last executing test programs: 14.404714961s ago: executing program 4 (id=520): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc000000000000000000000000000000ac1414bb00000000000000000000000000000004000000000a0060003b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000009000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000000000100000000000000feffffffffffffff00000000000000000000000000000000000000000000000009000000000000000000020000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0004}]}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x89727a31546dcc43, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 14.277422758s ago: executing program 4 (id=521): openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x161440, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x0, 0x10100}, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x21, 0x2, 0x2) openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) socket(0xa, 0x3, 0x1) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x3, 0x5}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYRES16=r0], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0) 13.159774202s ago: executing program 4 (id=525): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x3, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x8004) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) openat$vcsa(0xffffffffffffff9c, 0x0, 0x842, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22, 0xa}, 0x1c) listen(r6, 0xfff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]}) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_open_dev$loop(&(0x7f0000000000), 0x800000000000000, 0x580) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x9}) 10.211158188s ago: executing program 2 (id=532): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_mr_vif\x00') openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x82801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x70bd25, 0xfffffffe, {}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_DST={0x8, 0x2, @empty}}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x3}, @NHA_OIF={0x8, 0x5, r4}]}, 0x34}}, 0x40040d0) connect$can_j1939(r1, &(0x7f00000002c0)={0x1d, r4, 0x2, {0x1, 0x1, 0x2}}, 0x18) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) r5 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r5, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) lseek(r5, 0x0, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) listen(r0, 0x5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r6, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x8, 0x5, 0x0, 0x6, 0x3, 0x6, 0x3, 0x25f, 0x38, 0x2f, 0x10, 0x5, 0x20, 0x4, 0x0, 0x1, 0xf}, [{0x70000000, 0x4ab, 0x2, 0x5, 0x2, 0x4, 0x6, 0x5}, {0x3, 0x7, 0xfffffe01, 0x1, 0x0, 0x7, 0xf1f, 0x1}, {0x60000007, 0x3f01, 0x6, 0x1, 0x2, 0x911, 0x3a18, 0x8}, {0x7, 0x50, 0x0, 0x81, 0x4, 0x8, 0xfffffff9, 0x4}], "4f93c256f750613b4d96ebf36d3a9ec32efc5a213936f54aa829a161eeddff04caaa03e5c8361361727300aa66f97202af9a0d4f273437fe3bc69cdbf9206ead66bbb54816b59fdd42a80eea695c1b15246c6dc504231e6f0e5efd027a6e7e085e96a73d434c20982c0c60850f4865765b", ['\x00', '\x00', '\x00']}, 0x429) 10.052367967s ago: executing program 3 (id=533): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004580), 0x0, 0x0) (async) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10060, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x2}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) r5 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x48, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd}, {0xb}, {0x4, 0xffe0}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x200, 0x6, 0x0, 0x0, 0x7e}}, {0x4}}]}]}, 0x48}}, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @ib_path={0x0, 0xffffffffffffffff, 0x1, 0x1, 0x4000}}, 0x20) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='timerslack_ns\x00') (async, rerun: 32) gettid() (async, rerun: 32) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) (async) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80, 0x23456}) r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32) r8 = fsmount(r7, 0x1, 0x0) (rerun: 32) fchdir(r8) (async, rerun: 32) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x44) (async, rerun: 32) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 9.683919809s ago: executing program 1 (id=534): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) r4 = socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000140), 0x8) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r5 = io_uring_setup(0x1530, &(0x7f0000000480)={0x0, 0xe739, 0x1, 0x8000002, 0x1d4}) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$nci(r6, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$sock_netdev_private(r4, 0x89fa, &(0x7f0000000600)="b381ffebf9cf0dcfb1cae07ef0ed048e25e2e53e4ebaecdf0e10618309c2157e2233e8fb1125a5205b11e821ed278e2d3f63aca20d2c124311270cf5f6e0ff694e12f9530b921b45db7ed02efee41e3ffc97e4146fbbec9b3062bf6930ed8e209f5d44baab404347eb80540ca02cb133d24d7acb47ce8e03cff4da58f44a8d826cdffa2dab98e2df4229e65a8f63240fa9b3fbcbbf4cbf84c19c453d19467d52711cb8fd0ce570ff16de4f4c3ddf7f0c3a4770d099b7e0b1378bb0dc2c2645bae789e5448da9b49079d597d80a6b9c0fbc11178bd05d4c4a1e24d461") ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r7, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r8, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000002d40)={0x48, 0x7, r9, 0x0, 0x10000, 0x0, 0x8, 0x28d662, 0x1096e}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r9, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r7, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, r8, 0x0, 0xffffffffffffffff, 0x1}) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000010000000f000000080034000800030008000300", @ANYRES32=r10, @ANYBLOB="050033"], 0x2c}, 0x1, 0x0, 0x0, 0x24004040}, 0x80) 9.673899184s ago: executing program 4 (id=535): rt_sigaction(0x40, 0x0, 0x0, 0x8, &(0x7f0000000200)) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x18) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x8008700b, &(0x7f0000000080)={0x2e, 0x27, 0x1, 0x1d, 0x1, 0x4, 0x2, 0x16b, 0xffffffffffffffff}) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000040), 0x12) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000040)={0x3, 0x1, 0x10000000000001, 0x3}) r5 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000040)={[{0x2b, 'pids'}]}, 0x6) syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 9.115556234s ago: executing program 4 (id=536): sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597b9a7e727a3ece8daadf4b04a69b21dfd745934e8870086d4dcd91c1c9a69f5d303d175b4bcc0da016fb4be47336b3557b59b09b0bce1bace8b3eb86e9f3e3b4244a7bd9bad12f2ae80c3f5a6a08634b6f70ef4d694f97312f4", 0x68}], 0x1, 0x0, 0x0, 0x54}, 0x24008804) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x7, 0x0, 0x3}}}}}}}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, "9e00", 0x1c, 0x6, 0xfde3996dcd16970f, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x7, 0xc2, 0xfffd, 0x0, 0x3, {[@window={0x3, 0x3, 0x40}, @sack_perm={0x4, 0x2}]}}}}}}}}, 0x0) 8.914702662s ago: executing program 2 (id=537): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$uac1(r0, 0x0, 0x0) (rerun: 64) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000640)={0x2c, &(0x7f0000000540)={0x20, 0x16, 0x1, 'i'}, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) syz_usb_control_io$uac1(r0, 0x0, 0x0) (rerun: 32) socket$l2tp6(0xa, 0x2, 0x73) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0}) (async, rerun: 32) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 8.913778764s ago: executing program 4 (id=538): socket$inet(0x2, 0x3, 0x5) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_NOP={0x0, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c0000000102010100000008000000000a000007180001801400018005000100ffffffff08000200ac14141f"], 0x2c}, 0x1, 0x0, 0x0, 0x4085}, 0x20000004) 7.389309479s ago: executing program 3 (id=539): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1200f50044199610b957614088010101000000000000002000002c216cf2af3db560fb00"], 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003ea000000ea031b145c1ec654ab798223bcaa5e2505853bb8b0ed01cbff6c74ad31520b8ab9"]}, 0x0) 7.160024969s ago: executing program 2 (id=541): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6e) socket$inet6(0xa, 0x3, 0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x1ff, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) syz_open_dev$sndctrl(0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f00000000c0)=[@in6={0xa, 0x5e22, 0x8000, @local, 0x1}], 0x1c) listen(r3, 0xfff) accept4(r3, &(0x7f0000000000)=@sco={0x1f, @none}, &(0x7f0000000080)=0xfffffdf1, 0x800) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r4 = getpgid(0x0) r5 = syz_pidfd_open(r4, 0x0) r6 = pidfd_getfd(r5, r5, 0x0) name_to_handle_at(r6, &(0x7f0000000040)='./file7/file0/file0\x00', &(0x7f0000000100)=ANY=[], 0x0, 0x1000) r7 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4}, &(0x7f0000000180)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD) io_uring_enter(r7, 0x2def, 0x9566, 0x0, 0x0, 0x0) r10 = gettid() timer_create(0x4, &(0x7f0000000140)={0x0, 0x3e, 0x800000000004, @tid=r10}, &(0x7f00000001c0)) 7.012587372s ago: executing program 1 (id=542): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0003230c1100"}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) personality(0xb) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0), 0x13f, 0x1}}, 0x20) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x80d02, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000d00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x54, 0xc, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x28, 0x3, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xf}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x80000001}) dup3(r5, r6, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x94, 0x24, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x12, r3, {0x8}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64}}]}, 0xffffffffffffffda}}, 0x0) r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r8, 0xc008551a, &(0x7f0000005480)=ANY=[@ANYBLOB]) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x20000890}, 0x40) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="400000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000001400038010000080080003"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) open(0x0, 0x60840, 0x0) 5.181728494s ago: executing program 2 (id=545): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x3, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x8004) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) openat$vcsa(0xffffffffffffff9c, 0x0, 0x842, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22, 0xa}, 0x1c) listen(r6, 0xfff) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]}) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_open_dev$loop(&(0x7f0000000000), 0x800000000000000, 0x580) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x9}) 4.435777313s ago: executing program 1 (id=546): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x48) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000002, 0x28011, r0, 0x0) 4.226457854s ago: executing program 1 (id=547): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0), &(0x7f00000001c0)) io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x100004000001f00, 0x12) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0xba98575a95aeb701) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 4.071644369s ago: executing program 3 (id=548): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x478, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x448, 0x2, [@TCA_BASIC_POLICE={0x444, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0xffffe22a, 0x9, 0x5, 0x3, 0xffffffff, 0x4, 0x0, 0x8, 0x8, 0xa, 0x7f, 0x8, 0x0, 0x1, 0x1ff, 0x4, 0x6, 0x7fffffff, 0x2, 0x2, 0x0, 0x8, 0x1, 0xff, 0x5, 0x8c1, 0x0, 0x3, 0x6, 0xfffffff7, 0x8, 0x2, 0x897, 0x4fd9, 0x40, 0xffffffff, 0x0, 0x6, 0x8, 0x1, 0x100, 0x1, 0x1000, 0x7cbf, 0x9, 0x6, 0xd5, 0x8, 0x0, 0x8, 0x9, 0x7, 0x7, 0x769, 0x4, 0x3, 0x9, 0x3, 0xc, 0x1, 0x8001, 0x1, 0x7fff, 0x5, 0x3, 0xe, 0x1ff, 0x6, 0x7, 0x400, 0x200, 0x4000000, 0x1, 0xfffffff7, 0x1, 0x0, 0x2, 0xc, 0x39400, 0xd, 0x7c, 0x8a0, 0x400, 0x9, 0x8, 0x3, 0x0, 0x3, 0x4, 0x6, 0x75bc, 0xff, 0x4, 0x81, 0x6, 0x400, 0x0, 0x80000001, 0xf729, 0x6, 0x9, 0x1, 0x800, 0x9, 0x9, 0x2, 0x100, 0x6, 0x2, 0x8dc, 0x9, 0x2, 0x7ff, 0x2, 0x8, 0xb, 0x1000, 0xc, 0x721, 0x8, 0x4, 0x9, 0x401, 0xd, 0xe, 0x3ff, 0x6, 0xf, 0x9, 0x3ff, 0xfffffffc, 0xffffffff, 0x3, 0xf, 0xd523, 0x6, 0x6, 0x9, 0x4d66, 0x80000000, 0x4, 0x325b751c, 0x4, 0x6, 0x6, 0x7dc, 0x7fff, 0x3, 0xbfc1, 0x6f7, 0x6, 0x10, 0x9, 0x40, 0x10, 0xfffffc00, 0xff, 0x40, 0x5f9, 0xfffffff8, 0x6, 0x8, 0x400, 0x1, 0x2, 0xe4, 0x2, 0x1, 0x0, 0x200, 0x4, 0x7, 0x3, 0x2e3, 0x21, 0x0, 0x1, 0x2, 0x7, 0x0, 0xb, 0x80e6, 0x10001, 0x9, 0x0, 0x1, 0x1, 0x83, 0x8000, 0x7, 0x1, 0xeeca8800, 0x100, 0xf, 0xf02, 0x4, 0x3, 0x8, 0xe0000000, 0x7f, 0x30, 0x0, 0x7ff, 0x4e38, 0x8, 0x410d, 0x57, 0xb7d9, 0x40, 0x7, 0x30, 0xb, 0x4, 0x8, 0x1, 0x86d, 0x0, 0x6, 0x2, 0xf, 0x8001000, 0x6a08, 0x5, 0xda, 0x1, 0x5, 0x2, 0x7, 0x5, 0x1, 0x7, 0x1000, 0x9, 0x10, 0x5, 0x4, 0x1, 0x6, 0xc1, 0x6, 0x71, 0x8, 0x1, 0x81, 0x2, 0x9, 0x7, 0x3, 0x63a, 0x1, 0x4, 0x9, 0xee9, 0x88000, 0x3, 0x5]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x20000000, 0x7fffffff, 0x2, 0x12, {0x5, 0x0, 0x2, 0x7, 0x7, 0xbebc20}, {0x4, 0x1, 0xaee, 0x6, 0xc}, 0x5001, 0x2, 0x1}}]}]}}]}, 0x478}, 0x1, 0x0, 0x0, 0x80}, 0x40010) 3.837734175s ago: executing program 0 (id=549): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) r4 = socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) io_setup(0x0, &(0x7f0000000000)) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r5 = io_uring_setup(0x1530, &(0x7f0000000480)={0x0, 0xe739, 0x1, 0x8000002, 0x1d4}) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$nci(r6, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$sock_netdev_private(r4, 0x89fa, &(0x7f0000000600)="b381ffebf9cf0dcfb1cae07ef0ed048e25e2e53e4ebaecdf0e10618309c2157e2233e8fb1125a5205b11e821ed278e2d3f63aca20d2c124311270cf5f6e0ff694e12f9530b921b45db7ed02efee41e3ffc97e4146fbbec9b3062bf6930ed8e209f5d44baab404347eb80540ca02cb133d24d7acb47ce8e03cff4da58f44a8d826cdffa2dab98e2df4229e65a8f63240fa9b3fbcbbf4cbf84c19c453d19467d52711cb8fd0ce570ff16de4f4c3ddf7f0c3a4770d099b7e0b1378bb0dc2c2645bae789e5448da9b49079d597d80a6b9c0fbc11178bd05d4c4a1e24d461") ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r7, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r8, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000002d40)={0x48, 0x7, r9, 0x0, 0x10000, 0x0, 0x8, 0x28d662, 0x1096e}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r9, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r7, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, r8, 0x0, 0xffffffffffffffff, 0x1}) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000010000000f000000080034000800030008000300", @ANYRES32=r10, @ANYBLOB="050033"], 0x2c}, 0x1, 0x0, 0x0, 0x24004040}, 0x80) 3.215638179s ago: executing program 3 (id=550): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf2501000000000000000941000000140018020000007564158c28b5703a73797a3200"], 0x30}, 0x1, 0x0, 0x0, 0x4880}, 0x40090) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x300, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x15) ioctl$SNDCTL_DSP_POST(0xffffffffffffffff, 0x5008, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004000000060018"], 0x4c}}, 0x0) 2.820853291s ago: executing program 1 (id=551): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x1c, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x8, 0x1, 0xb}}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.764705158s ago: executing program 3 (id=552): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket(0x2b, 0x80801, 0x1) r3 = fcntl$getown(0xffffffffffffffff, 0x9) getpriority(0x0, r3) capset(&(0x7f0000000000)={0x20080522, r3}, &(0x7f0000000200)={0x5f, 0x4, 0x3, 0x5, 0xc433, 0x9}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000030000000050afd010000000000000000010020000c00024000000000000000010900010073797a3100000000040004802c000000000a01040000000000000000070000020900010073797a30492500000c000440000000000000000214000000110001"], 0xe4}}, 0x200000d4) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={0x0, r4}}, 0x20) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000011c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x140, 0x5c, 0x160, 0x0, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@uncond, 0x5002, 0xa8, 0xf0, 0x52020000, {0x0, 0x6802000000000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x7fff, 0x9, 0x7, 'syz0\x00', {0x719}}}}, {{@ipv6={@private0, @private2, [0xff, 0x0, 0xffffff00, 0xff], [0xff, 0xffffff00, 0xffffff00, 0xffffff00], 'tunl0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x4, 0x9456fff08070a538, 0x70}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x82b, 0x0, 0x0, 'syz0\x00', 'syz0\x00', {0x8000800000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) r6 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r6, 0xc0884123, &(0x7f0000000080)) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x0, 0x4}, 0x94) madvise(&(0x7f0000570000/0x4000)=nil, 0x4000, 0x9) 1.820605899s ago: executing program 2 (id=553): socket(0x10, 0x803, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) epoll_create(0x802) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x7ace, 0x8, 0x0, 0x3d5}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f00000000c0)={0x2, 0xb6f1, 0x2}) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000140)={0x2, 0x85, 0x2}) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x70bd28, 0x25dfdbfc, {0x80, 0x10, 0x20, 0x2, 0x0, 0x2, 0xfd, 0x3, 0x1400}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0) exit(0x7) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x4, {0x4, 0x1}, 0x8}, 0x1) 1.50061599s ago: executing program 0 (id=554): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc000000000000000000000000000000ac1414bb00000000000000000000000000000004000000000a0060003b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000009000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000000000100000000000000feffffffffffffff00000000000000000000000000000000000000000000000009000000000000000000020000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0004}]}) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x89727a31546dcc43, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.424282047s ago: executing program 3 (id=555): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x88fd537e5e114b69, 0x10010, r0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0xffd1490bb2c8f5e6, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x89727a31546dcc4f, 0x4}) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10) r3 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003afe0620e6040b000001010203010902240001000010000904140002a024260009050602ff03000000090582020800001000"], 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3, r4, 0x4}, 0x38) syz_usb_control_io(r3, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) (async) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) (async) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) (async) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x88fd537e5e114b69, 0x10010, r0, 0x0) (async) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0xffd1490bb2c8f5e6, 0x0) (async) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x89727a31546dcc4f, 0x4}) (async) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10) (async) syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100003afe0620e6040b000001010203010902240001000010000904140002a024260009050602ff03000000090582020800001000"], 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3, r4, 0x4}, 0x38) (async) syz_usb_control_io(r3, 0x0, 0x0) (async) 1.251976457s ago: executing program 0 (id=556): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x0) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='wg0\x00', 0x4) r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000600)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000800)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000000000000000000000000000000000000400", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 903.53893ms ago: executing program 0 (id=557): socket$can_j1939(0x1d, 0x2, 0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000", @ANYRES16=0x0, @ANYBLOB="b9262bbd7000fddbdf2500000000"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40000) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8fc3a8a18856486e}, 0xc, &(0x7f00000002c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="48010c00", @ANYRES16=r2, @ANYBLOB="000826bd7000fcdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b000600000006001600dd0000006afe120000000000060011000700000008000b000e030000080001007063690011000200303030303a30303a31302e300000000008000300fcffffff08000b000800000006001600070000000500120001000000060011000100000008000b0056088c5f080001007063690011000200303030303a30303a31302e3000000000080003000000000008000b000600000006001600fdff00000500120001000000060011000700000008000b00020000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b002101000006001600080000000500120001000000060011000001000008000b0004000000000001006e657464657673696d000000000002006e657464657673696d300000000003000000000000000b000400000000001600e90b0000000012000100000000001100ff01000000000b0040000000"], 0x148}, 0x1, 0x0, 0x0, 0x4040851}, 0x80020) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x52, 0x1, 0x1, {0x0, 0x1}, {0x63, 0x2}, @period={0x58, 0x0, 0x0, 0x3, 0x80, {0x1, 0x8001, 0xf, 0x1}, 0x0, 0x0}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000680)=""/211) r3 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000240)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x6) socket(0x400000000010, 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = socket(0x400000000010, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r11, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x9, 0xfff1}, {0xffff, 0xffff}, {0x2, 0xf}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x9}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x80000001}]}, 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r10, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r12 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 813.709124ms ago: executing program 2 (id=558): syz_open_dev$sg(0x0, 0x0, 0x401) socket$packet(0x11, 0x3, 0x300) r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) syz_emit_ethernet(0xc2, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000400)={0x800100, 0x3fe00000, 0x1, 0x4650, 0x1100, 0xff}) r4 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002) ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000180)=0x80012) close(r4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$sg(&(0x7f0000000280), 0x5dc, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, &(0x7f0000000780)=ANY=[@ANYBLOB="7c64dabc91e0c05ea412394b47bee00bbe5673fd1d4949554727b7d7a60e4ee80b7f38ad4f2358b42732a8cfa79bb172aaf2fd195508b1c58f6328670a0b3ec4874aaf97dd9043a3ab2d5a4f193fb414ee211e48af761560477f857daad8a5cc0bd0d90d7a8f426f94170eec64d3f603cd1d297f1f692ccbc8ece719fe1dc582ffffff7fb6ca91e873a64d3906a67d0b0635541a1531a4e2b67366715c2878009db51aeee487170000b980c2b77f51a36400ee69363d536591e202751455f95e9425a6f12c3ed52a4ff0087b4bc5c2e948c469bcac71c56811c2c260f8ca80ce32aa38f16264c4760413988d56a0b72940c28c5c8716ff154be80c1aad8a1ac32d6aabc1dc20fead3ec61925", @ANYRESHEX=r0, @ANYRES64, @ANYRES32=r5, @ANYRESHEX=r3, @ANYRES8=r0, @ANYRES32, @ANYRES64]) socket$inet_tcp(0x2, 0x1, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x40982) r8 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x2008c804) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000280)=0x2) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0x14, 0xa, 0x2, 0x0, [{@remote}, {@loopback}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r7, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x2f}, 0x40}) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) 732.695173ms ago: executing program 0 (id=559): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 32) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) (async, rerun: 32) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sendmsg(r5, 0x0, 0x0) (async) r6 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x200}}, @ip_ttl={{0x14, 0x0, 0x2, 0xfffffffe}}, @ip_retopts={{0x24, 0x0, 0x7, {[@rr={0x7, 0x13, 0xdc, [@dev={0xac, 0x14, 0x14, 0x21}, @dev={0xac, 0x14, 0x14, 0x3c}, @rand_addr=0x64010100, @remote]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6e3d}}], 0x70, 0x4c00}, 0x0) (async) recvfrom$rxrpc(r6, 0x0, 0x0, 0xe8ce25b3ffff0000, 0x0, 0x0) (async) syz_usb_connect$hid(0x3, 0xffffffe2, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async, rerun: 32) r7 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) (rerun: 32) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000280)='auto_da_alloc', &(0x7f00000002c0)='0\x00', 0x0) (async) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x4a, &(0x7f0000000040)={0x0, 0x0}, 0x10) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_EXTTS_REQUEST2(r8, 0xc0403d11, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async) r9 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) shmat(r9, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) 203.473171ms ago: executing program 0 (id=560): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x478, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x448, 0x2, [@TCA_BASIC_POLICE={0x444, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0xffffe22a, 0x9, 0x5, 0x3, 0xffffffff, 0x4, 0x0, 0x8, 0x8, 0xa, 0x7f, 0x8, 0x0, 0x1, 0x1ff, 0x4, 0x6, 0x7fffffff, 0x2, 0x2, 0x0, 0x8, 0x1, 0xff, 0x5, 0x8c1, 0x0, 0x3, 0x6, 0xfffffff7, 0x8, 0x2, 0x897, 0x4fd9, 0x40, 0xffffffff, 0x0, 0x6, 0x8, 0x1, 0x100, 0x1, 0x1000, 0x7cbf, 0x9, 0x6, 0xd5, 0x8, 0x0, 0x8, 0x9, 0x7, 0x7, 0x769, 0x4, 0x3, 0x9, 0x3, 0xc, 0x1, 0x8001, 0x1, 0x7fff, 0x5, 0x3, 0xe, 0x1ff, 0x6, 0x7, 0x400, 0x200, 0x4000000, 0x1, 0xfffffff7, 0x1, 0x0, 0x2, 0xc, 0x39400, 0xd, 0x7c, 0x8a0, 0x400, 0x9, 0x8, 0x3, 0x0, 0x3, 0x4, 0x6, 0x75bc, 0xff, 0x4, 0x81, 0x6, 0x400, 0x0, 0x80000001, 0xf729, 0x6, 0x9, 0x1, 0x800, 0x9, 0x9, 0x2, 0x100, 0x6, 0x2, 0x8dc, 0x9, 0x2, 0x7ff, 0x2, 0x8, 0xb, 0x1000, 0xc, 0x721, 0x8, 0x4, 0x9, 0x401, 0xd, 0xe, 0x3ff, 0x6, 0xf, 0x9, 0x3ff, 0xfffffffc, 0xffffffff, 0x3, 0xf, 0xd523, 0x6, 0x6, 0x9, 0x4d66, 0x80000000, 0x4, 0x325b751c, 0x4, 0x6, 0x6, 0x7dc, 0x7fff, 0x3, 0xbfc1, 0x6f7, 0x6, 0x10, 0x9, 0x40, 0x10, 0xfffffc00, 0xff, 0x40, 0x5f9, 0xfffffff8, 0x6, 0x8, 0x400, 0x1, 0x2, 0xe4ff, 0x2, 0x1, 0x0, 0x200, 0x4, 0x7, 0x3, 0x2e3, 0x21, 0x0, 0x1, 0x2, 0x7, 0x0, 0xb, 0x80e6, 0x10001, 0x9, 0x0, 0x1, 0x1, 0x83, 0x8000, 0x7, 0x1, 0xeeca8800, 0x100, 0xf, 0xf02, 0x4, 0x3, 0x8, 0xe0000000, 0x7f, 0x30, 0x0, 0x7ff, 0x4e38, 0x8, 0x410d, 0x57, 0xb7d9, 0x40, 0x7, 0x30, 0xb, 0x4, 0x8, 0x1, 0x86d, 0x0, 0x6, 0x2, 0xf, 0x8001000, 0x6a08, 0x5, 0xda, 0x1, 0x5, 0x2, 0x7, 0x5, 0x1, 0x7, 0x1000, 0x9, 0x10, 0x5, 0x4, 0x1, 0x6, 0xc1, 0x6, 0x71, 0x8, 0x1, 0x81, 0x2, 0x9, 0x7, 0x3, 0x63a, 0x1, 0x4, 0x9, 0xee9, 0x88000, 0x3, 0x5]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x20000000, 0x7fffffff, 0x2, 0x12, {0x5, 0x0, 0x2, 0x7, 0x7, 0xbebc20}, {0x4, 0x1, 0xaee, 0x6, 0xc}, 0x5001, 0x2, 0x1}}]}]}}]}, 0x478}, 0x1, 0x0, 0x0, 0x80}, 0x40010) 0s ago: executing program 1 (id=561): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f000072a000/0x4000)=nil, 0x4000, 0x4) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10) write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x7400}, 0x2040) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="580400001000ffff27bd7000fadbdf2500000000", @ANYRES32=0x0, @ANYBLOB="100a070023120100180012800e00010069703667726574617000000004000280050010000300000008000d0008000000f0031680b80001800c000400070000000000000014000a000200000000000000070000000000000014000a000100000000000000050000000000000010000200040000009a0400000800000010000200a3000000da010000ffffffff2800010004000000bbbbbbbbbbbb00000000000000000000000000000000000000000000000000000c00090000100000060000000c000300760500003c3a00000c00030009000000d909000014000a00100000000000000086020000000000002400018014000b00e80b000000000000400f0000200000000c00090004000000aafa0000880001802800010003000000bbbbbbbbbbbb00000000000000000000000000000000000000000000000000002800010003000000bbbbbbbbbbbb00000000000000000000000000000000000000000000000000000c000700020000000200000010000200f00e000014090000050000000c000300fdffffff0a0000000c0003000586ffff0700000014000180100006000700000062b0000000fcffff880001800c000300020000000100000014000b0001000000000000000000000000000000280001000100000000000000000000000000000000000000000000000000000000000000000000000c000900ff7f0000090000001000060000800000faffffff0700000010000200070000008f0200000300000010000600050000000600000096740000c0000180100006000ba8d91afeffffff080000000c00070003000000000000802c000c801400010009000000fe0000000000008088a8000014000100020000005404000002000000810000002800010002000000000000000000000000000000000000000000000000000000000000000000000014000b000700000000000000080000000000000014000a0000f0ffff000000005d000000000000000c00070009000000040000000c00040000000000040000000c00030005000000070000002c010180a4000c801400010001000000fe0500000500000088a8000014000100fcffffff3c0d0000b700000088a800001400010007000000a30200008000000088a800001400010002000000ca0c0000cc0400008100000014000100510c0000f80f00004000000081000000140001000300000035070000cb000000810000001400010003000000ba0900000b000000810000001400010009000000c400000009000000554300001000060071d20000178e00000d0000000c00090002000000ff03000014000a00ffff00000000000013000000000000000c0003000f0000000200000010000200280c0000c60c00007f00000014000a0008000000000000000080000000000000100006007e000000080000000500000014000b006e000000000000000f000000000000000400188008002c00020000000a0002"], 0x458}, 0x1, 0x0, 0x0, 0x20044091}, 0x44840) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r5, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x2000) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x12, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000cc0), 0x8a140, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r6, 0xc0403d08, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') lseek(r7, 0x4, 0x2) kernel console output (not intermixed with test programs): [ T10] usb 1-1: Using ep0 maxpacket: 16 [ 152.253392][ T10] usb 1-1: too many configurations: 121, using maximum allowed: 8 [ 152.265929][ T10] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 2 [ 152.286928][ T10] usb 1-1: can't read configurations, error -22 [ 152.439186][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 152.607320][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 152.765671][ T10] usb 1-1: too many configurations: 121, using maximum allowed: 8 [ 152.790496][ T10] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 2 [ 152.812204][ T10] usb 1-1: can't read configurations, error -22 [ 152.819944][ T10] usb usb1-port1: attempt power cycle [ 153.267354][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 153.288126][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 153.298770][ T10] usb 1-1: too many configurations: 121, using maximum allowed: 8 [ 153.310597][ T10] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 2 [ 153.325772][ T10] usb 1-1: can't read configurations, error -22 [ 153.477410][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 153.512089][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 153.518430][ T10] usb 1-1: too many configurations: 121, using maximum allowed: 8 [ 153.537064][ T10] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 2 [ 153.546040][ T10] usb 1-1: can't read configurations, error -22 [ 153.556588][ T10] usb usb1-port1: unable to enumerate USB device [ 154.047659][ T6672] tipc: Enabling of bearer rejected, failed to enable media [ 154.980581][ T6695] netlink: 24 bytes leftover after parsing attributes in process `syz.3.193'. [ 154.996024][ T6695] libceph: resolve '0..' (ret=-3): failed [ 155.297392][ T6690] netlink: 'syz.4.194': attribute type 20 has an invalid length. [ 155.529249][ T6693] netlink: 12 bytes leftover after parsing attributes in process `syz.2.192'. [ 156.880755][ T6710] netlink: 16 bytes leftover after parsing attributes in process `syz.4.198'. [ 157.328585][ T184] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 157.387427][ T10] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 157.416702][ T6718] syzkaller0: entered promiscuous mode [ 157.437342][ T6718] syzkaller0: entered allmulticast mode [ 157.513620][ T184] usb 4-1: Using ep0 maxpacket: 8 [ 157.525118][ T184] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.546659][ T184] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 157.558961][ T184] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 157.570871][ T10] usb 3-1: config 0 has an invalid interface number: 84 but max is 0 [ 157.580045][ T10] usb 3-1: config 0 has no interface number 0 [ 157.586371][ T10] usb 3-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 157.607233][ T184] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 157.624912][ T10] usb 3-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 157.655271][ T184] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 157.668332][ T10] usb 3-1: config 0 interface 84 has no altsetting 0 [ 157.675098][ T10] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 157.717859][ T184] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 157.761935][ T184] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 157.770276][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.778378][ T184] usb 4-1: Product: syz [ 157.784385][ T184] usb 4-1: Manufacturer: syz [ 157.790319][ T10] usb 3-1: config 0 descriptor?? [ 157.796300][ T184] usb 4-1: SerialNumber: syz [ 157.808017][ T6714] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 157.839786][ T10] option 3-1:0.84: GSM modem (1-port) converter detected [ 157.898838][ T184] usb 4-1: config 0 descriptor?? [ 158.033802][ T10] usb 3-1: USB disconnect, device number 6 [ 158.072708][ T10] option 3-1:0.84: device disconnected [ 158.144844][ T184] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 158.152045][ T184] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 158.519824][ T184] radio-si470x 4-1:0.0: software version 0, hardware version 0 [ 158.529954][ T184] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 158.567312][ T184] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 158.772812][ T6735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.801301][ T6735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.147617][ T184] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -110 [ 159.156382][ T184] radio-si470x 4-1:0.0: submitting int urb failed (-90) [ 159.164826][ T184] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -32 [ 159.174484][ T184] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22 [ 159.680067][ T6750] netlink: 24 bytes leftover after parsing attributes in process `syz.2.209'. [ 159.695443][ T6750] libceph: resolve '0..' (ret=-3): failed [ 160.203558][ T6727] tipc: Enabling of bearer rejected, failed to enable media [ 160.500943][ T5899] usb 4-1: USB disconnect, device number 10 [ 161.032720][ T6764] program syz.4.211 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 161.074222][ T6766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.210'. [ 161.384864][ T6768] netlink: 16 bytes leftover after parsing attributes in process `syz.3.214'. [ 161.757730][ T9] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 161.817432][ T184] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 161.918992][ T9] usb 3-1: config 0 has an invalid interface number: 84 but max is 0 [ 161.927449][ T9] usb 3-1: config 0 has no interface number 0 [ 161.933655][ T9] usb 3-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 161.959551][ T9] usb 3-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 161.987360][ T184] usb 4-1: Using ep0 maxpacket: 16 [ 161.992686][ T9] usb 3-1: config 0 interface 84 has no altsetting 0 [ 162.001371][ T184] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 112, changing to 10 [ 162.017297][ T184] usb 4-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00 [ 162.037635][ T9] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 162.046714][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.055164][ T184] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.086863][ T184] usb 4-1: config 0 descriptor?? [ 162.098444][ T9] usb 3-1: config 0 descriptor?? [ 162.106028][ T6772] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 162.138219][ T9] option 3-1:0.84: GSM modem (1-port) converter detected [ 162.263500][ T6777] FAULT_INJECTION: forcing a failure. [ 162.263500][ T6777] name failslab, interval 1, probability 0, space 0, times 1 [ 162.276846][ T6777] CPU: 0 UID: 0 PID: 6777 Comm: syz.4.217 Not tainted syzkaller #0 PREEMPT(full) [ 162.276870][ T6777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 162.276879][ T6777] Call Trace: [ 162.276885][ T6777] [ 162.276891][ T6777] dump_stack_lvl+0x189/0x250 [ 162.276917][ T6777] ? __pfx____ratelimit+0x10/0x10 [ 162.276936][ T6777] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.276956][ T6777] ? __pfx__printk+0x10/0x10 [ 162.276970][ T6777] ? __sock_sendmsg+0x21c/0x270 [ 162.276989][ T6777] ? do_syscall_64+0xfa/0xfa0 [ 162.277016][ T6777] should_fail_ex+0x414/0x560 [ 162.277043][ T6777] should_failslab+0xa8/0x100 [ 162.277059][ T6777] kmem_cache_alloc_noprof+0x74/0x6e0 [ 162.277081][ T6777] ? skb_clone+0x212/0x3a0 [ 162.277101][ T6777] skb_clone+0x212/0x3a0 [ 162.277119][ T6777] __netlink_deliver_tap+0x404/0x850 [ 162.277152][ T6777] ? netlink_deliver_tap+0x2e/0x1b0 [ 162.277176][ T6777] netlink_deliver_tap+0x19c/0x1b0 [ 162.277207][ T6777] netlink_sendskb+0x68/0x140 [ 162.277238][ T6777] netlink_unicast+0x397/0x9e0 [ 162.277272][ T6777] ? __asan_memcpy+0x40/0x70 [ 162.277309][ T6777] ? __pfx_netlink_unicast+0x10/0x10 [ 162.277338][ T6777] netlink_rcv_skb+0x28c/0x470 [ 162.277362][ T6777] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 162.277386][ T6777] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 162.277417][ T6777] ? netlink_deliver_tap+0x2e/0x1b0 [ 162.277446][ T6777] netlink_unicast+0x82f/0x9e0 [ 162.277473][ T6777] ? __pfx_netlink_unicast+0x10/0x10 [ 162.277495][ T6777] ? netlink_sendmsg+0x642/0xb30 [ 162.277517][ T6777] ? skb_put+0x11b/0x210 [ 162.277533][ T6777] netlink_sendmsg+0x805/0xb30 [ 162.277563][ T6777] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.277589][ T6777] ? aa_sock_msg_perm+0xf1/0x1d0 [ 162.277614][ T6777] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 162.277629][ T6777] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.277653][ T6777] __sock_sendmsg+0x21c/0x270 [ 162.277681][ T6777] ____sys_sendmsg+0x505/0x830 [ 162.277700][ T6777] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.277722][ T6777] ? import_iovec+0x74/0xa0 [ 162.277744][ T6777] ___sys_sendmsg+0x21f/0x2a0 [ 162.277761][ T6777] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.277804][ T6777] ? __fget_files+0x2a/0x420 [ 162.277817][ T6777] ? __fget_files+0x3a0/0x420 [ 162.277839][ T6777] __x64_sys_sendmsg+0x19b/0x260 [ 162.277857][ T6777] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 162.277879][ T6777] ? __pfx_ksys_write+0x10/0x10 [ 162.277904][ T6777] ? do_syscall_64+0xbe/0xfa0 [ 162.277926][ T6777] do_syscall_64+0xfa/0xfa0 [ 162.277944][ T6777] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.277964][ T6777] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.277978][ T6777] ? clear_bhb_loop+0x60/0xb0 [ 162.277997][ T6777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.278011][ T6777] RIP: 0033:0x7f3dd2b8efc9 [ 162.278025][ T6777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.278038][ T6777] RSP: 002b:00007f3dd3a3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.278054][ T6777] RAX: ffffffffffffffda RBX: 00007f3dd2de5fa0 RCX: 00007f3dd2b8efc9 [ 162.278065][ T6777] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 162.278074][ T6777] RBP: 00007f3dd3a3f090 R08: 0000000000000000 R09: 0000000000000000 [ 162.278082][ T6777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.278091][ T6777] R13: 00007f3dd2de6038 R14: 00007f3dd2de5fa0 R15: 00007f3dd2f0fa28 [ 162.278115][ T6777] [ 162.569695][ T5908] usb 3-1: USB disconnect, device number 7 [ 162.778078][ T184] usb 4-1: string descriptor 0 read error: -71 [ 162.805771][ T184] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 162.824325][ T5186] bcm5974 4-1:0.0: could not read from device [ 162.868164][ T184] usb 4-1: USB disconnect, device number 11 [ 163.078796][ T5908] option 3-1:0.84: device disconnected [ 163.498405][ T6796] loop6: detected capacity change from 0 to 7 [ 163.515848][ T6789] syzkaller0: entered promiscuous mode [ 163.526755][ T6796] Dev loop6: unable to read RDB block 7 [ 163.532822][ T6789] syzkaller0: entered allmulticast mode [ 163.538866][ T6796] loop6: unable to read partition table [ 163.558780][ T6797] tipc: Enabling of bearer rejected, failed to enable media [ 163.681217][ T6796] loop6: partition table beyond EOD, truncated [ 163.820931][ T6796] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 164.486728][ T6803] netlink: 24 bytes leftover after parsing attributes in process `syz.3.225'. [ 164.500066][ T6803] libceph: resolve '0..' (ret=-3): failed [ 165.411854][ T6812] program syz.1.227 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 166.328824][ T6817] netlink: 12 bytes leftover after parsing attributes in process `syz.3.228'. [ 166.933795][ T30] audit: type=1326 audit(1761248328.289:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 166.992174][ T30] audit: type=1326 audit(1761248328.289:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.014305][ C1] vkms_vblank_simulate: vblank timer overrun [ 167.073007][ T30] audit: type=1326 audit(1761248328.309:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.096549][ T30] audit: type=1326 audit(1761248328.309:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.120856][ T30] audit: type=1326 audit(1761248328.309:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.167694][ T30] audit: type=1326 audit(1761248328.309:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.220655][ T30] audit: type=1326 audit(1761248328.309:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.253021][ T30] audit: type=1326 audit(1761248328.309:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.275623][ T30] audit: type=1326 audit(1761248328.309:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.297764][ C1] vkms_vblank_simulate: vblank timer overrun [ 167.305810][ T30] audit: type=1326 audit(1761248328.329:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6819 comm="syz.3.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 167.430076][ T6827] netlink: 24 bytes leftover after parsing attributes in process `syz.3.231'. [ 168.175249][ T6792] syzkaller0: entered promiscuous mode [ 168.180991][ T6792] syzkaller0: entered allmulticast mode [ 168.510219][ T6838] loop9: detected capacity change from 0 to 7 [ 168.541238][ T6838] Dev loop9: unable to read RDB block 7 [ 168.567357][ T6838] loop9: unable to read partition table [ 168.624650][ T6840] gretap0: entered promiscuous mode [ 168.671484][ T6838] loop9: partition table beyond EOD, truncated [ 168.688461][ T5908] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 168.711542][ T6838] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 168.860530][ T5908] usb 2-1: config 0 has an invalid interface number: 84 but max is 0 [ 169.197135][ T5908] usb 2-1: config 0 has no interface number 0 [ 169.265983][ T5908] usb 2-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 169.326567][ T5908] usb 2-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 169.396300][ T6849] netlink: 16 bytes leftover after parsing attributes in process `syz.0.237'. [ 169.408991][ T5908] usb 2-1: config 0 interface 84 has no altsetting 0 [ 169.418415][ T6849] netlink: 16 bytes leftover after parsing attributes in process `syz.0.237'. [ 169.427730][ T5908] usb 2-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 169.436900][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.486746][ T5908] usb 2-1: config 0 descriptor?? [ 169.568148][ T6832] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 169.588408][ T5908] option 2-1:0.84: GSM modem (1-port) converter detected [ 169.828230][ T184] usb 2-1: USB disconnect, device number 11 [ 170.249718][ T184] option 2-1:0.84: device disconnected [ 171.078286][ T6865] program syz.1.240 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 171.308673][ T6870] capability: warning: `syz.3.241' uses deprecated v2 capabilities in a way that may be insecure [ 171.936987][ T6877] syzkaller0: entered promiscuous mode [ 171.957424][ T6877] syzkaller0: entered allmulticast mode [ 171.977845][ T6888] tipc: Enabling of bearer rejected, failed to enable media [ 171.991121][ T6890] syzkaller0: entered promiscuous mode [ 172.067415][ T6890] syzkaller0: entered allmulticast mode [ 172.133856][ T6892] netlink: 84 bytes leftover after parsing attributes in process `syz.0.245'. [ 172.159021][ T6892] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.566030][ T5900] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 172.724359][ T5900] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 172.733959][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.784902][ T5900] usb 2-1: config 0 descriptor?? [ 173.191298][ T6899] netlink: 24 bytes leftover after parsing attributes in process `syz.0.248'. [ 175.871551][ T5900] usb 2-1: Cannot set autoneg [ 175.876596][ T5900] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 175.968272][ T5900] usb 2-1: USB disconnect, device number 12 [ 176.389473][ T9] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 176.557316][ T5900] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 176.558222][ T9] usb 5-1: config 0 has an invalid interface number: 84 but max is 0 [ 176.593957][ T6940] program syz.2.256 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 176.617641][ T9] usb 5-1: config 0 has no interface number 0 [ 176.685961][ T9] usb 5-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 176.710750][ T9] usb 5-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 176.718924][ T5900] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 176.732967][ T9] usb 5-1: config 0 interface 84 has no altsetting 0 [ 176.733017][ T9] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 176.733042][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.739396][ T9] usb 5-1: config 0 descriptor?? [ 176.768643][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.785296][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.798768][ T5900] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 176.818834][ T5900] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 176.828533][ T5900] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 176.836738][ T5900] usb 2-1: Manufacturer: syz [ 176.998687][ T5900] usb 2-1: config 0 descriptor?? [ 177.047077][ T6918] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 177.180452][ T9] option 5-1:0.84: GSM modem (1-port) converter detected [ 177.354533][ T184] usb 5-1: USB disconnect, device number 15 [ 177.355638][ T6948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 177.364165][ T184] option 5-1:0.84: device disconnected [ 177.372958][ T6948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.484879][ T5900] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 177.568591][ T5900] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 177.637455][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 177.808343][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 177.837577][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.919096][ T9] usb 4-1: Product: syz [ 177.952639][ T9] usb 4-1: Manufacturer: syz [ 177.996991][ T9] usb 4-1: SerialNumber: syz [ 178.169244][ T6955] tipc: Enabling of bearer rejected, failed to enable media [ 178.183184][ T6955] syzkaller0: entered promiscuous mode [ 178.192983][ T6955] syzkaller0: entered allmulticast mode [ 178.460625][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 178.488776][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 178.513945][ T6960] syzkaller0: entered promiscuous mode [ 178.519988][ T6960] syzkaller0: entered allmulticast mode [ 178.545724][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 178.585232][ T9] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 178.616320][ T9] usb 4-1: USB disconnect, device number 12 [ 178.890302][ T184] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 179.059085][ T184] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.070853][ T184] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.086813][ T184] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 179.100264][ T184] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 179.111363][ T184] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.130649][ T184] usb 1-1: config 0 descriptor?? [ 179.264001][ T6973] netlink: 24 bytes leftover after parsing attributes in process `syz.3.264'. [ 179.431815][ T981] IPVS: starting estimator thread 0... [ 179.448627][ T6972] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 179.537547][ T6976] IPVS: using max 36 ests per chain, 86400 per kthread [ 179.569902][ T5908] usb 2-1: USB disconnect, device number 13 [ 179.575549][ T6963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.611784][ T6963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.863298][ T6963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.874214][ T6963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.138873][ T184] usbhid 1-1:0.0: can't add hid device: -71 [ 180.144968][ T184] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 180.345574][ T184] usb 1-1: USB disconnect, device number 15 [ 180.389664][ T6987] netlink: 44 bytes leftover after parsing attributes in process `syz.1.266'. [ 180.764344][ T6993] blktrace: Concurrent blktraces are not allowed on loop8 [ 182.537304][ T10] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 182.730047][ T10] usb 1-1: config 0 has an invalid interface number: 84 but max is 0 [ 182.758529][ T10] usb 1-1: config 0 has no interface number 0 [ 182.765169][ T10] usb 1-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 182.819596][ T10] usb 1-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 182.847332][ T10] usb 1-1: config 0 interface 84 has no altsetting 0 [ 182.847408][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 182.847423][ T30] audit: type=1326 audit(1761248344.179:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7000 comm="syz.4.271" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3dd2b8efc9 code=0x0 [ 182.886129][ T10] usb 1-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 182.945009][ T7008] program syz.1.270 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.026042][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.052005][ T10] usb 1-1: config 0 descriptor?? [ 183.238349][ T6997] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 183.610864][ T10] option 1-1:0.84: GSM modem (1-port) converter detected [ 183.658839][ T10] usb 1-1: USB disconnect, device number 16 [ 183.670306][ T10] option 1-1:0.84: device disconnected [ 183.714272][ T30] audit: type=1326 audit(1761248344.989:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 183.736554][ C1] vkms_vblank_simulate: vblank timer overrun [ 183.967446][ T30] audit: type=1326 audit(1761248344.989:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 184.367470][ T30] audit: type=1326 audit(1761248344.989:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 184.487385][ T30] audit: type=1326 audit(1761248344.989:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 184.611176][ T30] audit: type=1326 audit(1761248344.989:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 184.633883][ T30] audit: type=1326 audit(1761248344.989:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 184.658055][ T7031] FAULT_INJECTION: forcing a failure. [ 184.658055][ T7031] name failslab, interval 1, probability 0, space 0, times 0 [ 184.673746][ T7031] CPU: 0 UID: 0 PID: 7031 Comm: syz.0.276 Not tainted syzkaller #0 PREEMPT(full) [ 184.673777][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 184.673797][ T7031] Call Trace: [ 184.673804][ T7031] [ 184.673810][ T7031] dump_stack_lvl+0x189/0x250 [ 184.673845][ T7031] ? __pfx____ratelimit+0x10/0x10 [ 184.673864][ T7031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.673885][ T7031] ? __pfx__printk+0x10/0x10 [ 184.673904][ T7031] ? __pfx___might_resched+0x10/0x10 [ 184.673920][ T7031] ? fs_reclaim_acquire+0x7d/0x100 [ 184.673948][ T7031] should_fail_ex+0x414/0x560 [ 184.673974][ T7031] should_failslab+0xa8/0x100 [ 184.673991][ T7031] __kmalloc_cache_noprof+0x6f/0x6f0 [ 184.674013][ T7031] ? mpi_alloc+0x52/0x140 [ 184.674025][ T7031] ? __crypto_dh_decode_key+0x190/0x310 [ 184.674045][ T7031] mpi_alloc+0x52/0x140 [ 184.674060][ T7031] mpi_read_raw_data+0x139/0x970 [ 184.674089][ T7031] dh_set_secret+0x186/0x310 [ 184.674108][ T7031] ? __pfx_dh_set_secret+0x10/0x10 [ 184.674126][ T7031] ? crypto_alloc_tfm_node+0x3c1/0x3f0 [ 184.674159][ T7031] __keyctl_dh_compute+0x50a/0xca0 [ 184.674190][ T7031] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 184.674214][ T7031] ? __lock_acquire+0xab9/0xd20 [ 184.674236][ T7031] ? __might_fault+0xb0/0x130 [ 184.674273][ T7031] keyctl_dh_compute+0x109/0x160 [ 184.674299][ T7031] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 184.674335][ T7031] __se_sys_keyctl+0x423/0x910 [ 184.674356][ T7031] ? __pfx___se_sys_keyctl+0x10/0x10 [ 184.674377][ T7031] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 184.674403][ T7031] ? __fget_files+0x3a0/0x420 [ 184.674422][ T7031] ? fput+0xa0/0xd0 [ 184.674439][ T7031] ? ksys_write+0x22a/0x250 [ 184.674462][ T7031] ? __pfx_ksys_write+0x10/0x10 [ 184.674492][ T7031] ? do_syscall_64+0xbe/0xfa0 [ 184.674517][ T7031] ? __x64_sys_keyctl+0x20/0xc0 [ 184.674545][ T7031] do_syscall_64+0xfa/0xfa0 [ 184.674571][ T7031] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.674596][ T7031] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.674617][ T7031] ? clear_bhb_loop+0x60/0xb0 [ 184.674643][ T7031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.674658][ T7031] RIP: 0033:0x7efedd38efc9 [ 184.674678][ T7031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.674691][ T7031] RSP: 002b:00007efede227038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 184.674714][ T7031] RAX: ffffffffffffffda RBX: 00007efedd5e5fa0 RCX: 00007efedd38efc9 [ 184.674725][ T7031] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000000000000017 [ 184.674734][ T7031] RBP: 00007efede227090 R08: 0000200000000280 R09: 0000000000000000 [ 184.674744][ T7031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 184.674752][ T7031] R13: 00007efedd5e6038 R14: 00007efedd5e5fa0 R15: 00007efedd70fa28 [ 184.674776][ T7031] [ 184.978456][ T30] audit: type=1326 audit(1761248344.989:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 185.000785][ T30] audit: type=1326 audit(1761248344.989:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 185.023057][ T30] audit: type=1326 audit(1761248344.989:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 185.440213][ T7034] netlink: 20 bytes leftover after parsing attributes in process `syz.0.277'. [ 186.919451][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 186.941122][ T7060] netlink: 24 bytes leftover after parsing attributes in process `syz.1.282'. [ 187.151830][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.174358][ T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 187.193972][ T10] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 187.219559][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.255465][ T10] usb 3-1: config 0 descriptor?? [ 187.719595][ T10] Bluetooth: Can't get state to change to load configuration err [ 187.747535][ T10] Bluetooth: Loading sysconfig file failed [ 187.753456][ T10] ath3k 3-1:0.0: probe with driver ath3k failed with error -16 [ 187.840653][ T10] usb 3-1: USB disconnect, device number 8 [ 188.479169][ T10] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 188.690685][ T10] usb 1-1: config 0 has an invalid interface number: 84 but max is 0 [ 188.778564][ T10] usb 1-1: config 0 has no interface number 0 [ 188.796565][ T10] usb 1-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 188.827307][ T10] usb 1-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 188.971096][ T10] usb 1-1: config 0 interface 84 has no altsetting 0 [ 188.980458][ T10] usb 1-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 188.992973][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.144503][ T10] usb 1-1: config 0 descriptor?? [ 189.163194][ T7070] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 189.176379][ T10] option 1-1:0.84: GSM modem (1-port) converter detected [ 189.590428][ T5899] usb 1-1: USB disconnect, device number 17 [ 189.598714][ T5899] option 1-1:0.84: device disconnected [ 190.760948][ T7098] fuse: Bad value for 'fd' [ 190.773458][ T7098] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[7098] [ 191.359884][ T7105] program syz.0.292 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 191.501066][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 191.501086][ T30] audit: type=1326 audit(1761248352.859:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.1.294" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x0 [ 191.541408][ T7111] blktrace: Concurrent blktraces are not allowed on loop8 [ 191.619151][ T7110] netlink: 8 bytes leftover after parsing attributes in process `syz.2.295'. [ 191.773043][ T7114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.294'. [ 193.037380][ T5908] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 193.167801][ T5908] usb 3-1: device descriptor read/64, error -71 [ 193.407363][ T5908] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 193.423677][ T7121] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 193.430635][ T7121] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 193.464592][ T7123] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 193.471172][ T7123] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 193.557397][ T7121] vhci_hcd vhci_hcd.0: Device attached [ 193.594054][ T7123] vhci_hcd vhci_hcd.0: Device attached [ 193.627315][ T5908] usb 3-1: device descriptor read/64, error -71 [ 193.666438][ T7122] vhci_hcd: connection closed [ 193.668965][ T6081] vhci_hcd: stop threads [ 193.681039][ T7124] vhci_hcd: connection closed [ 193.720982][ T10] vhci_hcd: vhci_device speed not set [ 193.759687][ T6081] vhci_hcd: release socket [ 193.778129][ T6081] vhci_hcd: disconnect device [ 193.794645][ T6081] vhci_hcd: stop threads [ 193.805613][ T6081] vhci_hcd: release socket [ 193.810529][ T10] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 193.820904][ T5908] usb usb3-port1: attempt power cycle [ 193.833273][ T6081] vhci_hcd: disconnect device [ 194.120477][ T7132] netlink: 24 bytes leftover after parsing attributes in process `syz.3.298'. [ 194.387317][ T5908] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 194.528706][ T5908] usb 3-1: device descriptor read/8, error -71 [ 194.737847][ T981] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 194.787317][ T5908] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 194.891706][ T981] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 194.911143][ T981] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.991619][ T5908] usb 3-1: device descriptor read/8, error -71 [ 195.289737][ T981] usb 1-1: config 0 descriptor?? [ 195.294878][ T5900] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 195.303082][ T5908] usb usb3-port1: unable to enumerate USB device [ 195.367341][ T7140] xt_TPROXY: Can be used only with -p tcp or -p udp [ 195.408242][ T981] cp210x 1-1:0.0: cp210x converter detected [ 195.910166][ T5900] usb 2-1: config 0 has an invalid interface number: 84 but max is 0 [ 195.921264][ T5900] usb 2-1: config 0 has no interface number 0 [ 195.931118][ T5900] usb 2-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 195.944591][ T5900] usb 2-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 195.956816][ T5900] usb 2-1: config 0 interface 84 has no altsetting 0 [ 195.964050][ T5900] usb 2-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 195.975143][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.999279][ T5900] usb 2-1: config 0 descriptor?? [ 196.007815][ T7136] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 196.077986][ T5900] option 2-1:0.84: GSM modem (1-port) converter detected [ 196.112125][ T7148] program syz.0.299 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 196.294113][ T5900] usb 2-1: USB disconnect, device number 14 [ 196.316071][ T7154] blktrace: Concurrent blktraces are not allowed on loop8 [ 196.334996][ T5900] option 2-1:0.84: device disconnected [ 197.375979][ T981] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 197.447389][ T981] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 197.472605][ T981] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 197.522119][ T981] usb 1-1: cp210x converter now attached to ttyUSB0 [ 197.554791][ T981] usb 1-1: USB disconnect, device number 18 [ 197.571291][ T7162] netlink: 12 bytes leftover after parsing attributes in process `syz.0.307'. [ 197.603366][ T981] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 197.603954][ T981] cp210x 1-1:0.0: device disconnected [ 197.693265][ T7162] bridge1: port 1(veth3) entered blocking state [ 197.694211][ T7162] bridge1: port 1(veth3) entered disabled state [ 197.694433][ T7162] veth3: entered allmulticast mode [ 197.715496][ T7162] veth3: entered promiscuous mode [ 198.535073][ T30] audit: type=1326 audit(1761248359.889:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.576526][ T30] audit: type=1326 audit(1761248359.929:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.621071][ T30] audit: type=1326 audit(1761248359.929:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.670158][ T30] audit: type=1326 audit(1761248359.929:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.709105][ T30] audit: type=1326 audit(1761248359.929:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.752887][ T7181] blktrace: Concurrent blktraces are not allowed on loop8 [ 198.842794][ T30] audit: type=1326 audit(1761248359.929:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.892520][ T30] audit: type=1326 audit(1761248359.929:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.916319][ T10] vhci_hcd: vhci_device speed not set [ 198.952931][ T30] audit: type=1326 audit(1761248359.929:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 198.995950][ T30] audit: type=1326 audit(1761248359.929:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 199.025835][ T30] audit: type=1326 audit(1761248359.959:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7177 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 199.397359][ T184] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 199.579424][ T184] usb 3-1: config 0 has an invalid interface number: 84 but max is 0 [ 199.590393][ T184] usb 3-1: config 0 has no interface number 0 [ 199.641198][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.647679][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.664325][ T184] usb 3-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 199.930412][ T184] usb 3-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 199.947561][ T184] usb 3-1: config 0 interface 84 has no altsetting 0 [ 199.982225][ T184] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 199.999308][ T7198] netlink: 'syz.4.317': attribute type 20 has an invalid length. [ 200.056221][ T184] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.068993][ T7202] netlink: 24 bytes leftover after parsing attributes in process `syz.0.318'. [ 200.198534][ T184] usb 3-1: config 0 descriptor?? [ 200.212328][ T7192] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 200.224299][ T184] option 3-1:0.84: GSM modem (1-port) converter detected [ 200.486542][ T5948] usb usb40-port1: attempt power cycle [ 200.515253][ T9] usb 3-1: USB disconnect, device number 13 [ 200.526714][ T9] option 3-1:0.84: device disconnected [ 201.317372][ T5948] usb usb40-port1: unable to enumerate USB device [ 201.556961][ T7217] blktrace: Concurrent blktraces are not allowed on loop8 [ 201.778651][ T7218] program syz.4.321 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 202.097642][ T7220] netlink: 24 bytes leftover after parsing attributes in process `syz.2.323'. [ 202.164953][ T7221] netlink: 52 bytes leftover after parsing attributes in process `syz.2.323'. [ 203.427394][ T5900] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 203.465493][ T7235] geneve2: entered promiscuous mode [ 203.470894][ T7235] geneve2: entered allmulticast mode [ 203.511235][ T7236] syzkaller0: entered promiscuous mode [ 203.516863][ T7236] syzkaller0: entered allmulticast mode [ 203.577325][ T5900] usb 4-1: Using ep0 maxpacket: 16 [ 203.594447][ T5900] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 203.603213][ T5900] usb 4-1: config 0 has no interface number 0 [ 203.612915][ T5900] usb 4-1: config 0 interface 1 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.634468][ T5900] usb 4-1: config 0 interface 1 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 203.667424][ T5900] usb 4-1: config 0 interface 1 has no altsetting 0 [ 203.676054][ T5900] usb 4-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 1.00 [ 203.697089][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.726201][ T5900] usb 4-1: config 0 descriptor?? [ 203.917294][ T184] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 203.944863][ T7229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.977781][ T7229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.079184][ T184] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 204.109618][ T184] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.131850][ T184] usb 2-1: config 0 descriptor?? [ 204.192659][ T184] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 204.432023][ T981] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 204.491137][ T7246] blktrace: Concurrent blktraces are not allowed on loop8 [ 204.550938][ T184] gp8psk: usb in 128 operation failed. [ 204.563772][ T184] gp8psk: usb in 137 operation failed. [ 204.572468][ T184] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 204.594499][ T184] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 204.640548][ T184] usb 2-1: USB disconnect, device number 15 [ 205.647447][ T5899] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 205.808924][ T5899] usb 2-1: config 0 has an invalid interface number: 84 but max is 0 [ 205.840049][ T5899] usb 2-1: config 0 has no interface number 0 [ 206.047416][ T5899] usb 2-1: config 0 interface 84 altsetting 253 endpoint 0x7 has invalid maxpacket 1279, setting to 64 [ 206.338927][ T5899] usb 2-1: config 0 interface 84 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 206.694134][ T5899] usb 2-1: config 0 interface 84 has no altsetting 0 [ 206.707663][ T5899] usb 2-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice= f.05 [ 206.720057][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.734274][ T5899] usb 2-1: config 0 descriptor?? [ 206.742191][ T7249] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 206.793319][ T5899] option 2-1:0.84: GSM modem (1-port) converter detected [ 206.805114][ T5900] usbhid 4-1:0.1: can't add hid device: -71 [ 206.829495][ T5900] usbhid 4-1:0.1: probe with driver usbhid failed with error -71 [ 206.914861][ T5900] usb 4-1: USB disconnect, device number 13 [ 206.997884][ T24] usb 2-1: USB disconnect, device number 16 [ 207.018290][ T24] option 2-1:0.84: device disconnected [ 207.085805][ T7251] netlink: 28 bytes leftover after parsing attributes in process `syz.2.335'. [ 208.101098][ T7264] netlink: 24 bytes leftover after parsing attributes in process `syz.1.337'. [ 208.215905][ T30] kauditd_printk_skb: 74 callbacks suppressed [ 208.215924][ T30] audit: type=1326 audit(1761248369.569:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 208.293307][ T30] audit: type=1326 audit(1761248369.569:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 208.415100][ T30] audit: type=1326 audit(1761248369.569:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 208.437395][ C1] vkms_vblank_simulate: vblank timer overrun [ 208.521530][ T7270] blktrace: Concurrent blktraces are not allowed on loop8 [ 208.603270][ T30] audit: type=1326 audit(1761248369.569:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 208.672220][ T30] audit: type=1326 audit(1761248369.609:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 208.718269][ T30] audit: type=1326 audit(1761248369.619:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 209.014911][ T30] audit: type=1326 audit(1761248369.619:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 209.037236][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.044389][ T30] audit: type=1326 audit(1761248369.619:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 209.095537][ T30] audit: type=1326 audit(1761248369.619:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 209.121142][ T30] audit: type=1326 audit(1761248369.619:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7265 comm="syz.4.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 209.337437][ T184] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 209.540025][ T184] usb 4-1: device descriptor read/64, error -71 [ 210.057381][ T184] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 210.317289][ T184] usb 4-1: device descriptor read/64, error -71 [ 210.448231][ T184] usb usb4-port1: attempt power cycle [ 210.817363][ T184] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 210.854764][ T184] usb 4-1: device descriptor read/8, error -71 [ 211.117309][ T184] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 211.139028][ T184] usb 4-1: device descriptor read/8, error -71 [ 211.269007][ T184] usb usb4-port1: unable to enumerate USB device [ 211.381136][ T7290] loop6: detected capacity change from 0 to 7 [ 211.441280][ T7290] Dev loop6: unable to read RDB block 7 [ 211.447010][ T7290] loop6: unable to read partition table [ 211.453431][ T7290] loop6: partition table beyond EOD, truncated [ 211.465453][ T7290] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 211.582155][ T7295] tty tty28: ldisc open failed (-12), clearing slot 27 [ 212.027738][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 212.033953][ T5830] Bluetooth: hci1: command 0x0406 tx timeout [ 212.040652][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 212.047091][ T5830] Bluetooth: hci3: command 0x0406 tx timeout [ 212.050495][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 212.445634][ T7304] wireguard0: entered promiscuous mode [ 212.588555][ T7304] wireguard0: entered allmulticast mode [ 212.599881][ T7313] loop6: detected capacity change from 0 to 7 [ 212.621597][ T7313] Dev loop6: unable to read RDB block 7 [ 212.647377][ T7313] loop6: unable to read partition table [ 212.758694][ T7313] loop6: partition table beyond EOD, truncated [ 212.806018][ T7313] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 213.307639][ T7326] blktrace: Concurrent blktraces are not allowed on loop8 [ 213.796851][ T7329] fuse: Bad value for 'group_id' [ 213.807892][ T7329] fuse: Bad value for 'group_id' [ 213.913852][ T7331] netlink: 24 bytes leftover after parsing attributes in process `syz.0.353'. [ 214.530869][ T7339] gretap0: entered promiscuous mode [ 215.347598][ T7351] program syz.3.358 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 215.675947][ T7355] loop6: detected capacity change from 0 to 7 [ 215.688469][ T5884] Dev loop6: unable to read RDB block 7 [ 215.694389][ T5884] loop6: unable to read partition table [ 215.702690][ T5884] loop6: partition table beyond EOD, truncated [ 215.723682][ T7355] Dev loop6: unable to read RDB block 7 [ 215.740906][ T7355] loop6: unable to read partition table [ 215.754232][ T7355] loop6: partition table beyond EOD, truncated [ 215.778214][ T7355] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 216.269125][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 216.269139][ T30] audit: type=1326 audit(1761248377.629:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 216.409934][ T30] audit: type=1326 audit(1761248377.669:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 216.537384][ T30] audit: type=1326 audit(1761248377.669:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 216.710536][ T30] audit: type=1326 audit(1761248377.669:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 216.872141][ T30] audit: type=1326 audit(1761248377.669:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 217.015367][ T30] audit: type=1326 audit(1761248377.679:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 217.037649][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.127340][ T30] audit: type=1326 audit(1761248377.679:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 217.215368][ T30] audit: type=1326 audit(1761248377.679:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 217.237745][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.438801][ T30] audit: type=1326 audit(1761248377.679:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 217.440906][ T30] audit: type=1326 audit(1761248377.679:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f067358efc9 code=0x7ffc0000 [ 217.472309][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.569614][ T7373] blktrace: Concurrent blktraces are not allowed on loop8 [ 217.686179][ T7379] FAULT_INJECTION: forcing a failure. [ 217.686179][ T7379] name failslab, interval 1, probability 0, space 0, times 0 [ 217.686206][ T7379] CPU: 1 UID: 0 PID: 7379 Comm: syz.4.367 Not tainted syzkaller #0 PREEMPT(full) [ 217.686228][ T7379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 217.686240][ T7379] Call Trace: [ 217.686246][ T7379] [ 217.686252][ T7379] dump_stack_lvl+0x189/0x250 [ 217.686277][ T7379] ? __pfx____ratelimit+0x10/0x10 [ 217.686296][ T7379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.686318][ T7379] ? __pfx__printk+0x10/0x10 [ 217.686338][ T7379] ? __pfx___might_resched+0x10/0x10 [ 217.686358][ T7379] should_fail_ex+0x414/0x560 [ 217.686385][ T7379] should_failslab+0xa8/0x100 [ 217.686403][ T7379] __kmalloc_noprof+0xcb/0x7f0 [ 217.686424][ T7379] ? mpi_powm+0x1a1/0x23c0 [ 217.686442][ T7379] mpi_powm+0x1a1/0x23c0 [ 217.686472][ T7379] ? __pfx_mpi_powm+0x10/0x10 [ 217.686488][ T7379] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 217.686510][ T7379] ? mpi_alloc+0x52/0x140 [ 217.686526][ T7379] ? __asan_memset+0x22/0x50 [ 217.686549][ T7379] dh_compute_value+0x1cf/0x380 [ 217.686568][ T7379] ? __pfx_dh_compute_value+0x10/0x10 [ 217.686583][ T7379] ? trace_kmalloc+0x1f/0xd0 [ 217.686601][ T7379] ? __kmalloc_noprof+0x432/0x7f0 [ 217.686621][ T7379] ? __phys_addr+0xd3/0x180 [ 217.686646][ T7379] __keyctl_dh_compute+0x7f1/0xca0 [ 217.686677][ T7379] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 217.686700][ T7379] ? __lock_acquire+0xab9/0xd20 [ 217.686723][ T7379] ? __might_fault+0xb0/0x130 [ 217.686760][ T7379] keyctl_dh_compute+0x109/0x160 [ 217.686786][ T7379] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 217.686826][ T7379] __se_sys_keyctl+0x423/0x910 [ 217.686847][ T7379] ? __pfx___se_sys_keyctl+0x10/0x10 [ 217.686874][ T7379] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 217.686899][ T7379] ? __fget_files+0x3a0/0x420 [ 217.686919][ T7379] ? fput+0xa0/0xd0 [ 217.686936][ T7379] ? ksys_write+0x22a/0x250 [ 217.686959][ T7379] ? __pfx_ksys_write+0x10/0x10 [ 217.686983][ T7379] ? do_syscall_64+0xbe/0xfa0 [ 217.687000][ T7379] ? __x64_sys_keyctl+0x20/0xc0 [ 217.687020][ T7379] do_syscall_64+0xfa/0xfa0 [ 217.687038][ T7379] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.687056][ T7379] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.687071][ T7379] ? clear_bhb_loop+0x60/0xb0 [ 217.687090][ T7379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.687110][ T7379] RIP: 0033:0x7f3dd2b8efc9 [ 217.687124][ T7379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.687137][ T7379] RSP: 002b:00007f3dd3a3f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 217.687153][ T7379] RAX: ffffffffffffffda RBX: 00007f3dd2de5fa0 RCX: 00007f3dd2b8efc9 [ 217.687168][ T7379] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000000000000017 [ 217.687182][ T7379] RBP: 00007f3dd3a3f090 R08: 0000200000000280 R09: 0000000000000000 [ 217.687196][ T7379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 217.687208][ T7379] R13: 00007f3dd2de6038 R14: 00007f3dd2de5fa0 R15: 00007f3dd2f0fa28 [ 217.687241][ T7379] [ 218.492394][ T7389] blktrace: Concurrent blktraces are not allowed on loop8 [ 219.413108][ T7370] tty tty21: ldisc open failed (-12), clearing slot 20 [ 220.644641][ T7416] netlink: 24 bytes leftover after parsing attributes in process `syz.2.376'. [ 221.547400][ T7418] xt_TPROXY: Can be used only with -p tcp or -p udp [ 222.088637][ T7425] netlink: 12 bytes leftover after parsing attributes in process `syz.0.379'. [ 222.398077][ T7425] bond1: option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 222.663366][ T7425] bond1 (unregistering): Released all slaves [ 223.164523][ T7434] syzkaller0: entered promiscuous mode [ 223.172886][ T7434] syzkaller0: entered allmulticast mode [ 223.472398][ T7441] blktrace: Concurrent blktraces are not allowed on loop8 [ 223.765755][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 223.765801][ T30] audit: type=1326 audit(1761248385.119:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 223.836615][ T30] audit: type=1326 audit(1761248385.159:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 223.962098][ T30] audit: type=1326 audit(1761248385.179:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 223.984571][ C1] vkms_vblank_simulate: vblank timer overrun [ 224.017479][ T30] audit: type=1326 audit(1761248385.179:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.047536][ T30] audit: type=1326 audit(1761248385.179:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.069793][ C1] vkms_vblank_simulate: vblank timer overrun [ 224.077914][ T30] audit: type=1326 audit(1761248385.179:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.107351][ T30] audit: type=1326 audit(1761248385.179:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.243099][ T30] audit: type=1326 audit(1761248385.179:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.470084][ T30] audit: type=1326 audit(1761248385.179:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.498159][ T30] audit: type=1326 audit(1761248385.179:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7443 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd2b8efc9 code=0x7ffc0000 [ 224.797303][ T184] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 224.950691][ T184] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 224.960136][ T184] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.970070][ T7460] futex_wake_op: syz.3.390 tries to shift op by 32; fix this program [ 224.979813][ T184] usb 5-1: Product: syz [ 224.985266][ T184] usb 5-1: Manufacturer: syz [ 225.023090][ T184] usb 5-1: SerialNumber: syz [ 225.037494][ T5899] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 225.187299][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 225.200963][ T5899] usb 2-1: config 32 has an invalid interface number: 130 but max is 3 [ 225.213553][ T5899] usb 2-1: config 32 has an invalid interface number: 237 but max is 3 [ 225.232079][ T5899] usb 2-1: config 32 has an invalid descriptor of length 1, skipping remainder of the config [ 225.251615][ T5948] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 225.265177][ T7456] loop6: detected capacity change from 0 to 63 [ 225.267142][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.297565][ T5899] usb 2-1: config 32 has 2 interfaces, different from the descriptor's value: 4 [ 225.310296][ T5899] usb 2-1: config 32 has no interface number 0 [ 225.320751][ T5899] usb 2-1: config 32 has no interface number 1 [ 225.328912][ T5899] usb 2-1: config 32 interface 130 altsetting 4 endpoint 0x3 has an invalid bInterval 145, changing to 7 [ 225.341669][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.362926][ T5899] usb 2-1: config 32 interface 130 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 225.386225][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.398703][ T5899] usb 2-1: config 32 interface 130 altsetting 4 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 225.399068][ T5948] usb 4-1: device descriptor read/64, error -71 [ 225.410319][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.431711][ T5899] usb 2-1: config 32 interface 130 altsetting 4 endpoint 0xE has an invalid bInterval 190, changing to 7 [ 225.446849][ T5899] usb 2-1: config 32 interface 237 altsetting 3 endpoint 0x1 has an invalid bInterval 36, changing to 7 [ 225.466351][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.479732][ T5899] usb 2-1: config 32 interface 237 altsetting 3 endpoint 0x1 has invalid maxpacket 1506, setting to 1024 [ 225.492661][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.512243][ T5899] usb 2-1: config 32 interface 237 altsetting 3 has an endpoint descriptor with address 0x24, changing to 0x4 [ 225.529376][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.552257][ T5899] usb 2-1: config 32 interface 237 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 225.567556][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.575876][ T7456] ldm_validate_partition_table(): Disk read failed. [ 225.597045][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.607818][ T5899] usb 2-1: config 32 interface 130 has no altsetting 0 [ 225.617469][ T7456] Buffer I/O error on dev loop6, logical block 0, async page read [ 225.620126][ T5899] usb 2-1: config 32 interface 237 has no altsetting 0 [ 225.678829][ T5948] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 225.697888][ T7456] Dev loop6: unable to read RDB block 0 [ 225.707739][ T5899] usb 2-1: New USB device found, idVendor=1b3d, idProduct=010a, bcdDevice=59.fa [ 225.726157][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.727539][ T7456] loop6: unable to read partition table [ 225.735094][ T5899] usb 2-1: Product: 枝茙偆浲ũ௘瀶쉮ऱぉ覩쀚活靛ώྜுඏ紨跐듻䤕ʱ美鿥؈ㇳ쌞ꖄ⾽䛟劧纼옴਺ㇼ䔈蜸콡견ጒު羨摕䈗⾛땹ﴯ⡹ധ齴ᆩ懟惺ɋ끦왮ঽ්뉠ᵏ翜屌၊鬿⧆荡ꨳ聋䶍⻵找셬ᆂ㿿ꊪ뀄פֿㅇ仆孥劓麓辮旕࢓ʎ [ 225.782222][ T5899] usb 2-1: Manufacturer: ꇜ᭔ⵥ귝咁䂃⫊磈兛㺈縄䉟홇♄蹇ʔ䷈漬蚑鳴특伖ꓻㅸ瑖惚䝚濢펛랷閶ꅧ昪꫻䑰癜䜑늟ᛝ䞁瞨հ딁왻㬻㼔춑㫋᫩踿쮊芮岂賝୩葫↯ҵ픾캾围ԃ聾蟄鷮脿ク뒗䆥껤玴✥踠鎟鄭ᩆ疓㝗藁緀㸢稌ꙵ븦荫⍲鬸‌樨氃٦ᑙ짗鹢Ө䆢兯妟芊᜕贡溁뷹ᘽࢼ叮ᩪ࿥癿 [ 225.841051][ T7456] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 225.850299][ T5948] usb 4-1: device descriptor read/64, error -71 [ 225.970368][ T5899] usb 2-1: SerialNumber: 坧Ꙓ띀ᾍ侈毞췯嬋ﻖ憱쀁✇硾례餩텁鹹址꾪垄䗐俑⇝䅗宰䊨⚋뭼႔보划馤廖犟凞풏✊倌峩횯இ腭藧㝇⢌↜︝࿳ґ荏ἓꑐ㑦肭ū伒垺秏飥ጴ⪆텡ꅕⳍ좉묺쿽ꤎ厚垃뾊ﺔ㚚䄯ᐊ劋띶궺뭝ᇇ䩕鑁 [ 225.974888][ T5948] usb usb4-port1: attempt power cycle [ 226.019855][ T184] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 226.051155][ T184] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 226.078509][ T184] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 226.100567][ T184] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71 [ 226.137699][ T184] usb 5-1: USB disconnect, device number 16 [ 226.204280][ T7465] netlink: 16 bytes leftover after parsing attributes in process `syz.0.392'. [ 226.347387][ T5948] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 226.397731][ T5948] usb 4-1: device descriptor read/8, error -71 [ 226.661910][ T5948] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 226.690227][ T5899] ftdi_sio 2-1:32.130: FTDI USB Serial Device converter detected [ 226.707943][ T5948] usb 4-1: device descriptor read/8, error -71 [ 226.735522][ T5899] ftdi_sio ttyUSB0: unknown device type: 0x59fa [ 226.818588][ T5948] usb usb4-port1: unable to enumerate USB device [ 226.850773][ T5899] ftdi_sio 2-1:32.237: FTDI USB Serial Device converter detected [ 226.851699][ T7482] loop2: detected capacity change from 0 to 7 [ 226.873558][ T7482] Dev loop2: unable to read RDB block 7 [ 226.879686][ T184] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 226.910613][ T7482] loop2: unable to read partition table [ 226.913468][ T5899] ftdi_sio ttyUSB1: unknown device type: 0x59fa [ 226.933324][ T7482] loop2: partition table beyond EOD, truncated [ 226.956422][ T7482] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 226.985135][ T5899] usb 2-1: USB disconnect, device number 17 [ 227.029641][ T184] usb 1-1: device descriptor read/64, error -71 [ 227.059287][ T5899] ftdi_sio 2-1:32.130: device disconnected [ 227.073948][ T5899] ftdi_sio 2-1:32.237: device disconnected [ 227.108958][ T7486] syzkaller0: entered promiscuous mode [ 227.124896][ T7486] syzkaller0: entered allmulticast mode [ 227.277978][ T184] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 227.355783][ T7490] blktrace: Concurrent blktraces are not allowed on loop8 [ 227.817285][ T184] usb 1-1: device descriptor read/64, error -71 [ 227.927577][ T184] usb usb1-port1: attempt power cycle [ 228.307317][ T184] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 228.329814][ T184] usb 1-1: device descriptor read/8, error -71 [ 228.565246][ T7502] blktrace: Concurrent blktraces are not allowed on loop8 [ 228.668260][ T184] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 228.719143][ T184] usb 1-1: device descriptor read/8, error -71 [ 228.827801][ T184] usb usb1-port1: unable to enumerate USB device [ 229.034487][ T50] tipc: Subscription rejected, illegal request [ 229.050349][ T7508] random: crng reseeded on system resumption [ 229.646228][ T7518] netlink: 'syz.1.404': attribute type 63 has an invalid length. [ 230.311895][ T7523] syzkaller1: entered promiscuous mode [ 230.318650][ T7523] syzkaller1: entered allmulticast mode [ 230.858881][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 230.858900][ T30] audit: type=1326 audit(1761248392.219:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7526 comm="syz.3.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 230.887339][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.085252][ T30] audit: type=1326 audit(1761248392.269:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7526 comm="syz.3.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 231.107490][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.154561][ T30] audit: type=1326 audit(1761248392.269:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7526 comm="syz.3.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 231.250069][ T30] audit: type=1326 audit(1761248392.269:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7526 comm="syz.3.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 231.272401][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.517271][ T30] audit: type=1326 audit(1761248392.269:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7526 comm="syz.3.407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 231.539494][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.961091][ T7539] netlink: 24 bytes leftover after parsing attributes in process `syz.1.410'. [ 232.025555][ T7538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.411'. [ 232.128147][ T7538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.411'. [ 233.471144][ T7557] warning: `syz.0.416' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 233.488192][ T5899] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 233.726419][ T5899] usb 5-1: config 0 has an invalid interface number: 160 but max is 0 [ 233.798959][ T5899] usb 5-1: config 0 has no interface number 0 [ 233.857393][ T5899] usb 5-1: config 0 interface 160 has no altsetting 0 [ 234.102689][ T5899] usb 5-1: New USB device found, idVendor=a6da, idProduct=1e78, bcdDevice=56.e4 [ 234.167320][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.243013][ T7564] blktrace: Concurrent blktraces are not allowed on loop8 [ 234.297253][ T5899] usb 5-1: Product: syz [ 234.331513][ T5899] usb 5-1: Manufacturer: syz [ 234.363776][ T5899] usb 5-1: SerialNumber: syz [ 234.419388][ T5899] usb 5-1: config 0 descriptor?? [ 234.547314][ T10] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 234.548801][ T5899] usb-storage 5-1:0.160: USB Mass Storage device detected [ 234.714925][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 234.725162][ T10] usb 4-1: not running at top speed; connect to a high speed hub [ 234.735030][ T10] usb 4-1: config 9 has an invalid interface number: 198 but max is 0 [ 234.743664][ T10] usb 4-1: config 9 has no interface number 0 [ 234.751646][ T10] usb 4-1: config 9 interface 198 has no altsetting 0 [ 234.768816][ T10] usb 4-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=6f.2b [ 234.778696][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.796077][ T10] usb 4-1: Product: syz [ 234.807716][ T10] usb 4-1: Manufacturer: syz [ 234.823340][ T10] usb 4-1: SerialNumber: syz [ 234.837765][ T5948] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 235.001056][ T5948] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 235.117508][ T5948] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.199065][ T10] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state. [ 235.207386][ T5948] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.218199][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 235.225887][ T5948] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 235.242382][ T5948] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 235.252030][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.266115][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 235.310810][ T10] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19) [ 235.354852][ T5948] usb 2-1: config 0 descriptor?? [ 235.371156][ T10] dvb_usb_umt_010 4-1:9.198: probe with driver dvb_usb_umt_010 failed with error -22 [ 235.391239][ T10] usb 4-1: USB disconnect, device number 22 [ 235.898869][ T5899] usb 5-1: USB disconnect, device number 17 [ 235.964857][ T5948] usbhid 2-1:0.0: can't add hid device: -71 [ 235.988101][ T5948] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 236.022383][ T5948] usb 2-1: USB disconnect, device number 18 [ 236.090906][ T7578] loop2: detected capacity change from 0 to 7 [ 236.124656][ T7578] Dev loop2: unable to read RDB block 7 [ 236.131244][ T7578] loop2: unable to read partition table [ 236.137569][ T7578] loop2: partition table beyond EOD, truncated [ 236.143907][ T7578] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 236.222710][ T5201] Dev loop2: unable to read RDB block 7 [ 236.228714][ T5201] loop2: unable to read partition table [ 236.234548][ T5201] loop2: partition table beyond EOD, truncated [ 236.567363][ T5899] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 236.748093][ T5899] usb 4-1: Using ep0 maxpacket: 8 [ 236.755417][ T7589] loop9: detected capacity change from 0 to 7 [ 236.784401][ T5884] Dev loop9: unable to read RDB block 7 [ 236.787325][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 236.803750][ T5884] loop9: unable to read partition table [ 236.805293][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 236.832246][ T5884] loop9: partition table beyond EOD, truncated [ 236.840808][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 236.860235][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 236.863522][ T7589] Dev loop9: unable to read RDB block 7 [ 236.878216][ T7589] loop9: unable to read partition table [ 236.884267][ T7589] loop9: partition table beyond EOD, truncated [ 236.888195][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 236.892169][ T7589] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 236.917781][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 236.941964][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 236.971278][ T5899] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 236.980961][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.993638][ T5899] usb 4-1: Product: syz [ 236.998325][ T5899] usb 4-1: Manufacturer: syz [ 237.003140][ T5899] usb 4-1: SerialNumber: syz [ 237.014778][ T5899] usb 4-1: config 0 descriptor?? [ 237.035730][ T5899] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 237.155181][ T6126] udevd[6126]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 237.345588][ T7582] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 237.352315][ T7582] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 237.365187][ T7582] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 237.372443][ T7582] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 237.385935][ T7582] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 237.394329][ T7582] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 237.405747][ T7582] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 237.412508][ T7582] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 237.421745][ T7582] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 237.428964][ T7582] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 237.440918][ T7580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.457809][ T7580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.490228][ T5948] usb 4-1: USB disconnect, device number 23 [ 237.748128][ T5899] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 237.919374][ T5899] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 237.927746][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.941898][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.952235][ T5899] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 238.073801][ T5899] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 238.100858][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.188315][ T5899] usb 3-1: config 0 descriptor?? [ 238.239526][ T5834] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 238.479121][ T30] audit: type=1326 audit(1761248399.609:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7612 comm="syz.3.434" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x0 [ 238.704334][ T5899] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 238.734968][ T5899] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 238.915506][ T30] audit: type=1326 audit(1761248400.039:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 238.917400][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 238.944787][ T30] audit: type=1326 audit(1761248400.039:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 238.967051][ C0] vkms_vblank_simulate: vblank timer overrun [ 239.022027][ T30] audit: type=1326 audit(1761248400.039:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.044747][ T30] audit: type=1326 audit(1761248400.039:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.049602][ T7595] netlink: 40 bytes leftover after parsing attributes in process `syz.2.428'. [ 239.067314][ T30] audit: type=1326 audit(1761248400.039:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.127280][ T30] audit: type=1326 audit(1761248400.039:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.160815][ T30] audit: type=1326 audit(1761248400.039:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.199165][ T7595] ip6gre1: entered promiscuous mode [ 239.287467][ T7595] ip6gre1: entered allmulticast mode [ 239.297608][ T30] audit: type=1326 audit(1761248400.049:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.372643][ T7609] xt_TPROXY: Can be used only with -p tcp or -p udp [ 239.451116][ T30] audit: type=1326 audit(1761248400.049:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.1.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 239.494654][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 239.500869][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 239.506892][ T5834] Bluetooth: hci4: command 0x0406 tx timeout [ 239.513179][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 240.117631][ T5948] usb 3-1: reset high-speed USB device number 15 using dummy_hcd [ 240.274743][ T7630] netlink: 148 bytes leftover after parsing attributes in process `syz.2.437'. [ 240.285045][ T7629] loop2: detected capacity change from 0 to 7 [ 240.285627][ T5900] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 240.322092][ T7629] Dev loop2: unable to read RDB block 7 [ 240.328800][ T7629] loop2: unable to read partition table [ 240.340367][ T7629] loop2: partition table beyond EOD, truncated [ 240.348348][ T7629] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 240.389947][ T7630] IPv6: Can't replace route, no match found [ 240.477334][ T5900] usb 4-1: device descriptor read/64, error -71 [ 240.642398][ T7637] loop9: detected capacity change from 0 to 7 [ 240.662401][ T7637] Dev loop9: unable to read RDB block 7 [ 240.676384][ T7637] loop9: unable to read partition table [ 240.704158][ T7637] loop9: partition table beyond EOD, truncated [ 240.747381][ T5900] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 240.784672][ T7637] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 240.948014][ T5900] usb 4-1: device descriptor read/64, error -71 [ 240.963016][ T7640] netlink: 24 bytes leftover after parsing attributes in process `syz.1.440'. [ 240.978080][ T184] usb 3-1: USB disconnect, device number 15 [ 240.986719][ T7640] netlink: 8 bytes leftover after parsing attributes in process `syz.1.440'. [ 241.027462][ T5151] Bluetooth: hci0: command 0x0406 tx timeout [ 241.085105][ T5900] usb usb4-port1: attempt power cycle [ 241.213285][ T7635] netlink: 40 bytes leftover after parsing attributes in process `syz.4.438'. [ 241.220125][ T5151] Bluetooth: hci1: ACL packet for unknown connection handle 176 [ 241.234132][ T7640] libceph: resolve '0..' (ret=-3): failed [ 241.457325][ T5900] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 241.520638][ T5900] usb 4-1: device descriptor read/8, error -71 [ 241.557819][ T5151] Bluetooth: hci2: command 0x0406 tx timeout [ 241.558155][ T5834] Bluetooth: hci4: command 0x0406 tx timeout [ 241.570133][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 241.570184][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 241.760598][ T5900] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 241.804378][ T5900] usb 4-1: device descriptor read/8, error -71 [ 241.918336][ T5900] usb usb4-port1: unable to enumerate USB device [ 242.210963][ T7658] netlink: 12 bytes leftover after parsing attributes in process `syz.0.447'. [ 242.419904][ T7664] netlink: 27 bytes leftover after parsing attributes in process `syz.1.446'. [ 242.473839][ T7664] team0: Device ipip0 is of different type [ 242.717899][ T7669] netlink: 24 bytes leftover after parsing attributes in process `syz.0.450'. [ 242.765721][ T7669] openvswitch: netlink: Flow key attr not present in new flow. [ 242.865712][ T7674] loop9: detected capacity change from 0 to 7 [ 242.908238][ T5884] Dev loop9: unable to read RDB block 7 [ 242.917667][ T5884] loop9: unable to read partition table [ 242.930406][ T5884] loop9: partition table beyond EOD, truncated [ 242.975663][ T7674] Dev loop9: unable to read RDB block 7 [ 242.995847][ T7674] loop9: unable to read partition table [ 243.020164][ T7674] loop9: partition table beyond EOD, truncated [ 243.031836][ T7674] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 243.813735][ T7694] program syz.4.455 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 243.911704][ T7692] GUP no longer grows the stack in syz.4.455 (7692): 200000004000-20000000a000 (200000001000) [ 243.969735][ T7692] CPU: 1 UID: 0 PID: 7692 Comm: syz.4.455 Not tainted syzkaller #0 PREEMPT(full) [ 243.969767][ T7692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 243.969796][ T7692] Call Trace: [ 243.969806][ T7692] [ 243.969817][ T7692] dump_stack_lvl+0x189/0x250 [ 243.969847][ T7692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.969870][ T7692] ? __pfx__printk+0x10/0x10 [ 243.969885][ T7692] ? find_vma+0xe7/0x160 [ 243.969916][ T7692] __get_user_pages+0x2470/0x2a00 [ 243.969955][ T7692] ? __gup_longterm_locked+0xc63/0x1660 [ 243.969975][ T7692] ? down_read_killable+0x1d1/0x350 [ 243.970003][ T7692] __gup_longterm_locked+0xde4/0x1660 [ 243.970028][ T7692] ? try_grab_folio_fast+0x1bf/0x6a0 [ 243.970057][ T7692] ? gup_fast_fallback+0x1b86/0x22d0 [ 243.970080][ T7692] gup_fast_fallback+0x1d65/0x22d0 [ 243.970128][ T7692] ? __pfx_gup_fast_fallback+0x10/0x10 [ 243.970147][ T7692] ? __mutex_lock+0x335/0x1350 [ 243.970174][ T7692] ? is_valid_gup_args+0x11f/0x200 [ 243.970195][ T7692] ? get_user_pages_fast+0x4d/0xb0 [ 243.970217][ T7692] __iov_iter_get_pages_alloc+0x39f/0xb40 [ 243.970243][ T7692] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 243.970262][ T7692] ? wait_for_space+0x248/0x2d0 [ 243.970278][ T7692] iov_iter_get_pages2+0x5e/0xa0 [ 243.970300][ T7692] __se_sys_vmsplice+0x548/0x10d0 [ 243.970323][ T7692] ? futex_private_hash_put+0x4b/0x280 [ 243.970348][ T7692] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 243.970366][ T7692] ? __pfx_futex_wake+0x10/0x10 [ 243.970426][ T7692] ? do_syscall_64+0xbe/0xfa0 [ 243.970450][ T7692] do_syscall_64+0xfa/0xfa0 [ 243.970469][ T7692] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.970488][ T7692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.970511][ T7692] ? clear_bhb_loop+0x60/0xb0 [ 243.970530][ T7692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.970546][ T7692] RIP: 0033:0x7f3dd2b8efc9 [ 243.970560][ T7692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.970574][ T7692] RSP: 002b:00007f3dd3a1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 243.970591][ T7692] RAX: ffffffffffffffda RBX: 00007f3dd2de6090 RCX: 00007f3dd2b8efc9 [ 243.970602][ T7692] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 000000000000000c [ 243.970612][ T7692] RBP: 00007f3dd2c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 243.970621][ T7692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.970630][ T7692] R13: 00007f3dd2de6128 R14: 00007f3dd2de6090 R15: 00007f3dd2f0fa28 [ 243.970661][ T7692] [ 244.658055][ T5900] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 244.959745][ T5900] usb 4-1: unable to get BOS descriptor or descriptor too short [ 244.982264][ T5900] usb 4-1: config 13 has an invalid interface number: 50 but max is 3 [ 244.994645][ T5900] usb 4-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 245.114332][ T5900] usb 4-1: config 13 has 1 interface, different from the descriptor's value: 4 [ 245.373731][ T7707] binder: 7699:7707 ioctl c0306201 200000000100 returned -11 [ 245.382793][ T7707] fuse: Bad value for 'fd' [ 245.467961][ T5900] usb 4-1: config 13 has no interface number 0 [ 245.484011][ T5900] usb 4-1: config 13 interface 50 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 245.547079][ T5900] usb 4-1: config 13 interface 50 has no altsetting 0 [ 245.845573][ T5900] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=a9.e8 [ 245.867268][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.879161][ T5900] usb 4-1: Product: syz [ 245.883384][ T5900] usb 4-1: Manufacturer: syz [ 245.888399][ T5900] usb 4-1: SerialNumber: syz [ 246.185383][ T6084] usb 4-1: Failed to submit usb control message: -71 [ 246.194501][ T5900] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 246.217591][ T6084] usb 4-1: unable to send the bmi data to the device: -71 [ 246.291263][ T5900] usb 4-1: USB disconnect, device number 28 [ 246.298098][ T6084] usb 4-1: unable to get target info from device [ 246.321649][ T6084] usb 4-1: could not get target info (-71) [ 246.328616][ T6084] usb 4-1: could not probe fw (-71) [ 246.425629][ T7717] FAULT_INJECTION: forcing a failure. [ 246.425629][ T7717] name failslab, interval 1, probability 0, space 0, times 0 [ 246.475983][ T7717] CPU: 1 UID: 0 PID: 7717 Comm: syz.4.462 Not tainted syzkaller #0 PREEMPT(full) [ 246.476027][ T7717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 246.476042][ T7717] Call Trace: [ 246.476057][ T7717] [ 246.476067][ T7717] dump_stack_lvl+0x189/0x250 [ 246.476103][ T7717] ? __pfx____ratelimit+0x10/0x10 [ 246.476130][ T7717] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.476158][ T7717] ? __pfx__printk+0x10/0x10 [ 246.476177][ T7717] ? netlink_sendmsg+0x805/0xb30 [ 246.476202][ T7717] ? __x64_sys_sendmsg+0x19b/0x260 [ 246.476222][ T7717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.476251][ T7717] should_fail_ex+0x414/0x560 [ 246.476289][ T7717] should_failslab+0xa8/0x100 [ 246.476314][ T7717] kmem_cache_alloc_noprof+0x74/0x6e0 [ 246.476346][ T7717] ? skb_clone+0x212/0x3a0 [ 246.476366][ T7717] skb_clone+0x212/0x3a0 [ 246.476384][ T7717] __netlink_deliver_tap+0x404/0x850 [ 246.476417][ T7717] ? netlink_deliver_tap+0x2e/0x1b0 [ 246.476440][ T7717] netlink_deliver_tap+0x19c/0x1b0 [ 246.476463][ T7717] netlink_sendskb+0x68/0x140 [ 246.476486][ T7717] netlink_unicast+0x397/0x9e0 [ 246.476504][ T7717] ? __asan_memcpy+0x40/0x70 [ 246.476530][ T7717] ? __pfx_netlink_unicast+0x10/0x10 [ 246.476559][ T7717] netlink_rcv_skb+0x28c/0x470 [ 246.476580][ T7717] ? __lock_acquire+0xab9/0xd20 [ 246.476596][ T7717] ? __pfx_genl_rcv_msg+0x10/0x10 [ 246.476615][ T7717] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 246.476652][ T7717] ? down_read+0x1ad/0x2e0 [ 246.476676][ T7717] genl_rcv+0x28/0x40 [ 246.476693][ T7717] netlink_unicast+0x82f/0x9e0 [ 246.476720][ T7717] ? __pfx_netlink_unicast+0x10/0x10 [ 246.476743][ T7717] ? netlink_sendmsg+0x642/0xb30 [ 246.476765][ T7717] ? skb_put+0x11b/0x210 [ 246.476781][ T7717] netlink_sendmsg+0x805/0xb30 [ 246.476812][ T7717] ? __pfx_netlink_sendmsg+0x10/0x10 [ 246.476838][ T7717] ? aa_sock_msg_perm+0xf1/0x1d0 [ 246.476863][ T7717] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 246.476877][ T7717] ? __pfx_netlink_sendmsg+0x10/0x10 [ 246.476901][ T7717] __sock_sendmsg+0x21c/0x270 [ 246.476923][ T7717] ____sys_sendmsg+0x505/0x830 [ 246.476943][ T7717] ? __pfx_____sys_sendmsg+0x10/0x10 [ 246.476965][ T7717] ? import_iovec+0x74/0xa0 [ 246.476986][ T7717] ___sys_sendmsg+0x21f/0x2a0 [ 246.477012][ T7717] ? __pfx____sys_sendmsg+0x10/0x10 [ 246.477057][ T7717] ? __fget_files+0x2a/0x420 [ 246.477070][ T7717] ? __fget_files+0x3a0/0x420 [ 246.477093][ T7717] __x64_sys_sendmsg+0x19b/0x260 [ 246.477111][ T7717] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 246.477134][ T7717] ? __pfx_ksys_write+0x10/0x10 [ 246.477170][ T7717] ? do_syscall_64+0xbe/0xfa0 [ 246.477205][ T7717] do_syscall_64+0xfa/0xfa0 [ 246.477225][ T7717] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.477245][ T7717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.477260][ T7717] ? clear_bhb_loop+0x60/0xb0 [ 246.477279][ T7717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.477294][ T7717] RIP: 0033:0x7f3dd2b8efc9 [ 246.477308][ T7717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.477321][ T7717] RSP: 002b:00007f3dd3a3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 246.477338][ T7717] RAX: ffffffffffffffda RBX: 00007f3dd2de5fa0 RCX: 00007f3dd2b8efc9 [ 246.477349][ T7717] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000003 [ 246.477365][ T7717] RBP: 00007f3dd3a3f090 R08: 0000000000000000 R09: 0000000000000000 [ 246.477378][ T7717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.477391][ T7717] R13: 00007f3dd2de6038 R14: 00007f3dd2de5fa0 R15: 00007f3dd2f0fa28 [ 246.477428][ T7717] [ 247.107291][ T981] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 247.211060][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 247.211080][ T30] audit: type=1326 audit(1761248408.569:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7724 comm="syz.3.464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 247.250292][ T30] audit: type=1326 audit(1761248408.609:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7724 comm="syz.3.464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 247.273131][ T981] usb 1-1: Using ep0 maxpacket: 32 [ 247.278613][ T30] audit: type=1326 audit(1761248408.609:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7724 comm="syz.3.464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 247.313442][ T981] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 247.326321][ T981] usb 1-1: config 0 has no interface number 0 [ 247.590423][ T30] audit: type=1326 audit(1761248408.609:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7724 comm="syz.3.464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 247.678056][ T981] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 247.687726][ T981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.702599][ T981] usb 1-1: Product: syz [ 247.706809][ T981] usb 1-1: Manufacturer: syz [ 247.711634][ T30] audit: type=1326 audit(1761248408.609:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7724 comm="syz.3.464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81aad8efc9 code=0x7ffc0000 [ 247.735509][ T981] usb 1-1: SerialNumber: syz [ 247.754229][ T981] usb 1-1: config 0 descriptor?? [ 247.771628][ T981] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 247.986605][ T981] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 248.136093][ T981] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 248.201138][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 248.574600][ T7745] netlink: 24 bytes leftover after parsing attributes in process `syz.2.469'. [ 249.122014][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 249.122561][ T9] usb 1-1: USB disconnect, device number 23 [ 249.219159][ T7753] Cannot find add_set index 1 as target [ 249.297080][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 249.358397][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 249.384820][ T9] quatech2 1-1:0.51: device disconnected [ 249.647303][ T184] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 249.829224][ T184] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 249.852129][ T184] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 249.876665][ T184] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 249.899456][ T184] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 54, changing to 9 [ 249.913356][ T184] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 8237, setting to 1024 [ 249.926609][ T184] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 249.936420][ T184] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.944548][ T184] usb 3-1: Product: syz [ 249.953349][ T184] usb 3-1: Manufacturer: syz [ 249.967117][ T184] usb 3-1: SerialNumber: syz [ 249.986250][ T184] usb 3-1: config 0 descriptor?? [ 249.991778][ T7763] xt_CT: No such helper "pptp" [ 250.020851][ T184] iguanair 3-1:0.0: failed to submit urb: -90 [ 250.039657][ T184] iguanair 3-1:0.0: probe with driver iguanair failed with error -90 [ 250.218453][ T184] usb 3-1: USB disconnect, device number 16 [ 251.418193][ T7770] netlink: 96 bytes leftover after parsing attributes in process `syz.1.473'. [ 251.612177][ T30] audit: type=1326 audit(1761248412.969:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7778 comm="syz.0.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedd38efc9 code=0x7ffc0000 [ 251.685861][ T30] audit: type=1326 audit(1761248412.969:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7778 comm="syz.0.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedd38efc9 code=0x7ffc0000 [ 251.800925][ T30] audit: type=1326 audit(1761248412.969:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7778 comm="syz.0.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7efedd38efc9 code=0x7ffc0000 [ 251.940228][ T30] audit: type=1326 audit(1761248412.969:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7778 comm="syz.0.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedd38efc9 code=0x7ffc0000 [ 252.237327][ T30] audit: type=1326 audit(1761248412.969:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7778 comm="syz.0.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efedd38efc9 code=0x7ffc0000 [ 252.509320][ T7806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.559079][ T7806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 252.747732][ T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 252.907304][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 252.914800][ T10] usb 4-1: config 5 has an invalid interface number: 34 but max is 0 [ 252.923960][ T10] usb 4-1: config 5 has no interface number 0 [ 252.947281][ T10] usb 4-1: config 5 interface 34 has no altsetting 0 [ 252.993148][ T10] usb 4-1: New USB device found, idVendor=07c4, idProduct=a001, bcdDevice=95.76 [ 253.006104][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.130540][ T10] usb 4-1: Product: syz [ 253.145377][ T10] usb 4-1: Manufacturer: syz [ 253.154518][ T10] usb 4-1: SerialNumber: syz [ 253.178368][ T7820] PKCS7: Unknown OID: [5] (bad) [ 253.183598][ T7820] PKCS7: Only support pkcs7_signedData type [ 253.530994][ T10] usb 4-1: bad CDC descriptors [ 253.539389][ T10] ums-datafab 4-1:5.34: USB Mass Storage device detected [ 253.556581][ T10] ums-datafab 4-1:5.34: This device (07c4,a001,9576 S 06 P 00) has an unneeded SubClass entry in unusual_devs.h (kernel syzkaller) [ 253.556581][ T10] Please send a copy of this message to and [ 253.581990][ C0] vkms_vblank_simulate: vblank timer overrun [ 253.654103][ T10] usb 4-1: USB disconnect, device number 29 [ 254.299377][ T7835] syzkaller0: entered promiscuous mode [ 254.304937][ T7835] syzkaller0: entered allmulticast mode [ 254.336484][ T7840] loop6: detected capacity change from 0 to 7 [ 254.348471][ T7840] Dev loop6: unable to read RDB block 7 [ 254.367757][ T7840] loop6: unable to read partition table [ 254.377097][ T7840] loop6: partition table beyond EOD, truncated [ 254.383735][ T7840] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 254.497317][ T10] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 254.661859][ T7846] netlink: 56 bytes leftover after parsing attributes in process `syz.4.496'. [ 254.674533][ T10] usb 2-1: config 0 has an invalid interface number: 207 but max is 0 [ 254.690328][ T7846] netlink: 56 bytes leftover after parsing attributes in process `syz.4.496'. [ 254.699894][ T10] usb 2-1: config 0 has no interface number 0 [ 254.715383][ T10] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd [ 254.724612][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.733545][ T10] usb 2-1: Product: syz [ 254.738301][ T10] usb 2-1: Manufacturer: syz [ 254.753192][ T10] usb 2-1: SerialNumber: syz [ 254.764421][ T10] usb 2-1: config 0 descriptor?? [ 254.773644][ T7848] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 254.790885][ T10] qmi_wwan 2-1:0.207: skipping garbage [ 254.877322][ T981] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 254.919818][ T7855] PM: Enabling pm_trace changes system date and time during resume. [ 254.919818][ T7855] PM: Correct system time has to be restored manually after resume. [ 254.993188][ T10] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22 [ 255.128071][ T981] usb 3-1: device descriptor read/64, error -71 [ 255.467442][ T981] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 255.486405][ T5948] usb 2-1: USB disconnect, device number 19 [ 255.637506][ T981] usb 3-1: device descriptor read/64, error -71 [ 255.768645][ T981] usb usb3-port1: attempt power cycle [ 256.237911][ T981] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 256.268748][ T981] usb 3-1: device descriptor read/8, error -71 [ 256.517649][ T981] usb 3-1: new low-speed USB device number 20 using dummy_hcd [ 256.552277][ T981] usb 3-1: device descriptor read/8, error -71 [ 256.597498][ T184] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 256.787633][ T981] usb usb3-port1: unable to enumerate USB device [ 256.834592][ T7877] netlink: 35 bytes leftover after parsing attributes in process `syz.4.503'. [ 256.860920][ T7877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.503'. [ 256.937553][ T184] usb 2-1: device descriptor read/64, error -71 [ 257.197787][ T184] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 257.347900][ T184] usb 2-1: device descriptor read/64, error -71 [ 257.430187][ T7886] netlink: 8 bytes leftover after parsing attributes in process `syz.3.505'. [ 257.467399][ T184] usb usb2-port1: attempt power cycle [ 257.717786][ T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 257.829863][ T184] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 257.867988][ T184] usb 2-1: device descriptor read/8, error -71 [ 257.887739][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 257.937871][ T7901] blktrace: Concurrent blktraces are not allowed on loop8 [ 257.952874][ T24] usb 4-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 257.965799][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.064308][ T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 258.077474][ T981] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 258.088615][ T24] usb 4-1: config 0 has no interface number 0 [ 258.094962][ T24] usb 4-1: too many endpoints for config 0 interface 1 altsetting 61: 142, using maximum allowed: 30 [ 258.108640][ T24] usb 4-1: config 0 interface 1 altsetting 61 has 0 endpoint descriptors, different from the interface descriptor's value: 142 [ 258.131927][ T24] usb 4-1: config 0 interface 1 has no altsetting 0 [ 258.148251][ T24] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 258.148283][ T184] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 258.165366][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.176409][ T24] usb 4-1: config 0 descriptor?? [ 258.190118][ T24] usb 4-1: selecting invalid altsetting 0 [ 258.273793][ T981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.293947][ T981] usb 3-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 258.344453][ T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.377667][ T184] usb 2-1: device descriptor read/8, error -71 [ 258.494012][ T24] usb 4-1: USB disconnect, device number 30 [ 258.523057][ T184] usb usb2-port1: unable to enumerate USB device [ 258.554822][ T981] usb 3-1: config 0 descriptor?? [ 259.184381][ T7899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.198055][ T7899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.577982][ T184] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 259.754397][ T184] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 259.764902][ T184] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 259.794213][ T184] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 259.807816][ T184] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 259.815963][ T184] usb 4-1: SerialNumber: syz [ 260.108591][ T7908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 260.158229][ T7908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 260.300402][ T184] usb 4-1: 0:2 : does not exist [ 260.352902][ T184] usb 4-1: USB disconnect, device number 31 [ 260.449063][ T5884] udevd[5884]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 260.535694][ T981] razer 0003:1532:010E.0004: failed to enable macro keys: -71 [ 260.575016][ T981] razer 0003:1532:010E.0004: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.2-1/input0 [ 260.586758][ T43] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 260.687940][ T981] usb 3-1: USB disconnect, device number 21 [ 260.758676][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 260.784120][ T43] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 260.804155][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 260.948895][ T43] usb 5-1: New USB device found, idVendor=2040, idProduct=026d, bcdDevice=4e.d1 [ 260.958048][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.966090][ T43] usb 5-1: Product: syz [ 260.970903][ T43] usb 5-1: Manufacturer: syz [ 260.975559][ T43] usb 5-1: SerialNumber: syz [ 261.081834][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.097234][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.104972][ T43] usb 5-1: config 0 descriptor?? [ 261.177844][ T7928] fido_id[7928]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 261.205837][ T43] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:026d, interface 0, class 0) [ 261.249422][ T7938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.517'. [ 261.313257][ T43] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 261.417349][ T981] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 261.507344][ T10] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 261.665640][ T43] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 261.666064][ T43] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 261.669969][ T43] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 261.669992][ T43] em28xx 5-1:0.0: No AC97 audio processor [ 261.670093][ T43] em28xx 5-1:0.0: We currently don't support analog TV or stream capture on dual tuners. [ 261.678261][ T981] usb 1-1: Using ep0 maxpacket: 8 [ 261.682464][ T981] usb 1-1: too many configurations: 10, using maximum allowed: 8 [ 261.688311][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.688350][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.688370][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.693838][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.693877][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.693906][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.698452][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.698518][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.698549][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.702165][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.702203][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.702233][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.706095][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.706132][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.706161][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.714478][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.714524][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.714553][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.718675][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.718713][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.718742][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.727414][ T981] usb 1-1: config 4 interface 0 altsetting 247 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 261.727453][ T981] usb 1-1: config 4 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 261.727486][ T981] usb 1-1: config 4 interface 0 has no altsetting 0 [ 261.730182][ T981] usb 1-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.65 [ 261.730206][ T981] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=48 [ 261.730222][ T981] usb 1-1: SerialNumber: syz [ 261.738126][ T43] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 261.739542][ T43] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 261.740199][ T43] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 261.740212][ T43] em28xx 5-1:0.0: No AC97 audio processor [ 261.817372][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 261.952769][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.952803][ T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 261.974257][ T7932] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 261.982852][ T10] usb 3-1: New USB device found, idVendor=093b, idProduct=a104, bcdDevice= 0.01 [ 262.377492][ T7937] tty tty26: ldisc open failed (-12), clearing slot 25 [ 262.419410][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.427833][ T10] usb 3-1: Product: syz [ 262.432044][ T10] usb 3-1: Manufacturer: syz [ 262.436787][ T10] usb 3-1: SerialNumber: syz [ 262.487731][ T981] usbhid 1-1:4.0: can't add hid device: -71 [ 262.500779][ T981] usbhid 1-1:4.0: probe with driver usbhid failed with error -71 [ 262.547601][ T981] usb 1-1: USB disconnect, device number 24 [ 262.558616][ T10] usb 3-1: config 0 descriptor?? [ 262.605194][ T10] go7007 3-1:0.0: probe with driver go7007 failed with error -12 [ 262.866080][ T7961] blktrace: Concurrent blktraces are not allowed on loop8 [ 262.909597][ T10] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 262.927943][ T43] usb 5-1: USB disconnect, device number 18 [ 262.939962][ T43] em28xx 5-1:0.0: Disconnecting em28xx #1 [ 262.978060][ T43] em28xx 5-1:0.0: Disconnecting em28xx [ 263.046925][ T43] em28xx 5-1:0.0: Freeing device [ 263.077569][ T43] em28xx 5-1:0.0: Freeing device [ 263.079672][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 263.097950][ T10] usb 4-1: config 129 has an invalid interface number: 173 but max is 3 [ 263.115967][ T10] usb 4-1: config 129 has an invalid interface number: 172 but max is 3 [ 263.159290][ T10] usb 4-1: config 129 has an invalid interface number: 215 but max is 3 [ 263.201424][ T10] usb 4-1: config 129 has an invalid interface number: 44 but max is 3 [ 263.210882][ T10] usb 4-1: config 129 has no interface number 0 [ 263.217714][ T10] usb 4-1: config 129 has no interface number 1 [ 263.224336][ T10] usb 4-1: config 129 has no interface number 2 [ 263.231423][ T10] usb 4-1: config 129 has no interface number 3 [ 263.240014][ T10] usb 4-1: config 129 interface 172 altsetting 9 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 263.254347][ T10] usb 4-1: config 129 interface 172 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 263.269849][ T10] usb 4-1: config 129 interface 215 altsetting 1 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 263.284332][ T10] usb 4-1: config 129 interface 215 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 263.295854][ T10] usb 4-1: config 129 interface 44 altsetting 2 has a duplicate endpoint with address 0x1, skipping [ 263.309954][ T10] usb 4-1: config 129 interface 44 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 263.321546][ T10] usb 4-1: config 129 interface 44 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 263.333065][ T10] usb 4-1: config 129 interface 44 altsetting 2 has a duplicate endpoint with address 0x9, skipping [ 263.344315][ T10] usb 4-1: config 129 interface 44 altsetting 2 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 263.356263][ T10] usb 4-1: config 129 interface 173 has no altsetting 0 [ 263.365114][ T10] usb 4-1: config 129 interface 172 has no altsetting 0 [ 263.372917][ T10] usb 4-1: config 129 interface 215 has no altsetting 0 [ 263.386961][ T10] usb 4-1: config 129 interface 44 has no altsetting 0 [ 263.405632][ T10] usb 4-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=b4.82 [ 263.415948][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.426121][ T10] usb 4-1: Product: 㠊 [ 263.436126][ T10] usb 4-1: Manufacturer: 䠚ደ뎚᤯緡웅ƿ↲莋㚕爼㩀畒遼涬❯뗭襴ﳕ萅ᝠ䩾顙펐ᇗ㳨鵠ꞣ䎫鈘㯶콪䋢鮨薉覥빳甾飖ⷣ儗꺼఺팂斦᩼頜熻忦 [ 263.473501][ T10] usb 4-1: SerialNumber: ᾗ庖㏓唿⠣䮂묪ⷧ뽥簧컢뇭Ꙑ砤롖䶑ᄾ蹔눜ૉ㑃⫮鶒抋涱ࢉ編ꯄ줺䌕ꕳ⮚剧ꪞ溜赭걏쁗▊ǣ繚 [ 263.728217][ T7951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.737575][ T7951] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.771603][ T10] radio-si470x 4-1:129.173: could not find interrupt in endpoint [ 263.786589][ T10] radio-si470x 4-1:129.173: probe with driver radio-si470x failed with error -5 [ 263.807585][ T10] usbhid 4-1:129.173: couldn't find an input interrupt endpoint [ 263.925268][ T10] usb 4-1: USB disconnect, device number 32 [ 263.981104][ T981] usb 3-1: USB disconnect, device number 22 [ 264.129239][ T7970] blktrace: Concurrent blktraces are not allowed on loop8 [ 264.567463][ T7974] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 265.432230][ T7982] netlink: 'syz.0.530': attribute type 4 has an invalid length. [ 265.659279][ T7987] netlink: 'syz.0.530': attribute type 4 has an invalid length. [ 267.450340][ T8017] netlink: 'syz.4.538': attribute type 1 has an invalid length. [ 267.497310][ T981] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 267.708034][ T981] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 267.747249][ T981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.931845][ T981] usb 3-1: Product: syz [ 267.947312][ T981] usb 3-1: Manufacturer: syz [ 267.951989][ T981] usb 3-1: SerialNumber: syz [ 267.987878][ T981] usb 3-1: config 0 descriptor?? [ 268.124370][ T6084] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.134589][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.144248][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.153699][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.162338][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.171002][ T5899] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.180184][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.207367][ T184] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.226098][ T981] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 268.533402][ T981] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 268.589710][ T981] usb 3-1: USB disconnect, device number 23 [ 268.641487][ T8023] geneve2: entered promiscuous mode [ 268.827306][ T10] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 269.110464][ T30] audit: type=1326 audit(1761248430.459:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.132677][ C1] vkms_vblank_simulate: vblank timer overrun [ 269.175249][ T30] audit: type=1326 audit(1761248430.469:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.197522][ C1] vkms_vblank_simulate: vblank timer overrun [ 269.285140][ T10] usb 4-1: device descriptor read/64, error -71 [ 269.288223][ T30] audit: type=1326 audit(1761248430.469:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.313798][ C1] vkms_vblank_simulate: vblank timer overrun [ 269.323728][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.340334][ T30] audit: type=1326 audit(1761248430.469:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.363615][ C1] vkms_vblank_simulate: vblank timer overrun [ 269.382351][ T30] audit: type=1326 audit(1761248430.469:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.407892][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.419105][ T30] audit: type=1326 audit(1761248430.469:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.454071][ T30] audit: type=1326 audit(1761248430.469:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.496884][ T30] audit: type=1326 audit(1761248430.469:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 269.539287][ T10] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 269.797587][ T10] usb 4-1: device descriptor read/64, error -71 [ 269.921970][ T10] usb usb4-port1: attempt power cycle [ 270.033353][ T30] audit: type=1326 audit(1761248430.469:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 270.106541][ T30] audit: type=1326 audit(1761248430.469:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8028 comm="syz.1.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fd717f8efc9 code=0x7ffc0000 [ 270.318247][ T10] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 270.349704][ T10] usb 4-1: device descriptor read/8, error -71 [ 270.446529][ T8042] blktrace: Concurrent blktraces are not allowed on loop8 [ 270.617362][ T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 270.931166][ T10] usb 4-1: device descriptor read/8, error -71 [ 271.067260][ T10] usb usb4-port1: unable to enumerate USB device [ 271.483033][ T8048] blktrace: Concurrent blktraces are not allowed on loop8 [ 271.662052][ T8050] tipc: Started in network mode [ 271.757498][ T8050] tipc: Node identity f69533b90af1, cluster identity 4711 [ 271.796673][ T8050] tipc: Enabled bearer , priority 0 [ 272.036495][ T8051] tipc: Disabling bearer [ 273.245822][ T50] net_ratelimit: 7 callbacks suppressed [ 273.245845][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.260486][ T5948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.270489][ T981] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.567343][ T981] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 273.787370][ T981] usb 2-1: Using ep0 maxpacket: 32 [ 273.807086][ T981] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 273.851723][ T981] usb 2-1: config 0 has no interface number 0 [ 273.882465][ T981] usb 2-1: config 0 interface 89 has no altsetting 0 [ 273.915336][ T981] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 273.949293][ T981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.983349][ T981] usb 2-1: Product: syz [ 274.016549][ T981] usb 2-1: Manufacturer: syz [ 274.040575][ T981] usb 2-1: SerialNumber: syz [ 274.084275][ T981] usb 2-1: config 0 descriptor?? [ 274.114856][ T981] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 274.151112][ T981] em28xx 2-1:0.89: Video interface 89 found: bulk [ 274.279744][ T5948] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.364191][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.589903][ T8082] loop6: detected capacity change from 0 to 7 [ 274.603058][ T5977] Dev loop6: unable to read RDB block 7 [ 274.610926][ T5977] loop6: unable to read partition table [ 274.623296][ T5977] loop6: partition table beyond EOD, truncated [ 274.631729][ T8082] Dev loop6: unable to read RDB block 7 [ 274.644228][ T8082] loop6: unable to read partition table [ 274.654182][ T8082] loop6: partition table beyond EOD, truncated [ 274.663528][ T8082] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 274.707587][ T24] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 274.715811][ T981] em28xx 2-1:0.89: unknown em28xx chip ID (0) [ 274.890415][ T24] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 274.933268][ T24] usb 4-1: config 0 has no interface number 0 [ 274.957386][ T24] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 275.014313][ T24] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 275.087454][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.095572][ T24] usb 4-1: Product: syz [ 275.127597][ T24] usb 4-1: Manufacturer: syz [ 275.137287][ T24] usb 4-1: SerialNumber: syz [ 275.148333][ T981] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 275.157954][ T6075] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.168138][ T5961] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.178516][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.179405][ T981] em28xx 2-1:0.89: board has no eeprom [ 275.199822][ T24] usb 4-1: config 0 descriptor?? [ 275.206426][ T8080] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 275.281448][ T8091] program syz.2.558 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 275.368395][ T24] usb-storage 4-1:0.20: USB Mass Storage device detected [ 275.397560][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.455817][ T24] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 275.474033][ T24] scsi host1: usb-storage 4-1:0.20 [ 275.488060][ T981] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67) [ 275.657755][ T981] em28xx 2-1:0.89: analog set to bulk mode. [ 275.694525][ T24] non-slab/vmalloc memory [ 275.700024][ T24] list_add corruption. prev->next should be next (ffffffff8ef03920), but was ffffffff810012a6. (prev=ffff888055b0c250). [ 275.713636][ T24] ------------[ cut here ]------------ [ 275.719338][ T24] kernel BUG at lib/list_debug.c:34! [ 275.757523][ T981] usb 2-1: USB disconnect, device number 24 [ 275.764816][ T981] em28xx 2-1:0.89: Disconnecting em28xx [ 275.775149][ T24] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 275.781507][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT(full) [ 275.790707][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 275.800853][ T24] Workqueue: events request_module_async [ 275.806594][ T24] RIP: 0010:__list_add_valid_or_report+0x123/0x130 [ 275.813105][ T24] Code: e8 92 35 71 fd 43 80 3c 2c 00 74 08 4c 89 f7 e8 93 fd 92 fd 49 8b 16 48 c7 c7 a0 06 bf 8b 48 89 de 4c 89 f1 e8 de d5 94 fc 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 [ 275.832716][ T24] RSP: 0018:ffffc900001e79e0 EFLAGS: 00010246 [ 275.838790][ T24] RAX: 0000000000000075 RBX: ffffffff8ef03920 RCX: 9312e5ae8a653700 [ 275.846768][ T24] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 275.854838][ T24] RBP: 1ffffffff1de0725 R08: 0000000000000003 R09: 0000000000000004 [ 275.862819][ T24] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: 1ffff1100ab6184a [ 275.870803][ T24] R13: dffffc0000000000 R14: ffff888055b0c250 R15: ffff888055958250 [ 275.878792][ T24] FS: 0000000000000000(0000) GS:ffff88812623e000(0000) knlGS:0000000000000000 [ 275.887766][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.894444][ T24] CR2: 00007fd7181b3ad8 CR3: 0000000077ed8000 CR4: 00000000003526f0 [ 275.902425][ T24] Call Trace: [ 275.905733][ T24] [ 275.908719][ T24] em28xx_init_extension+0x56/0x1c0 [ 275.913953][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 275.919688][ T24] process_scheduled_works+0xae1/0x17b0 [ 275.925259][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 275.931255][ T24] worker_thread+0x8a0/0xda0 [ 275.935860][ T24] kthread+0x711/0x8a0 [ 275.939933][ T24] ? __pfx_worker_thread+0x10/0x10 [ 275.945044][ T24] ? __pfx_kthread+0x10/0x10 [ 275.949648][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 275.954871][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.960073][ T24] ? __pfx_kthread+0x10/0x10 [ 275.964678][ T24] ret_from_fork+0x4bc/0x870 [ 275.969278][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 275.974405][ T24] ? __switch_to_asm+0x39/0x70 [ 275.979177][ T24] ? __switch_to_asm+0x33/0x70 [ 275.983952][ T24] ? __pfx_kthread+0x10/0x10 [ 275.988587][ T24] ret_from_fork_asm+0x1a/0x30 [ 275.993360][ T24] [ 275.996383][ T24] Modules linked in: [ 276.001342][ T24] ---[ end trace 0000000000000000 ]--- [ 276.062692][ T43] usb 4-1: USB disconnect, device number 37 [ 276.406107][ T8106] PM: Image not found (code -5) [ 276.438149][ T5961] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 276.486153][ T24] RIP: 0010:__list_add_valid_or_report+0x123/0x130 [ 276.493941][ T24] Code: e8 92 35 71 fd 43 80 3c 2c 00 74 08 4c 89 f7 e8 93 fd 92 fd 49 8b 16 48 c7 c7 a0 06 bf 8b 48 89 de 4c 89 f1 e8 de d5 94 fc 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 [ 276.514555][ T24] RSP: 0018:ffffc900001e79e0 EFLAGS: 00010246 [ 276.524478][ T24] RAX: 0000000000000075 RBX: ffffffff8ef03920 RCX: 9312e5ae8a653700 [ 276.533742][ T8105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.561'. [ 276.543086][ T24] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 276.551238][ T24] RBP: 1ffffffff1de0725 R08: 0000000000000003 R09: 0000000000000004 [ 276.561745][ T24] R10: dffffc0000000000 R11: fffffbfff1bba650 R12: 1ffff1100ab6184a [ 276.569900][ T24] R13: dffffc0000000000 R14: ffff888055b0c250 R15: ffff888055958250 [ 276.578383][ T24] FS: 0000000000000000(0000) GS:ffff88812623e000(0000) knlGS:0000000000000000 [ 276.591900][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 276.599125][ T24] CR2: 00002000002cf030 CR3: 000000007787c000 CR4: 00000000003526f0 [ 276.609485][ T24] Kernel panic - not syncing: Fatal exception [ 276.615889][ T24] Kernel Offset: disabled [ 276.620234][ T24] Rebooting in 86400 seconds..