last executing test programs: 7.408332441s ago: executing program 4 (id=1998): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0) recvfrom$inet6(r2, 0x0, 0x0, 0x40, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000), 0x0, 0x3bb) dup(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r4, 0x1, 0x13, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) 5.468832104s ago: executing program 4 (id=2007): pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020801"], 0x610000) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000c00009500000000000000bf9800000000000056080000000000018500000007000000b7000000000000009500000000000000927329b582c89f79afce06b213d8ea2b5ed973e7bb24ee147cd689872f947b55"], &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x400) unshare(0x2000700) bpf$PROG_BIND_MAP(0x23, &(0x7f00000000c0)={r3, r2}, 0xc) r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "020037e0"}, 0x0, 0x2, {0x0}}) r5 = socket$key(0xf, 0x3, 0x2) r6 = syz_open_dev$swradio(&(0x7f0000000380), 0x0, 0x2) r7 = syz_open_dev$swradio(&(0x7f0000000140), 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f0000000280)={0xa, @pix_mp={0x7f14, 0x8, 0x18777738, 0x0, 0x4, [{0x100}, {0x1, 0x56d0}, {0x6, 0x3}, {0x4}, {0x7, 0x10000}, {0x7}, {0x7f, 0x200}, {0x4, 0x1}], 0x1, 0xa0, 0x6, 0x2, 0x1}}) ioctl$VIDIOC_G_CTRL(r6, 0xc008561b, &(0x7f0000000000)={0xf0f040, 0x8}) sendmsg$key(r5, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000000e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0) r8 = gettid() ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, r8) tkill(r8, 0x13) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) 5.040408818s ago: executing program 1 (id=2008): syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x9c, 0x0, @wg}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x90, 0x300, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x7c, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/100}}}}}}, 0x0) 4.80263827s ago: executing program 1 (id=2009): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4) r1 = syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0) syz_io_uring_setup(0x38fe, 0x0, 0x0, 0x0) syz_usb_control_io$uac1(r1, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback, 0x6}, 0x1c) 4.660117406s ago: executing program 0 (id=2011): open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a5f000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x9, 0x1, 0x4}) ptrace(0x10, 0x1) write$binfmt_misc(r0, &(0x7f0000000000), 0xfffffecc) syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x200, 0x1, 0xfffffffd}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0) r5 = epoll_create1(0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x4}, 0x20) close_range(r5, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008b"]) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000300)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff00000000ae04020000000000be400300000000006504030001ed00007b130000000000004d44000000000000630a00fe000000007933000000000000b5030000000000009500000000000000023bc065b7a379d17cf9333379fc05000000912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554d1b583c587e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9a0200000000000000e3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb1d2cd871c5548930be3835f2554b4a28610643a98d9ec21ead2ed51b104d4d91af25b84550a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7076c15b463bebc72f526d8e4a9e231d512381e7a78afcb913466aae7f6df70252e79166d858fc152b659da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33d39000d06a59ff61622cfd9aa58fe8d485ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bde4cc3ed54d27f777e92b87496e6649cf728d236619074d6ebdf098bc908c423d228a40f9411fe7226a40409d6e37c4f46756d31cb46761bade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18de0ae564162a27afea62d84f3a10746443d64364f56e24e6d21053d901204a1deeed41556175cbd4041b7d301bcb72652d950ad31928b0b093778b68e2e9853c02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595bcf50ab32d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063b59261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfdce669e51731b2875353193f82ade69d0540059fe6c7fe7c00fb7502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abd47b64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022af46667cf25c5d3038816106dec28eaeb88343261a48a18f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfeff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c55318294270a1ad10d30fef7c24b78b29d83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead8eaf68b0c5dda0467d35a3807000000b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ea1e717d29135753208165b9cdbae037f315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d7012c1b45f6ada1ee7baa5b6a686b50f09b7f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac4d73a008364e0602a594817031fc2ff2c32a1989e00f52f8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e016820f78b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1b8f916b9671b7000000000040f4bee5ad2dea2d14e195265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879d4e7dc00624708042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b85343f9f36bcda9f64b7a5c5b2f5452f5b1de02e6f15c5640bf89d4a74d51dc233dee628c1dfbb5566b98478c174b34eb234481547e484c6af101396b6977dd668b401391c1dc54f2edccf1cabe6be9868d383eb937efdfd9ade018106f544f04fc07ad525497f65fbad3cf145396acf3b0d38e6b46e28d86880fd6f62c373000000000000000000005d194c27cd4d8f6727de79be80fb4493a0ee2e85f59c71dc84311c0f1fb6c87081c7be9355288610c32c2d8c18bf2027212182903687f48262aea54c5f8a315c9aa4a5af1aa2c4007d1baae38c270012b7eb9411ae451204dba30f8321b07a18db97c3e0cf6a15170e515b1cc463a67a5b2b23ec5662ccfa898b8d5075647bdfb390cde56efb8fd42df12c5c8f66bdc58449ec2b38bf12f5f0a49dcbcf4e6f11c47d23fa34793a0000a1cbb1e06e9a8d2449451d7a05ec0a0d3c9716f505ddeba488c60ebf44cac05c2739694359c925148137376dd3f1330ed0e9211f73ee279cc0b5c298422395ce438f48a39ff569375e609f9e904aacc3d8011326d5e4d654c74501cf16bbf72d3984f9b4ef000000003a8a3d49fc837001e4622e58e3a4ef6b55a8dd0680d951cdb6e54ed92a9a6a0e5e494b7b7b0ef4b4bafc5d964551b2a22bfd12b0761ef07a103e51e84917ee44f860b9785e264343f6a80e9318edecf73df6940856cd56c56eb3831445833c701044aaa49439a44a624267580b3c0980d7f87437bf498f6e1915450400000000000000564a02552c0a5fedbcf4da0db6ed03b9dbc224ee76d20aaf1ac74bcb7eb6f202209e64cc4d130dcf6ab3df8ae4911deb4bb5c7df97fc348d151e834be73915f854272f69d88123f666448b6a8e73322b04fffea9cc05e4129debf311c73b4d1a244b1e5b9943028745a0b6477686740ab877315e35624d791e6f71adb1acd3e22cf472ff7e048b16c11c84da9a3b16b92665912132a4dba680052919c20e191311d8092a09f3c609823fed1bd651ce1c34de105790ba2ca3afa26647f66efbf97b109e7226c74e32beb14ff3fd6918e255fc9b42f86b0188cf885afcc9bb77a7fc3ca7ec1015af494add960f8a11422ca005f24006867cd156e0350022943e301b2c07f4d37d07b05ac2fa1f1d5a0d6eb7e992b076bd77509c26034d2a740d578476410b413591884136259693effaf27e7bcfb58efa92625fb9bd68ecca42047f6e7d24b0446ea16a310073c163d1c6aa3ba1fe76b4e88d5f98cc05c6d033e2c28b4990892230d6b4e5c083a601a25145eb22f4f77313117f8147810d95c64fb78b0a000000000000000000000000e92ba8b066e4bd82bb6003d5da8791d838bcd6eefb13000000000000000000000000000000b652ff6fbad82da75114742bc6a27cba894ef490531be709a3a3c81b267dfafa55e6f855200b4e7518682c30f40808cd5bb8f00beb63b4989cc01d8e75a182337b9f9e08430ccec9bda0134d07a9f54b60033182f5d2bb61fd130d65e68bf148d26470060c707a8cf750ca954ee63c78cd975c7f565783383f02edcb7ce4a9ed0c511d18fe32352276d72eefe0d566f97ccae16b3492f60b96574aac4f1862fb6e4932c181dbf8c68ca16b765de9edba0bf5bfb9c4950d19c0bc31db02f374ce62141160436639d4b6cb0033a47ffdc54d55f1136743b1b26946f200000000000000007590ab8f29c7accd9d11786c4ca1271cd2293b572f14a3dfcaa3467f2783fc09e3eee3fa4b82b7b6ce904e05fa797a2f7ff63e4f874bd870821f6460904e05d7a3f8295a9a5fd21e3587b9d9e878c86ba9b66c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb, 0x0, 0xffffffffffffffff, 0xffffffffffffffd9, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0) read$FUSE(r9, &(0x7f0000000180)={0x2020}, 0x2024) ioctl$KVM_GET_MP_STATE(r9, 0x8004ae98, &(0x7f0000000240)) r10 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2) ioctl$VIDIOC_S_PARM(r10, 0xc0cc5616, &(0x7f0000000600)={0x3, @raw_data="3c5fdc22c9f221e0c41ffdf88a7ac19d70e556ebfc50e75b0c7a49b407cb09d3606df6c3ea24210969747a85c40de2197a8cc4f8d593fbb6d8a8b35760c9beb2a4085616bc469d833a6d90b6fc70aaf2cf9d0f16e45bd70159516ed5dbc3112f6345aa472390fb9a7a5331db7d30b11af6a727fdbcd30599bb8cc87862c9b91530c292be018277e9e5c0c4b7295c46accf84f098fd2cdb569df4315c1956c6fbc7ccf19a21c33dd342682f27bab8d40e853a8527c1420727204f8697b13221553e3396f8c550f7bb"}) syz_io_uring_setup(0x94d, &(0x7f0000000000)={0x0, 0x7e4e, 0x8000, 0x1, 0x322, 0x0, r0}, 0x0, 0x0) ioctl$EXT4_IOC_SETFSUUID(r7, 0x4008662c, &(0x7f00000021c0)={0x0, 0x0, "00e8ffffffffffffff0000000800"}) 4.129700244s ago: executing program 3 (id=2012): syz_open_dev$ttys(0xc, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40010002}) io_uring_enter(r2, 0x47f6, 0xeffd, 0x2, 0x0, 0x0) 3.67410544s ago: executing program 0 (id=2014): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r2 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 3.629505832s ago: executing program 2 (id=2015): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/vmstat\x00', 0x0, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r1, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) accept$inet(r6, &(0x7f0000000280)={0x2, 0x0, @multicast1}, &(0x7f00000002c0)=0x10) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x10, 0x42, 0x44, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r7}, 0x38) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x60}], 0x1, 0x7000, 0xfffffffc, 0x60) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) fsetxattr$security_evm(r2, &(0x7f0000000180), &(0x7f0000000200)=@ng={0x4, 0xb, "f9c23b"}, 0x5, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.cpu/syz1\x00', 0x1ff) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) clock_adjtime(0xffffffd3, &(0x7f0000000000)={0xb, 0x6, 0xfffffffffffffffe, 0x9, 0x7, 0xb, 0x651, 0xfffffffffffffffc, 0x9657, 0x0, 0x7fffffff, 0x0, 0x8, 0xb, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x0, 0x0, 0x5, 0x0, 0xfffffffffffffffa, 0x3, 0x2000000000000}) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) close_range(r0, 0xffffffffffffffff, 0x0) 3.526645878s ago: executing program 0 (id=2016): socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x2, {0x0, 0x0, 0x3}}, 0x18) sendmmsg(r0, &(0x7f0000008240)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001840)="7e2abb10106b65340329251949032004a321dbebedeb261b0416eaaaa581a0fa6e61f2ea51c579fccc6e03c2d4ae9b3994fc8b81d28a04981ba914d4f1742fdd0e4fff7b54b7cd469eabdd079b46176db7bbd27a27512115fc84fa351d6184a38d757991001698398fc444d7d6a73136e7cda9c5ed7b6c3c69381568706c26517a14340e1124c18c708abfc33509db0947308ebb9ed2a3236af1a186b0b341712633f669645a930e46ca4926a7351fd9f70b484602e7f49fedd1150605ac809727b20a9803beba73ea1818ccca97b651474565b9a55a930bd45dc1595aeb7c931862f5c80da60396c4e1ccd5b8377d019481aa6d135b929a89c889b4f8a943e113f7f99048215befd274abb61ce65c97158edfffacbca56719eb854be895282faf7b5d522afac231c1ca5c580fc0f7d25d4cd2a58eb13752cb18d3b59fdf2d56b790c3a6902892e7b93908d1d4ae45a844ba6b438415302c12d6985100e9fefadd7f889c6dafe58485ff85e6f8827cc03b19653ae3ba68e326a5535e95d3fef23f8b8ca4a80bb44adb6b4ae47678dc90c88176b8daa0318c7e6a1db083c8ed957a6e9864753d3eab61fdba674467bed0a67bfe42b2c2aaa9398067503914a6193f1309c09107efbfe2ae39c9317d0fdd84ca439fd5be79257bac331f8ca1af66c9d944b5f5a6e8a6517b8f90a384d8013709f218d81254d518881bec7d753b444191d7c31fca179cd155760d1e462ab0f7398d7027c36e77eb0642bc5692a02b06e35f1e577f202a2e4d2aebae27d92a5049699ed5aae6007d72615b35a46ee2c454d3f8f996ca577de87a1f1627db7d754297946424bcba4ee67e79eeb2c9c3d300ca7baee949345638f0e15520eda11bb86a768893caea9a6fa92b67997cea222d03b7005db634522a68280d310d92eeca0c5e2eada3d0f4ef403c59a656eae0c8fcca70a8e7d0375b71b9f69a36a4514de9c0b597533a305c32d8c8c80b4c461f0dff594afb396d7d583df86a4a8de6e8d9f73bfd4359f8f817aa3557ce8af1b9d954c4964beab03a70692967aaf7965895e28798ca5398f2013f44e5f5ff352e7256726b219aa062afc2219d4e335089d8d9ab1469046ee75c7bb99fde526201d1902fe136588f04d20d540ce3e7716b9d0478ea8af487efa785d62bbaf28d45117745d840abe149481a93b3a602646ec1e7538b31541f069d72c85908ee746fd3e0b6bf148e2efa9c9a5f4b4adf52b2ff773754506320db84d8777d509d1c790b94714ac58cb5f7c8b8eb5f6bd937f4d3916837af824c25e008083a88c422b2719d87c1945c09fdc014eb9e4e9aa54b0c81e0a1d4faa6d0ac71a2f4951323daea566f9b1bd839b5422b5a44884665ac5af0bac22d22dfc1dbed10f65d8918728d8102f0481ec543dc8e2212e8970b6772b3f4f523ca54cdebf33116fd2566", 0x401}], 0x1}}, {{0x0, 0x0, &(0x7f0000006ec0)=[{&(0x7f0000004a00)="c897eef44c054c9a0e1d27a17dd5f0886d9591e127ba5e0cbe4b43c9c34f8b3df700631ec139df569192827db1", 0x2d}, {0x0}, {0x0}], 0x3}}], 0x2, 0x800) syz_usb_connect(0x4, 0x0, 0x0, 0x0) 3.312347304s ago: executing program 2 (id=2017): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28) recvmmsg(r2, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0) recvfrom$inet6(r2, 0x0, 0x0, 0x40, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000), 0x0, 0x3bb) dup(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r4, 0x1, 0x13, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) 2.845380784s ago: executing program 3 (id=2018): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x20000014) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @random="431ed20dcef0"}]}, 0x28}}, 0x2004d080) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_open_dev$sndctrl(0x0, 0x1, 0x42240) openat$audio(0xffffffffffffff9c, 0x0, 0xa002, 0x0) syz_open_dev$vim2m(0x0, 0x0, 0x2) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x14) dup(r3) 2.653778275s ago: executing program 3 (id=2019): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) r1 = fsopen(&(0x7f0000000100)='bpf\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) r6 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) request_key(&(0x7f00000000c0)='.dead\x00', 0x0, &(0x7f0000000140)='#\xad]%&\x00', r6) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0a85322, &(0x7f00000003c0)={0x1003, 0x0, 'client0\x00', 0x0, "92c18f5458d5f54f", "c3e64652ce2fc415a5b53ac6428c8b50af67d6c99cdfe5c1e40001df2c325f95"}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r7) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r8, 0x0) r9 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x50, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r9, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000004000000000000000000000097000100ffffffff9500000000000000"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.395370476s ago: executing program 4 (id=2020): socket(0x1d, 0x2, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xfd85) r2 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000480)) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f05e, 0x0, '\x00', @p_u32=0x0}}) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f0000000080)='}\x00\x00', 0x3}, {&(0x7f0000000280)="ef559c94", 0x4}], 0x2, 0xa, 0x8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xec}}, 0x0) rseq(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00') open_tree(r5, &(0x7f0000000640)='\x00', 0x89901) mmap$KVM_VCPU(&(0x7f0000cce000/0x2000)=nil, 0x0, 0x0, 0x80010, r5, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c000280080001400000000208000240000000130500030000000000200001800700010063740000140002800800024000000011080004400000000c0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000500000a57ab490e"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = dup(r7) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$VIDIOC_S_CROP(r8, 0x4014563c, &(0x7f0000000080)={0x4, {0xffff8000, 0x8, 0x8c, 0x2}}) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x3, 0x7fff0000}]}) close_range(r9, 0xffffffffffffffff, 0x0) 1.850295015s ago: executing program 0 (id=2021): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r0, &(0x7f00000004c0)='U', 0x1, 0x20000090, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @private2, 0x8}, 0x1c) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r3}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000380)={0x0, r4, r3}) io_setup(0x9, &(0x7f0000000000)=0x0) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x8080, 0x0) r7 = syz_open_dev$vcsn(&(0x7f0000000100), 0x4, 0x284042) r8 = socket(0x10, 0x3, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x2) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r11, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x100, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x9}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x4, 0x4, 0x0, 0xffff, 0x6, 0x8}}}}, @TCA_STAB={0x90, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x7, 0x4, 0x73, 0x1, 0x1000, 0xffffffff, 0x4}}, {0xc, 0x2, [0x20, 0x8, 0x3, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0x8, 0x734, 0xfff, 0x2, 0x9, 0x200, 0x7}}, {0x12, 0x2, [0x0, 0x7, 0x1, 0xd5, 0x400, 0x3, 0x5]}}, {{0x1c, 0x1, {0x76, 0xda, 0x5, 0xffffffff, 0x0, 0x9e0, 0x1, 0xa}}, {0x18, 0x2, [0x0, 0x39c0, 0xa000, 0x9, 0x933, 0x10, 0x7, 0xfff, 0x80ae, 0x3]}}]}, @qdisc_kind_options=@q_clsact]}, 0xfffffffffffffe86}}, 0x40000) r12 = socket$nl_route(0x10, 0x3, 0x0) r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r13, 0x401054d5, &(0x7f0000000780)={0x3, &(0x7f0000000600)=[{0x2d}, {0x2}, {0x6}]}) close(0x3) sendmsg$nl_route_sched(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000026c0)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x10}, {0xe40ca4f7c51e5624}, {0xfff1, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4810}, 0x0) r14 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r14, 0xc0d05605, &(0x7f00000000c0)={0x2, @pix={0xfeedcafe, 0x8, 0x31435641, 0x9, 0x5, 0xb8, 0x3, 0x6, 0x0, 0x6, 0x0, 0x74c3924ecb75b6cd}}) io_cancel(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0xd41, r6, &(0x7f0000000080)="d1acb5e797cd777041c607434edb39d1533b2af9c10a2d7dd41d49ae23d32b073cbef9f4f740b810c38d392f9ca87f9b385764eebf4e1cb6db", 0x39, 0x98, 0x0, 0x2, r7}, &(0x7f0000000180)) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000002000a28000000000a01010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc124b696d065d6e3c133f8"], 0xfc}, 0x1, 0x0, 0x0, 0x200408c1}, 0x4000800) 1.572465764s ago: executing program 1 (id=2022): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000002c0), r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8923, &(0x7f00000000c0)={'dummy0\x00', @random}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000a00da0008000200e0f4ff0105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) 1.223011777s ago: executing program 3 (id=2023): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x2200) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000240)={0x0, 0x0, r5, r6, 0x1, 0x0, 0x4, 0x8, {0x6, 0xb, 0xe, 0x30b4, 0xc000, 0x2025, 0xfffe, 0x3, 0x3e40, 0x4, 0x0, 0x3, 0x2, 0xfffffffc, "12d5616343937ca9a58f1c702a4ccc476b1500"}}) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0xa04ce000) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_subtree(r0, &(0x7f00000003c0)={[{0x2b, 'hugetlb'}, {0x2d, 'cpuacct'}, {0x2d, 'io'}]}, 0x16) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000faffffff0000070000000900010073797a30000000007c000000090a010400000000000000000500000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000938001280340001800a0001006c696d6974000000240002800c00024000000000010010000c00014000000000000000010800034000010000080004"], 0xc4}}, 0x20054800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat2$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x2001, 0x80, 0x1}, 0x18) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r2, 0x8010661b, &(0x7f00000001c0)) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) close(0x3) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x30, r0, 0x0) 982.029961ms ago: executing program 1 (id=2024): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x2200) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000240)={0x0, 0x0, r5, r6, 0x1, 0x0, 0x4, 0x8, {0x6, 0xb, 0xe, 0x30b4, 0xc000, 0x2025, 0xfffe, 0x3, 0x3e40, 0x4, 0x0, 0x3, 0x2, 0xfffffffc, "12d5616343937ca9a58f1c702a4ccc476b1500"}}) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0xa04ce000) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4) socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_subtree(r0, &(0x7f00000003c0)={[{0x2b, 'hugetlb'}, {0x2d, 'cpuacct'}, {0x2d, 'io'}]}, 0x16) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000faffffff0000070000000900010073797a30000000007c000000090a010400000000000000000500000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000938001280340001800a0001006c696d6974000000240002800c00024000000000010010000c00014000000000000000010800034000010000080004"], 0xc4}}, 0x20054800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat2$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x2001, 0x80, 0x1}, 0x18) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r2, 0x8010661b, &(0x7f00000001c0)) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) close(0x3) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x30, r0, 0x0) 944.163569ms ago: executing program 3 (id=2025): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f0000000000)=0x1, 0xd, 0x2, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 852.052583ms ago: executing program 2 (id=2026): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r2 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 774.858641ms ago: executing program 4 (id=2027): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0xa888, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d787fd9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d863b1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c0156e4b754c5c648b4ef8af32c91859f9706048f029634cefd0d767e8b7743262cb8a468ad37dfa47a745495e3f03cfa1d4ed71af55453c0a25fa1122a9054bcc4d9960c9a54f36b6db55154ab7dd19890d9f8ff3549e0fbd5a655319566b7f9c72be0242e7ffb59020356c3ffb5b9c43858e69d7b677a9bc5b8a64721a51b75a254e07199a73726834bea05901455ad53b38116b953c970b2002d0d1f91deb73ccb7266fbb21aa8555599daed7585575ef3efbd737f2523018ba4645d862889d5c3d91b12f04166db8bffecde54ee278d0d5351f3bf1f8902ff3f4c24a8c0c8a4e6addc9baadc471813589324d3128a1b193137c15c01be9f367317b1c885301ff8e9df728efa37df27f65eb0464055091f2ed469fdab48f413e3978f73ff9dffeb85453e841f86594612ac91b50add8d14910748bfa903033662f3e735ce6d299ce52338a96035aa89f63bd59d151fb20c38125236cbc0d795ac6f8da4cafc74714ed62a23b017e15adcaade58385b78c6945fb30a2539c42b1e415879433b9fb6966c6d19ed19f9f90cbd360d936a8b9f8e03bca5a83c063651b4636a7783bbda6417c83e470a16dfb115344a527436242ace9341432b5816b5e6609d97d600e142ca3cf74cbc00e1d9ee203cdfad339ce460b294f3931c5bd8ae6da8fc14d66a01bae4a212ef3d914e58c13217c8ad91628636b56257c7ca41b404cc2d4b5d50e26ebefc74656c62b1b4e9b6c5b6cc8d79101460f719d95925630bf99e042018439c50026513d680ea573620132ded57dea9e2da4e16f17dbc171642b1e80a3f41311ee73441302285668792160db6614fdb30d25a5719d2ae03ab98ea167597c48dd8197e7faf6189d801134462027901506c5ff1ae2558d96722217f65131d2f429693ae9fae19c101319473608976d08cc1c0d98f789b0c364e8aca574321ab2857af1015f1588afd313503085db4d99961a9391db06c10477ceb44199f1648594e8f9b452fafdab49b1962d02ee77ebd31b7931174a729fa943cb18102130e7e08eaba77df066069c2c3564fc85881ba0dad12c4f06a9e6dea9fea53931ff85e38505eb7ad60a52e2a8a248b3f4d0d55eee31f75f110c70e3b12409a79a5a98b0156c6d2a5d94604b8fa202b12746a365c708c671316cc0ffff6e9b7139b337953be22672a4910e1eb28cccc023b77028e20a6d377a339372f0dc235069f41c2692b0a3a7e0f315f4aebeef435a46b2e8b8462739293f9184c01b1434e87bf3fd48be54bf437056a1d2cff0c7aa52578013f96b1d5100ca936ff029cfd6f9a093621f684196ed7e1d363a97c647c34fe5f2370e7ab9dc718a1fc317779ab8a04bc12c01b778d17eea0b546bce03475fc6373c860714df0322dde550186c553ebd61ed18c0b80655f0827a63d209117ca23b026c1ad30bac4d43a4611292c7049f855b829a3a17fd2b83c142078beed8ca07b7cb7cd624705ccc160246c81174a4d3a9f2057caffe84b1ac073375e065c1ff4e9e22e7d87b3adb40ff796132e4ed86e5fc9f9616f8e4116be96497621692fb516e9316cfd15ad01742a1de4aa35fe02861236295823edf4c48fc37faf55226044e393a3733d58e8ef0f0c7941bc30f09739f37dea2f395f2e9e9b2c31a11923a2d6c9b14f1bacce15094cbbd6445f3581c6d45b76943b4d0db8fd4d4acbdb91780f57c872827abd7a1f13290a0d17dda220493476c92ce65e33f07afcf763aec0e67450f547101f1a5ada0f760c8f12137679324e22c7a13fdf78575115acb0ae4a2818b7b3ead27eea5eccba6f7a34c61819382eebfad742a3c603c6d2f332726996b3e8fcbdfd56b436c1173b1b3bc1ab66a717e31f2f918f0bea3f4801e04c14c881c59324fd9bc38745dd0e47da6bc8e98fe74a760304d74f17cd3cfceb33503397cf592d2b6a51b641d559ba8d6dc449e19b289fd1a4b3772b3998181e787723fe3893362d8f3e346c0ab0abe933e9bdd9a82b377914018377af9d2cbc58ab4fc08cea2623174239cea585603b8acd20da923a44799b1745c3bd65640508f96a0d92a6a2fd8314573f10b4f6e6cbf61e8828bd6e69b1b0c47f5795917a5035b3424dc3cadd2aadbbafb9d18349fab41d79ba13660f2c9400ff87784b26c3e88785db8522c93d3d4f12608736a235c8b9fff98a17934fe36792cb1992ea1b72b5e151cfe82b4ebc4f510882e4b34ee9f6ada188b104ba36e8acbd7bafe39b32f957da45c2743017545fd61667d36d58952de0cdbacb3abc549e1001bf6d9b19f9a353bb84bd152e04c061c691b514d6f1b36a8895424ce210a4cd75d537443a2791dc68e9fff510358f7586d3b73ed04223e683adf6a1c79d3bc92aa595cc6167", 0xa91}], 0x2}, 0x0) 708.342335ms ago: executing program 1 (id=2028): unshare(0x2010d00) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) recvfrom(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000080)=0x2, 0x4) open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) 648.36088ms ago: executing program 4 (id=2029): timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_getoverrun(r0) r1 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x1, 0x28}, 0x18) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41, 0xfffe}, 0x1}}, 0x10) bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x1fb553244e946098, {{0x42, 0x200000c}, 0x1}}, 0x10) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x6, &(0x7f0000000240)={0x10, {{0x29, 0x0, 0x3000000, @empty}}}, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'sit0\x00'}) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f00000000c0)={0x8, 0x1, 0x2, "3a7107ca5de21f000000f373000000e0ff00", 0x56595559}) close_range(r6, 0xffffffffffffffff, 0x0) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000380)={'wg2\x00', 0x0}) bind$xdp(r3, &(0x7f0000000400)={0x2c, 0xa, r8, 0x3e, r1}, 0x10) r9 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r9, &(0x7f0000000140)=[{&(0x7f0000000240)="480000001400190d09004beafd0d8c562c84ed7a80ffe05e959126dda8900db462060f000000000000a2bc5603ca00000f7f8900000ec00000000101ff0000000309ff5bffff00c7", 0x48}], 0x1) setsockopt$inet_group_source_req(r1, 0x0, 0x2c, &(0x7f0000000080)={0x2, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x4e21, @empty}}}, 0x108) r10 = io_uring_setup(0x3fd6, &(0x7f00000002c0)={0x0, 0x5cc4, 0x800, 0x8, 0x286, 0x0, r1}) syz_io_uring_setup(0x512c, &(0x7f00000001c0)={0x0, 0xfc96, 0x0, 0x3, 0x183, 0x0, r10}, &(0x7f0000000240), &(0x7f0000000280)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000340)={0x6, 0xa, 0x1, 0x0, 0x6}) 617.730224ms ago: executing program 2 (id=2030): socket(0x10, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1bd441, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4000}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) move_pages(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000000/0x1000)=nil], &(0x7f0000000040)=[0x1], 0x0, 0x2) socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000780), 0x400000, 0x0) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r5, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, 0x0, 0x0, 0x4, 0x3d, &(0x7f00000007c0)="b97515c3ba88265208462c8b6339557fec1ec191aa96f28d6ac012ae3a81197d19c53a5e1be074b6bfba5d884ae455a2f7b0e7527ed13c62799bbf6bf3"}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x48}}, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003c00c9242bbd6712f31c2152096c7000fbdbdf2507000000", @ANYRES32=r8, @ANYBLOB="80001e0a0a000200aaaaaaaaaa1b000008000f0000000000"], 0x30}, 0x1, 0x0, 0x0, 0xc0041}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) sendmmsg$inet6(r6, &(0x7f0000000180), 0x0, 0x40000) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="c98562edf8f465e58f8f3ae1cc4d076aab1210d0e8b5fa44a31c0ee9e36c27e34548179419f8c374a3cbc30f6e252d4c034cfd969e72a8d1f740e80e4a546d6d13f30de324916b0c0b5c4764d514518af157ee4ecd91f6f7d01192db68b830f73f15c977e134138ff70c140bfa89892862b9817654553ec8afec3e436a98012893d205c52b4ebd3b8236d0591efd3101b05752f4c031f6470d24b4630becb895a601a1840c8f6843a879e6067adc685e721a5b3ac605b1625f831d7680308b329f3e2f07d7320919e29cfffe0000000000000000000000000000008a6e4cb8cf15cd4f3cd8d6f964a7c32209f67a160dfb20a48c382402f05f8c5872555dbab356f6107282cbda0ba5", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) recvmmsg(0xffffffffffffffff, &(0x7f0000000800), 0x62, 0x12141, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0xe4800, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x1, 0xffe0}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x6}}}]}, 0x38}}, 0x0) socket(0x400000000010, 0x80000, 0x0) 535.784099ms ago: executing program 1 (id=2031): socket(0x2a, 0x2, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x2, {0x0, 0x0, 0x3}}, 0x18) sendmmsg(r0, &(0x7f0000008240)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001840)="7e2abb10106b65340329251949032004a321dbebedeb261b0416eaaaa581a0fa6e61f2ea51c579fccc6e03c2d4ae9b3994fc8b81d28a04981ba914d4f1742fdd0e4fff7b54b7cd469eabdd079b46176db7bbd27a27512115fc84fa351d6184a38d757991001698398fc444d7d6a73136e7cda9c5ed7b6c3c69381568706c26517a14340e1124c18c708abfc33509db0947308ebb9ed2a3236af1a186b0b341712633f669645a930e46ca4926a7351fd9f70b484602e7f49fedd1150605ac809727b20a9803beba73ea1818ccca97b651474565b9a55a930bd45dc1595aeb7c931862f5c80da60396c4e1ccd5b8377d019481aa6d135b929a89c889b4f8a943e113f7f99048215befd274abb61ce65c97158edfffacbca56719eb854be895282faf7b5d522afac231c1ca5c580fc0f7d25d4cd2a58eb13752cb18d3b59fdf2d56b790c3a6902892e7b93908d1d4ae45a844ba6b438415302c12d6985100e9fefadd7f889c6dafe58485ff85e6f8827cc03b19653ae3ba68e326a5535e95d3fef23f8b8ca4a80bb44adb6b4ae47678dc90c88176b8daa0318c7e6a1db083c8ed957a6e9864753d3eab61fdba674467bed0a67bfe42b2c2aaa9398067503914a6193f1309c09107efbfe2ae39c9317d0fdd84ca439fd5be79257bac331f8ca1af66c9d944b5f5a6e8a6517b8f90a384d8013709f218d81254d518881bec7d753b444191d7c31fca179cd155760d1e462ab0f7398d7027c36e77eb0642bc5692a02b06e35f1e577f202a2e4d2aebae27d92a5049699ed5aae6007d72615b35a46ee2c454d3f8f996ca577de87a1f1627db7d754297946424bcba4ee67e79eeb2c9c3d300ca7baee949345638f0e15520eda11bb86a768893caea9a6fa92b67997cea222d03b7005db634522a68280d310d92eeca0c5e2eada3d0f4ef403c59a656eae0c8fcca70a8e7d0375b71b9f69a36a4514de9c0b597533a305c32d8c8c80b4c461f0dff594afb396d7d583df86a4a8de6e8d9f73bfd4359f8f817aa3557ce8af1b9d954c4964beab03a70692967aaf7965895e28798ca5398f2013f44e5f5ff352e7256726b219aa062afc2219d4e335089d8d9ab1469046ee75c7bb99fde526201d1902fe136588f04d20d540ce3e7716b9d0478ea8af487efa785d62bbaf28d45117745d840abe149481a93b3a602646ec1e7538b31541f069d72c85908ee746fd3e0b6bf148e2efa9c9a5f4b4adf52b2ff773754506320db84d8777d509d1c790b94714ac58cb5f7c8b8eb5f6bd937f4d3916837af824c25e008083a88c422b2719d87c1945c09fdc014eb9e4e9aa54b0c81e0a1d4faa6d0ac71a2f4951323daea566f9b1bd839b5422b5a44884665ac5af0bac22d22dfc1dbed10f65d8918728d8102f0481ec543dc8e2212e8970b6772b3f4f523ca54cdebf33116fd2566", 0x401}], 0x1}}, {{0x0, 0x0, &(0x7f0000006ec0)=[{&(0x7f0000004a00)="c897eef44c054c9a0e1d27a17dd5f0886d9591e127ba5e0cbe4b43c9c34f8b3df700631ec139df569192827db1", 0x2d}, {0x0}, {0x0}], 0x3}}], 0x2, 0x800) syz_usb_connect(0x4, 0x0, 0x0, 0x0) 393.489255ms ago: executing program 0 (id=2032): socket$kcm(0x10, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x80800) socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x5, 0x32315258, 0x0, 0x0, [{0x0, 0x4}, {}, {}, {}, {}, {}, {0x0, 0x2}], 0x0, 0x0, 0x0, 0x1, 0x2}}) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r2], 0x90}}, 0x0) 381.856332ms ago: executing program 4 (id=2033): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) fsopen(&(0x7f00000000c0)='jffs2\x00', 0x1) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000700)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000000)={r1, r2, 0x1, 0x0, 0x3}) close(0x3) r3 = socket$kcm(0x2d, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r4}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000080)={r5}) setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, &(0x7f00000006c0)={0xffffffffffffffff, 0x0, 0x9, 0x0, 0x8000}, 0xc) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r6, 0x6, 0x9, 0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x4002894, &(0x7f00000005c0)={0x0, 0xa57b, 0x40, 0x8001, 0x30e}, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000002000/0x3000)=nil, &(0x7f0000000000/0xe000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000008000/0x2000)=nil, &(0x7f0000260000/0x4000)=nil, &(0x7f0000008000/0x3000)=nil, &(0x7f0000947000/0x1000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000969000/0x1000)=nil, &(0x7f0000663000/0x1000)=nil, &(0x7f000000c000/0x2000)=nil, 0x0}, 0x68) r7 = socket(0x2b, 0x1, 0x1) listen(r7, 0x6) syz_usb_connect(0x2, 0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bd3619204433f0224def010203010902400001020000000904"], 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000000202010400000000000000000a0000003c0002802c00018014000300fe8000000000000000000000000000aa140004000c000280050001008800"/80], 0x50}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x70bd30, 0x0, {0x0, 0x0, 0x0, r9, {0xfff3, 0xfff1}, {0x0, 0x3}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40020) sendmsg$nl_route(r8, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000005e00200027bd7000fcdbdf2500000000", @ANYRES32=r9, @ANYBLOB="0500000041838d992570026a26175696cdeeb25974c721e2ceb86dad8b1a1b0c2bf9bdb5aa6981411cd0a594350c385872a46d80886be2eeb93ad739963daddb0e6a3ab457c8cd3c59787c450cec4b1a467e1cfab489856f4de85a35fdbd9370cf3ae7571e4e39b7252f6644a834fed4284d95aae5bf5ba391f6e06217c56bd2df5e6c3b969a1e184b83a970627ad53bd77d01000000000000006e5004c7bf5dbe000000000000000000000000e46e2893fa9e59439a3b71da1d136c5b514f36d3ff65b507c3a2cc6120ebe036574f0cf2cb3711e6f58ecd80f4af7232ec7fa3f6d20c045d989cb7d97337fa243ef71cddae7512dbc7c12343c792b3894e900e82777c0376c08bbc842c6d3019594c0db1179e15ae012c9ecaf37b661a98ccdf4fd1cceec2e8bf228318ceea04143ae2028b94139bf7623cabfaabdd3f082119ad5c8f19bcc89d526c479aca77b0fd9b564817"], 0x1c}, 0x1, 0x0, 0x0, 0x91}, 0x1) syz_io_uring_setup(0xfb, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, 0x0, 0x0) 315.640644ms ago: executing program 2 (id=2034): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x408, 0x3a0, 0x150, 0x150, 0x0, 0xf8010000, 0x480, 0x238, 0x238, 0x480, 0x238, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x1f0, 0x258, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x5, 0x4}, {0x2, 0x6, 0x5}, {0x4, 0x2, 0x6}, 0x1, 0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x468) syz_emit_ethernet(0x4e, &(0x7f0000000580)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x18, 0x3a, 0xff, @private1, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @empty=0x41000000}}}}}}}, 0x0) 261.01223ms ago: executing program 2 (id=2035): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xfffffffc}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) quotactl$Q_SETINFO(0xffffffff80000601, 0x0, 0x0, &(0x7f0000000440)={0x5, 0x2, 0x1, 0x2}) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8982, &(0x7f0000000140)={0x3, 'dummy0\x00', {0xfffffeff}, 0x6}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1400000010000100000000ff000000000000000a20000000000a03000000000000000000010000000900010073797a300002000068000000090a010400000000fcff0000010000"], 0xb0}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r6, 0x8001000000000000, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x11, 0x148, 0xf8, 0x0, 0x188, 0x2a8, 0x2a8, 0x188, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x4, 0x4, 0xd, 0x0, 0x9]}, {0x0, [0x2, 0x188, 0x0, 0x2], 0x3}}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x6, 0x0, {0x2, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}}, 0x1c}}, 0x48010) r7 = add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)='\x00\x00', 0x2, r0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@bridge_dellink={0x9c, 0x11, 0x1, 0x70bd2b, 0x25dfdbfc, {0x7, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x2}, @IFLA_AF_SPEC={0x6c, 0x1a, 0x0, 0x1, [@AF_BRIDGE={0x4}, @AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x7, 0x0, 0x0, 0xf}]}}, @AF_BRIDGE={0x4}, @AF_MPLS={0x4}, @AF_MPLS={0x4}, @AF_BRIDGE={0x4}, @AF_INET={0x20, 0x2, 0x0, 0x1, {0x1c, 0x1, 0x0, 0x1, [{0x8, 0xc, 0x0, 0x0, 0x4}, {0x8, 0x1e, 0x0, 0x0, 0x9}, {0x8, 0x1f, 0x0, 0x0, 0x401}]}}, @AF_INET={0x20, 0x2, 0x0, 0x1, {0x1c, 0x1, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x0, 0x3}, {0x8, 0x7, 0x0, 0x0, 0x2}, {0x8, 0x17, 0x0, 0x0, 0x8001}]}}, @AF_BRIDGE={0x4}]}, @IFLA_GROUP={0x8, 0x1b, 0x3}]}, 0x9c}, 0x1, 0x0, 0x0, 0x810}, 0x8080) syz_usb_connect(0x3, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0xd8, 0x57, 0xe0, 0x40, 0xdfc, 0x1, 0xc19, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0xe5, 0x0, 0x0, 0x25, 0x7d, 0x27}}]}}]}}, 0x0) keyctl$get_security(0x11, r7, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x3, 0x401, {0xffffffffffffffff}, {0xee01}, 0x401, 0x3ff}) r9 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r9, 0xc004500a, &(0x7f0000000040)=0x12) writev(r9, 0x0, 0x0) 166.761629ms ago: executing program 0 (id=2036): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28) recvmmsg(r3, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0) recvfrom$inet6(r3, 0x0, 0x0, 0x40, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000), 0x0, 0x3bb) dup(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r5, 0x1, 0x13, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) 0s ago: executing program 3 (id=2037): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0xe23, 0x4000007, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x10000000}, 0x1c) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x2a, &(0x7f0000000200)=@raw=[@cb_func={0x18, 0x1, 0x4, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @generic={0x0, 0x3, 0x5, 0x9, 0xce}, @ldst={0x2, 0x1, 0x1, 0x8, 0x6, 0x4, 0x3a6b95a19abf0adf}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5d6}}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffff9}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], &(0x7f0000000000)='syzkaller\x00', 0x9, 0x4e, &(0x7f0000000440)=""/78, 0x41000, 0x85, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x1, 0x4}, 0x8, 0x10, &(0x7f00000000c0)={0x4, 0x3, 0x6, 0xe3db}, 0x10, 0x0, 0x0, 0x6, &(0x7f00000003c0)=[0xffffffffffffffff], &(0x7f00000004c0)=[{0x4, 0x3, 0xd, 0xa}, {0x0, 0x3, 0xd, 0x1}, {0x4, 0x1, 0x9, 0x1}, {0x5, 0x3, 0x5, 0x5}, {0x1, 0x3, 0x3, 0x2}, {0x3, 0x3, 0x7, 0x5}], 0x10, 0xfc6, @void, @value}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000540)={r2, r3}) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) mlockall(0x7) shutdown(r2, 0x2) close(r2) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r4 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r4, 0x0, 0x4000000a, 0x0) close(0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="0100000010651fbe347b2c2b00000c000180080001"], 0x20}}, 0x0) r5 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="130300007800911fdabcf8b3077fa54a07"], 0xfe33) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921ff00010122b00b09058103100002ba07424ae89cf7d629f944a4bedd8607e44fa2444bf40ddf534ff8c07cb111"], 0x0) mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0) mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0) socket$nl_route(0x10, 0x3, 0x0) kernel console output (not intermixed with test programs): 07f60599b5fa0 RCX: 00007f605978e969 [ 549.377615][T11606] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 000000000000000e [ 549.377629][T11606] RBP: 00007f605a6b8090 R08: 0000000000000000 R09: 0000000000000000 [ 549.377642][T11606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.377655][T11606] R13: 0000000000000000 R14: 00007f60599b5fa0 R15: 00007f6059adfa28 [ 549.377686][T11606] [ 549.829470][ C1] vkms_vblank_simulate: vblank timer overrun [ 549.904364][T11608] ptrace attach of "./syz-executor exec"[5845] was attempted by "\x09   . [ 551.234581][ T5890] usb 3-1: USB disconnect, device number 87 [ 551.579624][T11626] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1630'. [ 551.918120][ T5893] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 551.919199][ T5890] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 552.058034][ T5893] usb 2-1: device descriptor read/64, error -71 [ 552.098133][ T5890] usb 3-1: device descriptor read/64, error -71 [ 552.318094][ T3078] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 552.388154][ T5890] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 553.328000][ T5893] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 553.378024][ T5890] usb 3-1: device descriptor read/64, error -71 [ 553.478628][ T5893] usb 2-1: device descriptor read/64, error -71 [ 553.488581][ T5890] usb usb3-port1: attempt power cycle [ 553.496135][ T3078] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 553.507322][ T3078] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 553.526760][ T3078] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 553.549361][ T3078] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.598761][ T5893] usb usb2-port1: attempt power cycle [ 553.621127][ T3078] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 553.645154][ T3078] usb 1-1: invalid MIDI out EP 0 [ 553.910174][T11637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.948541][T11637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 553.954847][ T5890] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 553.979839][T11637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.988616][ T5893] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 554.029508][ T5893] usb 2-1: device descriptor read/8, error -71 [ 554.038787][ T5890] usb 3-1: device descriptor read/8, error -71 [ 554.072042][ T3078] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 554.088231][T11637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.170717][T11637] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1632'. [ 554.207386][T11637] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 554.299155][ T5890] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 554.320287][ T5890] usb 3-1: device descriptor read/8, error -71 [ 554.348041][ T5893] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 554.518406][ T5890] usb usb3-port1: unable to enumerate USB device [ 554.534661][ T5893] usb 2-1: device descriptor read/8, error -71 [ 554.587679][T11648] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1635'. [ 554.649067][ T5893] usb usb2-port1: unable to enumerate USB device [ 555.559207][ T3078] usb 1-1: USB disconnect, device number 85 [ 556.918060][ T5891] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 557.018164][ T3078] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 557.088039][ T5891] usb 1-1: device descriptor read/64, error -71 [ 557.168172][ T3078] usb 3-1: device descriptor read/64, error -71 [ 557.878164][ T5891] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 557.982331][ T3078] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 558.257414][ T3078] usb 3-1: device descriptor read/64, error -71 [ 558.264164][ T5891] usb 1-1: device descriptor read/64, error -71 [ 558.382130][ T3078] usb usb3-port1: attempt power cycle [ 558.398327][ T5891] usb usb1-port1: attempt power cycle [ 558.748044][ T5891] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 558.755747][ T3078] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 558.778872][ T3078] usb 3-1: device descriptor read/8, error -71 [ 558.785487][ T5891] usb 1-1: device descriptor read/8, error -71 [ 558.788698][ T9] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 558.983627][ T9] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 559.008238][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.016409][ T9] usb 4-1: Product: syz [ 559.021645][ T3078] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 559.025441][ T9] usb 4-1: Manufacturer: syz [ 559.034353][ T5891] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 559.037950][ T9] usb 4-1: SerialNumber: syz [ 559.064703][ T3078] usb 3-1: device descriptor read/8, error -71 [ 559.078909][ T5891] usb 1-1: device descriptor read/8, error -71 [ 559.175464][ T9] usb 4-1: config 0 descriptor?? [ 559.178542][ T3078] usb usb3-port1: unable to enumerate USB device [ 559.248298][ T5891] usb usb1-port1: unable to enumerate USB device [ 559.418059][ T978] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 559.600028][ T9] usb 4-1: Firmware: major: 108, minor: 98, hardware type: RZUSB (3) [ 559.883489][ T9] usb 4-1: Firmware: build Һzl [ 559.890603][ T978] usb 5-1: config 0 has no interfaces? [ 559.983069][ T978] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 559.996024][ T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.016251][ T9] usb 4-1: failed to fetch extended address, random address set [ 560.028588][ T978] usb 5-1: Product: syz [ 560.035754][ T978] usb 5-1: Manufacturer: syz [ 560.048733][ T978] usb 5-1: SerialNumber: syz [ 560.084007][ T978] usb 5-1: config 0 descriptor?? [ 560.105383][T11716] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:0026 with DS=0x7 [ 560.158228][ T47] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 560.247164][ T9] usb 4-1: USB disconnect, device number 75 [ 560.356989][ T47] usb 1-1: Using ep0 maxpacket: 8 [ 560.405207][ T47] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 560.447995][ T47] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 560.473890][ T47] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 560.505249][ T47] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 560.544328][ T47] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 560.561797][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.818382][ T3078] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 560.835841][ T47] usb 1-1: GET_CAPABILITIES returned 0 [ 560.852700][ T47] usbtmc 1-1:16.0: can't read capabilities [ 560.988226][ T3078] usb 3-1: Using ep0 maxpacket: 32 [ 561.001004][ T3078] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 561.013290][ T3078] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.036946][ T3078] usb 3-1: config 0 descriptor?? [ 561.068425][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.081735][ T3078] rndis_host 3-1:0.0: probe with driver rndis_host failed with error -22 [ 561.111240][T11738] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1660'. [ 561.128012][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.137184][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.150418][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.159589][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.168741][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.350831][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.364683][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.373844][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.382984][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.392112][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.541671][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.550926][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.560065][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.569672][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 561.616106][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 561.631551][ T9] usb 1-1: USB disconnect, device number 90 [ 562.065697][T11751] FAULT_INJECTION: forcing a failure. [ 562.065697][T11751] name failslab, interval 1, probability 0, space 0, times 0 [ 562.086267][T11751] CPU: 0 UID: 0 PID: 11751 Comm: syz.1.1664 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 562.086296][T11751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 562.086318][T11751] Call Trace: [ 562.086324][T11751] [ 562.086332][T11751] dump_stack_lvl+0x189/0x250 [ 562.086361][T11751] ? __pfx_dump_stack_lvl+0x10/0x10 [ 562.086383][T11751] ? __pfx__printk+0x10/0x10 [ 562.086403][T11751] ? ref_tracker_alloc+0x318/0x460 [ 562.086421][T11751] should_fail_ex+0x414/0x560 [ 562.086448][T11751] should_failslab+0xa8/0x100 [ 562.086470][T11751] kmem_cache_alloc_noprof+0x73/0x3c0 [ 562.086488][T11751] ? skb_clone+0x212/0x3a0 [ 562.086512][T11751] skb_clone+0x212/0x3a0 [ 562.086534][T11751] __netlink_deliver_tap+0x404/0x850 [ 562.086560][T11751] ? netlink_deliver_tap+0x2e/0x1b0 [ 562.086576][T11751] netlink_deliver_tap+0x19c/0x1b0 [ 562.086593][T11751] netlink_unicast+0x72f/0x8d0 [ 562.086624][T11751] netlink_sendmsg+0x805/0xb30 [ 562.086647][T11751] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.086666][T11751] ? aa_sock_msg_perm+0x94/0x160 [ 562.086683][T11751] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 562.086699][T11751] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.086715][T11751] __sock_sendmsg+0x219/0x270 [ 562.086741][T11751] ____sys_sendmsg+0x505/0x830 [ 562.086763][T11751] ? __pfx_____sys_sendmsg+0x10/0x10 [ 562.086789][T11751] ? import_iovec+0x74/0xa0 [ 562.086811][T11751] ___sys_sendmsg+0x21f/0x2a0 [ 562.086832][T11751] ? __pfx____sys_sendmsg+0x10/0x10 [ 562.086880][T11751] ? __fget_files+0x2a/0x420 [ 562.086898][T11751] ? __fget_files+0x3a0/0x420 [ 562.086931][T11751] __x64_sys_sendmsg+0x19b/0x260 [ 562.086958][T11751] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 562.087004][T11751] ? do_syscall_64+0xba/0x210 [ 562.087034][T11751] do_syscall_64+0xf6/0x210 [ 562.087059][T11751] ? clear_bhb_loop+0x45/0xa0 [ 562.087077][T11751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.087091][T11751] RIP: 0033:0x7f5117f8e969 [ 562.087105][T11751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.087118][T11751] RSP: 002b:00007f5118d89038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 562.087134][T11751] RAX: ffffffffffffffda RBX: 00007f51181b5fa0 RCX: 00007f5117f8e969 [ 562.087145][T11751] RDX: 0000000004000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 562.087155][T11751] RBP: 00007f5118d89090 R08: 0000000000000000 R09: 0000000000000000 [ 562.087170][T11751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 562.087182][T11751] R13: 0000000000000000 R14: 00007f51181b5fa0 R15: 00007f51182dfa28 [ 562.087213][T11751] [ 562.349967][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.008403][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.015010][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.037453][ T5890] usb 5-1: USB disconnect, device number 85 [ 563.794568][ T9] usb 3-1: USB disconnect, device number 96 [ 564.528401][ T9] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 564.718187][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 564.728997][ T9] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 564.740872][ T9] usb 3-1: config 0 has no interface number 0 [ 564.766197][ T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 564.785147][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.785745][T11784] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1672'. [ 564.796877][ T9] usb 3-1: Product: syz [ 564.808189][ T9] usb 3-1: Manufacturer: syz [ 564.820422][ T9] usb 3-1: SerialNumber: syz [ 564.838252][ T978] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 564.847474][ T9] usb 3-1: config 0 descriptor?? [ 564.877328][ T9] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 565.035449][ T978] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 565.114941][ T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 565.127935][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.149516][ T978] usb 2-1: Product: syz [ 565.157040][ T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 565.166667][ T978] usb 2-1: Manufacturer: syz [ 565.175454][ T978] usb 2-1: SerialNumber: syz [ 565.195364][ T978] usb 2-1: config 0 descriptor?? [ 565.532211][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 565.574469][ T9] usb 3-1: USB disconnect, device number 97 [ 565.613614][ T978] usb 2-1: Firmware: major: 108, minor: 98, hardware type: RZUSB (3) [ 565.654648][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 565.694134][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 565.879316][ T978] usb 2-1: Firmware: build Һzl [ 565.885910][ T9] quatech2 3-1:0.51: device disconnected [ 565.928020][ T3078] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 565.983054][T11802] futex_wake_op: syz.4.1677 tries to shift op by 32; fix this program [ 566.070532][ T978] usb 2-1: failed to fetch extended address, random address set [ 566.088956][ T3078] usb 4-1: Using ep0 maxpacket: 8 [ 566.102442][ T3078] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 566.115206][ T3078] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 566.137990][ T3078] usb 4-1: Product: syz [ 566.142214][ T3078] usb 4-1: Manufacturer: syz [ 566.146836][ T3078] usb 4-1: SerialNumber: syz [ 566.206158][ T3078] usb 4-1: config 0 descriptor?? [ 566.254170][ T3078] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 566.299670][ T978] usb 2-1: USB disconnect, device number 84 [ 566.438151][T11800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.456730][T11809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 566.460741][T11800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.515143][T11809] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 566.758658][ T5893] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 567.078531][ T3078] gspca_zc3xx: reg_r err -110 [ 567.101965][ T3078] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 567.106185][ T5893] usb 3-1: config 0 has no interfaces? [ 567.129560][ T5893] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 567.139049][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.162766][ T5893] usb 3-1: Product: syz [ 567.185169][ T5893] usb 3-1: Manufacturer: syz [ 567.238140][ T5893] usb 3-1: SerialNumber: syz [ 567.287409][T11809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.298336][ T5893] usb 3-1: config 0 descriptor?? [ 567.306250][T11809] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 567.459062][T11825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1681'. [ 568.309629][T11838] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1684'. [ 568.894546][T11829] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 569.041826][T11841] netlink: 550 bytes leftover after parsing attributes in process `syz.4.1685'. [ 570.096596][T11853] xt_hashlimit: invalid rate [ 570.108941][T11853] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1689'. [ 570.148040][ T9] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 570.158826][ T5890] usb 3-1: USB disconnect, device number 98 [ 570.333633][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 570.343050][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.368227][ T5893] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 570.404873][ T9] usb 2-1: config 0 descriptor?? [ 570.494538][ T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input44 [ 570.563380][ T5893] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 570.595712][ T5893] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 570.620944][ T5893] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 570.641176][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.719021][T11858] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 570.761860][ T5893] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 572.200308][ T47] usb 1-1: USB disconnect, device number 91 [ 573.060315][ T5893] usb 2-1: USB disconnect, device number 85 [ 573.240987][T11885] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 573.247252][T11885] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 573.260598][T11899] netlink: 'syz.3.1696': attribute type 16 has an invalid length. [ 573.318025][T11885] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 573.336409][T11885] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 573.382261][T11885] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 573.536172][ T3078] usb 4-1: USB disconnect, device number 76 [ 574.022059][T11903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1701'. [ 574.035928][T11903] FAULT_INJECTION: forcing a failure. [ 574.035928][T11903] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 574.054158][T11903] CPU: 0 UID: 0 PID: 11903 Comm: syz.2.1701 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 574.054180][T11903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 574.054190][T11903] Call Trace: [ 574.054197][T11903] [ 574.054204][T11903] dump_stack_lvl+0x189/0x250 [ 574.054233][T11903] ? __pfx_dump_stack_lvl+0x10/0x10 [ 574.054254][T11903] ? __pfx__printk+0x10/0x10 [ 574.054279][T11903] should_fail_ex+0x414/0x560 [ 574.054307][T11903] _copy_to_user+0x31/0xb0 [ 574.054329][T11903] simple_read_from_buffer+0xe1/0x170 [ 574.054351][T11903] proc_fail_nth_read+0x1df/0x250 [ 574.054379][T11903] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.054410][T11903] ? rw_verify_area+0x258/0x650 [ 574.054432][T11903] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 574.054462][T11903] vfs_read+0x1fd/0x980 [ 574.054486][T11903] ? __pfx___mutex_lock+0x10/0x10 [ 574.054505][T11903] ? __pfx_vfs_read+0x10/0x10 [ 574.054521][T11903] ? __fget_files+0x2a/0x420 [ 574.054543][T11903] ? __fget_files+0x3a0/0x420 [ 574.054561][T11903] ? __fget_files+0x2a/0x420 [ 574.054586][T11903] ksys_read+0x145/0x250 [ 574.054601][T11903] ? rcu_is_watching+0x15/0xb0 [ 574.054624][T11903] ? __pfx_ksys_read+0x10/0x10 [ 574.054642][T11903] ? do_syscall_64+0xba/0x210 [ 574.054663][T11903] do_syscall_64+0xf6/0x210 [ 574.054681][T11903] ? clear_bhb_loop+0x45/0xa0 [ 574.054705][T11903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.054720][T11903] RIP: 0033:0x7f30abb8d37c [ 574.054734][T11903] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 574.054748][T11903] RSP: 002b:00007f30acacc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 574.054763][T11903] RAX: ffffffffffffffda RBX: 00007f30abdb5fa0 RCX: 00007f30abb8d37c [ 574.054774][T11903] RDX: 000000000000000f RSI: 00007f30acacc0a0 RDI: 0000000000000004 [ 574.054783][T11903] RBP: 00007f30acacc090 R08: 0000000000000000 R09: 0000000000000000 [ 574.054792][T11903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 574.054801][T11903] R13: 0000000000000000 R14: 00007f30abdb5fa0 R15: 00007f30abedfa28 [ 574.054824][T11903] [ 574.273322][ C0] vkms_vblank_simulate: vblank timer overrun [ 574.910084][T11908] fuse: Bad value for 'group_id' [ 574.915103][T11908] fuse: Bad value for 'group_id' [ 574.923876][T11907] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1703'. [ 575.279107][T11140] Bluetooth: hci0: command 0x0c1a tx timeout [ 575.285417][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 575.358123][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 575.364315][T11140] Bluetooth: hci2: command 0x0c1a tx timeout [ 575.438138][T11140] Bluetooth: hci4: command 0x0c1a tx timeout [ 575.930968][T11922] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1708'. [ 575.962416][T11922] tipc: Enabling of bearer rejected, media not registered [ 576.238078][ T978] usb 1-1: new full-speed USB device number 92 using dummy_hcd [ 576.378328][ T978] usb 1-1: device descriptor read/64, error -71 [ 576.419075][ T5893] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 576.610743][ T5893] usb 4-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 576.620544][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.639452][ T5893] usb 4-1: config 0 descriptor?? [ 576.658218][ T978] usb 1-1: new full-speed USB device number 93 using dummy_hcd [ 576.722139][ T5893] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input45 [ 576.858191][ T978] usb 1-1: device descriptor read/64, error -71 [ 576.968456][ T978] usb usb1-port1: attempt power cycle [ 577.318140][ T978] usb 1-1: new full-speed USB device number 94 using dummy_hcd [ 577.348890][ T978] usb 1-1: device descriptor read/8, error -71 [ 577.598126][ T978] usb 1-1: new full-speed USB device number 95 using dummy_hcd [ 577.639413][ T978] usb 1-1: device descriptor read/8, error -71 [ 577.759575][ T978] usb usb1-port1: unable to enumerate USB device [ 577.848199][ T3078] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 577.998003][ T3078] usb 3-1: Using ep0 maxpacket: 8 [ 578.013908][ T3078] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 578.046312][ T3078] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.084323][ T3078] usb 3-1: Product: syz [ 578.105635][ T3078] usb 3-1: Manufacturer: syz [ 578.121028][ T3078] usb 3-1: SerialNumber: syz [ 578.136821][ T3078] usb 3-1: config 0 descriptor?? [ 578.252279][T11947] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1716'. [ 578.365549][ T3078] dvb_usb_rtl28xxu 3-1:0.0: chip type detection failed -71 [ 578.383844][ T3078] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 578.423080][ T3078] usb 3-1: USB disconnect, device number 99 [ 578.718084][ T978] usb 2-1: new low-speed USB device number 86 using dummy_hcd [ 578.882673][ T978] usb 2-1: unable to get BOS descriptor or descriptor too short [ 578.897715][ T978] usb 2-1: string descriptor 0 read error: -22 [ 578.912225][ T978] usb 2-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 578.932432][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.953344][ T978] usb 2-1: config 0 descriptor?? [ 579.063436][T11955] FAULT_INJECTION: forcing a failure. [ 579.063436][T11955] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 579.073229][T11956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1719'. [ 579.089152][T11955] CPU: 1 UID: 0 PID: 11955 Comm: syz.2.1720 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 579.089182][T11955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 579.089196][T11955] Call Trace: [ 579.089205][T11955] [ 579.089214][T11955] dump_stack_lvl+0x189/0x250 [ 579.089252][T11955] ? __pfx_dump_stack_lvl+0x10/0x10 [ 579.089282][T11955] ? __pfx__printk+0x10/0x10 [ 579.089316][T11955] should_fail_ex+0x414/0x560 [ 579.089361][T11955] _copy_to_user+0x31/0xb0 [ 579.089393][T11955] simple_read_from_buffer+0xe1/0x170 [ 579.089422][T11955] proc_fail_nth_read+0x1df/0x250 [ 579.089455][T11955] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 579.089486][T11955] ? rw_verify_area+0x258/0x650 [ 579.089509][T11955] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 579.089538][T11955] vfs_read+0x1fd/0x980 [ 579.089566][T11955] ? __pfx___mutex_lock+0x10/0x10 [ 579.089591][T11955] ? __pfx_vfs_read+0x10/0x10 [ 579.089615][T11955] ? __fget_files+0x2a/0x420 [ 579.089646][T11955] ? __fget_files+0x3a0/0x420 [ 579.089671][T11955] ? __fget_files+0x2a/0x420 [ 579.089706][T11955] ksys_read+0x145/0x250 [ 579.089731][T11955] ? __pfx_ksys_read+0x10/0x10 [ 579.089757][T11955] ? do_syscall_64+0xba/0x210 [ 579.089787][T11955] do_syscall_64+0xf6/0x210 [ 579.089813][T11955] ? clear_bhb_loop+0x45/0xa0 [ 579.089838][T11955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.089857][T11955] RIP: 0033:0x7f30abb8d37c [ 579.089876][T11955] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 579.089893][T11955] RSP: 002b:00007f30acacc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 579.089915][T11955] RAX: ffffffffffffffda RBX: 00007f30abdb5fa0 RCX: 00007f30abb8d37c [ 579.089930][T11955] RDX: 000000000000000f RSI: 00007f30acacc0a0 RDI: 0000000000000004 [ 579.089944][T11955] RBP: 00007f30acacc090 R08: 0000000000000000 R09: 0000000000000000 [ 579.089957][T11955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 579.089969][T11955] R13: 0000000000000000 R14: 00007f30abdb5fa0 R15: 00007f30abedfa28 [ 579.090001][T11955] [ 579.326825][ T978] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 579.360789][ T978] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 579.371255][ T978] dib0700: firmware download failed at 7 with -22 [ 579.397365][ T5890] usb 4-1: USB disconnect, device number 77 [ 579.440956][T11957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1719'. [ 579.514317][ T978] usb 2-1: USB disconnect, device number 86 [ 580.232778][T11976] bond_slave_0: entered promiscuous mode [ 580.238918][T11976] bond_slave_1: entered promiscuous mode [ 580.244586][T11976] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 580.256870][T11976] macvlan2: entered allmulticast mode [ 580.263955][T11976] bond0: entered allmulticast mode [ 580.269664][T11976] bond_slave_0: entered allmulticast mode [ 580.275873][T11976] bond_slave_1: entered allmulticast mode [ 580.283310][T11976] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 580.295311][T11976] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 580.303819][T11976] bridge0: port 3(macvlan2) entered blocking state [ 580.327790][T11976] bridge0: port 3(macvlan2) entered disabled state [ 580.350870][T11976] macvlan2: entered promiscuous mode [ 580.365137][T11976] bond0: entered promiscuous mode [ 580.377125][T11976] bridge0: port 3(macvlan2) entered blocking state [ 580.384972][T11976] bridge0: port 3(macvlan2) entered forwarding state [ 582.051126][ T47] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 582.284088][ T47] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 582.294693][ T47] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 582.306471][ T47] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 582.319807][ T47] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 582.329121][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.355749][ T47] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 582.430184][ T47] usb 2-1: invalid MIDI out EP 0 [ 582.506674][T11996] input: syz1 as /devices/virtual/input/input46 [ 582.985946][ T5912] udevd[5912]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 583.134521][ T47] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 583.618506][ T5933] usb 5-1: new low-speed USB device number 86 using dummy_hcd [ 583.781370][ T5933] usb 5-1: unable to get BOS descriptor or descriptor too short [ 583.795412][ T5933] usb 5-1: string descriptor 0 read error: -22 [ 583.806784][ T5933] usb 5-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 583.833197][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.889508][ T5933] usb 5-1: config 0 descriptor?? [ 584.119711][ T5933] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 584.146904][ T5933] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 584.199503][ T5933] dib0700: firmware download failed at 7 with -22 [ 584.281894][ T5933] usb 5-1: USB disconnect, device number 86 [ 584.385513][T12016] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1738'. [ 584.422212][T12016] FAULT_INJECTION: forcing a failure. [ 584.422212][T12016] name failslab, interval 1, probability 0, space 0, times 0 [ 584.464581][T12016] CPU: 1 UID: 0 PID: 12016 Comm: syz.3.1738 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 584.464614][T12016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 584.464628][T12016] Call Trace: [ 584.464637][T12016] [ 584.464647][T12016] dump_stack_lvl+0x189/0x250 [ 584.464686][T12016] ? __pfx_dump_stack_lvl+0x10/0x10 [ 584.464716][T12016] ? __pfx__printk+0x10/0x10 [ 584.464742][T12016] ? __pfx___might_resched+0x10/0x10 [ 584.464761][T12016] ? fs_reclaim_acquire+0x7d/0x100 [ 584.464795][T12016] should_fail_ex+0x414/0x560 [ 584.464833][T12016] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 584.464863][T12016] should_failslab+0xa8/0x100 [ 584.464893][T12016] __kvmalloc_node_noprof+0x168/0x5e0 [ 584.464921][T12016] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 584.464956][T12016] alloc_netdev_mqs+0xa8b/0x11e0 [ 584.464995][T12016] rtnl_create_link+0x31f/0xd10 [ 584.465032][T12016] rtnl_newlink_create+0x258/0xaf0 [ 584.465071][T12016] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 584.465094][T12016] ? rtnl_newlink+0x8db/0x1c70 [ 584.465118][T12016] ? __pfx___mutex_lock+0x10/0x10 [ 584.465154][T12016] ? ns_capable+0x8a/0xf0 [ 584.465178][T12016] rtnl_newlink+0x16d6/0x1c70 [ 584.465202][T12016] ? kasan_save_track+0x3e/0x80 [ 584.465238][T12016] ? __pfx_rtnl_newlink+0x10/0x10 [ 584.465293][T12016] ? kasan_quarantine_put+0xdd/0x220 [ 584.465316][T12016] ? lockdep_hardirqs_on+0x9c/0x150 [ 584.465347][T12016] ? nlmon_xmit+0xb0/0x100 [ 584.465374][T12016] ? kmem_cache_free+0x192/0x3f0 [ 584.465412][T12016] ? __local_bh_enable_ip+0x12d/0x1c0 [ 584.465444][T12016] ? lockdep_hardirqs_on+0x9c/0x150 [ 584.465469][T12016] ? __local_bh_enable_ip+0x12d/0x1c0 [ 584.465500][T12016] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 584.465541][T12016] ? aa_get_newest_label+0xf7/0x5d0 [ 584.465573][T12016] ? __lock_acquire+0xaac/0xd20 [ 584.465627][T12016] ? __pfx_rtnl_newlink+0x10/0x10 [ 584.465648][T12016] rtnetlink_rcv_msg+0x7cc/0xb70 [ 584.465674][T12016] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 584.465695][T12016] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 584.465722][T12016] ? ref_tracker_free+0x63a/0x7d0 [ 584.465742][T12016] ? __copy_skb_header+0xa7/0x550 [ 584.465780][T12016] netlink_rcv_skb+0x219/0x490 [ 584.465804][T12016] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 584.465828][T12016] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 584.465871][T12016] ? netlink_deliver_tap+0x2e/0x1b0 [ 584.465893][T12016] ? netlink_deliver_tap+0x2e/0x1b0 [ 584.465921][T12016] netlink_unicast+0x758/0x8d0 [ 584.465966][T12016] netlink_sendmsg+0x805/0xb30 [ 584.466000][T12016] ? __pfx_netlink_sendmsg+0x10/0x10 [ 584.466027][T12016] ? aa_sock_msg_perm+0x94/0x160 [ 584.466051][T12016] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 584.466074][T12016] ? __pfx_netlink_sendmsg+0x10/0x10 [ 584.466098][T12016] __sock_sendmsg+0x219/0x270 [ 584.466135][T12016] ____sys_sendmsg+0x505/0x830 [ 584.466168][T12016] ? __pfx_____sys_sendmsg+0x10/0x10 [ 584.466205][T12016] ? import_iovec+0x74/0xa0 [ 584.466235][T12016] ___sys_sendmsg+0x21f/0x2a0 [ 584.466264][T12016] ? __pfx____sys_sendmsg+0x10/0x10 [ 584.466331][T12016] ? __fget_files+0x2a/0x420 [ 584.466356][T12016] ? __fget_files+0x3a0/0x420 [ 584.466393][T12016] __x64_sys_sendmsg+0x19b/0x260 [ 584.466424][T12016] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 584.466470][T12016] ? do_syscall_64+0xba/0x210 [ 584.466500][T12016] do_syscall_64+0xf6/0x210 [ 584.466526][T12016] ? clear_bhb_loop+0x45/0xa0 [ 584.466553][T12016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.466582][T12016] RIP: 0033:0x7f605978e969 [ 584.466600][T12016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.466618][T12016] RSP: 002b:00007f605a6b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 584.466640][T12016] RAX: ffffffffffffffda RBX: 00007f60599b5fa0 RCX: 00007f605978e969 [ 584.466655][T12016] RDX: 0000000000040000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 584.466669][T12016] RBP: 00007f605a6b8090 R08: 0000000000000000 R09: 0000000000000000 [ 584.466682][T12016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 584.466695][T12016] R13: 0000000000000000 R14: 00007f60599b5fa0 R15: 00007f6059adfa28 [ 584.466729][T12016] [ 584.878743][ C1] vkms_vblank_simulate: vblank timer overrun [ 585.635087][ T9] usb 5-1: new full-speed USB device number 87 using dummy_hcd [ 585.671118][T11988] delete_channel: no stack [ 585.677146][ T5890] usb 2-1: USB disconnect, device number 87 [ 585.795036][ T9] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 585.811524][ T9] usb 5-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 585.833365][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.870291][T12035] fuse: Unknown parameter 'fd0x000000000000001000000000000000000000' [ 585.901136][ T9] usb 5-1: Product: syz [ 585.950083][ T9] usb 5-1: Manufacturer: syz [ 585.987227][ T9] usb 5-1: SerialNumber: syz [ 586.384006][T12020] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1740'. [ 586.420300][ T9] usb 5-1: selecting invalid altsetting 1 [ 586.433507][ T9] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 586.433598][ T9] dvb_usb_lmedm04 5-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 586.471653][ T9] usb 5-1: USB disconnect, device number 87 [ 587.067567][T12047] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1747'. [ 587.155646][T12047] tipc: Enabling of bearer rejected, media not registered [ 587.276496][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805a9d2000: rx timeout, send abort [ 587.418962][ T5890] usb 1-1: new full-speed USB device number 96 using dummy_hcd [ 587.558136][ T5890] usb 1-1: device descriptor read/64, error -71 [ 587.690662][ T5893] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 587.777370][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805a9d3000: rx timeout, send abort [ 587.786201][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805a9d2000: abort rx timeout. Force session deactivation [ 587.798267][ T3078] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 587.840516][ T5890] usb 1-1: new full-speed USB device number 97 using dummy_hcd [ 587.848214][ T5893] usb 3-1: Using ep0 maxpacket: 32 [ 587.861621][ T5893] usb 3-1: config index 0 descriptor too short (expected 8978, got 18) [ 587.872544][ T5893] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 587.890789][ T5893] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 587.903021][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.912738][ T5893] usb 3-1: Product: syz [ 587.917263][ T5893] usb 3-1: Manufacturer: syz [ 587.926794][ T5893] usb 3-1: SerialNumber: syz [ 587.942133][ T5893] usb 3-1: config 0 descriptor?? [ 587.997482][ T3078] usb 5-1: config 0 has no interfaces? [ 588.007287][ T3078] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 588.019623][ T3078] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.028721][ T3078] usb 5-1: Product: syz [ 588.068095][ T3078] usb 5-1: Manufacturer: syz [ 588.083837][ T3078] usb 5-1: SerialNumber: syz [ 588.088751][ T5890] usb 1-1: device descriptor read/64, error -71 [ 588.123011][T12069] syz.3.1754 (12069): drop_caches: 2 [ 588.200099][ T5890] usb usb1-port1: attempt power cycle [ 588.218687][ T3078] usb 5-1: config 0 descriptor?? [ 588.285689][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805a9d3000: abort rx timeout. Force session deactivation [ 588.507552][T12061] kvm: vcpu 0: requested 104 ns lapic timer period limited to 200000 ns [ 588.548029][ T5893] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 588.598313][ T5890] usb 1-1: new full-speed USB device number 98 using dummy_hcd [ 588.629464][ T5890] usb 1-1: device descriptor read/8, error -71 [ 588.827934][ T5893] usb 4-1: config 0 has no interfaces? [ 588.844817][ T5893] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 588.855915][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.867405][ T5893] usb 4-1: Product: syz [ 588.873420][ T5893] usb 4-1: Manufacturer: syz [ 588.878102][ T5890] usb 1-1: new full-speed USB device number 99 using dummy_hcd [ 588.890258][ T5893] usb 4-1: SerialNumber: syz [ 588.912889][ T5893] usb 4-1: config 0 descriptor?? [ 588.953809][ T5890] usb 1-1: device descriptor read/8, error -71 [ 589.068716][ T5890] usb usb1-port1: unable to enumerate USB device [ 589.558044][ T5890] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 589.732487][ T5890] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 589.751207][ T5890] usb 2-1: config 0 has no interfaces? [ 589.769030][ T5890] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 589.809235][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.878816][ T5890] usb 2-1: config 0 descriptor?? [ 590.150616][ T5890] usb 2-1: USB disconnect, device number 88 [ 590.286695][T12080] fuse: Bad value for 'fd' [ 591.022148][ T5893] usb 3-1: USB disconnect, device number 100 [ 591.325082][T12092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 591.357067][T12092] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 591.411905][ T5890] usb 5-1: USB disconnect, device number 88 [ 591.578037][ T5893] usb 3-1: new full-speed USB device number 101 using dummy_hcd [ 591.719969][ T5891] usb 4-1: USB disconnect, device number 78 [ 591.858342][ T5890] usb 5-1: new full-speed USB device number 89 using dummy_hcd [ 591.877507][T12105] netlink: 'syz.0.1760': attribute type 16 has an invalid length. [ 591.885593][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.894630][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.907939][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.917128][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.927235][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.948219][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.966097][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 591.978119][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 592.003894][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 592.013367][T12105] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1760'. [ 592.190076][ T5890] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 592.203784][ T5890] usb 5-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 592.213957][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.222632][ T5890] usb 5-1: Product: syz [ 592.263633][ T5890] usb 5-1: Manufacturer: syz [ 592.269235][ T5890] usb 5-1: SerialNumber: syz [ 592.572431][ T9] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 592.653634][ T5890] usb 5-1: selecting invalid altsetting 1 [ 592.683757][ T5890] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 592.683883][ T5890] dvb_usb_lmedm04 5-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 592.835262][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 592.847009][ T5890] usb 5-1: USB disconnect, device number 89 [ 592.847932][ T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 592.882161][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.960283][ T9] usb 2-1: Product: syz [ 592.970284][ T9] usb 2-1: Manufacturer: syz [ 592.997590][ T9] usb 2-1: SerialNumber: syz [ 593.026743][ T9] usb 2-1: config 0 descriptor?? [ 594.659267][T12132] tipc: Enabling of bearer rejected, media not registered [ 594.923283][ T5893] usb 3-1: new full-speed USB device number 102 using dummy_hcd [ 595.088372][ T5893] usb 3-1: device descriptor read/64, error -71 [ 595.448024][ T5893] usb 3-1: new full-speed USB device number 103 using dummy_hcd [ 595.498559][ T5891] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 595.588535][ T5893] usb 3-1: device descriptor read/64, error -71 [ 595.711395][ T5893] usb usb3-port1: attempt power cycle [ 595.900976][ T5891] usb 1-1: config 0 has no interfaces? [ 595.926049][ T5891] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 596.020691][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.040883][ T5891] usb 1-1: Product: syz [ 596.045101][ T5891] usb 1-1: Manufacturer: syz [ 596.068059][ T5893] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 596.085944][ T5891] usb 1-1: SerialNumber: syz [ 596.101058][ T5891] usb 1-1: config 0 descriptor?? [ 596.145538][ T5893] usb 3-1: device descriptor read/8, error -71 [ 596.390520][ T5893] usb 3-1: new full-speed USB device number 105 using dummy_hcd [ 596.420371][ T5893] usb 3-1: device descriptor read/8, error -71 [ 596.548621][ T5893] usb usb3-port1: unable to enumerate USB device [ 596.749750][ T9] usb 2-1: USB disconnect, device number 89 [ 596.807493][ T5893] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 596.877315][ T5893] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz1] on syz0 [ 598.216314][T12179] __nla_validate_parse: 134 callbacks suppressed [ 598.216336][T12179] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1782'. [ 598.935448][ T3078] usb 1-1: USB disconnect, device number 100 [ 600.196553][T12204] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1790'. [ 600.233796][ T5891] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 600.458030][ T5891] usb 5-1: Using ep0 maxpacket: 8 [ 600.465149][ T5891] usb 5-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 600.474581][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.513831][ T5891] usb 5-1: config 0 descriptor?? [ 600.551645][ T5891] usb 5-1: bad CDC descriptors [ 600.609010][T12210] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1791'. [ 600.618505][ T978] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 600.772807][ T9] usb 5-1: USB disconnect, device number 90 [ 600.810969][ T978] usb 2-1: Using ep0 maxpacket: 32 [ 600.825274][ T978] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 600.839598][ T978] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 600.850811][ T978] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 600.864288][ T978] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 600.884730][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.893203][ T978] usb 2-1: Product: syz [ 600.897851][ T978] usb 2-1: Manufacturer: syz [ 600.902829][ T978] usb 2-1: SerialNumber: syz [ 601.041403][T12212] FAULT_INJECTION: forcing a failure. [ 601.041403][T12212] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.077538][T12212] CPU: 0 UID: 0 PID: 12212 Comm: syz.3.1793 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 601.077572][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 601.077586][T12212] Call Trace: [ 601.077596][T12212] [ 601.077606][T12212] dump_stack_lvl+0x189/0x250 [ 601.077643][T12212] ? __pfx_dump_stack_lvl+0x10/0x10 [ 601.077674][T12212] ? __pfx__printk+0x10/0x10 [ 601.077708][T12212] should_fail_ex+0x414/0x560 [ 601.077747][T12212] _copy_to_user+0x31/0xb0 [ 601.077777][T12212] simple_read_from_buffer+0xe1/0x170 [ 601.077808][T12212] proc_fail_nth_read+0x1df/0x250 [ 601.077858][T12212] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.077889][T12212] ? rw_verify_area+0x258/0x650 [ 601.077911][T12212] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 601.077940][T12212] vfs_read+0x1fd/0x980 [ 601.077968][T12212] ? __pfx___mutex_lock+0x10/0x10 [ 601.077993][T12212] ? __pfx_vfs_read+0x10/0x10 [ 601.078018][T12212] ? __fget_files+0x2a/0x420 [ 601.078049][T12212] ? __fget_files+0x3a0/0x420 [ 601.078072][T12212] ? __fget_files+0x2a/0x420 [ 601.078115][T12212] ksys_read+0x145/0x250 [ 601.078137][T12212] ? rcu_is_watching+0x15/0xb0 [ 601.078169][T12212] ? __pfx_ksys_read+0x10/0x10 [ 601.078196][T12212] ? do_syscall_64+0xba/0x210 [ 601.078225][T12212] do_syscall_64+0xf6/0x210 [ 601.078251][T12212] ? clear_bhb_loop+0x45/0xa0 [ 601.078277][T12212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.078297][T12212] RIP: 0033:0x7f605978d37c [ 601.078316][T12212] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 601.078335][T12212] RSP: 002b:00007f605a6b8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 601.078358][T12212] RAX: ffffffffffffffda RBX: 00007f60599b5fa0 RCX: 00007f605978d37c [ 601.078374][T12212] RDX: 000000000000000f RSI: 00007f605a6b80a0 RDI: 0000000000000005 [ 601.078387][T12212] RBP: 00007f605a6b8090 R08: 0000000000000000 R09: 0000000000000000 [ 601.078400][T12212] R10: 000000004000048a R11: 0000000000000246 R12: 0000000000000001 [ 601.078414][T12212] R13: 0000000000000000 R14: 00007f60599b5fa0 R15: 00007f6059adfa28 [ 601.078446][T12212] [ 601.316101][T12214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 601.350096][T12214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 601.380665][ T978] usb 2-1: 0:2 : does not exist [ 601.398701][ T978] usb 2-1: USB disconnect, device number 90 [ 601.482915][ T6454] udevd[6454]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 601.678250][ T5891] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 601.839331][ T5891] usb 4-1: Using ep0 maxpacket: 32 [ 601.855801][ T5891] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 601.898169][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.924993][ T5891] usb 4-1: config 0 descriptor?? [ 601.951071][ T5891] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 602.048092][ T47] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 602.214501][ T47] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 602.243245][ T47] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 602.274808][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.386019][ T47] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 602.765489][T12229] fuse: Bad value for 'fd' [ 602.805439][ T47] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 602.849795][ T6454] udevd[6454]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 602.857083][ T47] usb 5-1: USB disconnect, device number 91 [ 603.037305][T12248] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1803'. [ 603.576840][T12217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 603.588857][T12217] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 603.601493][ T5891] gspca_nw80x: reg_w err -71 [ 603.606369][ T5891] nw80x 4-1:0.0: probe with driver nw80x failed with error -71 [ 603.697851][ T5891] usb 4-1: USB disconnect, device number 79 [ 603.971385][T12258] overlayfs: missing 'lowerdir' [ 604.918430][ T978] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 605.078199][ T978] usb 4-1: Using ep0 maxpacket: 16 [ 605.104913][ T978] usb 4-1: config 0 has an invalid interface number: 92 but max is 0 [ 605.120035][ T978] usb 4-1: config 0 has no interface number 0 [ 605.228023][ T978] usb 4-1: config 0 interface 92 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 605.265107][ T978] usb 4-1: config 0 interface 92 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 605.378521][ T978] usb 4-1: New USB device found, idVendor=0572, idProduct=cb00, bcdDevice=52.37 [ 605.414084][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.445172][ T978] usb 4-1: Product: syz [ 605.473083][ T978] usb 4-1: Manufacturer: syz [ 605.510596][ T978] usb 4-1: SerialNumber: syz [ 605.541202][ T978] usb 4-1: config 0 descriptor?? [ 605.558277][T12268] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 605.565637][T12268] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 605.890398][ T978] cxacru 4-1:0.92: usbatm_usb_probe: bind failed: -19! [ 605.959184][ T978] usb 4-1: USB disconnect, device number 80 [ 606.031352][ T9] usb 5-1: new full-speed USB device number 92 using dummy_hcd [ 606.096776][T12279] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1809'. [ 606.236897][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 606.257206][ T9] usb 5-1: not running at top speed; connect to a high speed hub [ 606.275857][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 606.304639][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 606.337959][ T9] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 606.349139][ T5893] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 606.424191][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 606.440162][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.471690][ T9] usb 5-1: Product: syz [ 606.485107][ T9] usb 5-1: Manufacturer: syz [ 606.517286][ T9] usb 5-1: SerialNumber: syz [ 606.555241][ T5893] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 606.601008][ T5893] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 606.613310][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.648927][ T5893] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 606.654273][T12289] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1816'. [ 606.741680][ T5893] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 606.780268][T12278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 606.798773][T12278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 606.832091][ T9] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 606.846813][ T9] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 606.862782][ T47] usb 3-1: USB disconnect, device number 106 [ 606.866427][ T9] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 606.968351][ T9] usb 5-1: USB disconnect, device number 92 [ 607.001038][ T6454] udevd[6454]: setting mode of /dev/snd/controlC3 to 020660 failed: No such file or directory [ 607.001376][T12281] fuse: Bad value for 'fd' [ 607.029305][ T6454] udevd[6454]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory [ 607.998624][T12318] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1822'. [ 608.007808][ T5893] usb 3-1: new full-speed USB device number 107 using dummy_hcd [ 608.190702][ T5893] usb 3-1: config 0 has an invalid interface number: 207 but max is 0 [ 608.665919][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 608.697988][ T5893] usb 3-1: config 0 has no interface number 0 [ 608.719874][ T5893] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 608.729435][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.851990][ T5893] usb 3-1: Product: syz [ 608.856226][ T5893] usb 3-1: Manufacturer: syz [ 608.898007][ T5893] usb 3-1: SerialNumber: syz [ 608.942052][ T5893] usb 3-1: config 0 descriptor?? [ 609.252235][T12310] xt_TCPMSS: Only works on TCP SYN packets [ 609.263401][ T5893] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22 [ 609.290533][ T5893] usb 3-1: USB disconnect, device number 107 [ 610.627979][ T5893] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 610.680346][ T9] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 610.759394][T12342] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1831'. [ 610.819518][ T9] usb 4-1: device descriptor read/64, error -71 [ 610.826083][ T5893] usb 5-1: Using ep0 maxpacket: 8 [ 610.834703][ T5893] usb 5-1: config 0 has an invalid interface number: 145 but max is 0 [ 610.844533][ T5893] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 610.855216][ T5893] usb 5-1: config 0 has no interface number 0 [ 610.864733][ T5893] usb 5-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=d8.06 [ 610.925513][T12345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 610.943670][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.978001][ T5893] usb 5-1: Product: syz [ 610.995741][ T5893] usb 5-1: Manufacturer: syz [ 611.016696][ T5893] usb 5-1: SerialNumber: syz [ 611.051025][ T5893] usb 5-1: config 0 descriptor?? [ 611.098938][ T9] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 611.273410][ T5893] usb 5-1: Found UVC 0.00 device syz (2833:0201) [ 611.308236][ T5893] usb 5-1: No valid video chain found. [ 611.329502][ T5893] usb 5-1: USB disconnect, device number 93 [ 611.371706][ T9] usb 4-1: device descriptor read/64, error -71 [ 611.468047][ T47] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 611.500320][ T9] usb usb4-port1: attempt power cycle [ 611.627173][T12359] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 611.661136][ T47] usb 3-1: Using ep0 maxpacket: 32 [ 611.670919][ T47] usb 3-1: unable to get BOS descriptor or descriptor too short [ 611.693018][ T47] usb 3-1: config 244 has an invalid interface number: 68 but max is 0 [ 611.702042][ T47] usb 3-1: config 244 has no interface number 0 [ 611.708785][ T47] usb 3-1: config 244 interface 68 altsetting 3 has an endpoint descriptor with address 0xF8, changing to 0x88 [ 611.721836][ T47] usb 3-1: config 244 interface 68 altsetting 3 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 611.734708][ T47] usb 3-1: config 244 interface 68 altsetting 3 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 611.758123][ T47] usb 3-1: config 244 interface 68 altsetting 3 endpoint 0xA has invalid wMaxPacketSize 0 [ 611.768892][ T47] usb 3-1: config 244 interface 68 has no altsetting 0 [ 611.779155][ T47] usb 3-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=24.0f [ 611.791737][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.818914][ T47] usb 3-1: Product: syz [ 611.823759][ T47] usb 3-1: Manufacturer: syz [ 611.831554][ T47] usb 3-1: SerialNumber: syz [ 611.898237][ T9] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 611.948941][ T9] usb 4-1: device descriptor read/8, error -71 [ 611.988158][T12363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1837'. [ 612.004635][T12363] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1837'. [ 612.198001][ T9] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 612.245137][T12369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1839'. [ 612.259574][ T9] usb 4-1: device descriptor read/8, error -71 [ 612.317695][T12369] netlink: 'syz.4.1839': attribute type 10 has an invalid length. [ 612.326661][T12369] bond0: (slave wlan1): Opening slave failed [ 612.371121][ T9] usb usb4-port1: unable to enumerate USB device [ 612.631401][T12380] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1842'. [ 612.788783][ T9] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 613.038314][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.093696][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.119291][ T9] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 613.132275][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.158743][ T9] usb 1-1: config 0 descriptor?? [ 613.193844][T12384] bridge_slave_0: left allmulticast mode [ 613.202912][T12384] bridge_slave_0: left promiscuous mode [ 613.213610][T12384] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.232618][T12384] bridge_slave_1: left allmulticast mode [ 613.240756][T12384] bridge_slave_1: left promiscuous mode [ 613.253461][T12384] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.300821][T12384] bond0: (slave bond_slave_0): Releasing backup interface [ 613.356775][T12384] bond0: (slave bond_slave_1): Releasing backup interface [ 613.414795][T12384] team0: Port device team_slave_0 removed [ 613.509456][T12384] team0: Port device team_slave_1 removed [ 613.516592][T12384] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.592413][ T9] aquacomputer_d5next 0003:0C70:F00D.0011: unknown main item tag 0x0 [ 613.624413][T12384] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.640575][ T9] aquacomputer_d5next 0003:0C70:F00D.0011: unknown main item tag 0x0 [ 613.641534][T12384] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.676240][ T9] aquacomputer_d5next 0003:0C70:F00D.0011: unknown main item tag 0x0 [ 613.706896][ T9] aquacomputer_d5next 0003:0C70:F00D.0011: unknown main item tag 0x0 [ 613.738995][ T9] aquacomputer_d5next 0003:0C70:F00D.0011: unknown main item tag 0x0 [ 613.786714][ T9] aquacomputer_d5next 0003:0C70:F00D.0011: hidraw0: USB HID v0.00 Device [HID 0c70:f00d] on usb-dummy_hcd.0-1/input0 [ 614.658114][ T5891] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 614.772665][T12394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 614.781699][T12394] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 614.919950][ T47] comedi comedi0: Endpoint has wrong direction [ 614.928011][ T47] dt9812 3-1:244.68: driver 'dt9812' failed to auto-configure device. [ 615.048666][ T47] usb 3-1: USB disconnect, device number 108 [ 615.069927][ T5891] usb 2-1: config 0 has no interfaces? [ 615.080392][ T978] usb 1-1: reset high-speed USB device number 102 using dummy_hcd [ 615.108849][T12400] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1846'. [ 615.145332][ T5891] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 615.175819][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.227595][ T5891] usb 2-1: Product: syz [ 615.269027][ T5891] usb 2-1: Manufacturer: syz [ 615.273785][ T5891] usb 2-1: SerialNumber: syz [ 615.481004][ T5891] usb 2-1: config 0 descriptor?? [ 617.092601][T12409] FAULT_INJECTION: forcing a failure. [ 617.092601][T12409] name failslab, interval 1, probability 0, space 0, times 0 [ 617.138117][T12409] CPU: 0 UID: 0 PID: 12409 Comm: syz.3.1849 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 617.138147][T12409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 617.138160][T12409] Call Trace: [ 617.138170][T12409] [ 617.138183][T12409] dump_stack_lvl+0x189/0x250 [ 617.138220][T12409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 617.138250][T12409] ? __pfx__printk+0x10/0x10 [ 617.138276][T12409] ? __pfx___might_resched+0x10/0x10 [ 617.138301][T12409] should_fail_ex+0x414/0x560 [ 617.138338][T12409] should_failslab+0xa8/0x100 [ 617.138375][T12409] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 617.138402][T12409] ? __alloc_skb+0x112/0x2d0 [ 617.138429][T12409] __alloc_skb+0x112/0x2d0 [ 617.138457][T12409] netlink_sendmsg+0x5c6/0xb30 [ 617.138490][T12409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.138515][T12409] ? aa_sock_msg_perm+0x94/0x160 [ 617.138539][T12409] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 617.138562][T12409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 617.138585][T12409] __sock_sendmsg+0x219/0x270 [ 617.138620][T12409] ____sys_sendmsg+0x505/0x830 [ 617.138652][T12409] ? __pfx_____sys_sendmsg+0x10/0x10 [ 617.138688][T12409] ? import_iovec+0x74/0xa0 [ 617.138719][T12409] ___sys_sendmsg+0x21f/0x2a0 [ 617.138748][T12409] ? __pfx____sys_sendmsg+0x10/0x10 [ 617.138811][T12409] ? __fget_files+0x2a/0x420 [ 617.138837][T12409] ? __fget_files+0x3a0/0x420 [ 617.138874][T12409] __x64_sys_sendmsg+0x19b/0x260 [ 617.138902][T12409] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 617.138946][T12409] ? do_syscall_64+0xba/0x210 [ 617.138975][T12409] do_syscall_64+0xf6/0x210 [ 617.139000][T12409] ? clear_bhb_loop+0x45/0xa0 [ 617.139025][T12409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.139045][T12409] RIP: 0033:0x7f605978e969 [ 617.139063][T12409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.139081][T12409] RSP: 002b:00007f605a6b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 617.139103][T12409] RAX: ffffffffffffffda RBX: 00007f60599b5fa0 RCX: 00007f605978e969 [ 617.139119][T12409] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005 [ 617.139133][T12409] RBP: 00007f605a6b8090 R08: 0000000000000000 R09: 0000000000000000 [ 617.139146][T12409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.139158][T12409] R13: 0000000000000000 R14: 00007f60599b5fa0 R15: 00007f6059adfa28 [ 617.139189][T12409] [ 617.915885][ T5891] usb 2-1: USB disconnect, device number 91 [ 618.505186][ T9] usb 1-1: USB disconnect, device number 102 [ 618.638212][ T5933] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 618.788258][ T30] audit: type=1326 audit(1746666011.931:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5117f8e969 code=0x7ffc0000 [ 618.820448][T12427] gtp0: entered promiscuous mode [ 618.834827][ T30] audit: type=1326 audit(1746666011.941:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5117f8e969 code=0x7ffc0000 [ 618.917732][ T5933] usb 4-1: Using ep0 maxpacket: 8 [ 618.946875][ T30] audit: type=1326 audit(1746666011.941:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f5117f8e969 code=0x7ffc0000 [ 618.988844][ T30] audit: type=1326 audit(1746666011.941:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5117f8e969 code=0x7ffc0000 [ 619.099200][ T5933] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 619.168738][ T30] audit: type=1326 audit(1746666011.941:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5117f8e969 code=0x7ffc0000 [ 619.191265][ T5933] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 619.191297][ T5933] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 619.191344][ T5933] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 619.191369][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.210022][ T5933] usb 4-1: config 0 descriptor?? [ 619.463634][ T30] audit: type=1326 audit(1746666011.941:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5117f90887 code=0x7ffc0000 [ 619.514204][ T30] audit: type=1326 audit(1746666011.941:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f5117f907fc code=0x7ffc0000 [ 619.541292][ T30] audit: type=1326 audit(1746666011.941:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f5117f90734 code=0x7ffc0000 [ 619.563682][ C0] vkms_vblank_simulate: vblank timer overrun [ 619.619358][T12436] syz.1.1857 (12436): drop_caches: 2 [ 619.650494][ T30] audit: type=1326 audit(1746666011.941:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f5117f90734 code=0x7ffc0000 [ 619.818022][ T30] audit: type=1326 audit(1746666011.941:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12426 comm="syz.1.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5117f8d5ca code=0x7ffc0000 [ 619.945771][T12424] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 620.079968][T12443] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1859'. [ 621.527436][ T978] usb 4-1: USB disconnect, device number 85 [ 621.832435][T12458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1862'. [ 622.111007][ T978] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 622.188156][ T5933] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 622.288170][ T978] usb 4-1: config 0 has no interfaces? [ 622.358373][ T5933] usb 2-1: Using ep0 maxpacket: 8 [ 622.368036][ T5933] usb 2-1: unable to get BOS descriptor or descriptor too short [ 622.381297][ T5933] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 622.399957][ T5933] usb 2-1: config 8 has 0 interfaces, different from the descriptor's value: 2 [ 622.436415][ T5933] usb 2-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 622.458286][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.476083][ T5933] usb 2-1: Product: syz [ 622.485250][ T5933] usb 2-1: Manufacturer: syz [ 622.497299][ T5933] usb 2-1: SerialNumber: syz [ 622.516377][ T978] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 622.536038][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.576929][ T978] usb 4-1: Product: syz [ 622.586540][ T978] usb 4-1: Manufacturer: syz [ 622.591544][ T978] usb 4-1: SerialNumber: syz [ 622.655473][ T978] usb 4-1: config 0 descriptor?? [ 622.792998][T12459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 622.803006][T12459] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 623.460985][T12459] could not allocate digest TFM handle sha512-arm [ 623.928341][ T3078] usb 1-1: new low-speed USB device number 103 using dummy_hcd [ 624.098266][ T3078] usb 1-1: Invalid ep0 maxpacket: 64 [ 624.248007][ T3078] usb 1-1: new low-speed USB device number 104 using dummy_hcd [ 624.401947][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.408635][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.597754][ T978] usb 4-1: USB disconnect, device number 86 [ 624.628023][ T3078] usb 1-1: Invalid ep0 maxpacket: 64 [ 624.633987][ T3078] usb usb1-port1: attempt power cycle [ 624.719123][ T5891] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 625.002680][ T5891] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 625.013355][ T5891] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 625.076592][ T3078] usb 1-1: new low-speed USB device number 105 using dummy_hcd [ 625.094682][ T5891] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 625.138840][ T3078] usb 1-1: Invalid ep0 maxpacket: 64 [ 625.149621][ T5891] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 625.167328][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.223657][ T5891] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 625.268049][ T3078] usb 1-1: new low-speed USB device number 106 using dummy_hcd [ 625.519631][ T3078] usb 1-1: Invalid ep0 maxpacket: 64 [ 625.538286][ T3078] usb usb1-port1: unable to enumerate USB device [ 625.585925][T12483] fuse: Bad value for 'fd' [ 625.592933][ T5891] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 625.614220][ T5891] usb 5-1: USB disconnect, device number 94 [ 625.712771][ T3078] usb 2-1: USB disconnect, device number 92 [ 626.168093][ T3078] usb 2-1: new low-speed USB device number 93 using dummy_hcd [ 626.225865][T12505] FAULT_INJECTION: forcing a failure. [ 626.225865][T12505] name failslab, interval 1, probability 0, space 0, times 0 [ 626.268053][T12505] CPU: 1 UID: 0 PID: 12505 Comm: syz.2.1874 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 626.268083][T12505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 626.268093][T12505] Call Trace: [ 626.268100][T12505] [ 626.268107][T12505] dump_stack_lvl+0x189/0x250 [ 626.268135][T12505] ? __pfx_dump_stack_lvl+0x10/0x10 [ 626.268157][T12505] ? __pfx__printk+0x10/0x10 [ 626.268176][T12505] ? __pfx___might_resched+0x10/0x10 [ 626.268189][T12505] ? fs_reclaim_acquire+0x7d/0x100 [ 626.268216][T12505] should_fail_ex+0x414/0x560 [ 626.268243][T12505] should_failslab+0xa8/0x100 [ 626.268264][T12505] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 626.268282][T12505] ? nfnetlink_rcv+0x1ff9/0x2530 [ 626.268302][T12505] ? __alloc_skb+0x112/0x2d0 [ 626.268322][T12505] __alloc_skb+0x112/0x2d0 [ 626.268342][T12505] netlink_ack+0x146/0xa50 [ 626.268356][T12505] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 626.268397][T12505] nfnetlink_rcv+0x1f4f/0x2530 [ 626.268419][T12505] ? __dev_queue_xmit+0x27e/0x3a70 [ 626.268440][T12505] ? __dev_queue_xmit+0x27e/0x3a70 [ 626.268472][T12505] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 626.268488][T12505] ? lockdep_hardirqs_on+0x9c/0x150 [ 626.268509][T12505] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 626.268526][T12505] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 626.268551][T12505] ? rcu_preempt_deferred_qs_irqrestore+0x851/0xc40 [ 626.268582][T12505] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 626.268606][T12505] ? rcu_is_watching+0x15/0xb0 [ 626.268630][T12505] ? rcu_read_unlock_special+0x3fe/0x4c0 [ 626.268646][T12505] ? skb_clone+0x246/0x3a0 [ 626.268669][T12505] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 626.268685][T12505] ? netlink_deliver_tap+0x2e/0x1b0 [ 626.268705][T12505] ? netlink_deliver_tap+0x2e/0x1b0 [ 626.268726][T12505] netlink_unicast+0x758/0x8d0 [ 626.268756][T12505] netlink_sendmsg+0x805/0xb30 [ 626.268779][T12505] ? __pfx_netlink_sendmsg+0x10/0x10 [ 626.268797][T12505] ? aa_sock_msg_perm+0x94/0x160 [ 626.268814][T12505] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 626.268830][T12505] ? __pfx_netlink_sendmsg+0x10/0x10 [ 626.268847][T12505] __sock_sendmsg+0x219/0x270 [ 626.268871][T12505] __sys_sendto+0x3bd/0x520 [ 626.268890][T12505] ? __pfx___sys_sendto+0x10/0x10 [ 626.268905][T12505] ? count_memcg_event_mm+0x92/0x3b0 [ 626.268948][T12505] __x64_sys_sendto+0xde/0x100 [ 626.268967][T12505] do_syscall_64+0xf6/0x210 [ 626.268986][T12505] ? clear_bhb_loop+0x45/0xa0 [ 626.269004][T12505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.269018][T12505] RIP: 0033:0x7f30abb907fc [ 626.269031][T12505] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 626.269043][T12505] RSP: 002b:00007f30acacaec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 626.269060][T12505] RAX: ffffffffffffffda RBX: 00007f30acacafc0 RCX: 00007f30abb907fc [ 626.269071][T12505] RDX: 0000000000000020 RSI: 00007f30acacb010 RDI: 0000000000000003 [ 626.269080][T12505] RBP: 0000000000000000 R08: 00007f30acacaf14 R09: 000000000000000c [ 626.269089][T12505] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 626.269098][T12505] R13: 00007f30acacaf68 R14: 00007f30acacb010 R15: 0000000000000000 [ 626.269119][T12505] [ 626.783021][ T3078] usb 2-1: unable to get BOS descriptor or descriptor too short [ 626.796432][ T3078] usb 2-1: string descriptor 0 read error: -22 [ 626.803828][ T3078] usb 2-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 626.813121][ T3078] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.879278][ T3078] usb 2-1: config 0 descriptor?? [ 627.061553][T12520] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1877'. [ 627.182543][ T3078] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 627.194200][ T3078] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 627.202492][ T3078] dib0700: firmware download failed at 7 with -22 [ 627.211908][ T3078] usb 2-1: USB disconnect, device number 93 [ 627.918102][ T978] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 628.096514][ T978] usb 3-1: config 0 has no interfaces? [ 628.134715][ T978] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 628.186352][ T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.216249][ T978] usb 3-1: Product: syz [ 628.227424][ T978] usb 3-1: Manufacturer: syz [ 628.235500][ T978] usb 3-1: SerialNumber: syz [ 628.248234][ T978] usb 3-1: config 0 descriptor?? [ 628.333754][ T5891] usb 2-1: new full-speed USB device number 94 using dummy_hcd [ 628.500192][ T5891] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 628.513550][ T5891] usb 2-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 628.528580][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.538004][ T3078] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 628.563488][ T978] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 628.564630][ T5891] usb 2-1: Product: syz [ 628.575733][ T5891] usb 2-1: Manufacturer: syz [ 628.580484][ T5891] usb 2-1: SerialNumber: syz [ 629.219836][ T978] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 629.228972][ T978] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 629.238627][ T3078] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 629.240328][ T978] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 629.269383][ T978] usb 4-1: config 1 has no interface number 1 [ 629.275065][ T3078] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 629.275665][ T978] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 629.303488][ T978] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 629.314949][ T3078] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 629.318292][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 629.342602][ T978] usb 4-1: Product: syz [ 629.347045][ T978] usb 4-1: Manufacturer: syz [ 629.347046][ T3078] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 629.347074][ T3078] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.352524][ T978] usb 4-1: SerialNumber: syz [ 629.396469][ T3078] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 629.405888][T12535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1883'. [ 629.420402][ T5891] usb 2-1: selecting invalid altsetting 1 [ 629.429065][ T5891] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 629.429190][ T5891] dvb_usb_lmedm04 2-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 629.485977][ T5891] usb 2-1: USB disconnect, device number 94 [ 629.508700][ T3078] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 629.554083][ T6453] udevd[6453]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 629.614397][ T3078] usb 1-1: USB disconnect, device number 107 [ 629.621546][ T978] usb 4-1: Failed to set altset [ 629.635350][ T978] usb 4-1: 0:2: cannot create sequencer device [ 629.666065][ T978] usb 4-1: Failed to set altset [ 629.697831][ T978] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -71 [ 629.721552][ T978] usb 4-1: USB disconnect, device number 87 [ 629.737753][T12539] fuse: Bad value for 'fd' [ 629.772807][ T6454] udevd[6454]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 630.277271][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 630.277292][ T30] audit: type=1804 audit(1746666023.441:701): pid=12550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1888" name="/newroot/392/file1" dev="fuse" ino=1 res=1 errno=0 [ 630.368025][ T3078] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 630.543444][ T3078] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 630.554627][ T3078] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 630.566038][ T3078] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 630.575497][ T3078] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.590063][ T978] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 630.748172][ T978] usb 1-1: Using ep0 maxpacket: 8 [ 630.757813][ T978] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 630.767419][ T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.045970][ T978] pvrusb2: Hardware description: Terratec Grabster AV400 [ 631.053689][ T978] pvrusb2: ********** [ 631.057718][ T978] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 631.068571][ T978] pvrusb2: Important functionality might not be entirely working. [ 631.077979][ T978] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 631.089720][ T978] pvrusb2: ********** [ 631.173309][ T2342] pvrusb2: Invalid write control endpoint [ 631.186806][ T3078] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 631.194436][ T5893] usb 3-1: USB disconnect, device number 109 [ 631.211771][ T3078] usb 5-1: invalid MIDI out EP 0 [ 631.369999][T12547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 631.410171][T12547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 631.512763][ T2342] pvrusb2: Invalid write control endpoint [ 631.560821][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 631.571505][T12547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 631.606306][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 631.645525][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 631.708405][T12547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 631.727947][ T2342] pvrusb2: Device being rendered inoperable [ 631.749957][ T5933] usb 1-1: USB disconnect, device number 108 [ 631.813291][ T3078] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 631.829778][T12547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1886'. [ 631.839093][T12547] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 631.860848][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 631.878274][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 631.918126][ T5893] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 631.932552][ T2342] pvrusb2: Attached sub-driver cx25840 [ 631.963934][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 631.984479][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 632.034940][ T3078] usb 5-1: USB disconnect, device number 95 [ 632.096286][ T5893] usb 2-1: config 0 has no interfaces? [ 632.120493][ T5893] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 632.172369][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.191326][ T5893] usb 2-1: Product: syz [ 632.195582][ T5893] usb 2-1: Manufacturer: syz [ 632.206121][ T5893] usb 2-1: SerialNumber: syz [ 632.228690][ T5893] usb 2-1: config 0 descriptor?? [ 632.298144][ T5891] usb 3-1: new low-speed USB device number 110 using dummy_hcd [ 632.522009][ T5891] usb 3-1: unable to get BOS descriptor or descriptor too short [ 632.552859][ T5891] usb 3-1: string descriptor 0 read error: -22 [ 632.559673][ T5891] usb 3-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 632.571042][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.586326][T12579] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1895'. [ 632.708062][T12580] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1891'. [ 632.894258][T12585] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1896'. [ 632.904043][ T5891] usb 3-1: config 0 descriptor?? [ 633.127039][ T5891] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 633.139855][ T5891] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 633.153321][ T5891] dib0700: firmware download failed at 7 with -22 [ 633.224339][ T5891] usb 3-1: USB disconnect, device number 110 [ 634.058000][ T5891] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 634.547697][ T5891] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 634.564070][ T5891] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 634.621134][ T5891] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 634.634916][T12599] Cannot find add_set index 2 as target [ 634.756170][ T5891] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 634.873334][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.978012][ T5893] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 635.011499][ T5891] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 635.139216][ T5891] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 635.199872][ T5893] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 635.213776][ T5893] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 635.232024][ T5891] usb 3-1: USB disconnect, device number 111 [ 635.256015][ T5893] usb 5-1: config 220 descriptor has 1 excess byte, ignoring [ 635.287909][ T5893] usb 5-1: config 220 has no interface number 2 [ 635.294535][ T5893] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 635.370224][ T978] usb 2-1: USB disconnect, device number 95 [ 635.428022][ T5893] usb 5-1: config 220 interface 0 has no altsetting 0 [ 635.435772][T12593] fuse: Bad value for 'fd' [ 635.465738][ T5893] usb 5-1: config 220 interface 76 has no altsetting 0 [ 635.506476][T12615] FAULT_INJECTION: forcing a failure. [ 635.506476][T12615] name failslab, interval 1, probability 0, space 0, times 0 [ 635.508063][ T5893] usb 5-1: config 220 interface 1 has no altsetting 0 [ 635.539315][T12615] CPU: 1 UID: 0 PID: 12615 Comm: syz.1.1904 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 635.539348][T12615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 635.539362][T12615] Call Trace: [ 635.539370][T12615] [ 635.539380][T12615] dump_stack_lvl+0x189/0x250 [ 635.539419][T12615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 635.539449][T12615] ? __pfx__printk+0x10/0x10 [ 635.539477][T12615] ? __pfx___might_resched+0x10/0x10 [ 635.539496][T12615] ? fs_reclaim_acquire+0x7d/0x100 [ 635.539531][T12615] should_fail_ex+0x414/0x560 [ 635.539569][T12615] should_failslab+0xa8/0x100 [ 635.539597][T12615] __kmalloc_noprof+0xcb/0x4f0 [ 635.539621][T12615] ? io_cache_alloc_new+0x40/0x100 [ 635.539656][T12615] io_cache_alloc_new+0x40/0x100 [ 635.539686][T12615] io_msg_alloc_async+0x1b2/0x2d0 [ 635.539714][T12615] io_connect_prep+0x1b1/0x300 [ 635.539741][T12615] io_submit_sqes+0x93a/0x1d20 [ 635.539806][T12615] __se_sys_io_uring_enter+0x2df/0x2b20 [ 635.539859][T12615] ? ksys_write+0x1cb/0x250 [ 635.539886][T12615] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 635.539915][T12615] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 635.539940][T12615] ? __pfx_vfs_write+0x10/0x10 [ 635.539966][T12615] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 635.539995][T12615] ? __fget_files+0x3a0/0x420 [ 635.540029][T12615] ? fput+0xa0/0xd0 [ 635.540058][T12615] ? ksys_write+0x1f0/0x250 [ 635.540079][T12615] ? rcu_is_watching+0x15/0xb0 [ 635.540119][T12615] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 635.540161][T12615] do_syscall_64+0xf6/0x210 [ 635.540188][T12615] ? clear_bhb_loop+0x45/0xa0 [ 635.540213][T12615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.540233][T12615] RIP: 0033:0x7f5117f8e969 [ 635.540252][T12615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.540269][T12615] RSP: 002b:00007f5118d89038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 635.540291][T12615] RAX: ffffffffffffffda RBX: 00007f51181b5fa0 RCX: 00007f5117f8e969 [ 635.540306][T12615] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000003 [ 635.540319][T12615] RBP: 00007f5118d89090 R08: 0000000000000000 R09: 0000000000000000 [ 635.540332][T12615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 635.540344][T12615] R13: 0000000000000000 R14: 00007f51181b5fa0 R15: 00007f51182dfa28 [ 635.540376][T12615] [ 635.550992][ T5893] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 636.125845][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.137268][ T5893] usb 5-1: Product: syz [ 636.141894][ T5893] usb 5-1: Manufacturer: syz [ 636.146722][ T5893] usb 5-1: SerialNumber: syz [ 636.415671][ T978] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 636.553755][ T5893] usb 5-1: selecting invalid altsetting 0 [ 636.560073][ T5893] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 636.676896][ T5893] usb 5-1: No valid video chain found. [ 636.701414][ T978] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 636.716663][ T978] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 636.804738][ T5893] usb 5-1: selecting invalid altsetting 0 [ 636.830501][ T978] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 636.840158][ T5893] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 636.867810][ T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.897890][ T5893] usb 5-1: USB disconnect, device number 96 [ 637.027226][ T978] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 637.213606][T12623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 637.269472][ T978] usb 3-1: invalid MIDI out EP 0 [ 637.346887][T12623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 637.356733][T12623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 637.421048][T12623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 637.519612][T12623] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1906'. [ 637.558281][T12623] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 637.593894][ T978] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 637.667952][ T978] usb 3-1: USB disconnect, device number 112 [ 637.852709][T12640] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1910'. [ 637.868278][ T5933] usb 4-1: new low-speed USB device number 88 using dummy_hcd [ 638.219994][ T5933] usb 4-1: unable to get BOS descriptor or descriptor too short [ 638.232327][ T5933] usb 4-1: string descriptor 0 read error: -22 [ 638.246811][ T5933] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 638.321227][T12650] netlink: 'syz.0.1913': attribute type 16 has an invalid length. [ 638.373595][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.533878][ T5933] usb 4-1: config 0 descriptor?? [ 638.861576][ T5933] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 638.876693][ T5933] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 638.896193][ T5933] dib0700: firmware download failed at 7 with -22 [ 638.918978][ T5933] usb 4-1: USB disconnect, device number 88 [ 638.938150][ T5893] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 639.195096][ T5893] usb 3-1: config 0 has no interfaces? [ 639.248374][ T5893] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 639.258641][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.290009][ T5893] usb 3-1: Product: syz [ 639.296072][ T5893] usb 3-1: Manufacturer: syz [ 639.329961][ T5893] usb 3-1: SerialNumber: syz [ 639.346417][ T5893] usb 3-1: config 0 descriptor?? [ 639.630980][T12654] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1914'. [ 641.878895][T12677] Cannot find add_set index 2 as target [ 642.632377][ T5933] usb 3-1: USB disconnect, device number 113 [ 643.434937][ T5891] usb 1-1: new low-speed USB device number 109 using dummy_hcd [ 643.443753][T12702] syzkaller1: entered promiscuous mode [ 643.449724][T12702] syzkaller1: entered allmulticast mode [ 643.702309][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 643.717621][ T5891] usb 1-1: string descriptor 0 read error: -22 [ 643.724535][ T5891] usb 1-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 643.734232][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.778515][ T5891] usb 1-1: config 0 descriptor?? [ 644.002085][ T5891] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 644.015659][ T5891] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 644.025720][ T5891] dib0700: firmware download failed at 7 with -22 [ 644.043175][ T5891] usb 1-1: USB disconnect, device number 109 [ 644.178608][ T9] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 644.246980][T12713] Cannot find add_set index 2 as target [ 644.347949][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 644.372562][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 644.415854][ T9] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 644.443136][ T9] usb 4-1: config 8 has 0 interfaces, different from the descriptor's value: 2 [ 644.614767][ T9] usb 4-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 645.462539][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.486396][ T9] usb 4-1: Product: syz [ 645.518948][ T9] usb 4-1: Manufacturer: syz [ 645.523986][ T9] usb 4-1: SerialNumber: syz [ 645.923185][T12711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.935079][T12711] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.124166][ T9] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 646.490247][ T9] usb 1-1: config 0 has no interfaces? [ 646.497623][ T9] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 646.517148][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.571032][ T9] usb 1-1: Product: syz [ 646.575231][ T9] usb 1-1: Manufacturer: syz [ 646.606598][ T9] usb 1-1: SerialNumber: syz [ 646.628714][ T9] usb 1-1: config 0 descriptor?? [ 646.687444][T12711] could not allocate digest TFM handle sha512-arm [ 647.006286][T12724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1934'. [ 647.185282][T12740] netlink: 'syz.4.1939': attribute type 11 has an invalid length. [ 647.233917][T12740] netlink: 'syz.4.1939': attribute type 10 has an invalid length. [ 647.887979][ T978] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 648.035466][ T9] usb 4-1: USB disconnect, device number 89 [ 648.071056][ T978] usb 2-1: config 0 has no interfaces? [ 648.225432][ T978] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 648.235455][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.245923][ T978] usb 2-1: Product: syz [ 648.251452][ T978] usb 2-1: Manufacturer: syz [ 648.256277][ T978] usb 2-1: SerialNumber: syz [ 648.266040][ T978] usb 2-1: config 0 descriptor?? [ 648.338278][T12757] Cannot find add_set index 2 as target [ 648.522407][ T9] usb 1-1: USB disconnect, device number 110 [ 648.642901][T12761] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1944'. [ 648.658155][T12761] FAULT_INJECTION: forcing a failure. [ 648.658155][T12761] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 648.738061][T12761] CPU: 1 UID: 0 PID: 12761 Comm: syz.4.1944 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 648.738083][T12761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 648.738094][T12761] Call Trace: [ 648.738100][T12761] [ 648.738107][T12761] dump_stack_lvl+0x189/0x250 [ 648.738136][T12761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 648.738157][T12761] ? __pfx__printk+0x10/0x10 [ 648.738181][T12761] should_fail_ex+0x414/0x560 [ 648.738209][T12761] _copy_to_user+0x31/0xb0 [ 648.738231][T12761] simple_read_from_buffer+0xe1/0x170 [ 648.738253][T12761] proc_fail_nth_read+0x1df/0x250 [ 648.738276][T12761] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 648.738299][T12761] ? rw_verify_area+0x258/0x650 [ 648.738314][T12761] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 648.738335][T12761] vfs_read+0x1fd/0x980 [ 648.738355][T12761] ? __pfx___mutex_lock+0x10/0x10 [ 648.738373][T12761] ? __pfx_vfs_read+0x10/0x10 [ 648.738390][T12761] ? __fget_files+0x2a/0x420 [ 648.738412][T12761] ? __fget_files+0x3a0/0x420 [ 648.738429][T12761] ? __fget_files+0x2a/0x420 [ 648.738454][T12761] ksys_read+0x145/0x250 [ 648.738468][T12761] ? rcu_is_watching+0x15/0xb0 [ 648.738492][T12761] ? __pfx_ksys_read+0x10/0x10 [ 648.738511][T12761] ? do_syscall_64+0xba/0x210 [ 648.738531][T12761] do_syscall_64+0xf6/0x210 [ 648.738549][T12761] ? clear_bhb_loop+0x45/0xa0 [ 648.738567][T12761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.738581][T12761] RIP: 0033:0x7fa999f8d37c [ 648.738594][T12761] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 648.738607][T12761] RSP: 002b:00007fa99ae5b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 648.738623][T12761] RAX: ffffffffffffffda RBX: 00007fa99a1b5fa0 RCX: 00007fa999f8d37c [ 648.738635][T12761] RDX: 000000000000000f RSI: 00007fa99ae5b0a0 RDI: 0000000000000004 [ 648.738644][T12761] RBP: 00007fa99ae5b090 R08: 0000000000000000 R09: 0000000000000000 [ 648.738654][T12761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 648.738663][T12761] R13: 0000000000000000 R14: 00007fa99a1b5fa0 R15: 00007fa99a2dfa28 [ 648.738685][T12761] [ 649.386074][T12769] use of bytesused == 0 is deprecated and will be removed in the future, [ 649.395153][T12769] use the actual size instead. [ 649.641110][ T30] audit: type=1326 audit(1746666042.731:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 649.703145][ T30] audit: type=1326 audit(1746666042.731:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 649.766550][ T30] audit: type=1326 audit(1746666042.731:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 649.807369][ T30] audit: type=1326 audit(1746666042.731:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 649.957816][ T30] audit: type=1326 audit(1746666042.731:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 649.997097][ T30] audit: type=1326 audit(1746666042.731:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 650.076701][T12767] syz.4.1946 (12767): drop_caches: 2 [ 650.085226][ T30] audit: type=1326 audit(1746666042.731:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 650.185632][ T30] audit: type=1326 audit(1746666042.731:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 650.224644][ T30] audit: type=1326 audit(1746666042.731:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 650.251037][ T30] audit: type=1326 audit(1746666042.731:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffad438e969 code=0x50000 [ 650.618106][T12786] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1953'. [ 650.635863][T12786] vlan2: entered promiscuous mode [ 650.663023][T12786] dummy0: entered promiscuous mode [ 651.513064][T12796] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1956'. [ 651.537825][T12796] vlan2: entered promiscuous mode [ 651.553110][T12796] dummy0: entered promiscuous mode [ 651.692188][ T5894] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 651.735385][ T5891] usb 2-1: USB disconnect, device number 96 [ 652.037676][T12801] FAULT_INJECTION: forcing a failure. [ 652.037676][T12801] name failslab, interval 1, probability 0, space 0, times 0 [ 652.048980][ T5894] usb 4-1: config 0 has no interfaces? [ 652.060376][ T5894] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 652.062750][T12801] CPU: 1 UID: 0 PID: 12801 Comm: syz.1.1959 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 652.062782][T12801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 652.062797][T12801] Call Trace: [ 652.062806][T12801] [ 652.062816][T12801] dump_stack_lvl+0x189/0x250 [ 652.062858][T12801] ? __pfx_dump_stack_lvl+0x10/0x10 [ 652.062890][T12801] ? __pfx__printk+0x10/0x10 [ 652.062921][T12801] ? ref_tracker_alloc+0x318/0x460 [ 652.062954][T12801] should_fail_ex+0x414/0x560 [ 652.062995][T12801] should_failslab+0xa8/0x100 [ 652.063026][T12801] kmem_cache_alloc_noprof+0x73/0x3c0 [ 652.063054][T12801] ? skb_clone+0x212/0x3a0 [ 652.063088][T12801] skb_clone+0x212/0x3a0 [ 652.063122][T12801] __netlink_deliver_tap+0x404/0x850 [ 652.063161][T12801] ? netlink_deliver_tap+0x2e/0x1b0 [ 652.063186][T12801] netlink_deliver_tap+0x19c/0x1b0 [ 652.063212][T12801] netlink_unicast+0x72f/0x8d0 [ 652.063265][T12801] netlink_sendmsg+0x805/0xb30 [ 652.063301][T12801] ? __pfx_netlink_sendmsg+0x10/0x10 [ 652.063331][T12801] ? aa_sock_msg_perm+0x94/0x160 [ 652.063358][T12801] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 652.063382][T12801] ? __pfx_netlink_sendmsg+0x10/0x10 [ 652.063408][T12801] __sock_sendmsg+0x219/0x270 [ 652.063447][T12801] ____sys_sendmsg+0x505/0x830 [ 652.063481][T12801] ? __pfx_____sys_sendmsg+0x10/0x10 [ 652.063520][T12801] ? import_iovec+0x74/0xa0 [ 652.063560][T12801] ___sys_sendmsg+0x21f/0x2a0 [ 652.063592][T12801] ? __pfx____sys_sendmsg+0x10/0x10 [ 652.063667][T12801] ? __fget_files+0x2a/0x420 [ 652.063695][T12801] ? __fget_files+0x3a0/0x420 [ 652.063735][T12801] __x64_sys_sendmsg+0x19b/0x260 [ 652.063767][T12801] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 652.063815][T12801] ? do_syscall_64+0xba/0x210 [ 652.063847][T12801] do_syscall_64+0xf6/0x210 [ 652.063874][T12801] ? clear_bhb_loop+0x45/0xa0 [ 652.063902][T12801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.063925][T12801] RIP: 0033:0x7f5117f8e969 [ 652.063944][T12801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.063965][T12801] RSP: 002b:00007f5118d89038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 652.063989][T12801] RAX: ffffffffffffffda RBX: 00007f51181b5fa0 RCX: 00007f5117f8e969 [ 652.064006][T12801] RDX: 0000000000004000 RSI: 0000200000000440 RDI: 0000000000000003 [ 652.064021][T12801] RBP: 00007f5118d89090 R08: 0000000000000000 R09: 0000000000000000 [ 652.064035][T12801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.064049][T12801] R13: 0000000000000000 R14: 00007f51181b5fa0 R15: 00007f51182dfa28 [ 652.064082][T12801] [ 652.342043][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.350201][ T5894] usb 4-1: Product: syz [ 652.354593][ T5894] usb 4-1: Manufacturer: syz [ 652.359391][ T5894] usb 4-1: SerialNumber: syz [ 652.376014][ T5894] usb 4-1: config 0 descriptor?? [ 652.392150][T12804] tipc: Enabling of bearer rejected, failed to enable media [ 652.467978][ T978] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 652.696632][ T978] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 652.712081][ T5894] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 652.732934][ T978] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 652.762424][ T978] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 652.777942][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 652.809249][T12794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1955'. [ 652.854353][ T978] usb 5-1: SerialNumber: syz [ 652.936006][ T5894] usb 2-1: config index 0 descriptor too short (expected 63524, got 36) [ 652.938096][T12802] ALSA: mixer_oss: invalid OSS volume '' [ 652.966357][ T5894] usb 2-1: config 227 has too many interfaces: 94, using maximum allowed: 32 [ 652.999973][ T5894] usb 2-1: config 227 has an invalid descriptor of length 37, skipping remainder of the config [ 653.022250][ T5894] usb 2-1: config 227 has 0 interfaces, different from the descriptor's value: 94 [ 653.038372][T12802] ALSA: mixer_oss: invalid OSS volume '+]OؓOGec9bx'ĮC' [ 653.039088][ T5894] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 653.062381][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.069201][T12812] FAULT_INJECTION: forcing a failure. [ 653.069201][T12812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.083714][T12802] ALSA: mixer_oss: invalid OSS volume '_*[bYcq~lr [ 653.155158][T12812] dump_stack_lvl+0x189/0x250 [ 653.155192][T12812] ? __lock_acquire+0xaac/0xd20 [ 653.155222][T12812] ? __pfx_dump_stack_lvl+0x10/0x10 [ 653.155251][T12812] ? __pfx__printk+0x10/0x10 [ 653.155282][T12812] ? __might_fault+0xb0/0x130 [ 653.155321][T12812] should_fail_ex+0x414/0x560 [ 653.155360][T12812] _copy_from_iter+0x1db/0x15a0 [ 653.155391][T12812] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 653.155413][T12812] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 653.155440][T12812] ? __pfx__copy_from_iter+0x10/0x10 [ 653.155467][T12812] ? __build_skb_around+0x257/0x3e0 [ 653.155496][T12812] ? netlink_sendmsg+0x642/0xb30 [ 653.155522][T12812] ? skb_put+0x11b/0x210 [ 653.155551][T12812] netlink_sendmsg+0x6b2/0xb30 [ 653.155583][T12812] ? __pfx_netlink_sendmsg+0x10/0x10 [ 653.155611][T12812] ? aa_sock_msg_perm+0x94/0x160 [ 653.155636][T12812] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 653.155659][T12812] ? __pfx_netlink_sendmsg+0x10/0x10 [ 653.155682][T12812] __sock_sendmsg+0x219/0x270 [ 653.155719][T12812] ____sys_sendmsg+0x505/0x830 [ 653.155751][T12812] ? __pfx_____sys_sendmsg+0x10/0x10 [ 653.155788][T12812] ? import_iovec+0x74/0xa0 [ 653.155818][T12812] ___sys_sendmsg+0x21f/0x2a0 [ 653.155846][T12812] ? __pfx____sys_sendmsg+0x10/0x10 [ 653.155905][T12812] ? __fget_files+0x2a/0x420 [ 653.155931][T12812] ? __fget_files+0x3a0/0x420 [ 653.155968][T12812] __x64_sys_sendmsg+0x19b/0x260 [ 653.155998][T12812] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 653.156041][T12812] ? do_syscall_64+0xba/0x210 [ 653.156071][T12812] do_syscall_64+0xf6/0x210 [ 653.156096][T12812] ? clear_bhb_loop+0x45/0xa0 [ 653.156122][T12812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.156142][T12812] RIP: 0033:0x7ffad438e969 [ 653.156162][T12812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.156180][T12812] RSP: 002b:00007ffad51cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 653.156203][T12812] RAX: ffffffffffffffda RBX: 00007ffad45b5fa0 RCX: 00007ffad438e969 [ 653.156218][T12812] RDX: 0000000004000000 RSI: 0000200000004340 RDI: 0000000000000003 [ 653.156233][T12812] RBP: 00007ffad51cc090 R08: 0000000000000000 R09: 0000000000000000 [ 653.156245][T12812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.156258][T12812] R13: 0000000000000000 R14: 00007ffad45b5fa0 R15: 00007ffad46dfa28 [ 653.156297][T12812] [ 653.187051][ T978] usb 5-1: USB disconnect, device number 97 [ 653.223201][T12802] ALSA: mixer_oss: invalid OSS volume 'B}s둥"f0^C' [ 653.443706][T12802] ALSA: mixer_oss: invalid OSS volume 'gRy'G!P' [ 653.455589][T12802] ALSA: mixer_oss: invalid OSS volume '{ouD1*ڦi&qrm4_Xn' [ 653.472608][T12802] ALSA: mixer_oss: invalid OSS volume '/U~d?":9S' [ 653.497769][ T6454] udevd[6454]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 653.536953][T12802] ALSA: mixer_oss: invalid OSS volume '(8' [ 653.571915][T12814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1962'. [ 653.581443][T12802] ALSA: mixer_oss: invalid OSS volume '')3loX+iG9SNW' [ 653.630252][T12816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1962'. [ 653.646613][T12802] ALSA: mixer_oss: invalid OSS volume '%X%Ň 9WsE?%73' [ 653.738409][T12802] ALSA: mixer_oss: invalid OSS volume 'Ji' [ 653.796196][T12802] ALSA: mixer_oss: invalid OSS volume 'Of SҖ[sx' [ 653.866786][T12802] ALSA: mixer_oss: invalid OSS volume '::IJUTTځA"B^Csb;`c' [ 653.905328][T12802] ALSA: mixer_oss: invalid OSS volume 'cۉ< S٪3nF /Pf' [ 653.919296][T12802] ALSA: mixer_oss: invalid OSS volume '9 hĨy^7]' [ 653.934899][T12802] ALSA: mixer_oss: invalid OSS volume '?6<g$/uXAd>=V' [ 653.966559][T12802] ALSA: mixer_oss: invalid OSS volume '+ͿnU<$^EKʘr+' [ 654.024346][T12802] ALSA: mixer_oss: invalid OSS volume '+8iYJz' [ 654.329425][ T47] usb 4-1: USB disconnect, device number 90 [ 655.440992][T12832] netlink: 'syz.4.1965': attribute type 1 has an invalid length. [ 655.452228][T12832] veth1_macvtap: left promiscuous mode [ 655.475425][T12832] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 656.359296][ T5894] usb 2-1: string descriptor 0 read error: -71 [ 656.423132][ T5894] usb 2-1: USB disconnect, device number 97 [ 657.031166][T12849] FAULT_INJECTION: forcing a failure. [ 657.031166][T12849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 657.088128][T12849] CPU: 1 UID: 0 PID: 12849 Comm: syz.0.1972 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 657.088165][T12849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 657.088179][T12849] Call Trace: [ 657.088188][T12849] [ 657.088197][T12849] dump_stack_lvl+0x189/0x250 [ 657.088226][T12849] ? __lock_acquire+0xaac/0xd20 [ 657.088249][T12849] ? __pfx_dump_stack_lvl+0x10/0x10 [ 657.088270][T12849] ? __pfx__printk+0x10/0x10 [ 657.088285][T12849] ? __might_fault+0xb0/0x130 [ 657.088312][T12849] should_fail_ex+0x414/0x560 [ 657.088339][T12849] _copy_from_user+0x2d/0xb0 [ 657.088360][T12849] ___sys_sendmsg+0x158/0x2a0 [ 657.088382][T12849] ? __pfx____sys_sendmsg+0x10/0x10 [ 657.088426][T12849] ? __fget_files+0x2a/0x420 [ 657.088445][T12849] ? __fget_files+0x3a0/0x420 [ 657.088470][T12849] __sys_sendmmsg+0x227/0x430 [ 657.088494][T12849] ? __pfx___sys_sendmmsg+0x10/0x10 [ 657.088520][T12849] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 657.088551][T12849] ? ksys_write+0x1f0/0x250 [ 657.088566][T12849] ? rcu_is_watching+0x15/0xb0 [ 657.088596][T12849] __x64_sys_sendmmsg+0xa0/0xc0 [ 657.088617][T12849] do_syscall_64+0xf6/0x210 [ 657.088635][T12849] ? clear_bhb_loop+0x45/0xa0 [ 657.088653][T12849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.088667][T12849] RIP: 0033:0x7ffad438e969 [ 657.088680][T12849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.088693][T12849] RSP: 002b:00007ffad51cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 657.088709][T12849] RAX: ffffffffffffffda RBX: 00007ffad45b5fa0 RCX: 00007ffad438e969 [ 657.088719][T12849] RDX: 0000000000000001 RSI: 0000200000004380 RDI: 0000000000000003 [ 657.088729][T12849] RBP: 00007ffad51cc090 R08: 0000000000000000 R09: 0000000000000000 [ 657.088738][T12849] R10: 0000000000000814 R11: 0000000000000246 R12: 0000000000000001 [ 657.088746][T12849] R13: 0000000000000000 R14: 00007ffad45b5fa0 R15: 00007ffad46dfa28 [ 657.088768][T12849] [ 657.933985][T12856] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1973'. [ 657.961968][T12857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1974'. [ 658.796064][ T3078] IPVS: starting estimator thread 0... [ 658.958282][T12868] IPVS: using max 25 ests per chain, 60000 per kthread [ 659.067998][ T3078] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 659.253052][ T3078] usb 2-1: config 0 has no interfaces? [ 659.410357][ T3078] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 659.472677][ T3078] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.488124][ T3078] usb 2-1: Product: syz [ 659.500698][ T3078] usb 2-1: Manufacturer: syz [ 659.554832][ T3078] usb 2-1: SerialNumber: syz [ 659.578187][ T3078] usb 2-1: config 0 descriptor?? [ 659.824059][T12865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1976'. [ 660.268164][ T978] usb 4-1: new low-speed USB device number 91 using dummy_hcd [ 660.480811][ T978] usb 4-1: unable to get BOS descriptor or descriptor too short [ 660.494281][ T978] usb 4-1: string descriptor 0 read error: -22 [ 660.502002][ T978] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 660.534278][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.582223][ T978] usb 4-1: config 0 descriptor?? [ 660.664359][T12877] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 660.842166][ T978] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 660.887563][ T978] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 660.903683][ T978] dib0700: firmware download failed at 7 with -22 [ 660.923115][ T978] usb 4-1: USB disconnect, device number 91 [ 661.885248][ T5891] usb 2-1: USB disconnect, device number 98 [ 662.394181][T12909] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1986'. [ 662.628083][ T5891] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 663.188211][ T5891] usb 5-1: Using ep0 maxpacket: 16 [ 663.201811][ T5891] usb 5-1: config index 0 descriptor too short (expected 69, got 36) [ 663.228454][ T5891] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 663.273320][ T5891] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 663.355388][ T5891] usb 5-1: config 0 has no interface number 0 [ 663.374348][ T5891] usb 5-1: config 0 interface 255 has no altsetting 0 [ 663.405022][ T5891] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 663.444541][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.483290][ T5891] usb 5-1: Product: syz [ 663.498139][ T5891] usb 5-1: Manufacturer: syz [ 663.517167][ T5891] usb 5-1: SerialNumber: syz [ 663.546572][ T5891] usb 5-1: config 0 descriptor?? [ 663.639803][ T5891] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 664.532348][T12908] x_tables: ip_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 664.577023][ T5891] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 664.600054][ T5891] gspca_pac7302 5-1:0.255: probe with driver gspca_pac7302 failed with error -71 [ 664.632185][ T5891] usb 5-1: USB disconnect, device number 98 [ 665.646699][T12938] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1996'. [ 665.709017][ T978] usb 4-1: new low-speed USB device number 92 using dummy_hcd [ 665.880630][ T978] usb 4-1: unable to get BOS descriptor or descriptor too short [ 666.044490][ T978] usb 4-1: string descriptor 0 read error: -22 [ 666.051967][ T978] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 666.061362][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 666.075267][T12948] pimreg3: entered allmulticast mode [ 666.080625][ T978] usb 4-1: config 0 descriptor?? [ 666.155394][T12946] pimreg3: left allmulticast mode [ 666.326054][ T978] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 666.345558][ T978] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 666.484102][T12953] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2000'. [ 666.523704][ T978] dib0700: firmware download failed at 7 with -22 [ 666.552432][ T978] usb 4-1: USB disconnect, device number 92 [ 666.625220][T12942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 667.338182][ T24] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 667.356674][T12965] FAULT_INJECTION: forcing a failure. [ 667.356674][T12965] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 667.378664][T12965] CPU: 1 UID: 0 PID: 12965 Comm: syz.1.2005 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 667.378695][T12965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 667.378709][T12965] Call Trace: [ 667.378718][T12965] [ 667.378728][T12965] dump_stack_lvl+0x189/0x250 [ 667.378761][T12965] ? __lock_acquire+0xaac/0xd20 [ 667.378792][T12965] ? __pfx_dump_stack_lvl+0x10/0x10 [ 667.378820][T12965] ? __pfx__printk+0x10/0x10 [ 667.378841][T12965] ? __might_fault+0xb0/0x130 [ 667.378878][T12965] should_fail_ex+0x414/0x560 [ 667.378916][T12965] _copy_from_iter+0x575/0x15a0 [ 667.378953][T12965] ? __pfx__copy_from_iter+0x10/0x10 [ 667.378986][T12965] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 667.379020][T12965] skb_copy_datagram_from_iter+0xf5/0x720 [ 667.379065][T12965] ? dev_get_by_index+0x22/0x2e0 [ 667.379094][T12965] ? skb_put+0x11b/0x210 [ 667.379122][T12965] packet_sendmsg+0x3ab9/0x5400 [ 667.379180][T12965] ? __pfx___might_resched+0x10/0x10 [ 667.379216][T12965] ? __pfx_packet_sendmsg+0x10/0x10 [ 667.379237][T12965] ? aa_sk_perm+0x81e/0x950 [ 667.379263][T12965] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 667.379296][T12965] ? aa_sock_msg_perm+0x94/0x160 [ 667.379320][T12965] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 667.379343][T12965] ? __pfx_packet_sendmsg+0x10/0x10 [ 667.379367][T12965] __sock_sendmsg+0x219/0x270 [ 667.379402][T12965] ____sys_sendmsg+0x505/0x830 [ 667.379434][T12965] ? __pfx_____sys_sendmsg+0x10/0x10 [ 667.379470][T12965] ? import_iovec+0x74/0xa0 [ 667.379501][T12965] ___sys_sendmsg+0x21f/0x2a0 [ 667.379530][T12965] ? __pfx____sys_sendmsg+0x10/0x10 [ 667.379592][T12965] ? __fget_files+0x2a/0x420 [ 667.379618][T12965] ? __fget_files+0x3a0/0x420 [ 667.379654][T12965] __x64_sys_sendmsg+0x19b/0x260 [ 667.379683][T12965] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 667.379726][T12965] ? do_syscall_64+0xba/0x210 [ 667.379754][T12965] do_syscall_64+0xf6/0x210 [ 667.379778][T12965] ? clear_bhb_loop+0x45/0xa0 [ 667.379803][T12965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.379822][T12965] RIP: 0033:0x7f5117f8e969 [ 667.379840][T12965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 667.379858][T12965] RSP: 002b:00007f5118d89038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 667.379880][T12965] RAX: ffffffffffffffda RBX: 00007f51181b5fa0 RCX: 00007f5117f8e969 [ 667.379896][T12965] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 667.379909][T12965] RBP: 00007f5118d89090 R08: 0000000000000000 R09: 0000000000000000 [ 667.379922][T12965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 667.379934][T12965] R13: 0000000000000000 R14: 00007f51181b5fa0 R15: 00007f51182dfa28 [ 667.379965][T12965] [ 667.662321][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.984136][ T24] usb 4-1: config 0 has no interfaces? [ 667.995822][ T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 668.006085][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.014527][ T24] usb 4-1: Product: syz [ 668.019110][ T24] usb 4-1: Manufacturer: syz [ 668.024063][ T24] usb 4-1: SerialNumber: syz [ 668.038767][ T24] usb 4-1: config 0 descriptor?? [ 668.299734][T12959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 668.319284][T12959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 668.484278][ T5894] usb 4-1: USB disconnect, device number 93 [ 668.544386][T12982] ptrace attach of "./syz-executor exec"[5847] was attempted by "\x09   . [ 668.596459][T12980] netlink: 'syz.2.2010': attribute type 10 has an invalid length. [ 668.687854][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.749038][T12980] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 669.412809][T12991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2013'. [ 670.847602][T13000] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 671.947446][T13021] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2021'. [ 672.883016][T13050] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2032'. [ 672.895545][T13050] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2032'. [ 672.937535][T13050] bridge0: entered promiscuous mode [ 672.947187][T13050] ip6gretap0: entered promiscuous mode [ 673.122425][T13059] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2035'. [ 673.188169][ T24] usb 5-1: new full-speed USB device number 99 using dummy_hcd [ 673.385874][ T3527] [ 673.388261][ T3527] ============================================ [ 673.394411][ T3527] WARNING: possible recursive locking detected [ 673.400567][ T3527] 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 Not tainted [ 673.407673][ T3527] -------------------------------------------- [ 673.413854][ T3527] kworker/u8:8/3527 is trying to acquire lock: [ 673.420264][ T3527] ffff88805b65ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x19a/0x220 [ 673.429451][ T3527] [ 673.429451][ T3527] but task is already holding lock: [ 673.436829][ T3527] ffff888057794f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x19a/0x220 [ 673.445926][ T3527] [ 673.445926][ T3527] other info that might help us debug this: [ 673.454002][ T3527] Possible unsafe locking scenario: [ 673.454002][ T3527] [ 673.461542][ T3527] CPU0 [ 673.464819][ T3527] ---- [ 673.468098][ T3527] lock(&hsr->seqnr_lock); [ 673.472617][ T3527] lock(&hsr->seqnr_lock); [ 673.477127][ T3527] [ 673.477127][ T3527] *** DEADLOCK *** [ 673.477127][ T3527] [ 673.485272][ T3527] May be due to missing lock nesting notation [ 673.485272][ T3527] [ 673.493604][ T3527] 11 locks held by kworker/u8:8/3527: [ 673.498971][ T3527] #0: ffff88802f74e948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 673.510660][ T3527] #1: ffffc9000c5afc60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 673.523467][ T3527] #2: ffffffff8f2f47c8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0 [ 673.532966][ T3527] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x208/0x1400 [ 673.542474][ T3527] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x701/0x16a0 [ 673.552405][ T3527] #5: ffffffff8df3b8c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27e/0x3a70 [ 673.562341][ T3527] #6: ffff888057794f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x19a/0x220 [ 673.571842][ T3527] #7: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0x9e/0x2860 [ 673.581336][ T3527] #8: ffffffff8df3b8c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27e/0x3a70 [ 673.591365][ T3527] #9: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: br_dev_xmit+0x185/0x1840 [ 673.600606][ T3527] #10: ffffffff8df3b8c0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x27e/0x3a70 [ 673.611324][ T3527] [ 673.611324][ T3527] stack backtrace: [ 673.617211][ T3527] CPU: 1 UID: 0 PID: 3527 Comm: kworker/u8:8 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) [ 673.617232][ T3527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 673.617245][ T3527] Workqueue: ipv6_addrconf addrconf_dad_work [ 673.617263][ T3527] Call Trace: [ 673.617272][ T3527] [ 673.617280][ T3527] dump_stack_lvl+0x189/0x250 [ 673.617305][ T3527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 673.617328][ T3527] ? __pfx__printk+0x10/0x10 [ 673.617348][ T3527] print_deadlock_bug+0x28b/0x2a0 [ 673.617366][ T3527] validate_chain+0x1a3f/0x2140 [ 673.617382][ T3527] ? unwind_next_frame+0xa5/0x2390 [ 673.617402][ T3527] ? ret_from_fork_asm+0x1a/0x30 [ 673.617419][ T3527] ? unwind_next_frame+0xa5/0x2390 [ 673.617436][ T3527] ? rcu_is_watching+0x15/0xb0 [ 673.617459][ T3527] ? __kasan_check_byte+0x12/0x40 [ 673.617480][ T3527] ? unwind_next_frame+0xa5/0x2390 [ 673.617500][ T3527] __lock_acquire+0xaac/0xd20 [ 673.617524][ T3527] ? hsr_dev_xmit+0x19a/0x220 [ 673.617548][ T3527] lock_acquire+0x120/0x360 [ 673.617568][ T3527] ? hsr_dev_xmit+0x19a/0x220 [ 673.617596][ T3527] ? hsr_dev_xmit+0x19a/0x220 [ 673.617620][ T3527] _raw_spin_lock_bh+0x36/0x50 [ 673.617636][ T3527] ? hsr_dev_xmit+0x19a/0x220 [ 673.617659][ T3527] hsr_dev_xmit+0x19a/0x220 [ 673.617684][ T3527] dev_hard_start_xmit+0x2ff/0x880 [ 673.617712][ T3527] __dev_queue_xmit+0x1adf/0x3a70 [ 673.617737][ T3527] ? __dev_queue_xmit+0x27e/0x3a70 [ 673.617762][ T3527] ? __local_bh_enable_ip+0x12d/0x1c0 [ 673.617787][ T3527] ? lockdep_hardirqs_on+0x9c/0x150 [ 673.617806][ T3527] ? __pfx___dev_queue_xmit+0x10/0x10 [ 673.617830][ T3527] ? do_raw_read_unlock+0x3d/0x80 [ 673.617852][ T3527] ? ebt_do_table+0x265b/0x2820 [ 673.617883][ T3527] br_dev_queue_push_xmit+0x6c5/0x890 [ 673.617909][ T3527] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 673.617934][ T3527] ? NF_HOOK+0x9e/0x3c0 [ 673.617955][ T3527] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 673.617978][ T3527] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 673.618000][ T3527] NF_HOOK+0x31d/0x3c0 [ 673.618023][ T3527] ? NF_HOOK+0x9e/0x3c0 [ 673.618044][ T3527] ? __pfx_NF_HOOK+0x10/0x10 [ 673.618067][ T3527] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 673.618094][ T3527] br_forward_finish+0xd3/0x130 [ 673.618116][ T3527] ? __pfx_br_dev_queue_push_xmit+0x10/0x10 [ 673.618138][ T3527] ? __pfx_br_forward_finish+0x10/0x10 [ 673.618166][ T3527] ? __pfx_br_forward_finish+0x10/0x10 [ 673.618188][ T3527] NF_HOOK+0x31d/0x3c0 [ 673.618211][ T3527] ? NF_HOOK+0x9e/0x3c0 [ 673.618232][ T3527] ? __pfx_NF_HOOK+0x10/0x10 [ 673.618254][ T3527] ? __pfx_br_forward_finish+0x10/0x10 [ 673.618280][ T3527] __br_forward+0x41e/0x600 [ 673.618301][ T3527] ? __pfx_br_forward_finish+0x10/0x10 [ 673.618326][ T3527] ? __pfx___br_forward+0x10/0x10 [ 673.618350][ T3527] ? skb_clone+0x246/0x3a0 [ 673.618373][ T3527] maybe_deliver+0xb5/0x160 [ 673.618396][ T3527] br_flood+0x31a/0x6a0 [ 673.618423][ T3527] ? br_dev_xmit+0x185/0x1840 [ 673.618439][ T3527] br_dev_xmit+0x11b3/0x1840 [ 673.618455][ T3527] ? arch_stack_walk+0x11c/0x150 [ 673.618476][ T3527] ? br_dev_xmit+0x185/0x1840 [ 673.618495][ T3527] ? __pfx_br_dev_xmit+0x10/0x10 [ 673.618512][ T3527] ? __pfx_skb_network_protocol+0x10/0x10 [ 673.618534][ T3527] ? __pfx_validate_xmit_xfrm+0x10/0x10 [ 673.618556][ T3527] ? __pfx_passthru_features_check+0x10/0x10 [ 673.618583][ T3527] dev_hard_start_xmit+0x2ff/0x880 [ 673.618610][ T3527] __dev_queue_xmit+0x1adf/0x3a70 [ 673.618636][ T3527] ? __dev_queue_xmit+0x27e/0x3a70 [ 673.618660][ T3527] ? rcu_is_watching+0x15/0xb0 [ 673.618683][ T3527] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 673.618702][ T3527] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 673.618723][ T3527] ? __pfx___dev_queue_xmit+0x10/0x10 [ 673.618745][ T3527] ? __copy_skb_header+0xa7/0x550 [ 673.618767][ T3527] ? __asan_memcpy+0x40/0x70 [ 673.618782][ T3527] ? __pskb_copy_fclone+0x960/0xf90 [ 673.618805][ T3527] ? __asan_memcpy+0x40/0x70 [ 673.618819][ T3527] ? __pskb_copy_fclone+0x960/0xf90 [ 673.618844][ T3527] ? hsr_create_tagged_frame+0x449/0xc30 [ 673.618862][ T3527] ? __asan_memmove+0x40/0x70 [ 673.618877][ T3527] ? hsr_addr_subst_dest+0x307/0xac0 [ 673.618904][ T3527] hsr_forward_skb+0x158b/0x2860 [ 673.618926][ T3527] ? hsr_forward_skb+0x9e/0x2860 [ 673.618944][ T3527] ? __pfx_hsr_forward_skb+0x10/0x10 [ 673.618960][ T3527] ? do_raw_spin_lock+0x121/0x290 [ 673.618979][ T3527] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 673.618999][ T3527] ? hsr_dev_xmit+0x19a/0x220 [ 673.619023][ T3527] hsr_dev_xmit+0x1a5/0x220 [ 673.619048][ T3527] dev_hard_start_xmit+0x2ff/0x880 [ 673.619075][ T3527] __dev_queue_xmit+0x1adf/0x3a70 [ 673.619098][ T3527] ? register_lock_class+0x51/0x320 [ 673.619121][ T3527] ? __dev_queue_xmit+0x27e/0x3a70 [ 673.619148][ T3527] ? __pfx___dev_queue_xmit+0x10/0x10 [ 673.619177][ T3527] ? read_seqbegin+0x122/0x250 [ 673.619192][ T3527] ? neigh_connected_output+0x1ea/0x460 [ 673.619208][ T3527] ? lockdep_hardirqs_on+0x9c/0x150 [ 673.619226][ T3527] ? read_seqbegin+0x1ac/0x250 [ 673.619240][ T3527] ? __pfx_read_seqbegin+0x10/0x10 [ 673.619255][ T3527] ? eth_header+0x11b/0x200 [ 673.619274][ T3527] ? __asan_memcpy+0x40/0x70 [ 673.619289][ T3527] ? eth_header+0x11b/0x200 [ 673.619306][ T3527] ? __pfx_eth_header+0x10/0x10 [ 673.619325][ T3527] ? neigh_connected_output+0x3b6/0x460 [ 673.619347][ T3527] ip6_finish_output2+0x11fb/0x16a0 [ 673.619368][ T3527] ? ip6_finish_output2+0x701/0x16a0 [ 673.619389][ T3527] ? __pfx_ip6_finish_output2+0x10/0x10 [ 673.619409][ T3527] ? ip6_mtu+0x7d/0x3f0 [ 673.619426][ T3527] ? ip6_mtu+0x7d/0x3f0 [ 673.619441][ T3527] ip6_finish_output+0x234/0x7d0 [ 673.619459][ T3527] ndisc_send_skb+0xb47/0x1400 [ 673.619480][ T3527] ? ndisc_send_skb+0x208/0x1400 [ 673.619505][ T3527] ? __pfx_ndisc_send_skb+0x10/0x10 [ 673.619527][ T3527] ? __pfx_dst_output+0x10/0x10 [ 673.619547][ T3527] ? __asan_memcpy+0x40/0x70 [ 673.619565][ T3527] ? mod_delayed_work_on+0x128/0x200 [ 673.619585][ T3527] ndisc_send_ns+0xcb/0x150 [ 673.619608][ T3527] ? __pfx_ndisc_send_ns+0x10/0x10 [ 673.619630][ T3527] ? addrconf_dad_work+0xa04/0x14b0 [ 673.619646][ T3527] addrconf_dad_work+0xaae/0x14b0 [ 673.619664][ T3527] ? __pfx_addrconf_dad_work+0x10/0x10 [ 673.619678][ T3527] ? process_scheduled_works+0x9ec/0x17a0 [ 673.619705][ T3527] ? process_scheduled_works+0x9ec/0x17a0 [ 673.619729][ T3527] ? process_scheduled_works+0x9ec/0x17a0 [ 673.619754][ T3527] process_scheduled_works+0xadb/0x17a0 [ 673.619789][ T3527] ? __pfx_process_scheduled_works+0x10/0x10 [ 673.619819][ T3527] worker_thread+0x8a0/0xda0 [ 673.619835][ T3527] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 673.619854][ T3527] ? __kthread_parkme+0x7b/0x200 [ 673.619873][ T3527] kthread+0x70e/0x8a0 [ 673.619892][ T3527] ? __pfx_worker_thread+0x10/0x10 [ 673.619906][ T3527] ? __pfx_kthread+0x10/0x10 [ 673.619924][ T3527] ? __pfx_kthread+0x10/0x10 [ 673.619941][ T3527] ? _raw_spin_unlock_irq+0x23/0x50 [ 673.619956][ T3527] ? lockdep_hardirqs_on+0x9c/0x150 [ 673.619973][ T3527] ? __pfx_kthread+0x10/0x10 [ 673.619991][ T3527] ret_from_fork+0x4b/0x80 [ 673.620007][ T3527] ? __pfx_kthread+0x10/0x10 [ 673.620024][ T3527] ret_from_fork_asm+0x1a/0x30 [ 673.620045][ T3527] [ 674.310168][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.360484][ T24] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 674.398773][ T5933] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 674.606333][ T24] usb 5-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 674.615505][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.623603][ T24] usb 5-1: Product: syz [ 674.627807][ T24] usb 5-1: Manufacturer: syz [ 674.632644][ T24] usb 5-1: SerialNumber: syz [ 675.056607][T13052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2033'. [ 675.106168][T13057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 675.175450][ T24] usb 5-1: selecting invalid altsetting 1 [ 675.183204][ T24] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 675.183280][ T24] dvb_usb_lmedm04 5-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 675.207953][ T978] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 675.210201][ T24] usb 5-1: USB disconnect, device number 99 [ 675.329649][ T5933] usb 3-1: config 0 has an invalid interface number: 229 but max is 0 [ 675.339515][ T5933] usb 3-1: config 0 has no interface number 0 [ 675.345659][ T5933] usb 3-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19 [ 675.357186][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.378761][ T5933] usb 3-1: config 0 descriptor?? [ 676.728920][ T24] usb 3-1: USB disconnect, device number 114