419179][T13322] FAULT_INJECTION: forcing a failure. [ 466.419179][T13322] name failslab, interval 1, probability 0, space 0, times 0 [ 466.462933][T13318] TCP: TCP_TX_DELAY enabled [ 466.516871][T13322] CPU: 0 UID: 0 PID: 13322 Comm: syz.4.2480 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 466.516904][T13322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 466.516917][T13322] Call Trace: [ 466.516925][T13322] [ 466.516935][T13322] dump_stack_lvl+0x189/0x250 [ 466.516964][T13322] ? __pfx____ratelimit+0x10/0x10 [ 466.516995][T13322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 466.517019][T13322] ? __pfx__printk+0x10/0x10 [ 466.517044][T13322] ? __pfx___might_resched+0x10/0x10 [ 466.517067][T13322] ? fs_reclaim_acquire+0x7d/0x100 [ 466.517100][T13322] should_fail_ex+0x414/0x560 [ 466.517131][T13322] should_failslab+0xa8/0x100 [ 466.517159][T13322] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 466.517184][T13322] ? v9fs_session_init+0xfd/0x19a0 [ 466.517213][T13322] kstrdup+0x42/0x100 [ 466.517243][T13322] v9fs_session_init+0xfd/0x19a0 [ 466.517293][T13322] ? __pfx_v9fs_session_init+0x10/0x10 [ 466.517327][T13322] ? __kasan_kmalloc+0x93/0xb0 [ 466.517352][T13322] ? v9fs_mount+0xb2/0xa10 [ 466.517381][T13322] v9fs_mount+0xc8/0xa10 [ 466.517408][T13322] ? __pfx_aa_get_newest_label+0x10/0x10 [ 466.517431][T13322] ? __pfx_v9fs_mount+0x10/0x10 [ 466.517456][T13322] ? rcu_is_watching+0x15/0xb0 [ 466.517486][T13322] legacy_get_tree+0xfa/0x1a0 [ 466.517503][T13322] ? __pfx_v9fs_mount+0x10/0x10 [ 466.517530][T13322] vfs_get_tree+0x8f/0x2b0 [ 466.517560][T13322] do_new_mount+0x24a/0xa40 [ 466.517598][T13322] __se_sys_mount+0x317/0x410 [ 466.517633][T13322] ? __pfx___se_sys_mount+0x10/0x10 [ 466.517668][T13322] ? do_syscall_64+0xbe/0x3b0 [ 466.517685][T13322] ? __x64_sys_mount+0x20/0xc0 [ 466.517715][T13322] do_syscall_64+0xfa/0x3b0 [ 466.517734][T13322] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.517763][T13322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.517783][T13322] ? clear_bhb_loop+0x60/0xb0 [ 466.517807][T13322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.517833][T13322] RIP: 0033:0x7f9be398e929 [ 466.517852][T13322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.517869][T13322] RSP: 002b:00007f9be483a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 466.517890][T13322] RAX: ffffffffffffffda RBX: 00007f9be3bb5fa0 RCX: 00007f9be398e929 [ 466.517905][T13322] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 00002000000000c0 [ 466.517917][T13322] RBP: 00007f9be483a090 R08: 0000200000000040 R09: 0000000000000000 [ 466.517930][T13322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 466.517942][T13322] R13: 0000000000000000 R14: 00007f9be3bb5fa0 R15: 00007fff40609078 [ 466.517974][T13322] [ 466.894031][T13323] rtc_cmos 00:00: Alarms can be up to one day in the future [ 466.991885][ T7928] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.000560][T13329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2483'. [ 467.022999][ T7928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.058356][T13329] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2483'. [ 467.662502][T13351] caif0 speed is unknown, defaulting to 1000 [ 468.079827][T13351] FAULT_INJECTION: forcing a failure. [ 468.079827][T13351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 468.093321][T13351] CPU: 1 UID: 0 PID: 13351 Comm: syz.4.2492 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 468.093350][T13351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.093362][T13351] Call Trace: [ 468.093372][T13351] [ 468.093380][T13351] dump_stack_lvl+0x189/0x250 [ 468.093409][T13351] ? __pfx____ratelimit+0x10/0x10 [ 468.093440][T13351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.093462][T13351] ? __pfx__printk+0x10/0x10 [ 468.093485][T13351] ? __might_fault+0xb0/0x130 [ 468.093521][T13351] should_fail_ex+0x414/0x560 [ 468.093551][T13351] _copy_from_iter+0x1db/0x16f0 [ 468.093594][T13351] ? __pfx__copy_from_iter+0x10/0x10 [ 468.093619][T13351] ? sock_alloc_send_pskb+0x875/0x990 [ 468.093655][T13351] ? __pfx__copy_from_iter+0x10/0x10 [ 468.093687][T13351] ? page_copy_sane+0x16a/0x280 [ 468.093717][T13351] copy_page_from_iter+0xdd/0x170 [ 468.093751][T13351] skb_copy_datagram_from_iter+0x306/0x720 [ 468.093791][T13351] tun_get_user+0x15c3/0x3ce0 [ 468.093830][T13351] ? aa_file_perm+0x11f/0xed0 [ 468.093854][T13351] ? __pfx_tun_get_user+0x10/0x10 [ 468.093871][T13351] ? aa_file_perm+0x11f/0xed0 [ 468.093891][T13351] ? aa_file_perm+0x3e7/0xed0 [ 468.093927][T13351] ? ref_tracker_alloc+0x318/0x460 [ 468.093950][T13351] ? __lock_acquire+0xab9/0xd20 [ 468.093972][T13351] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 468.094004][T13351] ? tun_get+0x1c/0x2f0 [ 468.094036][T13351] ? tun_get+0x1c/0x2f0 [ 468.094053][T13351] ? tun_get+0x1c/0x2f0 [ 468.094076][T13351] tun_chr_write_iter+0x113/0x200 [ 468.094109][T13351] vfs_write+0x548/0xa90 [ 468.094140][T13351] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 468.094169][T13351] ? __pfx_vfs_write+0x10/0x10 [ 468.094206][T13351] ? __fget_files+0x2a/0x420 [ 468.094243][T13351] ksys_write+0x145/0x250 [ 468.094271][T13351] ? __pfx_ksys_write+0x10/0x10 [ 468.094293][T13351] ? rcu_is_watching+0x15/0xb0 [ 468.094321][T13351] ? do_syscall_64+0xbe/0x3b0 [ 468.094346][T13351] do_syscall_64+0xfa/0x3b0 [ 468.094363][T13351] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.094392][T13351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.094411][T13351] ? clear_bhb_loop+0x60/0xb0 [ 468.094435][T13351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.094454][T13351] RIP: 0033:0x7f9be398e929 [ 468.094472][T13351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.094489][T13351] RSP: 002b:00007f9be483a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 468.094511][T13351] RAX: ffffffffffffffda RBX: 00007f9be3bb5fa0 RCX: 00007f9be398e929 [ 468.094526][T13351] RDX: 000000000000fdef RSI: 0000200000000040 RDI: 0000000000000004 [ 468.094539][T13351] RBP: 00007f9be483a090 R08: 0000000000000000 R09: 0000000000000000 [ 468.094551][T13351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 468.094563][T13351] R13: 0000000000000000 R14: 00007f9be3bb5fa0 R15: 00007fff40609078 [ 468.094594][T13351] [ 468.212792][ T51] Bluetooth: hci1: command tx timeout [ 468.216022][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.408934][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.414954][ C1] hrtimer: interrupt took 307238079 ns [ 468.514965][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.967234][T13362] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2495'. [ 468.988831][T13362] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2495'. [ 469.332637][T13370] FAULT_INJECTION: forcing a failure. [ 469.332637][T13370] name failslab, interval 1, probability 0, space 0, times 0 [ 469.353258][T13370] CPU: 0 UID: 0 PID: 13370 Comm: syz.5.2499 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 469.353289][T13370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 469.353301][T13370] Call Trace: [ 469.353310][T13370] [ 469.353319][T13370] dump_stack_lvl+0x189/0x250 [ 469.353349][T13370] ? __pfx____ratelimit+0x10/0x10 [ 469.353380][T13370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 469.353403][T13370] ? __pfx__printk+0x10/0x10 [ 469.353432][T13370] ? __pfx___might_resched+0x10/0x10 [ 469.353454][T13370] ? fs_reclaim_acquire+0x7d/0x100 [ 469.353487][T13370] should_fail_ex+0x414/0x560 [ 469.353516][T13370] should_failslab+0xa8/0x100 [ 469.353543][T13370] __kmalloc_noprof+0xcb/0x4f0 [ 469.353565][T13370] ? __keyctl_dh_compute+0x5fe/0xca0 [ 469.353593][T13370] __keyctl_dh_compute+0x5fe/0xca0 [ 469.353626][T13370] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 469.353650][T13370] ? __lock_acquire+0xab9/0xd20 [ 469.353682][T13370] ? __might_fault+0xb0/0x130 [ 469.353729][T13370] keyctl_dh_compute+0x109/0x160 [ 469.353755][T13370] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 469.353797][T13370] __se_sys_keyctl+0x423/0x910 [ 469.353827][T13370] ? __pfx___se_sys_keyctl+0x10/0x10 [ 469.353859][T13370] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 469.353884][T13370] ? __fget_files+0x3a0/0x420 [ 469.353920][T13370] ? fput+0xa0/0xd0 [ 469.353941][T13370] ? ksys_write+0x22a/0x250 [ 469.353969][T13370] ? __pfx_ksys_write+0x10/0x10 [ 469.353992][T13370] ? rcu_is_watching+0x15/0xb0 [ 469.354020][T13370] ? do_syscall_64+0xbe/0x3b0 [ 469.354038][T13370] ? __x64_sys_keyctl+0x20/0xc0 [ 469.354078][T13370] do_syscall_64+0xfa/0x3b0 [ 469.354096][T13370] ? lockdep_hardirqs_on+0x9c/0x150 [ 469.354124][T13370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.354144][T13370] ? clear_bhb_loop+0x60/0xb0 [ 469.354168][T13370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.354187][T13370] RIP: 0033:0x7fef4598e929 [ 469.354205][T13370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.354223][T13370] RSP: 002b:00007fef4686c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 469.354246][T13370] RAX: ffffffffffffffda RBX: 00007fef45bb5fa0 RCX: 00007fef4598e929 [ 469.354261][T13370] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000017 [ 469.354274][T13370] RBP: 00007fef4686c090 R08: 0000200000000180 R09: 0000000000000000 [ 469.354288][T13370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 469.354301][T13370] R13: 0000000000000000 R14: 00007fef45bb5fa0 R15: 00007ffefa01c018 [ 469.354333][T13370] [ 469.890693][T13381] FAULT_INJECTION: forcing a failure. [ 469.890693][T13381] name failslab, interval 1, probability 0, space 0, times 0 [ 469.904317][T13381] CPU: 0 UID: 0 PID: 13381 Comm: syz.5.2503 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 469.904344][T13381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 469.904356][T13381] Call Trace: [ 469.904365][T13381] [ 469.904375][T13381] dump_stack_lvl+0x189/0x250 [ 469.904404][T13381] ? __pfx____ratelimit+0x10/0x10 [ 469.904435][T13381] ? __pfx_dump_stack_lvl+0x10/0x10 [ 469.904458][T13381] ? __pfx__printk+0x10/0x10 [ 469.904483][T13381] ? __pfx___might_resched+0x10/0x10 [ 469.904507][T13381] ? fs_reclaim_acquire+0x7d/0x100 [ 469.904538][T13381] should_fail_ex+0x414/0x560 [ 469.904569][T13381] should_failslab+0xa8/0x100 [ 469.904596][T13381] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 469.904620][T13381] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 469.904641][T13381] ? v9fs_session_init+0xaf/0x19a0 [ 469.904661][T13381] ? legacy_get_tree+0xfa/0x1a0 [ 469.904677][T13381] ? vfs_get_tree+0x8f/0x2b0 [ 469.904706][T13381] kstrdup+0x42/0x100 [ 469.904734][T13381] v9fs_session_init+0xaf/0x19a0 [ 469.904783][T13381] ? __pfx_v9fs_session_init+0x10/0x10 [ 469.904816][T13381] ? __kasan_kmalloc+0x93/0xb0 [ 469.904843][T13381] ? v9fs_mount+0xb2/0xa10 [ 469.904871][T13381] v9fs_mount+0xc8/0xa10 [ 469.904898][T13381] ? __pfx_aa_get_newest_label+0x10/0x10 [ 469.904920][T13381] ? __pfx_v9fs_mount+0x10/0x10 [ 469.904945][T13381] ? rcu_is_watching+0x15/0xb0 [ 469.904974][T13381] legacy_get_tree+0xfa/0x1a0 [ 469.904998][T13381] ? __pfx_v9fs_mount+0x10/0x10 [ 469.905024][T13381] vfs_get_tree+0x8f/0x2b0 [ 469.905053][T13381] do_new_mount+0x24a/0xa40 [ 469.905089][T13381] __se_sys_mount+0x317/0x410 [ 469.905125][T13381] ? __pfx___se_sys_mount+0x10/0x10 [ 469.905150][T13381] ? rcu_is_watching+0x15/0xb0 [ 469.905177][T13381] ? do_syscall_64+0xbe/0x3b0 [ 469.905194][T13381] ? __x64_sys_mount+0x20/0xc0 [ 469.905225][T13381] do_syscall_64+0xfa/0x3b0 [ 469.905242][T13381] ? lockdep_hardirqs_on+0x9c/0x150 [ 469.905271][T13381] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.905290][T13381] ? clear_bhb_loop+0x60/0xb0 [ 469.905315][T13381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.905333][T13381] RIP: 0033:0x7fef4598e929 [ 469.905352][T13381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.905368][T13381] RSP: 002b:00007fef4686c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 469.905390][T13381] RAX: ffffffffffffffda RBX: 00007fef45bb5fa0 RCX: 00007fef4598e929 [ 469.905404][T13381] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 00002000000000c0 [ 469.905418][T13381] RBP: 00007fef4686c090 R08: 0000200000000040 R09: 0000000000000000 [ 469.905432][T13381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 469.905444][T13381] R13: 0000000000000000 R14: 00007fef45bb5fa0 R15: 00007ffefa01c018 [ 469.905476][T13381] [ 471.136906][T13384] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 471.143456][T13384] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 471.151292][T13384] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 471.266528][T13405] program syz.5.2508 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 471.482805][T13418] /dev/nullb0: Can't open blockdev [ 471.621521][ T10] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 471.784424][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 471.798079][ T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.815616][ T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 471.820839][T13427] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2515'. [ 471.834603][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 471.844896][T13420] FAULT_INJECTION: forcing a failure. [ 471.844896][T13420] name failslab, interval 1, probability 0, space 0, times 0 [ 471.850216][ T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 471.873885][T13428] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2516'. [ 471.881577][T13420] CPU: 1 UID: 0 PID: 13420 Comm: syz.2.2514 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 471.881606][T13420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 471.881618][T13420] Call Trace: [ 471.881626][T13420] [ 471.881634][T13420] dump_stack_lvl+0x189/0x250 [ 471.881661][T13420] ? __pfx____ratelimit+0x10/0x10 [ 471.881687][T13420] ? __pfx_dump_stack_lvl+0x10/0x10 [ 471.881707][T13420] ? __pfx__printk+0x10/0x10 [ 471.881734][T13420] ? __pfx___might_resched+0x10/0x10 [ 471.881752][T13420] ? fs_reclaim_acquire+0x7d/0x100 [ 471.881781][T13420] should_fail_ex+0x414/0x560 [ 471.881809][T13420] should_failslab+0xa8/0x100 [ 471.881832][T13420] kmem_cache_alloc_noprof+0x73/0x3c0 [ 471.881853][T13420] ? vm_area_alloc+0x24/0x140 [ 471.881880][T13420] vm_area_alloc+0x24/0x140 [ 471.881904][T13420] mmap_region+0xcc7/0x1f30 [ 471.881936][T13420] ? is_bpf_text_address+0x26/0x2b0 [ 471.881961][T13420] ? __pfx_mmap_region+0x10/0x10 [ 471.881977][T13420] ? is_bpf_text_address+0x26/0x2b0 [ 471.881999][T13420] ? kernel_text_address+0xa5/0xe0 [ 471.882025][T13420] ? __kernel_text_address+0xd/0x40 [ 471.882056][T13420] ? unwind_get_return_address+0x4d/0x90 [ 471.882148][T13420] ? bpf_lsm_mmap_addr+0x9/0x20 [ 471.882165][T13420] ? security_mmap_addr+0x71/0x270 [ 471.882192][T13420] ? shmem_mapping+0xd/0x50 [ 471.882216][T13420] ? memfd_check_seals_mmap+0x165/0x200 [ 471.882238][T13420] do_mmap+0xc45/0x10d0 [ 471.882271][T13420] ? __pfx_do_mmap+0x10/0x10 [ 471.882288][T13420] ? down_write_killable+0x178/0x230 [ 471.882308][T13420] ? end_current_label_crit_section+0x152/0x180 [ 471.882328][T13420] ? __pfx_down_write_killable+0x10/0x10 [ 471.882357][T13420] vm_mmap_pgoff+0x31b/0x4c0 [ 471.882383][T13420] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 471.882397][T13420] ? rcu_is_watching+0x15/0xb0 [ 471.882418][T13420] ? hugetlbfs_get_inode+0x448/0x660 [ 471.882446][T13420] ? hugetlb_file_setup+0x429/0x630 [ 471.882468][T13420] ksys_mmap_pgoff+0x587/0x760 [ 471.882495][T13420] do_syscall_64+0xfa/0x3b0 [ 471.882511][T13420] ? lockdep_hardirqs_on+0x9c/0x150 [ 471.882535][T13420] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.882552][T13420] ? clear_bhb_loop+0x60/0xb0 [ 471.882574][T13420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.882590][T13420] RIP: 0033:0x7fb92698e929 [ 471.882613][T13420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.882628][T13420] RSP: 002b:00007fb927791038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 471.882647][T13420] RAX: ffffffffffffffda RBX: 00007fb926bb5fa0 RCX: 00007fb92698e929 [ 471.882660][T13420] RDX: 0000000000000000 RSI: 0000000000ff5000 RDI: 0000200000000000 [ 471.882672][T13420] RBP: 00007fb927791090 R08: ffffffffffffffff R09: 0000000000004000 [ 471.882683][T13420] R10: 00020000000ec071 R11: 0000000000000246 R12: 0000000000000002 [ 471.882695][T13420] R13: 0000000000000000 R14: 00007fb926bb5fa0 R15: 00007ffcec00a718 [ 471.882724][T13420] [ 472.188911][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.200351][ T10] usb 5-1: config 0 descriptor?? [ 472.421807][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 472.453951][T13436] syzkaller1: entered promiscuous mode [ 472.459637][T13436] syzkaller1: entered allmulticast mode [ 472.650842][T13412] pim6reg: entered allmulticast mode [ 472.720682][T13412] pim6reg: left allmulticast mode [ 472.779010][ T10] hid (null): unknown global tag 0x94 [ 472.784866][ T10] hid (null): global environment stack underflow [ 472.796665][T13443] FAULT_INJECTION: forcing a failure. [ 472.796665][T13443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.820558][T13443] CPU: 0 UID: 0 PID: 13443 Comm: syz.0.2520 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 472.820586][T13443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 472.820598][T13443] Call Trace: [ 472.820606][T13443] [ 472.820616][T13443] dump_stack_lvl+0x189/0x250 [ 472.820644][T13443] ? __pfx____ratelimit+0x10/0x10 [ 472.820672][T13443] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.820694][T13443] ? __pfx__printk+0x10/0x10 [ 472.820727][T13443] should_fail_ex+0x414/0x560 [ 472.820756][T13443] _copy_to_user+0x31/0xb0 [ 472.820780][T13443] simple_read_from_buffer+0xe1/0x170 [ 472.820813][T13443] proc_fail_nth_read+0x1df/0x250 [ 472.820833][T13443] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 472.820855][T13443] ? rw_verify_area+0x258/0x650 [ 472.820877][T13443] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 472.820898][T13443] vfs_read+0x1fd/0x980 [ 472.820927][T13443] ? __pfx___mutex_lock+0x10/0x10 [ 472.820945][T13443] ? __pfx_vfs_read+0x10/0x10 [ 472.820970][T13443] ? __fget_files+0x2a/0x420 [ 472.821014][T13443] ? __fget_files+0x3a0/0x420 [ 472.821041][T13443] ? __fget_files+0x2a/0x420 [ 472.821076][T13443] ksys_read+0x145/0x250 [ 472.821104][T13443] ? __pfx_ksys_read+0x10/0x10 [ 472.821133][T13443] ? do_syscall_64+0xbe/0x3b0 [ 472.821155][T13443] do_syscall_64+0xfa/0x3b0 [ 472.821173][T13443] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.821202][T13443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.821220][T13443] ? clear_bhb_loop+0x60/0xb0 [ 472.821244][T13443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.821264][T13443] RIP: 0033:0x7feaeb18d33c [ 472.821283][T13443] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 472.821305][T13443] RSP: 002b:00007feaec08c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 472.821327][T13443] RAX: ffffffffffffffda RBX: 00007feaeb3b5fa0 RCX: 00007feaeb18d33c [ 472.821341][T13443] RDX: 000000000000000f RSI: 00007feaec08c0a0 RDI: 0000000000000006 [ 472.821354][T13443] RBP: 00007feaec08c090 R08: 0000000000000000 R09: 0000000000000000 [ 472.821367][T13443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.821380][T13443] R13: 0000000000000000 R14: 00007feaeb3b5fa0 R15: 00007fffcaab9948 [ 472.821411][T13443] [ 473.284896][ T5882] usb 5-1: USB disconnect, device number 97 [ 473.399318][T13447] program syz.0.2521 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 473.678010][T13458] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2524'. [ 473.702132][T13455] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2524'. [ 473.723440][T13458] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2524'. [ 474.079726][T13470] FAULT_INJECTION: forcing a failure. [ 474.079726][T13470] name failslab, interval 1, probability 0, space 0, times 0 [ 474.156646][T13470] CPU: 0 UID: 0 PID: 13470 Comm: syz.4.2529 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 474.156679][T13470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 474.156691][T13470] Call Trace: [ 474.156699][T13470] [ 474.156709][T13470] dump_stack_lvl+0x189/0x250 [ 474.156738][T13470] ? __pfx____ratelimit+0x10/0x10 [ 474.156767][T13470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.156789][T13470] ? __pfx__printk+0x10/0x10 [ 474.156816][T13470] ? __pfx___might_resched+0x10/0x10 [ 474.156839][T13470] ? fs_reclaim_acquire+0x7d/0x100 [ 474.156872][T13470] should_fail_ex+0x414/0x560 [ 474.156903][T13470] should_failslab+0xa8/0x100 [ 474.156931][T13470] __kmalloc_noprof+0xcb/0x4f0 [ 474.156963][T13470] ? tomoyo_encode+0x28b/0x550 [ 474.156992][T13470] tomoyo_encode+0x28b/0x550 [ 474.157022][T13470] tomoyo_realpath_from_path+0x58d/0x5d0 [ 474.157049][T13470] ? tomoyo_domain+0xd9/0x130 [ 474.157079][T13470] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 474.157110][T13470] tomoyo_path_number_perm+0x1e8/0x5a0 [ 474.157144][T13470] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 474.157194][T13470] ? __lock_acquire+0xab9/0xd20 [ 474.157239][T13470] ? __fget_files+0x2a/0x420 [ 474.157272][T13470] ? __fget_files+0x2a/0x420 [ 474.157298][T13470] ? __fget_files+0x3a0/0x420 [ 474.157324][T13470] ? __fget_files+0x2a/0x420 [ 474.157362][T13470] security_file_ioctl+0xcb/0x2d0 [ 474.157394][T13470] __se_sys_ioctl+0x47/0x170 [ 474.157421][T13470] do_syscall_64+0xfa/0x3b0 [ 474.157440][T13470] ? lockdep_hardirqs_on+0x9c/0x150 [ 474.157469][T13470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.157488][T13470] ? clear_bhb_loop+0x60/0xb0 [ 474.157519][T13470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.157538][T13470] RIP: 0033:0x7f9be398e929 [ 474.157556][T13470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.157574][T13470] RSP: 002b:00007f9be4819038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 474.157596][T13470] RAX: ffffffffffffffda RBX: 00007f9be3bb6080 RCX: 00007f9be398e929 [ 474.157611][T13470] RDX: 0000200000000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 474.157625][T13470] RBP: 00007f9be4819090 R08: 0000000000000000 R09: 0000000000000000 [ 474.157637][T13470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 474.157650][T13470] R13: 0000000000000000 R14: 00007f9be3bb6080 R15: 00007fff40609078 [ 474.157683][T13470] [ 474.157937][T13470] ERROR: Out of memory at tomoyo_realpath_from_path. [ 474.501679][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 474.518830][T13467] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 474.592966][T13467] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 474.762432][T13474] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:16x16 (0x30314247, 8, 0, 0, 0) [ 475.255078][T13484] program syz.2.2532 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 475.431597][ T5903] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 475.581463][ T5903] usb 6-1: device descriptor read/64, error -71 [ 475.772157][ T10] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 475.831481][ T5903] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 475.949328][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 475.956479][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 475.965877][ T10] usb 5-1: config 5 has an invalid interface number: 40 but max is 0 [ 475.974071][ T5903] usb 6-1: device descriptor read/64, error -71 [ 475.980362][ T10] usb 5-1: config 5 has no interface number 0 [ 475.986672][ T10] usb 5-1: config 5 interface 40 has no altsetting 0 [ 475.996243][ T10] usb 5-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.07 [ 476.005401][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.013446][ T10] usb 5-1: Product: syz [ 476.017610][ T10] usb 5-1: Manufacturer: syz [ 476.022290][ T10] usb 5-1: SerialNumber: syz [ 476.082285][ T5903] usb usb6-port1: attempt power cycle [ 476.233884][T13494] kAFS: No cell specified [ 476.247136][ T10] ums-isd200 5-1:5.40: USB Mass Storage device detected [ 476.309709][ T10] usb 5-1: USB disconnect, device number 98 [ 476.432767][ T5903] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 476.452375][ T5903] usb 6-1: device descriptor read/8, error -71 [ 476.691476][ T5903] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 476.712146][ T5903] usb 6-1: device descriptor read/8, error -71 [ 476.821949][ T5903] usb usb6-port1: unable to enumerate USB device [ 477.151485][ T5882] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 477.301466][ T5882] usb 5-1: Using ep0 maxpacket: 16 [ 477.308529][ T5882] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 477.319197][ T5882] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 477.335124][ T5882] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 477.344246][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.355030][ T5882] usb 5-1: Product: syz [ 477.359230][ T5882] usb 5-1: Manufacturer: syz [ 477.363914][ T5882] usb 5-1: SerialNumber: syz [ 477.582606][ T5882] usb 5-1: 0:2 : does not exist [ 477.595332][ T5882] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 477.618701][ T5882] usb 5-1: USB disconnect, device number 99 [ 477.653816][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 478.144801][T13506] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2542'. [ 478.623015][T13529] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:7f00:0001 with DS=0xee [ 479.068458][T13542] loop2: detected capacity change from 0 to 9 [ 479.087020][ T5842] Dev loop2: unable to read RDB block 9 [ 479.096279][ T5842] loop2: unable to read partition table [ 479.119648][ T5842] loop2: partition table beyond EOD, truncated [ 479.136114][T13542] Dev loop2: unable to read RDB block 9 [ 479.148706][T13542] loop2: unable to read partition table [ 479.155255][T13542] loop2: partition table beyond EOD, truncated [ 479.170529][T13542] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 479.474995][T13555] binder: 13553:13555 ioctl c0306201 0 returned -14 [ 479.797214][T13568] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 479.825364][T13568] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2567'. [ 479.845672][T13570] FAULT_INJECTION: forcing a failure. [ 479.845672][T13570] name failslab, interval 1, probability 0, space 0, times 0 [ 479.865661][T13570] CPU: 1 UID: 0 PID: 13570 Comm: syz.0.2568 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 479.865690][T13570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 479.865701][T13570] Call Trace: [ 479.865709][T13570] [ 479.865718][T13570] dump_stack_lvl+0x189/0x250 [ 479.865747][T13570] ? __pfx____ratelimit+0x10/0x10 [ 479.865776][T13570] ? __pfx_dump_stack_lvl+0x10/0x10 [ 479.865800][T13570] ? __pfx__printk+0x10/0x10 [ 479.865825][T13570] ? __pfx___might_resched+0x10/0x10 [ 479.865848][T13570] ? fs_reclaim_acquire+0x7d/0x100 [ 479.865882][T13570] should_fail_ex+0x414/0x560 [ 479.865913][T13570] should_failslab+0xa8/0x100 [ 479.865942][T13570] __kmalloc_noprof+0xcb/0x4f0 [ 479.865974][T13570] ? tomoyo_encode+0x28b/0x550 [ 479.866003][T13570] tomoyo_encode+0x28b/0x550 [ 479.866034][T13570] tomoyo_realpath_from_path+0x58d/0x5d0 [ 479.866070][T13570] ? tomoyo_mount_permission+0x27a/0x970 [ 479.866093][T13570] tomoyo_mount_permission+0x377/0x970 [ 479.866119][T13570] ? tomoyo_mount_permission+0x27a/0x970 [ 479.866142][T13570] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 479.866231][T13570] security_sb_mount+0xec/0x350 [ 479.866259][T13570] path_mount+0xbc/0xfe0 [ 479.866286][T13570] ? user_path_at+0x44/0x60 [ 479.866306][T13570] ? kmem_cache_free+0x18f/0x400 [ 479.866341][T13570] __se_sys_mount+0x317/0x410 [ 479.866377][T13570] ? __pfx___se_sys_mount+0x10/0x10 [ 479.866403][T13570] ? rcu_is_watching+0x15/0xb0 [ 479.866432][T13570] ? do_syscall_64+0xbe/0x3b0 [ 479.866451][T13570] ? __x64_sys_mount+0x20/0xc0 [ 479.866482][T13570] do_syscall_64+0xfa/0x3b0 [ 479.866500][T13570] ? lockdep_hardirqs_on+0x9c/0x150 [ 479.866529][T13570] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.866548][T13570] ? clear_bhb_loop+0x60/0xb0 [ 479.866573][T13570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.866592][T13570] RIP: 0033:0x7feaeb18e929 [ 479.866610][T13570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.866633][T13570] RSP: 002b:00007feaec08c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 479.866656][T13570] RAX: ffffffffffffffda RBX: 00007feaeb3b5fa0 RCX: 00007feaeb18e929 [ 479.866670][T13570] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000000000000000 [ 479.866685][T13570] RBP: 00007feaec08c090 R08: 0000200000000180 R09: 0000000000000000 [ 479.866697][T13570] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001 [ 479.866709][T13570] R13: 0000000000000000 R14: 00007feaeb3b5fa0 R15: 00007fffcaab9948 [ 479.866743][T13570] [ 479.866842][T13570] ERROR: Out of memory at tomoyo_realpath_from_path. [ 480.391767][ T5882] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 480.564247][ T5882] usb 6-1: not running at top speed; connect to a high speed hub [ 480.564568][T13594] FAULT_INJECTION: forcing a failure. [ 480.564568][T13594] name failslab, interval 1, probability 0, space 0, times 0 [ 480.585995][ T5882] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 480.601624][ T5882] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 480.635240][ T5882] usb 6-1: New USB device found, idVendor=0b0e, idProduct=ffff, bcdDevice= 0.40 [ 480.641712][T13594] CPU: 0 UID: 0 PID: 13594 Comm: syz.2.2578 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 480.641740][T13594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 480.641751][T13594] Call Trace: [ 480.641760][T13594] [ 480.641767][T13594] dump_stack_lvl+0x189/0x250 [ 480.641794][T13594] ? __pfx____ratelimit+0x10/0x10 [ 480.641822][T13594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 480.641842][T13594] ? __pfx__printk+0x10/0x10 [ 480.641868][T13594] ? __pfx___might_resched+0x10/0x10 [ 480.641895][T13594] ? fs_reclaim_acquire+0x7d/0x100 [ 480.641924][T13594] should_fail_ex+0x414/0x560 [ 480.641952][T13594] should_failslab+0xa8/0x100 [ 480.641976][T13594] __kmalloc_noprof+0xcb/0x4f0 [ 480.641995][T13594] ? kfree+0x4d/0x440 [ 480.642012][T13594] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 480.642038][T13594] tomoyo_realpath_from_path+0xe3/0x5d0 [ 480.642061][T13594] ? tomoyo_domain+0xd9/0x130 [ 480.642090][T13594] tomoyo_path_perm+0x213/0x4b0 [ 480.642113][T13594] ? ubi_open_volume_path+0x88/0x1a0 [ 480.642130][T13594] ? tomoyo_path_perm+0x1e3/0x4b0 [ 480.642154][T13594] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 480.642215][T13594] ? kasan_quarantine_put+0xdd/0x220 [ 480.642246][T13594] security_inode_getattr+0x12f/0x330 [ 480.642271][T13594] vfs_getattr+0x23/0x70 [ 480.642291][T13594] ubi_get_num_by_path+0x102/0x2e0 [ 480.642312][T13594] ? __pfx_ubi_get_num_by_path+0x10/0x10 [ 480.642329][T13594] ? kasan_save_track+0x3e/0x80 [ 480.642346][T13594] ? __kasan_kmalloc+0x93/0xb0 [ 480.642399][T13594] ubi_open_volume_path+0x88/0x1a0 [ 480.642420][T13594] ubifs_get_tree+0x109/0x7080 [ 480.642454][T13594] ? __pfx_ubifs_parse_param+0x10/0x10 [ 480.642482][T13594] ? vfs_parse_fs_string+0x101/0x170 [ 480.642513][T13594] ? aa_get_newest_label+0xf7/0x5d0 [ 480.642531][T13594] ? vfs_parse_monolithic_sep+0xcc/0x310 [ 480.642556][T13594] ? __pfx_aa_get_newest_label+0x10/0x10 [ 480.642572][T13594] ? vfs_parse_fs_string+0x101/0x170 [ 480.642600][T13594] ? rcu_is_watching+0x15/0xb0 [ 480.642619][T13594] ? __pfx_ubifs_get_tree+0x10/0x10 [ 480.642643][T13594] ? apparmor_capable+0x137/0x1b0 [ 480.642673][T13594] vfs_get_tree+0x8f/0x2b0 [ 480.642699][T13594] do_new_mount+0x24a/0xa40 [ 480.642733][T13594] __se_sys_mount+0x317/0x410 [ 480.642764][T13594] ? __pfx___se_sys_mount+0x10/0x10 [ 480.642794][T13594] ? do_syscall_64+0xbe/0x3b0 [ 480.642811][T13594] ? __x64_sys_mount+0x20/0xc0 [ 480.642838][T13594] do_syscall_64+0xfa/0x3b0 [ 480.642854][T13594] ? lockdep_hardirqs_on+0x9c/0x150 [ 480.642886][T13594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.642903][T13594] ? clear_bhb_loop+0x60/0xb0 [ 480.642924][T13594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.642941][T13594] RIP: 0033:0x7fb92698e929 [ 480.642958][T13594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.642973][T13594] RSP: 002b:00007fb927791038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 480.642993][T13594] RAX: ffffffffffffffda RBX: 00007fb926bb5fa0 RCX: 00007fb92698e929 [ 480.643006][T13594] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 0000200000000080 [ 480.643017][T13594] RBP: 00007fb927791090 R08: 0000000000000000 R09: 0000000000000000 [ 480.643029][T13594] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000002 [ 480.643040][T13594] R13: 0000000000000001 R14: 00007fb926bb5fa0 R15: 00007ffcec00a718 [ 480.643069][T13594] [ 480.643077][T13594] ERROR: Out of memory at tomoyo_realpath_from_path. [ 480.651678][ T5882] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.710630][T13594] Invalid source name [ 480.716507][ T5882] usb 6-1: Product: syz [ 480.789483][T13594] UBIFS error (pid: 13594): cannot open "/dev/rnullb0", error -22 [ 480.791736][ T5882] usb 6-1: Manufacturer: syz [ 481.023257][ T5882] usb 6-1: SerialNumber: syz [ 481.035337][T13577] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 481.250230][T13577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.264138][T13577] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.350369][ T5882] usbhid 6-1:1.0: can't add hid device: -71 [ 481.368067][ T5882] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 481.388865][ T5882] usb 6-1: USB disconnect, device number 14 [ 481.684041][T13619] C: renamed from team_slave_0 (while UP) [ 481.700866][T13619] netlink: 'syz.4.2588': attribute type 2 has an invalid length. [ 481.721129][T13619] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2588'. [ 481.731069][T13619] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 482.073143][T13642] (syz.2.2596,13642,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 482.084320][T13642] (syz.2.2596,13642,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 482.231761][ T10] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 482.389909][ T30] audit: type=1326 audit(1750766732.327:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13654 comm="syz.4.2602" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9be398e929 code=0x0 [ 482.411631][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.422403][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 482.430578][ T10] usb 6-1: config 0 has an invalid interface number: 16 but max is 2 [ 482.442473][T13656] FAULT_INJECTION: forcing a failure. [ 482.442473][T13656] name failslab, interval 1, probability 0, space 0, times 0 [ 482.444824][ T10] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 482.456018][T13656] CPU: 1 UID: 0 PID: 13656 Comm: syz.4.2602 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 482.456044][T13656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 482.456055][T13656] Call Trace: [ 482.456063][T13656] [ 482.456071][T13656] dump_stack_lvl+0x189/0x250 [ 482.456098][T13656] ? __pfx____ratelimit+0x10/0x10 [ 482.456125][T13656] ? __pfx_dump_stack_lvl+0x10/0x10 [ 482.456146][T13656] ? __pfx__printk+0x10/0x10 [ 482.456169][T13656] ? __pfx___might_resched+0x10/0x10 [ 482.456189][T13656] ? fs_reclaim_acquire+0x7d/0x100 [ 482.456219][T13656] should_fail_ex+0x414/0x560 [ 482.456246][T13656] should_failslab+0xa8/0x100 [ 482.456270][T13656] __kmalloc_noprof+0xcb/0x4f0 [ 482.456290][T13656] ? tomoyo_encode+0x28b/0x550 [ 482.456314][T13656] tomoyo_encode+0x28b/0x550 [ 482.456340][T13656] tomoyo_realpath_from_path+0x58d/0x5d0 [ 482.456371][T13656] ? tomoyo_mount_permission+0x27a/0x970 [ 482.456391][T13656] tomoyo_mount_permission+0x377/0x970 [ 482.456414][T13656] ? tomoyo_mount_permission+0x27a/0x970 [ 482.456433][T13656] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 482.456510][T13656] security_sb_mount+0xec/0x350 [ 482.456534][T13656] path_mount+0xbc/0xfe0 [ 482.456557][T13656] ? user_path_at+0x44/0x60 [ 482.456574][T13656] ? kmem_cache_free+0x18f/0x400 [ 482.456604][T13656] __se_sys_mount+0x317/0x410 [ 482.456635][T13656] ? __pfx___se_sys_mount+0x10/0x10 [ 482.456658][T13656] ? rcu_is_watching+0x15/0xb0 [ 482.456683][T13656] ? do_syscall_64+0xbe/0x3b0 [ 482.456698][T13656] ? __x64_sys_mount+0x20/0xc0 [ 482.456725][T13656] do_syscall_64+0xfa/0x3b0 [ 482.456740][T13656] ? lockdep_hardirqs_on+0x9c/0x150 [ 482.456765][T13656] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.456782][T13656] ? clear_bhb_loop+0x60/0xb0 [ 482.456804][T13656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.456820][T13656] RIP: 0033:0x7f9be398e929 [ 482.456837][T13656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.456859][T13656] RSP: 002b:00007f9be4819038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 482.456878][T13656] RAX: ffffffffffffffda RBX: 00007f9be3bb6080 RCX: 00007f9be398e929 [ 482.456891][T13656] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000 [ 482.456902][T13656] RBP: 00007f9be4819090 R08: 0000000000000000 R09: 0000000000000000 [ 482.456914][T13656] R10: 0000000000400408 R11: 0000000000000246 R12: 0000000000000001 [ 482.456925][T13656] R13: 0000000000000000 R14: 00007f9be3bb6080 R15: 00007fff40609078 [ 482.456954][T13656] [ 482.456976][T13656] ERROR: Out of memory at tomoyo_realpath_from_path. [ 482.466636][ T10] usb 6-1: config 0 has an invalid interface number: 133 but max is 2 [ 482.735950][ T10] usb 6-1: config 0 has an invalid interface number: 176 but max is 2 [ 482.748930][ T10] usb 6-1: config 0 has an invalid interface number: 17 but max is 2 [ 482.757288][ T10] usb 6-1: config 0 has an invalid interface number: 189 but max is 2 [ 482.765510][ T10] usb 6-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 482.774526][ T10] usb 6-1: config 0 has no interface number 0 [ 482.781240][ T10] usb 6-1: config 0 has no interface number 1 [ 482.787411][ T10] usb 6-1: config 0 has no interface number 2 [ 482.793651][ T10] usb 6-1: config 0 has no interface number 3 [ 482.799735][ T10] usb 6-1: config 0 has no interface number 4 [ 482.806675][ T10] usb 6-1: config 0 interface 16 altsetting 14 bulk endpoint 0xA has invalid maxpacket 1023 [ 482.816911][ T10] usb 6-1: config 0 interface 16 altsetting 14 endpoint 0x4 has invalid maxpacket 511, setting to 64 [ 482.828020][ T10] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x4, skipping [ 482.838844][ T10] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xD, skipping [ 482.853125][ T10] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x7, skipping [ 482.864959][ T10] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xF, skipping [ 482.877774][ T10] usb 6-1: config 0 interface 133 altsetting 241 has an endpoint descriptor with address 0xAF, changing to 0x8F [ 482.890761][ T10] usb 6-1: config 0 interface 133 altsetting 241 has a duplicate endpoint with address 0x8F, skipping [ 482.902265][ T10] usb 6-1: config 0 interface 133 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 482.915579][ T10] usb 6-1: config 0 interface 176 altsetting 199 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 482.926850][ T10] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xC, skipping [ 482.937949][ T10] usb 6-1: config 0 interface 176 altsetting 199 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 482.949076][ T10] usb 6-1: config 0 interface 176 altsetting 199 has an invalid descriptor for endpoint zero, skipping [ 482.960274][ T10] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xA, skipping [ 482.971233][ T10] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 482.982362][ T10] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 482.993516][ T10] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 483.004539][ T10] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 483.015511][ T10] usb 6-1: config 0 interface 176 altsetting 199 has 11 endpoint descriptors, different from the interface descriptor's value: 29 [ 483.029011][ T10] usb 6-1: too many endpoints for config 0 interface 17 altsetting 174: 79, using maximum allowed: 30 [ 483.040108][ T10] usb 6-1: config 0 interface 17 altsetting 174 bulk endpoint 0xB has invalid maxpacket 552 [ 483.050281][ T10] usb 6-1: config 0 interface 17 altsetting 174 has a duplicate endpoint with address 0x8B, skipping [ 483.061214][ T10] usb 6-1: config 0 interface 17 altsetting 174 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 483.072532][ T10] usb 6-1: config 0 interface 17 altsetting 174 has 3 endpoint descriptors, different from the interface descriptor's value: 79 [ 483.085858][ T10] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x9, skipping [ 483.096782][ T10] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x84, skipping [ 483.107817][ T10] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x1, skipping [ 483.118806][ T10] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x3, skipping [ 483.129751][ T10] usb 6-1: config 0 interface 16 has no altsetting 0 [ 483.136513][ T10] usb 6-1: config 0 interface 133 has no altsetting 0 [ 483.143571][ T10] usb 6-1: config 0 interface 176 has no altsetting 0 [ 483.150386][ T10] usb 6-1: config 0 interface 17 has no altsetting 0 [ 483.157291][ T10] usb 6-1: config 0 interface 189 has no altsetting 0 [ 483.167591][ T10] usb 6-1: New USB device found, idVendor=2040, idProduct=7300, bcdDevice=f9.72 [ 483.176787][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.184983][ T10] usb 6-1: Product: syz [ 483.189163][ T10] usb 6-1: Manufacturer: syz [ 483.193875][ T10] usb 6-1: SerialNumber: syz [ 483.200719][ T10] usb 6-1: config 0 descriptor?? [ 483.207327][T13640] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 483.433811][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 483.443475][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 483.455022][T13664] kvm: kvm [13663]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400 [ 483.456624][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 483.485745][ T10] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 483.500785][ T10] usb 6-1: selecting invalid altsetting 0 [ 483.526963][ T10] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 483.535348][ T10] usb 6-1: selecting invalid altsetting 0 [ 483.545456][ T10] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 483.554429][ T10] usb 6-1: selecting invalid altsetting 0 [ 483.565515][ T10] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 483.573410][ T10] usb 6-1: selecting invalid altsetting 0 [ 483.583398][ T10] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 483.590916][ T10] usb 6-1: selecting invalid altsetting 0 [ 483.601712][ T10] usb 6-1: USB disconnect, device number 15 [ 483.615229][ T10] pvrusb2: Device being rendered inoperable [ 483.629720][ T10] pvrusb2: Device being rendered inoperable [ 483.655844][ T10] pvrusb2: Device being rendered inoperable [ 483.669243][ T10] pvrusb2: Device being rendered inoperable [ 483.693666][ T10] pvrusb2: Device being rendered inoperable [ 484.203058][T13678] /dev/nullb0: Can't open blockdev [ 484.246820][T13681] netlink: 'syz.5.2612': attribute type 2 has an invalid length. [ 484.277937][T13681] netlink: 'syz.5.2612': attribute type 1 has an invalid length. [ 484.737582][T13706] FAULT_INJECTION: forcing a failure. [ 484.737582][T13706] name failslab, interval 1, probability 0, space 0, times 0 [ 484.751506][T13706] CPU: 0 UID: 0 PID: 13706 Comm: syz.4.2622 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 484.751535][T13706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 484.751547][T13706] Call Trace: [ 484.751555][T13706] [ 484.751564][T13706] dump_stack_lvl+0x189/0x250 [ 484.751593][T13706] ? __pfx____ratelimit+0x10/0x10 [ 484.751624][T13706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 484.751645][T13706] ? __pfx__printk+0x10/0x10 [ 484.751671][T13706] ? __pfx___might_resched+0x10/0x10 [ 484.751693][T13706] ? fs_reclaim_acquire+0x7d/0x100 [ 484.751726][T13706] should_fail_ex+0x414/0x560 [ 484.751756][T13706] should_failslab+0xa8/0x100 [ 484.751783][T13706] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 484.751816][T13706] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 484.751838][T13706] ? v9fs_session_init+0xaf/0x19a0 [ 484.751857][T13706] ? legacy_get_tree+0xfa/0x1a0 [ 484.751874][T13706] ? vfs_get_tree+0x8f/0x2b0 [ 484.751905][T13706] kstrdup+0x42/0x100 [ 484.751935][T13706] v9fs_session_init+0xaf/0x19a0 [ 484.751984][T13706] ? __pfx_v9fs_session_init+0x10/0x10 [ 484.752011][T13706] ? v9fs_mount+0xb2/0xa10 [ 484.752036][T13706] ? __kasan_kmalloc+0x93/0xb0 [ 484.752061][T13706] ? v9fs_mount+0xb2/0xa10 [ 484.752088][T13706] v9fs_mount+0xc8/0xa10 [ 484.752115][T13706] ? __pfx_aa_get_newest_label+0x10/0x10 [ 484.752132][T13706] ? __pfx_v9fs_mount+0x10/0x10 [ 484.752151][T13706] ? rcu_is_watching+0x15/0xb0 [ 484.752173][T13706] legacy_get_tree+0xfa/0x1a0 [ 484.752186][T13706] ? __pfx_v9fs_mount+0x10/0x10 [ 484.752206][T13706] vfs_get_tree+0x8f/0x2b0 [ 484.752229][T13706] do_new_mount+0x24a/0xa40 [ 484.752257][T13706] __se_sys_mount+0x317/0x410 [ 484.752284][T13706] ? __pfx___se_sys_mount+0x10/0x10 [ 484.752304][T13706] ? rcu_is_watching+0x15/0xb0 [ 484.752324][T13706] ? do_syscall_64+0xbe/0x3b0 [ 484.752338][T13706] ? __x64_sys_mount+0x20/0xc0 [ 484.752361][T13706] do_syscall_64+0xfa/0x3b0 [ 484.752374][T13706] ? lockdep_hardirqs_on+0x9c/0x150 [ 484.752397][T13706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.752411][T13706] ? clear_bhb_loop+0x60/0xb0 [ 484.752429][T13706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.752443][T13706] RIP: 0033:0x7f9be398e929 [ 484.752457][T13706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.752471][T13706] RSP: 002b:00007f9be483a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 484.752489][T13706] RAX: ffffffffffffffda RBX: 00007f9be3bb5fa0 RCX: 00007f9be398e929 [ 484.752500][T13706] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 00002000000000c0 [ 484.752510][T13706] RBP: 00007f9be483a090 R08: 0000200000000040 R09: 0000000000000000 [ 484.752520][T13706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 484.752530][T13706] R13: 0000000000000000 R14: 00007f9be3bb5fa0 R15: 00007fff40609078 [ 484.752555][T13706] [ 485.108671][T13710] cgroup: none used incorrectly [ 485.134899][T13708] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2623'. [ 485.334935][T13714] netlink: 596 bytes leftover after parsing attributes in process `syz.2.2626'. [ 485.557922][T13722] netlink: 596 bytes leftover after parsing attributes in process `syz.2.2629'. [ 485.811030][T13732] FAULT_INJECTION: forcing a failure. [ 485.811030][T13732] name failslab, interval 1, probability 0, space 0, times 0 [ 485.835464][T13732] CPU: 0 UID: 0 PID: 13732 Comm: syz.2.2634 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 485.835496][T13732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 485.835508][T13732] Call Trace: [ 485.835517][T13732] [ 485.835525][T13732] dump_stack_lvl+0x189/0x250 [ 485.835552][T13732] ? __pfx____ratelimit+0x10/0x10 [ 485.835582][T13732] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.835604][T13732] ? __pfx__printk+0x10/0x10 [ 485.835642][T13732] ? __pfx___might_resched+0x10/0x10 [ 485.835663][T13732] ? fs_reclaim_acquire+0x7d/0x100 [ 485.835694][T13732] should_fail_ex+0x414/0x560 [ 485.835725][T13732] should_failslab+0xa8/0x100 [ 485.835753][T13732] __kmalloc_noprof+0xcb/0x4f0 [ 485.835775][T13732] ? rds_message_alloc+0x47/0x1f0 [ 485.835803][T13732] rds_message_alloc+0x47/0x1f0 [ 485.835825][T13732] rds_sendmsg+0xb11/0x1f00 [ 485.835865][T13732] ? __pfx_rds_sendmsg+0x10/0x10 [ 485.835885][T13732] ? aa_sk_perm+0x81e/0x950 [ 485.835911][T13732] ? __pfx_aa_sk_perm+0x10/0x10 [ 485.835937][T13732] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 485.835968][T13732] ? aa_sock_msg_perm+0x94/0x160 [ 485.835991][T13732] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 485.836020][T13732] ? __pfx_rds_sendmsg+0x10/0x10 [ 485.836044][T13732] __sock_sendmsg+0x219/0x270 [ 485.836069][T13732] ____sys_sendmsg+0x505/0x830 [ 485.836102][T13732] ? __pfx_____sys_sendmsg+0x10/0x10 [ 485.836139][T13732] ? import_iovec+0x74/0xa0 [ 485.836163][T13732] ___sys_sendmsg+0x21f/0x2a0 [ 485.836192][T13732] ? __pfx____sys_sendmsg+0x10/0x10 [ 485.836259][T13732] ? __fget_files+0x2a/0x420 [ 485.836286][T13732] ? __fget_files+0x3a0/0x420 [ 485.836325][T13732] __x64_sys_sendmsg+0x19b/0x260 [ 485.836354][T13732] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 485.836391][T13732] ? __pfx_ksys_write+0x10/0x10 [ 485.836414][T13732] ? rcu_is_watching+0x15/0xb0 [ 485.836442][T13732] ? do_syscall_64+0xbe/0x3b0 [ 485.836467][T13732] do_syscall_64+0xfa/0x3b0 [ 485.836485][T13732] ? lockdep_hardirqs_on+0x9c/0x150 [ 485.836514][T13732] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.836533][T13732] ? clear_bhb_loop+0x60/0xb0 [ 485.836558][T13732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.836577][T13732] RIP: 0033:0x7fb92698e929 [ 485.836595][T13732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.836620][T13732] RSP: 002b:00007fb927791038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.836642][T13732] RAX: ffffffffffffffda RBX: 00007fb926bb5fa0 RCX: 00007fb92698e929 [ 485.836656][T13732] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 485.836670][T13732] RBP: 00007fb927791090 R08: 0000000000000000 R09: 0000000000000000 [ 485.836683][T13732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.836696][T13732] R13: 0000000000000000 R14: 00007fb926bb5fa0 R15: 00007ffcec00a718 [ 485.836729][T13732] [ 486.347094][T13736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2635'. [ 488.008013][T13797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2658'. [ 488.331450][ T5957] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 488.513560][ T5957] usb 5-1: Using ep0 maxpacket: 32 [ 488.523735][ T5957] usb 5-1: config 0 has an invalid interface number: 16 but max is 2 [ 488.539418][ T5957] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 488.554223][ T5957] usb 5-1: config 0 has an invalid interface number: 133 but max is 2 [ 488.568386][ T5957] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 488.577810][ T5957] usb 5-1: config 0 has an invalid interface number: 17 but max is 2 [ 488.589717][ T5957] usb 5-1: config 0 has an invalid interface number: 189 but max is 2 [ 488.600180][ T5957] usb 5-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 488.613317][ T5957] usb 5-1: config 0 has no interface number 0 [ 488.619464][ T5957] usb 5-1: config 0 has no interface number 1 [ 488.626350][ T5957] usb 5-1: config 0 has no interface number 2 [ 488.633291][ T5957] usb 5-1: config 0 has no interface number 3 [ 488.639522][ T5957] usb 5-1: config 0 has no interface number 4 [ 488.646239][ T5957] usb 5-1: config 0 interface 16 altsetting 14 bulk endpoint 0xA has invalid maxpacket 1023 [ 488.661700][ T5957] usb 5-1: config 0 interface 16 altsetting 14 endpoint 0x4 has invalid maxpacket 511, setting to 64 [ 488.681396][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x4, skipping [ 488.718551][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xD, skipping [ 488.746814][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x7, skipping [ 488.771992][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xF, skipping [ 488.801485][ T5957] usb 5-1: config 0 interface 133 altsetting 241 has an endpoint descriptor with address 0xAF, changing to 0x8F [ 488.833459][ T5957] usb 5-1: config 0 interface 133 altsetting 241 has a duplicate endpoint with address 0x8F, skipping [ 488.853121][ T5957] usb 5-1: config 0 interface 133 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 488.870716][ T5957] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 488.882656][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xC, skipping [ 488.898429][ T5957] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 488.910152][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has an invalid descriptor for endpoint zero, skipping [ 488.927118][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xA, skipping [ 488.938292][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 488.955656][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 488.966862][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 488.978134][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 488.989369][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has 11 endpoint descriptors, different from the interface descriptor's value: 29 [ 489.003034][ T5957] usb 5-1: too many endpoints for config 0 interface 17 altsetting 174: 79, using maximum allowed: 30 [ 489.014428][ T5957] usb 5-1: config 0 interface 17 altsetting 174 bulk endpoint 0xB has invalid maxpacket 552 [ 489.026515][ T5957] usb 5-1: config 0 interface 17 altsetting 174 has a duplicate endpoint with address 0x8B, skipping [ 489.040046][ T5957] usb 5-1: config 0 interface 17 altsetting 174 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 489.056017][ T5957] usb 5-1: config 0 interface 17 altsetting 174 has 3 endpoint descriptors, different from the interface descriptor's value: 79 [ 489.070658][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x9, skipping [ 489.087412][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x84, skipping [ 489.098489][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x1, skipping [ 489.115335][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x3, skipping [ 489.126460][ T5957] usb 5-1: config 0 interface 16 has no altsetting 0 [ 489.133432][ T5957] usb 5-1: config 0 interface 133 has no altsetting 0 [ 489.140243][ T5957] usb 5-1: config 0 interface 176 has no altsetting 0 [ 489.149263][ T5957] usb 5-1: config 0 interface 17 has no altsetting 0 [ 489.156100][ T5957] usb 5-1: config 0 interface 189 has no altsetting 0 [ 489.166042][ T5957] usb 5-1: New USB device found, idVendor=2040, idProduct=7300, bcdDevice=f9.72 [ 489.175662][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.183867][ T5957] usb 5-1: Product: syz [ 489.188075][ T5957] usb 5-1: Manufacturer: syz [ 489.193837][ T5957] usb 5-1: SerialNumber: syz [ 489.211267][ T5957] usb 5-1: config 0 descriptor?? [ 489.218048][T13801] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 489.437918][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 489.454897][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 489.463660][ T5957] usb 5-1: selecting invalid altsetting 0 [ 489.478069][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 489.487138][ T5957] usb 5-1: selecting invalid altsetting 0 [ 489.497727][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 489.502064][ T5882] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 489.505689][ T5957] usb 5-1: selecting invalid altsetting 0 [ 489.526295][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 489.534532][ T5957] usb 5-1: selecting invalid altsetting 0 [ 489.551122][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 489.559581][ T5957] usb 5-1: selecting invalid altsetting 0 [ 489.570077][ T5957] usb 5-1: USB disconnect, device number 100 [ 489.581005][ T5957] pvrusb2: Device being rendered inoperable [ 489.590979][ T5957] pvrusb2: Device being rendered inoperable [ 489.603468][ T5957] pvrusb2: Device being rendered inoperable [ 489.613293][ T5957] pvrusb2: Device being rendered inoperable [ 489.624314][ T5957] pvrusb2: Device being rendered inoperable [ 489.671702][ T5882] usb 6-1: Using ep0 maxpacket: 32 [ 489.680139][ T5882] usb 6-1: config 195 has too many interfaces: 162, using maximum allowed: 32 [ 489.694562][ T5882] usb 6-1: config 195 has an invalid descriptor of length 199, skipping remainder of the config [ 489.709824][ T5882] usb 6-1: config 195 has 0 interfaces, different from the descriptor's value: 162 [ 489.722825][ T5882] usb 6-1: New USB device found, idVendor=05ac, idProduct=7319, bcdDevice= 0.ec [ 489.733351][ T5882] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 489.741492][ T5882] usb 6-1: Product: syz [ 489.745833][ T5882] usb 6-1: SerialNumber: syz [ 489.975445][ T5882] usb 6-1: USB disconnect, device number 16 [ 492.152193][ T5833] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 492.321737][ T5882] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 492.329541][ T5833] usb 5-1: Using ep0 maxpacket: 32 [ 492.341016][ T5833] usb 5-1: config 0 has an invalid interface number: 16 but max is 2 [ 492.363629][ T5833] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 492.380430][ T5833] usb 5-1: config 0 has an invalid interface number: 133 but max is 2 [ 492.389494][ T5833] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 492.398770][ T5833] usb 5-1: config 0 has an invalid interface number: 17 but max is 2 [ 492.409244][ T5833] usb 5-1: config 0 has an invalid interface number: 189 but max is 2 [ 492.418374][ T5833] usb 5-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 492.433859][ T5833] usb 5-1: config 0 has no interface number 0 [ 492.440096][ T5833] usb 5-1: config 0 has no interface number 1 [ 492.457415][ T5833] usb 5-1: config 0 has no interface number 2 [ 492.464560][ T5833] usb 5-1: config 0 has no interface number 3 [ 492.470759][ T5833] usb 5-1: config 0 has no interface number 4 [ 492.477437][ T5833] usb 5-1: config 0 interface 16 altsetting 14 bulk endpoint 0xA has invalid maxpacket 1023 [ 492.490532][ T5833] usb 5-1: config 0 interface 16 altsetting 14 endpoint 0x4 has invalid maxpacket 511, setting to 64 [ 492.511816][ T5882] usb 6-1: unable to get BOS descriptor or descriptor too short [ 492.530098][ T5882] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 492.549413][ T5833] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x4, skipping [ 492.561544][ T5882] usb 6-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 492.575514][ T5833] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xD, skipping [ 492.592341][ T5882] usb 6-1: config 1 interface 0 has no altsetting 1 [ 492.602240][ T5833] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x7, skipping [ 492.614969][ T5833] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xF, skipping [ 492.626035][ T5882] usb 6-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 492.635832][ T5882] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.644064][ T5833] usb 5-1: config 0 interface 133 altsetting 241 has an endpoint descriptor with address 0xAF, changing to 0x8F [ 492.682921][ T5882] usb 6-1: Product: syz [ 492.687159][ T5882] usb 6-1: Manufacturer: syz [ 492.702858][ T5833] usb 5-1: config 0 interface 133 altsetting 241 has a duplicate endpoint with address 0x8F, skipping [ 492.713993][ T5882] usb 6-1: SerialNumber: syz [ 492.733729][ T5882] smsusb:smsusb_probe: board id=8, interface number 0 [ 492.741091][ T5833] usb 5-1: config 0 interface 133 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 492.757041][ T5833] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 492.770213][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xC, skipping [ 492.783308][ T5833] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 492.795060][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has an invalid descriptor for endpoint zero, skipping [ 492.806908][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xA, skipping [ 492.904777][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 492.936305][ T5882] smsusb:smsusb_probe: Device initialized with return code -19 [ 492.944189][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 492.965362][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 492.990333][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 493.013343][ T5833] usb 5-1: config 0 interface 176 altsetting 199 has 11 endpoint descriptors, different from the interface descriptor's value: 29 [ 493.037326][ T5833] usb 5-1: too many endpoints for config 0 interface 17 altsetting 174: 79, using maximum allowed: 30 [ 493.069698][ T5833] usb 5-1: config 0 interface 17 altsetting 174 bulk endpoint 0xB has invalid maxpacket 552 [ 493.108699][ T5833] usb 5-1: config 0 interface 17 altsetting 174 has a duplicate endpoint with address 0x8B, skipping [ 493.142232][ T5833] usb 5-1: config 0 interface 17 altsetting 174 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 493.144379][T13867] dlm: no locking on control device [ 493.158956][ T5833] usb 5-1: config 0 interface 17 altsetting 174 has 3 endpoint descriptors, different from the interface descriptor's value: 79 [ 493.177688][ T5833] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x9, skipping [ 493.198394][ T5833] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x84, skipping [ 493.216980][ T5833] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x1, skipping [ 493.229464][ T5833] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x3, skipping [ 493.296224][ T5833] usb 5-1: config 0 interface 16 has no altsetting 0 [ 493.347771][ T5833] usb 5-1: config 0 interface 133 has no altsetting 0 [ 493.357945][ T5833] usb 5-1: config 0 interface 176 has no altsetting 0 [ 493.381482][ T5833] usb 5-1: config 0 interface 17 has no altsetting 0 [ 493.388353][ T5833] usb 5-1: config 0 interface 189 has no altsetting 0 [ 493.433122][ T5833] usb 5-1: New USB device found, idVendor=2040, idProduct=7300, bcdDevice=f9.72 [ 493.442547][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.450592][ T5833] usb 5-1: Product: syz [ 493.455059][ T5833] usb 5-1: Manufacturer: syz [ 493.459903][ T5833] usb 5-1: SerialNumber: syz [ 493.480191][ T5833] usb 5-1: config 0 descriptor?? [ 493.480431][ T5957] usb 6-1: USB disconnect, device number 17 [ 493.491448][T13863] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 493.713232][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 493.720812][ T5833] usb 5-1: selecting invalid altsetting 0 [ 493.735057][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 493.743228][ T5833] usb 5-1: selecting invalid altsetting 0 [ 493.754564][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 493.764921][ T5833] usb 5-1: selecting invalid altsetting 0 [ 493.777804][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 493.785877][ T5833] usb 5-1: selecting invalid altsetting 0 [ 493.797778][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 493.805574][ T5833] usb 5-1: selecting invalid altsetting 0 [ 493.822923][ T5833] usb 5-1: USB disconnect, device number 101 [ 493.839999][ T5833] pvrusb2: Device being rendered inoperable [ 493.852313][ T5833] pvrusb2: Device being rendered inoperable [ 493.865507][ T5833] pvrusb2: Device being rendered inoperable [ 493.882668][ T5833] pvrusb2: Device being rendered inoperable [ 493.889978][ T5833] pvrusb2: Device being rendered inoperable [ 494.429147][T13924] mkiss: ax0: crc mode is auto. [ 494.788389][T13939] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 495.139214][T13961] netlink: 'syz.4.2727': attribute type 4 has an invalid length. [ 495.269212][T13967] netlink: 'syz.4.2730': attribute type 4 has an invalid length. [ 495.646948][T13982] netlink: 'syz.5.2738': attribute type 4 has an invalid length. [ 495.711044][T13984] bond0: (slave rose0): Error: Device can not be enslaved while up [ 495.721513][ T5957] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 495.773811][T13986] netlink: 'syz.5.2740': attribute type 4 has an invalid length. [ 495.871463][ T5957] usb 5-1: Using ep0 maxpacket: 32 [ 495.879496][ T5957] usb 5-1: config 0 has an invalid interface number: 16 but max is 2 [ 495.888208][ T5957] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 495.897127][ T5957] usb 5-1: config 0 has an invalid interface number: 133 but max is 2 [ 495.905527][ T5957] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 495.913813][ T5957] usb 5-1: config 0 has an invalid interface number: 17 but max is 2 [ 495.922063][ T5957] usb 5-1: config 0 has an invalid interface number: 189 but max is 2 [ 495.930223][ T5957] usb 5-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 495.939443][ T5957] usb 5-1: config 0 has no interface number 0 [ 495.945698][ T5957] usb 5-1: config 0 has no interface number 1 [ 495.951852][ T5957] usb 5-1: config 0 has no interface number 2 [ 495.957956][ T5957] usb 5-1: config 0 has no interface number 3 [ 495.964145][ T5957] usb 5-1: config 0 has no interface number 4 [ 495.970311][ T5957] usb 5-1: config 0 interface 16 altsetting 14 bulk endpoint 0xA has invalid maxpacket 1023 [ 495.980548][ T5957] usb 5-1: config 0 interface 16 altsetting 14 endpoint 0x4 has invalid maxpacket 511, setting to 64 [ 495.993627][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x4, skipping [ 496.004671][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xD, skipping [ 496.016913][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x7, skipping [ 496.027922][ T5957] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xF, skipping [ 496.038991][ T5957] usb 5-1: config 0 interface 133 altsetting 241 has an endpoint descriptor with address 0xAF, changing to 0x8F [ 496.051115][ T5957] usb 5-1: config 0 interface 133 altsetting 241 has a duplicate endpoint with address 0x8F, skipping [ 496.062333][ T5957] usb 5-1: config 0 interface 133 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 496.075802][ T5957] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 496.087174][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xC, skipping [ 496.098248][ T5957] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 496.109571][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has an invalid descriptor for endpoint zero, skipping [ 496.120766][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xA, skipping [ 496.131765][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 496.142829][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 496.153780][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 496.164769][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 496.175749][ T5957] usb 5-1: config 0 interface 176 altsetting 199 has 11 endpoint descriptors, different from the interface descriptor's value: 29 [ 496.189309][ T5957] usb 5-1: too many endpoints for config 0 interface 17 altsetting 174: 79, using maximum allowed: 30 [ 496.200391][ T5957] usb 5-1: config 0 interface 17 altsetting 174 bulk endpoint 0xB has invalid maxpacket 552 [ 496.210584][ T5957] usb 5-1: config 0 interface 17 altsetting 174 has a duplicate endpoint with address 0x8B, skipping [ 496.221534][ T5957] usb 5-1: config 0 interface 17 altsetting 174 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 496.232669][ T5957] usb 5-1: config 0 interface 17 altsetting 174 has 3 endpoint descriptors, different from the interface descriptor's value: 79 [ 496.246998][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x9, skipping [ 496.258076][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x84, skipping [ 496.269643][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x1, skipping [ 496.280592][ T5957] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x3, skipping [ 496.291619][ T5957] usb 5-1: config 0 interface 16 has no altsetting 0 [ 496.298431][ T5957] usb 5-1: config 0 interface 133 has no altsetting 0 [ 496.305295][ T5957] usb 5-1: config 0 interface 176 has no altsetting 0 [ 496.312154][ T5957] usb 5-1: config 0 interface 17 has no altsetting 0 [ 496.318964][ T5957] usb 5-1: config 0 interface 189 has no altsetting 0 [ 496.328376][ T5957] usb 5-1: New USB device found, idVendor=2040, idProduct=7300, bcdDevice=f9.72 [ 496.337663][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.345900][ T5957] usb 5-1: Product: syz [ 496.350142][ T5957] usb 5-1: Manufacturer: syz [ 496.357242][ T5957] usb 5-1: SerialNumber: syz [ 496.365987][ T5957] usb 5-1: config 0 descriptor?? [ 496.372155][T13974] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 496.616426][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 496.630648][ T5957] pvrusb2: Failed to create hdw handler [ 496.637319][ T5957] pvrusb2 5-1:0.16: probe with driver pvrusb2 failed with error -12 [ 496.669422][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 496.679964][ T5957] pvrusb2: Failed to create hdw handler [ 496.691205][ T5957] pvrusb2 5-1:0.133: probe with driver pvrusb2 failed with error -12 [ 496.718899][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 496.727923][ T5957] pvrusb2: Failed to create hdw handler [ 496.734089][ T5957] pvrusb2 5-1:0.176: probe with driver pvrusb2 failed with error -12 [ 496.754486][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 496.772186][ T5957] pvrusb2: Failed to create hdw handler [ 496.777820][ T5957] pvrusb2 5-1:0.17: probe with driver pvrusb2 failed with error -12 [ 496.835681][ T5957] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 496.857443][ T5957] pvrusb2: Failed to create hdw handler [ 496.878033][ T5957] pvrusb2 5-1:0.189: probe with driver pvrusb2 failed with error -12 [ 496.898429][ T5957] usb 5-1: USB disconnect, device number 102 [ 497.185736][T14006] netlink: 'syz.2.2748': attribute type 4 has an invalid length. [ 497.331571][T14013] netlink: 'syz.4.2749': attribute type 4 has an invalid length. [ 497.464902][T14019] bond0: (slave rose0): Error: Device can not be enslaved while up [ 498.634355][T14041] netlink: 'syz.5.2763': attribute type 4 has an invalid length. Stopping sshd: stopped /usr/sbin/sshd (pid 5593) OK [ 499.535619][T14064] bond0: (slave rose0): Error: Device can not be enslaved while up Stopping crond: [ 499.769590][T14069] netlink: 'syz.0.2772': attribute type 4 has an invalid length. stopped /usr/sbin/crond (pid 5578) OK Stopping dhcpcd... stopped /sbin/dhcpcd (pid 5499) Stopping network: [ 500.951755][T14095] netlink: 'syz.0.2782': attribute type 4 has an invalid length. OK [ 501.449387][T14114] bond0: (slave rose0): Error: Device can not be enslaved while up Stopping iptables: [ 501.558619][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.565128][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.574853][ T2347] pvrusb2: request_firmware fatal error with code=-110 [ 501.596398][ T2347] pvrusb2: Failure uploading firmware1 [ 501.612394][ T2347] pvrusb2: Device initialization was not successful. [ 501.619154][ T2347] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 501.676144][ T2347] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 501.712380][ T5956] pvrusb2: Device being rendered inoperable [ 501.720796][ T2347] pvrusb2: Invalid write control endpoint [ 501.744877][ T2347] usb 3-1: Direct firmware load for v4l-pvrusb2-73xxx-01.fw failed with error -2 [ 501.792042][ T2347] usb 3-1: Falling back to sysfs fallback for: v4l-pvrusb2-73xxx-01.fw OK [ 501.849406][T14129] netlink: 'syz.2.2786': attribute type 4 has an invalid length. Stopping system message bus: [ 502.432984][ T5833] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 502.632635][ T5833] usb 6-1: Using ep0 maxpacket: 32 [ 502.650934][ T5833] usb 6-1: config 0 has an invalid interface number: 16 but max is 2 [ 502.690067][ T5833] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 502.721744][ T5833] usb 6-1: config 0 has an invalid interface number: 133 but max is 2 [ 502.730043][ T5833] usb 6-1: config 0 has an invalid interface number: 176 but max is 2 [ 502.801365][ T5833] usb 6-1: config 0 has an invalid interface number: 17 but max is 2 [ 502.809556][ T5833] usb 6-1: config 0 has an invalid interface number: 189 but max is 2 [ 502.854648][T14158] netlink: 'syz.2.2797': attribute type 4 has an invalid length. [ 502.855357][ T5833] usb 6-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 502.921577][ T5833] usb 6-1: config 0 has no interface number 0 [ 502.927784][ T5833] usb 6-1: config 0 has no interface number 1 [ 502.971386][ T5833] usb 6-1: config 0 has no interface number 2 [ 502.977591][ T5833] usb 6-1: config 0 has no interface number 3 [ 503.011392][ T5833] usb 6-1: config 0 has no interface number 4 [ 503.017642][ T5833] usb 6-1: config 0 interface 16 altsetting 14 bulk endpoint 0xA has invalid maxpacket 1023 [ 503.057653][ T5833] usb 6-1: config 0 interface 16 altsetting 14 endpoint 0x4 has invalid maxpacket 511, setting to 64 [ 503.110616][ T5833] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x4, skipping [ 503.171361][ T5833] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xD, skipping done [ 503.257127][ T5833] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x7, skipping [ 503.298186][ T5833] usb 6-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xF, skipping [ 503.351434][ T5833] usb 6-1: config 0 interface 133 altsetting 241 has an endpoint descriptor with address 0xAF, changing to 0x8F [ 503.381471][ T5833] usb 6-1: config 0 interface 133 altsetting 241 has a duplicate endpoint with address 0x8F, skipping [ 503.441373][ T5833] usb 6-1: config 0 interface 133 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 503.501401][ T5833] usb 6-1: config 0 interface 176 altsetting 199 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 503.531405][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xC, skipping [ 503.585258][ T5833] usb 6-1: config 0 interface 176 altsetting 199 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 503.622121][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has an invalid descriptor for endpoint zero, skipping [ 503.651378][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xA, skipping [ 503.706189][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 503.742212][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 503.791355][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 503.841377][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 503.884720][ T5833] usb 6-1: config 0 interface 176 altsetting 199 has 11 endpoint descriptors, different from the interface descriptor's value: 29 [ 503.922046][ T5833] usb 6-1: too many endpoints for config 0 interface 17 altsetting 174: 79, using maximum allowed: 30 [ 503.988555][ T5833] usb 6-1: config 0 interface 17 altsetting 174 bulk endpoint 0xB has invalid maxpacket 552 [ 503.990590][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 504.010928][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 504.020242][ T5833] usb 6-1: config 0 interface 17 altsetting 174 has a duplicate endpoint with address 0x8B, skipping [ 504.022599][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 504.060438][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 504.064455][ T5833] usb 6-1: config 0 interface 17 altsetting 174 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 504.084968][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 504.152856][ T5833] usb 6-1: config 0 interface 17 altsetting 174 has 3 endpoint descriptors, different from the interface descriptor's value: 79 [ 504.173005][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 504.209579][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 504.218334][ T5833] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x9, skipping [ 504.235480][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 504.236767][ T5833] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x84, skipping [ 504.273189][ T5833] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x1, skipping [ 504.302138][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 504.315904][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 504.375323][ T5833] usb 6-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x3, skipping [ 504.442358][ T5833] usb 6-1: config 0 interface 16 has no altsetting 0 [ 504.469717][ T5833] usb 6-1: config 0 interface 133 has no altsetting 0 [ 504.485135][T14175] caif0 speed is unknown, defaulting to 1000 [ 504.498397][ T5833] usb 6-1: config 0 interface 176 has no altsetting 0 [ 504.521516][ T5833] usb 6-1: config 0 interface 17 has no altsetting 0 [ 504.558871][ T5833] usb 6-1: config 0 interface 189 has no altsetting 0 [ 504.569531][ T5833] usb 6-1: New USB device found, idVendor=2040, idProduct=7300, bcdDevice=f9.72 [ 504.597876][ T5833] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.624520][ T5833] usb 6-1: Product: syz [ 504.628761][ T5833] usb 6-1: Manufacturer: syz [ 504.657573][ T5833] usb 6-1: SerialNumber: syz [ 504.679782][ T5833] usb 6-1: config 0 descriptor?? [ 504.696306][T14142] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 505.041654][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 505.067008][ T5833] usb 6-1: selecting invalid altsetting 0 [ 505.110484][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 505.134812][ T5833] pvrusb2: Failed to create hdw handler [ 505.154237][ T5833] pvrusb2 6-1:0.133: probe with driver pvrusb2 failed with error -12 [ 505.177479][T14191] netlink: 'syz.4.2805': attribute type 4 has an invalid length. [ 505.207627][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 505.228689][ T5833] pvrusb2: Failed to create hdw handler [ 505.245476][ T5833] pvrusb2 6-1:0.176: probe with driver pvrusb2 failed with error -12 [ 505.296565][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 505.330882][ T5833] pvrusb2: Failed to create hdw handler [ 505.347644][ T5833] pvrusb2 6-1:0.17: probe with driver pvrusb2 failed with error -12 [ 505.386753][ T5833] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx Stopping klogd: [ 505.407498][ T5833] pvrusb2: Failed to create hdw handler [ 505.421458][ T5833] pvrusb2 6-1:0.189: probe with driver pvrusb2 failed with error -12 [ 505.450557][ T5833] usb 6-1: USB disconnect, device number 18 [ 505.481049][ T5833] pvrusb2: Device being rendered inoperable OK Stopping acpid: [ 506.017219][T14175] chnl_net:caif_netlink_parms(): no params data found [ 506.341573][ T5834] Bluetooth: hci5: command tx timeout [ 506.355643][T14175] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.363127][T14175] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.370408][T14175] bridge_slave_0: entered allmulticast mode [ 506.380631][T14175] bridge_slave_0: entered promiscuous mode [ 506.390572][T14175] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.398612][T14175] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.407180][T14175] bridge_slave_1: entered allmulticast mode [ 506.415892][T14175] bridge_slave_1: entered promiscuous mode [ 506.510659][T14175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 506.535885][T14175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 506.598374][T14175] team0: Port device team_slave_0 added [ 506.609108][T14175] team0: Port device team_slave_1 added [ 506.631510][ T5882] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 506.693906][T14175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 506.701510][T14175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.741668][T14175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.782639][T14175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.799992][T14175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.825955][ C1] vkms_vblank_simulate: vblank timer overrun [ 506.842069][ T5882] usb 5-1: Using ep0 maxpacket: 32 [ 506.858452][ T5882] usb 5-1: config 0 has an invalid interface number: 16 but max is 2 [ 506.868793][ T5882] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 506.882470][ T5882] usb 5-1: config 0 has an invalid interface number: 133 but max is 2 [ 506.891397][T14175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.896713][ T5882] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 506.930915][ T5882] usb 5-1: config 0 has an invalid interface number: 17 but max is 2 [ 506.943789][ T5882] usb 5-1: config 0 has an invalid interface number: 189 but max is 2 [ 506.961401][ T5882] usb 5-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 506.981570][ T5882] usb 5-1: config 0 has no interface number 0 [ 507.009584][ T5882] usb 5-1: config 0 has no interface number 1 [ 507.029502][ T5882] usb 5-1: config 0 has no interface number 2 [ 507.044722][ T5882] usb 5-1: config 0 has no interface number 3 [ 507.059171][ T5882] usb 5-1: config 0 has no interface number 4 [ 507.081517][ T5882] usb 5-1: config 0 interface 16 altsetting 14 bulk endpoint 0xA has invalid maxpacket 1023 [ 507.082756][T14175] hsr_slave_0: entered promiscuous mode [ 507.110622][T14175] hsr_slave_1: entered promiscuous mode [ 507.112812][ T5882] usb 5-1: config 0 interface 16 altsetting 14 endpoint 0x4 has invalid maxpacket 511, setting to 64 [ 507.119456][T14175] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 507.144335][ T5882] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x4, skipping [ 507.149999][T14175] Cannot create hsr debugfs directory [ 507.199682][ T5882] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xD, skipping [ 507.221926][ T5882] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0x7, skipping [ 507.245874][ T5882] usb 5-1: config 0 interface 16 altsetting 14 has a duplicate endpoint with address 0xF, skipping [ 507.270171][ T5882] usb 5-1: config 0 interface 133 altsetting 241 has an endpoint descriptor with address 0xAF, changing to 0x8F [ 507.297088][ T5882] usb 5-1: config 0 interface 133 altsetting 241 has a duplicate endpoint with address 0x8F, skipping [ 507.309779][ T5882] usb 5-1: config 0 interface 133 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 507.327027][ T5882] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 507.348438][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xC, skipping [ 507.381768][ T5882] usb 5-1: config 0 interface 176 altsetting 199 endpoint 0xE has invalid maxpacket 512, setting to 64 OK [ 507.414607][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has an invalid descriptor for endpoint zero, skipping [ 507.448480][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xA, skipping [ 507.469920][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 507.500876][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 507.512210][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0xD, skipping [ 507.524259][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has a duplicate endpoint with address 0x3, skipping [ 507.544031][ T5882] usb 5-1: config 0 interface 176 altsetting 199 has 11 endpoint descriptors, different from the interface descriptor's value: 29 [ 507.586920][ T5882] usb 5-1: too many endpoints for config 0 interface 17 altsetting 174: 79, using maximum allowed: 30 [ 507.611009][ T5882] usb 5-1: config 0 interface 17 altsetting 174 bulk endpoint 0xB has invalid maxpacket 552 Stopping syslogd: [ 507.659805][ T5882] usb 5-1: config 0 interface 17 altsetting 174 has a duplicate endpoint with address 0x8B, skipping [ 507.695910][ T5882] usb 5-1: config 0 interface 17 altsetting 174 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 507.713843][ T5882] usb 5-1: config 0 interface 17 altsetting 174 has 3 endpoint descriptors, different from the interface descriptor's value: 79 [ 507.737736][T14175] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.752209][ T5882] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x9, skipping [ 507.779681][ T5882] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x84, skipping stopped /sbin/sy[ 507.802840][ T5882] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x1, skipping slogd (pid 5187)[ 507.815576][ T5882] usb 5-1: config 0 interface 189 altsetting 202 has a duplicate endpoint with address 0x3, skipping [ 507.830906][ T5882] usb 5-1: config 0 interface 16 has no altsetting 0 [ 507.838813][ T5882] usb 5-1: config 0 interface 133 has no altsetting 0 [ 507.847471][ T5882] usb 5-1: config 0 interface 176 has no altsetting 0 [ 507.855138][ T5882] usb 5-1: config 0 interface 17 has no altsetting 0 [ 507.862522][ T5882] usb 5-1: config 0 interface 189 has no altsetting 0 [ 507.872477][ T5882] usb 5-1: New USB device found, idVendor=2040, idProduct=7300, bcdDevice=f9.72 OK [ 507.902241][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.914604][ T5882] usb 5-1: Product: syz [ 507.929108][ T5882] usb 5-1: Manufacturer: syz [ 507.933986][ T5882] usb 5-1: SerialNumber: syz [ 507.942895][T14175] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.972547][ T5882] usb 5-1: config 0 descriptor?? [ 507.979000][T14236] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 508.089150][T14175] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.204283][ T5882] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 508.228124][T14175] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.230392][ T5882] pvrusb2: Failed to create hdw handler [ 508.266428][ T5882] pvrusb2 5-1:0.16: probe with driver pvrusb2 failed with error -12 [ 508.290903][ T5882] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 508.316608][ T5882] pvrusb2: Failed to create hdw handler [ 508.353344][ T5882] pvrusb2 5-1:0.133: probe with driver pvrusb2 failed with error -12 [ 508.380709][ T5882] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 508.423264][ T5882] pvrusb2: Failed to create hdw handler [ 508.439389][ T5834] Bluetooth: hci5: command tx timeout [ 508.447964][ T5882] pvrusb2 5-1:0.176: probe with driver pvrusb2 failed with error -12 [ 508.475595][ T5882] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 508.489996][ T5882] pvrusb2: Failed to create hdw handler [ 508.496352][ T5882] pvrusb2 5-1:0.17: probe with driver pvrusb2 failed with error -12 [ 508.518053][ T5882] pvrusb2: Hardware description: WinTV HVR-1900 Model 73xxx [ 508.532011][ T5882] pvrusb2: Failed to create hdw handler [ 508.537782][ T5882] pvrusb2 5-1:0.189: probe with driver pvrusb2 failed with error -12 [ 508.556954][ T5882] usb 5-1: USB disconnect, device number 103 umount: can't remount debugfs re[ 508.708929][T14175] netdevsim netdevsim0 netdevsim0: renamed from eth0 ad-only umount: tmpfs busy - remounted read-only [ 508.735924][T14175] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 508.780943][T14175] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 508.871005][T14175] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 509.251371][T14175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.296954][T14175] 8021q: adding VLAN 0 to HW filter on device team0 [ 509.343655][ T7935] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.352483][ T7935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.387499][ T7939] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.394718][ T7939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.633616][T14175] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network umount: sysfs busy - remounted read-only umount: devtmpfs busy - remounted read-only umount: can't remount /dev/root read-only The system is going down NOW! [ 510.088303][ T5205] udevd[5205]: could not touch /run/udev/queue: Read-only file system Sent SIGTERM to all processes Connection to 10.128.1.89 closed by remote host. [ 510.512021][ T5834] Bluetooth: hci5: command tx timeout [ 511.902918][ T7931] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.991206][ T7931] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 Sent SIGKILL to all processes Requesting system poweroff [ 512.119158][ T7931] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.188321][ T7931] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.289544][ T7931] bridge_slave_1: left allmulticast mode [ 512.295350][ T7931] bridge_slave_1: left promiscuous mode [ 512.301047][ T7931] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.310214][ T7931] bridge_slave_0: left allmulticast mode [ 512.316172][ T7931] bridge_slave_0: left promiscuous mode [ 512.321973][ T7931] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.649339][ T7931] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 512.660292][ T7931] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 512.670218][ T7931] bond0 (unregistering): Released all slaves [ 512.997457][ T7931] hsr_slave_0: left promiscuous mode [ 513.019120][ T7931] hsr_slave_1: left promiscuous mode [ 513.025060][ T7931] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 513.032604][ T7931] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 513.040276][ T7931] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 513.047955][ T7931] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 513.068322][ T7931] veth1_macvtap: left promiscuous mode [ 513.076548][ T7931] veth0_macvtap: left promiscuous mode [ 513.083005][ T7931] veth1_vlan: left promiscuous mode [ 513.088311][ T7931] veth0_vlan: left promiscuous mode [ 513.548377][ T7931] team0 (unregistering): Port device team_slave_1 removed [ 513.591585][ T7931] team0 (unregistering): Port device team_slave_0 removed [ 514.104968][T14323] smc: removing ib device syz2 [ 514.105309][ T2347] pvrusb2: ***WARNING*** Device fx2 controller firmware seems to be missing. [ 514.123707][ T2347] pvrusb2: Did you install the pvrusb2 firmware files in their proper location? [ 514.133074][ T2347] pvrusb2: request_firmware unable to locate fx2 controller file v4l-pvrusb2-73xxx-01.fw [ 514.143821][ T2347] pvrusb2: Failure uploading firmware1 [ 514.149350][ T2347] pvrusb2: Device initialization was not successful. [ 514.156431][ T2347] pvrusb2: Giving up since device microcontroller firmware appears to be missing. [ 514.168115][ T5956] pvrusb2: Device being rendered inoperable [ 514.169536][ T2347] usb 3-1: Direct firmware load for v4l-pvrusb2-73xxx-01.fw failed with error -2 [ 514.184035][ T2347] usb 3-1: Falling back to sysfs fallback for: v4l-pvrusb2-73xxx-01.fw [ 514.193406][ T2347] ------------[ cut here ]------------ [ 514.198892][ T2347] WARNING: CPU: 1 PID: 2347 at drivers/base/firmware_loader/fallback.c:148 firmware_fallback_sysfs+0x746/0x9b0 [ 514.210772][ T2347] Modules linked in: [ 514.215143][ T2347] CPU: 1 UID: 0 PID: 2347 Comm: pvrusb2-context Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 514.227864][ T2347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 514.237975][ T2347] RIP: 0010:firmware_fallback_sysfs+0x746/0x9b0 [ 514.244303][ T2347] Code: bd fb e9 5d fc ff ff e8 18 8d bd fb c6 05 52 1f a9 09 01 48 c7 c7 40 7f 0b 8c e8 b5 81 24 fb e9 85 fc ff ff e8 fb 8c bd fb 90 <0f> 0b 90 4c 89 f7 48 c7 c6 20 80 0b 8c 4c 89 e2 e8 95 96 29 fb e9 [ 514.264052][ T2347] RSP: 0018:ffffc90004b8f5d0 EFLAGS: 00010293 [ 514.270146][ T2347] RAX: ffffffff86030f55 RBX: dffffc0000000000 RCX: ffff88802a251e00 [ 514.278190][ T2347] RDX: 0000000000000000 RSI: 00000000fffffff5 RDI: 0000000000000000 [ 514.286205][ T2347] RBP: 0000000000000001 R08: ffffffff8fc232f7 R09: 1ffffffff1f8465e [ 514.294246][ T2347] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: ffffffff8c63fea0 [ 514.302278][ T2347] R13: 0000000000001770 R14: ffff88807c3ad0b0 R15: 00000000fffffff5 [ 514.310262][ T2347] FS: 0000000000000000(0000) GS:ffff888125b1c000(0000) knlGS:0000000000000000 [ 514.319209][ T2347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 514.325850][ T2347] CR2: 00007fb34ea84e9c CR3: 000000003436a000 CR4: 00000000003526f0 [ 514.333884][ T2347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 514.342022][ T2347] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 514.351831][ T2347] Call Trace: [ 514.355145][ T2347] [ 514.358133][ T2347] ? kmem_cache_free+0x18f/0x400 [ 514.363166][ T2347] ? _request_firmware+0x6be/0x15b0 [ 514.368391][ T2347] _request_firmware+0xf83/0x15b0 [ 514.373514][ T2347] ? __pfx__request_firmware+0x10/0x10 [ 514.379000][ T2347] ? rcu_is_watching+0x15/0xb0 [ 514.383799][ T2347] ? trace_contention_end+0x39/0x120 [ 514.389087][ T2347] ? __mutex_lock+0x330/0xe80 [ 514.393840][ T2347] request_firmware+0x36/0x50 [ 514.398539][ T2347] pvr2_locate_firmware+0xb3/0x500 [ 514.403717][ T2347] pvr2_upload_firmware1+0x1b4/0x900 [ 514.409047][ T2347] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 514.415073][ T2347] ? __pfx_pvr2_upload_firmware1+0x10/0x10 [ 514.420888][ T2347] pvr2_hdw_initialize+0x3df/0x3ac0 [ 514.426339][ T2347] ? __mutex_trylock_common+0x153/0x260 [ 514.431955][ T2347] ? __pfx_pvr2_hdw_initialize+0x10/0x10 [ 514.437627][ T2347] ? rcu_is_watching+0x15/0xb0 [ 514.442459][ T2347] ? pvr2_context_thread_func+0x263/0xaf0 [ 514.448179][ T2347] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 514.453849][ T2347] ? __pfx___mutex_lock+0x10/0x10 [ 514.458884][ T2347] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 514.464926][ T2347] ? pvr2_context_thread_func+0x3f2/0xaf0 [ 514.470666][ T2347] ? kfree+0x18e/0x440 [ 514.474771][ T2347] pvr2_context_thread_func+0x487/0xaf0 [ 514.480315][ T2347] ? __pfx_pvr2_context_thread_func+0x10/0x10 [ 514.486457][ T2347] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 514.493136][ T2347] ? __pfx_autoremove_wake_function+0x10/0x10 [ 514.499278][ T2347] ? __kthread_parkme+0x7b/0x200 [ 514.504362][ T2347] ? __kthread_parkme+0x1a1/0x200 [ 514.509424][ T2347] kthread+0x70e/0x8a0 [ 514.513545][ T2347] ? __pfx_pvr2_context_thread_func+0x10/0x10 [ 514.519645][ T2347] ? __pfx_kthread+0x10/0x10 [ 514.524285][ T2347] ? _raw_spin_unlock_irq+0x23/0x50 [ 514.529482][ T2347] ? lockdep_hardirqs_on+0x9c/0x150 [ 514.534709][ T2347] ? __pfx_kthread+0x10/0x10 [ 514.539301][ T2347] ret_from_fork+0x3f9/0x770 [ 514.543958][ T2347] ? __pfx_ret_from_fork+0x10/0x10 [ 514.549090][ T2347] ? __switch_to_asm+0x39/0x70 [ 514.553875][ T2347] ? __switch_to_asm+0x33/0x70 [ 514.558649][ T2347] ? __pfx_kthread+0x10/0x10 [ 514.563307][ T2347] ret_from_fork_asm+0x1a/0x30 [ 514.568102][ T2347] [ 514.571116][ T2347] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 514.578395][ T2347] CPU: 1 UID: 0 PID: 2347 Comm: pvrusb2-context Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 514.590793][ T2347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 514.600839][ T2347] Call Trace: [ 514.604114][ T2347] [ 514.607039][ T2347] dump_stack_lvl+0x99/0x250 [ 514.611625][ T2347] ? __asan_memcpy+0x40/0x70 [ 514.616210][ T2347] ? __pfx_dump_stack_lvl+0x10/0x10 [ 514.621416][ T2347] ? __pfx__printk+0x10/0x10 [ 514.626043][ T2347] panic+0x2db/0x790 [ 514.629950][ T2347] ? __pfx_panic+0x10/0x10 [ 514.634384][ T2347] ? ret_from_fork_asm+0x1a/0x30 [ 514.639339][ T2347] __warn+0x31b/0x4b0 [ 514.643324][ T2347] ? firmware_fallback_sysfs+0x746/0x9b0 [ 514.648973][ T2347] ? firmware_fallback_sysfs+0x746/0x9b0 [ 514.654619][ T2347] report_bug+0x2be/0x4f0 [ 514.658965][ T2347] ? firmware_fallback_sysfs+0x746/0x9b0 [ 514.664610][ T2347] ? firmware_fallback_sysfs+0x746/0x9b0 [ 514.670259][ T2347] ? firmware_fallback_sysfs+0x748/0x9b0 [ 514.675916][ T2347] handle_bug+0x84/0x160 [ 514.680167][ T2347] exc_invalid_op+0x1a/0x50 [ 514.684679][ T2347] asm_exc_invalid_op+0x1a/0x20 [ 514.689536][ T2347] RIP: 0010:firmware_fallback_sysfs+0x746/0x9b0 [ 514.695790][ T2347] Code: bd fb e9 5d fc ff ff e8 18 8d bd fb c6 05 52 1f a9 09 01 48 c7 c7 40 7f 0b 8c e8 b5 81 24 fb e9 85 fc ff ff e8 fb 8c bd fb 90 <0f> 0b 90 4c 89 f7 48 c7 c6 20 80 0b 8c 4c 89 e2 e8 95 96 29 fb e9 [ 514.715403][ T2347] RSP: 0018:ffffc90004b8f5d0 EFLAGS: 00010293 [ 514.721480][ T2347] RAX: ffffffff86030f55 RBX: dffffc0000000000 RCX: ffff88802a251e00 [ 514.729459][ T2347] RDX: 0000000000000000 RSI: 00000000fffffff5 RDI: 0000000000000000 [ 514.737439][ T2347] RBP: 0000000000000001 R08: ffffffff8fc232f7 R09: 1ffffffff1f8465e [ 514.745414][ T2347] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: ffffffff8c63fea0 [ 514.753393][ T2347] R13: 0000000000001770 R14: ffff88807c3ad0b0 R15: 00000000fffffff5 [ 514.761378][ T2347] ? firmware_fallback_sysfs+0x745/0x9b0 [ 514.767036][ T2347] ? kmem_cache_free+0x18f/0x400 [ 514.771985][ T2347] ? _request_firmware+0x6be/0x15b0 [ 514.777200][ T2347] _request_firmware+0xf83/0x15b0 [ 514.782251][ T2347] ? __pfx__request_firmware+0x10/0x10 [ 514.787732][ T2347] ? rcu_is_watching+0x15/0xb0 [ 514.792511][ T2347] ? trace_contention_end+0x39/0x120 [ 514.797806][ T2347] ? __mutex_lock+0x330/0xe80 [ 514.802491][ T2347] request_firmware+0x36/0x50 [ 514.807185][ T2347] pvr2_locate_firmware+0xb3/0x500 [ 514.812312][ T2347] pvr2_upload_firmware1+0x1b4/0x900 [ 514.817607][ T2347] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 514.823601][ T2347] ? __pfx_pvr2_upload_firmware1+0x10/0x10 [ 514.829426][ T2347] pvr2_hdw_initialize+0x3df/0x3ac0 [ 514.834646][ T2347] ? __mutex_trylock_common+0x153/0x260 [ 514.840207][ T2347] ? __pfx_pvr2_hdw_initialize+0x10/0x10 [ 514.845848][ T2347] ? rcu_is_watching+0x15/0xb0 [ 514.850629][ T2347] ? pvr2_context_thread_func+0x263/0xaf0 [ 514.856361][ T2347] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 514.862006][ T2347] ? __pfx___mutex_lock+0x10/0x10 [ 514.867035][ T2347] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 514.873026][ T2347] ? pvr2_context_thread_func+0x3f2/0xaf0 [ 514.878752][ T2347] ? kfree+0x18e/0x440 [ 514.882834][ T2347] pvr2_context_thread_func+0x487/0xaf0 [ 514.888389][ T2347] ? __pfx_pvr2_context_thread_func+0x10/0x10 [ 514.894461][ T2347] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 514.900363][ T2347] ? __pfx_autoremove_wake_function+0x10/0x10 [ 514.906445][ T2347] ? __kthread_parkme+0x7b/0x200 [ 514.911396][ T2347] ? __kthread_parkme+0x1a1/0x200 [ 514.916452][ T2347] kthread+0x70e/0x8a0 [ 514.920547][ T2347] ? __pfx_pvr2_context_thread_func+0x10/0x10 [ 514.926625][ T2347] ? __pfx_kthread+0x10/0x10 [ 514.931237][ T2347] ? _raw_spin_unlock_irq+0x23/0x50 [ 514.936453][ T2347] ? lockdep_hardirqs_on+0x9c/0x150 [ 514.941682][ T2347] ? __pfx_kthread+0x10/0x10 [ 514.946293][ T2347] ret_from_fork+0x3f9/0x770 [ 514.950893][ T2347] ? __pfx_ret_from_fork+0x10/0x10 [ 514.956016][ T2347] ? __switch_to_asm+0x39/0x70 [ 514.960787][ T2347] ? __switch_to_asm+0x33/0x70 [ 514.965560][ T2347] ? __pfx_kthread+0x10/0x10 [ 514.970164][ T2347] ret_from_fork_asm+0x1a/0x30 [ 514.974953][ T2347] [ 514.978117][ T2347] Kernel Offset: disabled [ 514.982441][ T2347] Rebooting in 86400 seconds..