last executing test programs: 14.141210984s ago: executing program 4 (id=886): r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000000000008000080e50800000100000002000000ff7f0000ea00000002000000000000b8000000000000000000000080000000000100000003b40eb65f"]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000feffffff9500000000000000e61958da125efe823d0b30"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) memfd_secret(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() ioctl$VIDIOC_G_STD(r3, 0x80085617, &(0x7f0000000140)) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f00000009c0)=@nat={'nat\x00', 0x19, 0x5, 0x90, [0x2000000000c0, 0x0, 0x0, 0x2000000003c4, 0x2000000006d2], 0x0, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}, {0x0, '\x00', 0x3, 0xffffffffffffffff}]}, 0x108) 11.791551999s ago: executing program 4 (id=893): prlimit64(0x0, 0x2, 0x0, 0x0) r0 = io_uring_setup(0x60f7, &(0x7f0000000400)={0x0, 0x39bb, 0x20, 0xfffffbff, 0x3c0}) r1 = socket$rxrpc(0x21, 0x2, 0x2) add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000240)=ANY=[@ANYBLOB="03000000000000000102030405060708090a18191a1b1c1d041f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e7c3f4000"/72], 0x48, 0xfffffffffffffffb) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x6) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x6, @empty, 0x80040}, 0x1c) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0xd, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = syz_io_uring_setup(0xf63, &(0x7f0000000400)={0x0, 0x7038, 0x800, 0x84, 0x2f8, 0x0, r0}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000003, 0x42031, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x114, &(0x7f0000000080)=0xf7fffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0}) io_uring_enter(r5, 0x3516, 0x0, 0x4, 0x0, 0x0) r8 = fcntl$getown(0xffffffffffffffff, 0x9) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) rt_tgsigqueueinfo(0x0, r8, 0x17, &(0x7f00000000c0)={0x12, 0x5, 0x7}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0xc) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000340)=ANY=[@ANYRES64=r9, @ANYRES8=r8, @ANYRES32, @ANYRES8=r3, @ANYRES64=r9, @ANYRES64=r0], 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) 10.155811093s ago: executing program 4 (id=900): r0 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x5887, 0x0, 0x2}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_RECVMSG={0xa, 0x2, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000003980)=[{0x0}, {0x0}], 0x2}, 0x0, 0x20, 0x1}) io_uring_enter(r0, 0x3516, 0xc2de, 0x8, 0x0, 0x0) r3 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_enable(r3, &(0x7f0000000040)='1', 0x1) 9.916496131s ago: executing program 0 (id=901): r0 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x600) syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) ioctl$I2C_TIMEOUT(r0, 0x702, 0xfffffffffffffbff) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$I2C_SLAVE(r1, 0x703, 0xbf) 9.075584585s ago: executing program 0 (id=904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f00001a00000000000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x2, [@enum, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x1}]}]}}, &(0x7f0000000140)=""/4096, 0x3a, 0x1000, 0x1, 0x0, 0x0, @void, @value}, 0x28) 8.086098813s ago: executing program 1 (id=908): shutdown(0xffffffffffffffff, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) add_key(0x0, 0x0, &(0x7f0000000240)="b8f1403d7290b19b0fe8af19c7485c82f8b997b85dca18e6650703eb3776eb879ab10b2fd8dee8f78641840d78f718ad2c8e39f0035199bc", 0x38, 0xfffffffffffffffa) syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) add_key$fscrypt_provisioning(0x0, &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xe, 0xe, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000300)=0xc) setuid(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0xe501, 0x3, 0x228, 0x0, 0xa, 0x1000000, 0xd8, 0x0, 0x190, 0x230, 0x230, 0x190, 0x223, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xd6, 0x2, 0x90, '\x00', 'syz1\x00', {0x8}}}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x20c499, 'syz0\x00', {0x40}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x288) fstat(0xffffffffffffffff, &(0x7f0000000480)) rt_sigaction(0x16, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)) add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, &(0x7f0000000080)="001801020200", 0x6, 0xfffffffffffffffb) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) keyctl$get_security(0x11, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) 7.56780617s ago: executing program 1 (id=909): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r2, 0x0, 0xc, &(0x7f0000000400)="001ca73e", 0x4) setsockopt$inet_opts(r2, 0x0, 0xd, &(0x7f0000000000)='S', 0x1) getsockopt$inet_opts(r2, 0x0, 0x400000000000009, &(0x7f0000937fed)=""/16, &(0x7f0000000080)=0x2b) write$binfmt_script(r1, &(0x7f00000007c0)={'#! ', '', [], 0xa, "c3efb4b60ec6b517344a1c5642068defcb59ef42378d57fdb9"}, 0x1d) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32=r3, @ANYRES32=r3, @ANYBLOB="2f0000001400000004000000", @ANYRES32=r3, @ANYBLOB="d71b7f6bc4d440982bfa7ed30966d880214b0d22feb5842a182c75a6ca8a129d73bb2f40c7ceee1d70d80b85a44516442ef403b0ca59864cb96d4bbb5df10df3672b156ecde64daf9048e432dcc974b2fd5f65d8197046b314cd55193336032ab8a384aa91d9227498b6a8bf3a908d45b4d039feff9d16a7c0c523c58193a7e5645ccc078ceba2205311d01c3ad7c9eaf60a0d4953d7e1b0091421abf1bcb3b4aa665c83d6acf19dc562594fb7d0a328dc0dcdd0adc4b6c2ccb4938d68589b776bc0af71", @ANYRES64=0x0], 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x5, [@ptr={0x5, 0x0, 0x0, 0x2, 0x2}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2, 0x68b0}}]}, {0x0, [0x30, 0x0, 0x5f]}}, &(0x7f0000000440)=""/216, 0x41, 0xd8, 0x0, 0x7fffffff, 0x0, @void, @value}, 0x28) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r5 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'gre0\x00', 0x0}) bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x3c0, 0x43) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="02011300"], 0x3000}], 0x1}, 0x20000000) sendfile(r5, r4, 0x0, 0x80004700) 7.376016362s ago: executing program 1 (id=910): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x549140, 0x7d) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r3, 0x11, 0xb, 0x0, &(0x7f0000000100)) 6.169933948s ago: executing program 1 (id=913): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x800) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, 0x0, 0x0) 6.099441152s ago: executing program 0 (id=914): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="dc00000002000005ffffff00aaaa06000008004500002200000000002f907800001f38e0000001a00086dd000c"], 0x32) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x13, 0xe, &(0x7f0000000180)=ANY=[@ANYRES64, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7794b0ed934a040a, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x800000}, 0x8, 0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000, @void, @value}, 0x94) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRESOCT, @ANYRES16=r0, @ANYRESOCT=r1, @ANYRESOCT=r2], 0x50) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, 0x0, &(0x7f0000000880)=r3}, 0x20) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) vmsplice(r5, &(0x7f0000000240)=[{&(0x7f0000000040)="d6", 0x1}], 0x1, 0x0) syz_emit_ethernet(0x42, &(0x7f00000002c0)=ANY=[], 0x0) capset(&(0x7f0000000000)={0xf1504}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) capget(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)={0x0, 0x5, 0x369, 0x9db, 0x8, 0x1}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r8, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000000a0a010100"], 0x14}}, 0x800) sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000001016c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000000c000140000000000000000938010000080a0500000000000000000005000007260007403d71b32682bbe6000000d4fa66a8175e9872e4cc0d9b3832de08e08e24df369ec0a31c82067f6a310900020073797a310000000008000940000000024a0007405c890b690e2214dac90362bb4f8e989a74bdc1985458a1e6868adb9ac469290098443d437b475c9c2a18de6b34f9e8558b70644604cadd65d58ce8b25f35723200cfaabbf18500003c000580080001400000000608000140000000880800014000000032080001400000c6afd72afcfafa64002b080002400000000308000140000000290900020073797a30000000000c000580080001400000890d44000740bef2077827d68611293f798db0"], 0x4dc}, 0x1, 0x0, 0x0, 0x44000}, 0x0) 6.028416529s ago: executing program 3 (id=916): r0 = socket$alg(0x26, 0x5, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000f00)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x40000) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) accept4(r0, 0x0, 0x0, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000080)={0x11, 0x18, 0x11, 0x8, 0xb, 0x80000000, 0x2, 0x14a, 0xffffffffffffffff}) 5.368879356s ago: executing program 1 (id=917): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000200)=0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009102"]) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x74, 0x1, 0xfa, 0xe}, {0x6, 0x95, 0x2, 0x2}]}) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000e80)={0x2, 0x4, {0xfa, @struct={0x12, 0x40}, 0x0, 0x4dd5, 0x6ba, 0x7, 0x7, 0x0, 0x0, @struct={0x1, 0x7}, 0x7fffffff, 0xb3, [0x81, 0x3, 0x81, 0xfff, 0x1ff, 0x9]}, {0xb38a, @usage=0x5, 0x0, 0x3, 0x3, 0x7, 0x9, 0x7, 0x16, @struct={0xff, 0x3ff}, 0x58, 0x7ff, [0x8000000000000000, 0x2, 0xcb, 0x5, 0x5, 0x5af6]}, {0xe, @usage=0x3f, 0x0, 0x7991, 0x7, 0x5, 0x9, 0x3, 0x3, @struct={0x7, 0x5}, 0x4, 0x2, [0x40, 0x0, 0x80000001, 0x3, 0x401, 0x1000]}, {0x81, 0x8, 0x100000000}}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000001280)={{}, 0x0, 0x0, @inherit={0x68, &(0x7f0000000380)={0x0, 0x4, 0x3, 0xc, {0x2, 0x6, 0x5, 0x7ff, 0x4}, [0x2, 0x2000000000000000, 0x2, 0xcc46]}}, @devid=r2}) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = io_uring_setup(0xdac, &(0x7f0000000180)) socket$inet6_tcp(0xa, 0x1, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) read$msr(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xc, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 5.289727811s ago: executing program 3 (id=918): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000001800dd8d00000000000000000200000000000006000000000600150006000000100016800c00028008000100", @ANYRES32, @ANYBLOB="c7bb6d94a00abe934a5335af11f083fe2ec2079a8883472d6bdaae42a04f7dcc624958000000000000000000000000000000fb50eccab7e8205d01be6d71229efc7738206e93b33ab3ead8c29bffb3c0adb2470ac62aa36db9a230185ec47f4c44c4919c53419dd0bc964164d253b7af922eb31958f954268d85cad3e177b9d17de385becd61bb0ef187a195cc93bbe0b5a46843b0ad93d4d6a2f4401727e5b99a8ea402a9690086038a4a4b5f3ee750f1faa0c6a1ac08e16e34a4b1c4df06453548874b93f802ad855fed8d7f54bc185eb398df6bf29ecf39c9e2672b09236806107abdf15e36c7e5a93c2557f6082afc46baf6e06c15f5967ed2ff1c355ae36cb82d489e9849e6183e6af0aed2bc54c638fc"], 0x34}}, 0x0) 4.541385232s ago: executing program 0 (id=920): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/135, 0x87}, {&(0x7f00000000c0)=""/44, 0x2c}, {&(0x7f0000000100)=""/86, 0x56}, {&(0x7f0000000180)=""/161, 0xa1}, {&(0x7f0000000240)=""/10, 0xa}, {&(0x7f0000000280)=""/17, 0x11}, {&(0x7f00000002c0)=""/56, 0x38}, {&(0x7f0000000300)=""/181, 0xb5}, {&(0x7f00000003c0)=""/205, 0xcd}, {&(0x7f00000004c0)=""/148, 0x94}], 0xa, &(0x7f0000000640)=""/4096, 0x1000}, 0x5}, {{&(0x7f0000001640)=@qipcrtr, 0x80, &(0x7f0000001780)=[{&(0x7f00000016c0)=""/139, 0x8b}], 0x1, &(0x7f00000017c0)=""/173, 0xad}, 0x9}, {{&(0x7f0000001880)=@qipcrtr, 0x80, &(0x7f0000001980)=[{&(0x7f0000001900)=""/94, 0x5e}], 0x1}, 0xffffffff}, {{&(0x7f00000019c0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000002100)=[{&(0x7f0000001a40)=""/139, 0x8b}, {&(0x7f0000001b00)=""/235, 0xeb}, {&(0x7f0000001c00)=""/12, 0xc}, {&(0x7f0000001c40)=""/11, 0xb}, {&(0x7f0000001c80)=""/102, 0x66}, {&(0x7f0000001d00)=""/157, 0x9d}, {&(0x7f0000001dc0)=""/35, 0x23}, {&(0x7f0000001e00)=""/216, 0xd8}, {&(0x7f0000001f00)=""/246, 0xf6}, {&(0x7f0000002000)=""/242, 0xf2}], 0xa, &(0x7f00000021c0)=""/137, 0x89}, 0x1}, {{0x0, 0x0, &(0x7f0000003680)=[{&(0x7f0000002280)=""/193, 0xc1}, {&(0x7f0000002380)=""/103, 0x67}, {&(0x7f0000002400)=""/247, 0xf7}, {&(0x7f0000002500)=""/92, 0x5c}, {&(0x7f0000002580)=""/74, 0x4a}, {&(0x7f0000002600)=""/128, 0x80}, {&(0x7f0000002680)=""/4096, 0x1000}], 0x7, &(0x7f0000003700)=""/170, 0xaa}, 0x6}, {{&(0x7f00000037c0)=@l2tp6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000003a00)=[{&(0x7f0000003840)=""/238, 0xee}, {&(0x7f0000003940)=""/191, 0xbf}], 0x2, &(0x7f0000003a40)=""/153, 0x99}, 0x5}, {{0x0, 0x0, &(0x7f0000003b40)=[{&(0x7f0000003b00)=""/54, 0x36}], 0x1, &(0x7f0000003b80)=""/176, 0xb0}, 0x8}, {{&(0x7f0000003c40)=@alg, 0x80, &(0x7f00000070c0)=[{&(0x7f0000003cc0)=""/4096, 0x1000}, {&(0x7f0000004cc0)=""/83, 0x53}, {&(0x7f0000004d40)=""/193, 0xc1}, {&(0x7f0000004e40)=""/4096, 0x1000}, {&(0x7f0000005e40)=""/95, 0x5f}, {&(0x7f0000005ec0)=""/209, 0xd1}, {&(0x7f0000005fc0)=""/4096, 0x1000}, {&(0x7f0000006fc0)=""/210, 0xd2}], 0x8, &(0x7f0000007140)=""/29, 0x1d}, 0x3}, {{&(0x7f0000007180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000008740)=[{&(0x7f0000007200)=""/19, 0x13}, {&(0x7f0000007240)=""/241, 0xf1}, {&(0x7f0000007340)=""/97, 0x61}, {&(0x7f00000073c0)=""/26, 0x1a}, {&(0x7f0000007400)=""/4096, 0x1000}, {&(0x7f0000008400)=""/241, 0xf1}, {&(0x7f0000008500)=""/95, 0x5f}, {&(0x7f0000008580)=""/139, 0x8b}, {&(0x7f0000008640)=""/197, 0xc5}], 0x9, &(0x7f0000008800)=""/7, 0x7}, 0x81}], 0x9, 0x40012061, &(0x7f0000008a80)) getsockopt$nfc_llcp(r1, 0x118, 0x3, &(0x7f0000008ac0)=""/101, 0x65) r2 = syz_open_dev$ndb(&(0x7f0000008b40), 0x0, 0x2000) ioctl$NBD_DISCONNECT(r2, 0xab08) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000008b80), 0x800, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r3, 0xc0045004, &(0x7f0000008bc0)) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000008c00)=0x5) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000008c40), 0x3, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, &(0x7f0000008c80)) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000008, 0x50, r4, 0x8000000) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x300000a, 0x40010, r4, 0x10000000) r7 = io_uring_setup(0x105f, &(0x7f0000008cc0)={0x0, 0x7f9, 0x200, 0x3, 0x22}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000008e40)=@IORING_OP_MSG_RING={0x28, 0xa, 0x0, r7, 0x0, &(0x7f0000008d40)="99258c598848f5b872520fe69c7d395a1993b91b7bacdb54f8e170a901ee77fb29b4fb273e0f72340d073a9ce2b6f545c1d3926eb330a761d2cad23a47853ae2d3409a0f5a103c56b5f9b7d11c1773f41e09596c3cd2cfd94828ec76b8e4292c10a3d4bef6ba0f0ac464b73adcd9fd8be02b131bd51d311b73e6475519e81bbb29afc607e6eb87a05c30713c6e2571bc3b25939aea2355a6fa7a33187452bd313704b5ec21fa573cad343da6c7fd7fa94ba44e76ff70c9df4870eb8de4ffdbf7faafd9071c", 0xc5, 0x0, 0x1, {0x0, r8}}) socket$inet6(0xa, 0x6, 0x3) write$binfmt_script(r4, &(0x7f0000008e80)={'#! ', './file0', [{0x20, '\x00'}], 0xa, "f00fb4a05c3aaf1f64acf92e55a7023ce6b3872c4515ae99a77ab544a112b93dcc0b144bddd79537af128bde0bcb378ecf1f7c3d54e918dde2d4322a2265a77cd6e137f380f1159abc526c978d0ccb4f"}, 0x5d) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000008f00)=[@in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e23, 0x5, @local, 0xc}], 0x5c) r9 = accept4$netrom(r1, &(0x7f0000008f80)={{}, [@bcast, @default, @rose, @null, @default, @netrom, @rose, @default]}, &(0x7f0000009000)=0x48, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000009040)={'team0\x00', 0x0}) socket$inet_tcp(0x2, 0x1, 0x0) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000009300)={0x11, 0x4, &(0x7f0000009080)=@raw=[@generic={0x6, 0xc, 0x2, 0x5, 0x5}, @ldst={0x0, 0x1, 0x0, 0x6, 0x8, 0x50, 0xfffffffffffffffc}, @map_val={0x18, 0x4, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x401}], &(0x7f00000090c0)='GPL\x00', 0x86c2, 0xaa, &(0x7f0000009100)=""/170, 0x40f00, 0x8, '\x00', r10, 0x0, r1, 0x8, &(0x7f00000091c0)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000009200)={0x3, 0x6, 0x1, 0x6}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000009240)=[r4, r4, r4, r4, r4, r4, r4], &(0x7f0000009280)=[{0x2, 0x3, 0x8, 0x9}, {0x4, 0x1, 0xe, 0x1}, {0x1, 0x1, 0xe, 0x1}, {0x1, 0x2, 0xa, 0x9}, {0x0, 0x4, 0x1}], 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000093c0)={r4, r11, 0x4, r4}, 0x10) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000009500)={&(0x7f0000009400)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000094c0)={&(0x7f0000009440)={0x44, 0x2, 0x6, 0x801, 0x0, 0x0, {0x3}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$TCFLSH(r4, 0x540b, 0x2) ioctl$RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000009540)={0x1a, 0x3a, 0xb, 0x6, 0xa, 0x800, 0x2, 0x88, 0xffffffffffffffff}) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000009580)) socket$inet_smc(0x2b, 0x1, 0x0) bind$bt_hci(r1, &(0x7f00000095c0)={0x1f, 0x3, 0x4}, 0x6) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000009600)=0x940) 4.19140553s ago: executing program 4 (id=921): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 4.116124686s ago: executing program 3 (id=922): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) syz_emit_ethernet(0x82, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000280000000000069078ac1414bbac1414aa00000000421aed5a8b70a35f4a1788177b57", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8c00000090780000080a00000000000000000400133c91d785d58954605c802acf9f965fe3990000"], 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000900), 0x40, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a002800002001"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) rmdir(&(0x7f0000000040)='./file0\x00') sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e000000040000000400000003000000"], 0x48) r6 = dup(0xffffffffffffffff) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20, '\x00', 0x0, r6, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r8, &(0x7f0000000000)=[{&(0x7f0000000400)=""/159, 0x9f}], 0x1, 0x105, 0x97e) fanotify_mark(r8, 0x400, 0x48000019, r1, &(0x7f0000000280)='./file0\x00') syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82403) close_range(r0, 0xffffffffffffffff, 0x0) 4.04058198s ago: executing program 2 (id=923): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x549140, 0x7d) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r3, 0x11, 0xb, 0x0, &(0x7f0000000100)) 3.72779683s ago: executing program 4 (id=924): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000003ac0)) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000005d00)={0x114, 0x2d, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac06}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bind$tipc(r5, &(0x7f0000000180)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}, 0x1}}, 0x10) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8921, &(0x7f0000000180)={'vcan0\x00'}) 2.35936925s ago: executing program 2 (id=925): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2.347997685s ago: executing program 1 (id=926): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@remote, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@tmpl={0xc4, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast}, {{@in=@local, 0x0, 0x2b}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x2b}, 0xa, @in6=@private1, 0x0, 0x1, 0x0, 0x0, 0x1}]}]}, 0x17c}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = syz_usb_connect(0x5, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b90101000000"], 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x4c, &(0x7f0000000000), 0x4) recvmsg$unix(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@rights={{0x10}}, @cred={{0x1c}}], 0x30}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000640)={r0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x1c, r5, 0xb09, 0x70bd29, 0x25dfdbfd, {0x5}, [@BATADV_ATTR_MESH_IFINDEX={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x80) fcntl$notify(r3, 0x402, 0x40000031) fsetxattr$security_evm(r2, &(0x7f0000000040), &(0x7f0000000080)=@v2={0x3, 0x0, 0x10, 0x3, 0xdc, "39dec2d9d3cd59b58e4dfe868a1dbf5efaa9330a25dfb1fd7fa1bc3d99817aea173ec930cb0f6a085a7b22a6a6161bf20268285aa3136d4839aee4d3874dee5a8411352eb917e2b54e65851b7fb6cc343eadf9903637cd5015d752cc5253a2a768aac0290f0dcbf2ed684c5f55df4fcbdb1ef456421712eb8c4fa4a5fc282040e5dc27c4e090b4ca5590318acaa03d8287ae772c31cffa382ef89716ba8ed1f9e4cf5b28f0d2019bb325ebb7817c29f23be3055f35c6945d311775154a4196d856e30912a430844891853b2e917b9368eaf144305a0d43cd456f8079"}, 0xe5, 0x3) ftruncate(0xffffffffffffffff, 0x6000000) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000000)=0x100, 0x9, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x5, 0x0) 2.207655777s ago: executing program 0 (id=927): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) syz_emit_ethernet(0x82, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000280000000000069078ac1414bbac1414aa00000000421aed5a8b70a35f4a1788177b57", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8c00000090780000080a00000000000000000400133c91d785d58954605c802acf9f965fe3990000"], 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000900), 0x40, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a002800002001"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) rmdir(&(0x7f0000000040)='./file0\x00') sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e000000040000000400000003000000"], 0x48) r6 = dup(0xffffffffffffffff) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20, '\x00', 0x0, r6, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x60}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x7, 0x0}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = syz_open_procfs(0x0, &(0x7f0000000240)='net/wireless\x00') preadv(r8, &(0x7f0000000000)=[{&(0x7f0000000400)=""/159, 0x9f}], 0x1, 0x105, 0x97e) fanotify_mark(r8, 0x400, 0x48000019, r1, &(0x7f0000000280)='./file0\x00') syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82403) close_range(r0, 0xffffffffffffffff, 0x0) 2.155208475s ago: executing program 3 (id=928): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETSW2(r3, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x0, 0xffffffff}) close_range(r3, r0, 0x2) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r4, 0xffffffffffffffff, 0x0) 2.099147184s ago: executing program 2 (id=929): syz_emit_ethernet(0x36, &(0x7f00000010c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @void, {@ipv6={0x86dd, @generic={0xd, 0x6, "bd693b", 0x0, 0x84, 0x0, @local, @ipv4={'\x00', '\xff\xff', @local}}}}}, 0x0) 1.935402441s ago: executing program 2 (id=930): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/14], 0x48) 706.490424ms ago: executing program 4 (id=931): open(&(0x7f0000000180)='./cgroup\x00', 0x111200, 0xc0) socket$inet6(0xa, 0x3, 0xfe) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_io_uring_setup(0x662a, &(0x7f0000000340)={0x0, 0xfffffffc, 0x0, 0x7, 0xc2}, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2026c1, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0xcb) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) accept4(r0, 0x0, 0x0, 0x800) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0x4f, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x1000000005, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0xf, 0x9, 0x8, 0x3, 0x8, 0xfffffffffffffffa, 0x4000, 0x5, 0x7, 0x7, 0x40000003, 0x6}) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000009a8d3bad332ade2cc0d4b83b6d2446000000009c59c746a6d12680c2b82ef02d3607a728ff982da7d6af061c9c03e5175fd0353feb76c05584891c9aaa3d6a1942a9"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) 655.895495ms ago: executing program 2 (id=932): r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000000000008000080e50800000100000002000000ff7f0000ea00000002000000000000b8000000000000000000000080000000000100000003b40eb65f"]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000feffffff9500000000000000e61958da125efe823d0b30"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) memfd_secret(0x0) ioctl$VIDIOC_G_STD(r3, 0x80085617, &(0x7f0000000140)) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f00000009c0)=@nat={'nat\x00', 0x19, 0x5, 0x90, [0x2000000000c0, 0x0, 0x0, 0x2000000003c4, 0x2000000006d2], 0x0, 0x0, &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}, {0x0, '\x00', 0x3, 0xffffffffffffffff}]}, 0x108) 621.002968ms ago: executing program 3 (id=933): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x3010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x1411, 0x300, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0xc005}, 0x4000000) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x1, @remote}, 0xa}}, 0x26) sendmmsg$inet(r4, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) (async) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x3010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x1411, 0x300, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0xc005}, 0x4000000) (async) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) (async) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) socket$pppl2tp(0x18, 0x1, 0x1) (async) connect$pppl2tp(r4, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x1, @remote}, 0xa}}, 0x26) (async) sendmmsg$inet(r4, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040) (async) 617.800659ms ago: executing program 0 (id=934): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x240080d8}, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x180, &(0x7f00000000c0)={[{0x70, 0x4e00, "38a8f22ae89050400b7fe08ddf73c63648b4e4020742e356415481860926ccb28b4ee094f00d20fa53e3f76a54f1affe9e8f91d80b562e17f4def72c89b1c3254b6dc72148c7315546a03dfe7a75239a84a34b9d4f5d1ea8371c3ff0fd23fe6cd11f75b948dacc9632182c3816bc87a9"}, {0x78, 0x4e00, "51f07c0c2ee237d60c5ac183aa624f843659a515f37740c608fe36e88316d18cba15b0fba824300e8131d3f01e149e0e76ec8be3d9260209699066d5cac6f51632cfecdfb771c1b09877b6931e483b40958cbee6e692006e8472e7c23bbe7f96c0445b17ec4adb588a71aa40f0671fa01c161f8b4b643953"}, {0x8a, 0x4e00, "c8aab2d8771024d4c03fe9113dd73cf3bdc6c0d638e7e72ae6072853a7d88c8dd38832d81eb76ea2ec740bf15d0dbddd0ebeafd6dda2fc11a69291903c1d58240bc938ca23b308c67119a2b8f5295de684c0b36c46792edd3acea80bfd9f34bf953e9f1580c53387553aad4a4dfd0161a628efe710541d0410fae96a4063baafecd95d356aa52249cdcc"}]}) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 452.301299ms ago: executing program 2 (id=935): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000001c0)={0x4, 0x80, 0xf2, 0x4, 0x19df630a}) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x7) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$vsock_stream(0x28, 0x1, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r4) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WOWLAN(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x24, r5, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x5a}, @val={0x8, 0x3, r6}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x88, r5, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x14}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x64}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x22}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x71}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5a}]}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x8000000) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@any, 0x1}) r8 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081) pselect6(0x40, &(0x7f0000000600)={0x26, 0x0, 0x1000000, 0xfffffffffffff2d1, 0x3, 0x4, 0x0, 0x7}, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=936): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x549140, 0x7d) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_VOICE(r3, 0x11, 0xb, 0x0, &(0x7f0000000100)) kernel console output (not intermixed with test programs): T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 169.006022][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 169.063477][ T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 169.104282][ T6626] veth0_vlan: entered allmulticast mode [ 169.142656][ T24] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 169.176924][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.222554][ T24] usb 1-1: config 0 descriptor?? [ 169.237685][ T24] usb 1-1: can't set config #0, error -71 [ 169.261542][ T24] usb 1-1: USB disconnect, device number 3 [ 169.464025][ T5878] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 169.643393][ T5878] usb 5-1: Using ep0 maxpacket: 16 [ 169.687959][ T5878] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 169.733649][ T5878] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x33, changing to 0x3 [ 169.816680][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 169.830298][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 51807, setting to 1024 [ 169.843431][ T5878] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 169.893689][ T5878] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 169.935408][ T6642] netlink: 20 bytes leftover after parsing attributes in process `syz.0.198'. [ 170.217277][ T5878] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 170.441631][ T5878] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 170.473628][ T5878] usb 5-1: Manufacturer: syz [ 170.514722][ T5878] usb 5-1: config 0 descriptor?? [ 171.746372][ T5946] usb 5-1: USB disconnect, device number 5 [ 173.835169][ T6659] Invalid ELF header magic: != ELF [ 173.984350][ T6667] netlink: 28 bytes leftover after parsing attributes in process `syz.3.209'. [ 174.545308][ T5878] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 174.862834][ T5878] usb 5-1: config 0 has an invalid interface number: 246 but max is 0 [ 174.883530][ T5878] usb 5-1: config 0 has no interface number 0 [ 174.902649][ T5878] usb 5-1: New USB device found, idVendor=28a7, idProduct=71ab, bcdDevice=df.39 [ 174.921922][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.988284][ T5878] usb 5-1: Product: syz [ 175.002086][ T5878] usb 5-1: Manufacturer: syz [ 175.023374][ T5878] usb 5-1: SerialNumber: syz [ 175.049148][ T5878] usb 5-1: config 0 descriptor?? [ 175.078194][ T5878] cdc_wdm 5-1:0.246: More than one union descriptor, skipping ... [ 175.127333][ T5878] cdc_wdm 5-1:0.246: probe with driver cdc_wdm failed with error -22 [ 176.360499][ T5873] usb 5-1: USB disconnect, device number 6 [ 176.449576][ T6696] Bluetooth: MGMT ver 1.23 [ 177.813051][ T6714] netlink: 108 bytes leftover after parsing attributes in process `syz.2.224'. [ 178.815374][ T6613] syz.1.191 (6613): drop_caches: 1 [ 178.855218][ T30] audit: type=1800 audit(1748678878.685:4): pid=6721 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.225" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 185.634241][ T30] audit: type=1326 audit(1748678885.445:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 185.655498][ C1] vkms_vblank_simulate: vblank timer overrun [ 185.788329][ T6783] netlink: 'syz.1.240': attribute type 1 has an invalid length. [ 186.095578][ T30] audit: type=1326 audit(1748678885.515:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 186.355278][ T30] audit: type=1326 audit(1748678885.525:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 186.783357][ T30] audit: type=1326 audit(1748678885.525:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 186.804679][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.870814][ T30] audit: type=1326 audit(1748678885.525:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 186.902115][ T30] audit: type=1326 audit(1748678885.525:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 186.934504][ T30] audit: type=1326 audit(1748678885.535:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 187.095454][ T30] audit: type=1326 audit(1748678885.535:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 187.254169][ T30] audit: type=1326 audit(1748678885.535:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 187.278637][ T30] audit: type=1326 audit(1748678885.635:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x7ffc0000 [ 189.856995][ T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 190.247943][ T24] usb 5-1: config 0 has an invalid interface number: 49 but max is 0 [ 190.335950][ T24] usb 5-1: config 0 has no interface number 0 [ 190.394770][ T24] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=2d.ad [ 190.469573][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.764448][ T24] usb 5-1: config 0 descriptor?? [ 190.904035][ T6830] netlink: 72 bytes leftover after parsing attributes in process `syz.0.254'. [ 190.937400][ T6830] Bluetooth: MGMT ver 1.23 [ 191.004963][ T6818] syz.4.250 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 191.219401][ T5946] usb 5-1: USB disconnect, device number 7 [ 192.183499][ T5877] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 192.373423][ T5877] usb 3-1: Using ep0 maxpacket: 8 [ 192.387609][ T5877] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 192.399325][ T5877] usb 3-1: config 179 has no interface number 0 [ 192.410578][ T5877] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 192.423122][ T5877] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 192.438800][ T5877] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 20, changing to 8 [ 192.450610][ T5877] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 57696, setting to 1024 [ 192.470671][ T5877] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 192.490166][ T5877] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 192.501913][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.581867][ T6838] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 193.042945][ T6838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.283108][ T6838] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.100736][ T6859] netlink: 20 bytes leftover after parsing attributes in process `syz.1.260'. [ 194.305042][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.311608][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.162307][ T6864] netlink: 8 bytes leftover after parsing attributes in process `syz.3.262'. [ 195.237263][ T43] usb 3-1: USB disconnect, device number 3 [ 195.237278][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 195.251515][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 195.681842][ T6872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'. [ 197.887054][ T6893] netlink: 72 bytes leftover after parsing attributes in process `syz.3.271'. [ 198.704754][ T6896] netlink: 'syz.0.272': attribute type 10 has an invalid length. [ 198.730504][ T6896] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.774545][ T6896] bond0: (slave team0): Enslaving as an active interface with an up link [ 199.050939][ T6904] sctp: [Deprecated]: syz.1.275 (pid 6904) Use of int in maxseg socket option. [ 199.050939][ T6904] Use struct sctp_assoc_value instead [ 199.051079][ T6904] FAULT_INJECTION: forcing a failure. [ 199.051079][ T6904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.051142][ T6904] CPU: 0 UID: 0 PID: 6904 Comm: syz.1.275 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 199.051168][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.051182][ T6904] Call Trace: [ 199.051190][ T6904] [ 199.051200][ T6904] dump_stack_lvl+0x189/0x250 [ 199.051239][ T6904] ? __pfx____ratelimit+0x10/0x10 [ 199.051274][ T6904] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.051307][ T6904] ? __pfx__printk+0x10/0x10 [ 199.051345][ T6904] should_fail_ex+0x414/0x560 [ 199.051386][ T6904] _copy_to_user+0x31/0xb0 [ 199.051420][ T6904] sctp_getsockopt_maxseg+0x522/0x6c0 [ 199.051450][ T6904] ? __pfx_sctp_getsockopt_maxseg+0x10/0x10 [ 199.051476][ T6904] ? sctp_getsockopt+0x922/0xb60 [ 199.051511][ T6904] sctp_getsockopt+0x933/0xb60 [ 199.051543][ T6904] do_sock_getsockopt+0x360/0x650 [ 199.051575][ T6904] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 199.051603][ T6904] ? do_syscall_64+0xa0/0x3b0 [ 199.051624][ T6904] ? __fget_files+0x3a0/0x420 [ 199.051643][ T6904] ? __fget_files+0x2a/0x420 [ 199.051672][ T6904] __x64_sys_getsockopt+0x1a5/0x250 [ 199.051699][ T6904] ? do_syscall_64+0xa0/0x3b0 [ 199.051722][ T6904] ? do_syscall_64+0xa0/0x3b0 [ 199.051748][ T6904] do_syscall_64+0xfa/0x3b0 [ 199.051770][ T6904] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.051790][ T6904] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 199.051810][ T6904] ? clear_bhb_loop+0x60/0xb0 [ 199.051836][ T6904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.051856][ T6904] RIP: 0033:0x7f2ff398e969 [ 199.051875][ T6904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.051893][ T6904] RSP: 002b:00007f2ff47ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 199.051915][ T6904] RAX: ffffffffffffffda RBX: 00007f2ff3bb6160 RCX: 00007f2ff398e969 [ 199.051931][ T6904] RDX: 000000000000000d RSI: 0000000000000084 RDI: 0000000000000005 [ 199.051943][ T6904] RBP: 00007f2ff47ca090 R08: 000020000001f200 R09: 0000000000000000 [ 199.051957][ T6904] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001 [ 199.051970][ T6904] R13: 0000000000000000 R14: 00007f2ff3bb6160 R15: 00007ffeab459818 [ 199.052003][ T6904] [ 200.277893][ T6910] netlink: 148 bytes leftover after parsing attributes in process `syz.0.277'. [ 200.320873][ T6910] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 204.696112][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.0.289'. [ 207.256493][ T6978] netlink: 72 bytes leftover after parsing attributes in process `syz.4.295'. [ 207.283381][ T5878] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 207.463598][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 207.493591][ T5878] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 207.512002][ T5878] usb 3-1: config 0 has no interface number 0 [ 207.535086][ T5878] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 207.553582][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.582109][ T5878] usb 3-1: Product: syz [ 207.612062][ T5878] usb 3-1: Manufacturer: syz [ 207.624997][ T5878] usb 3-1: SerialNumber: syz [ 207.669278][ T5878] usb 3-1: config 0 descriptor?? [ 207.705471][ T5878] smsc95xx v2.0.0 [ 208.776382][ T5878] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 208.787178][ T5878] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 209.037170][ T5878] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 209.049539][ T5878] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -61 [ 209.226648][ T6993] netlink: 8 bytes leftover after parsing attributes in process `syz.3.299'. [ 209.277212][ T6993] bridge0: port 3(macvlan2) entered blocking state [ 209.299950][ T6993] bridge0: port 3(macvlan2) entered disabled state [ 209.337827][ T6993] macvlan2: entered allmulticast mode [ 209.356832][ T6993] bridge0: entered allmulticast mode [ 209.390151][ T6993] macvlan2: left allmulticast mode [ 209.403135][ T6993] bridge0: left allmulticast mode [ 210.753459][ T5946] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 210.930325][ T5946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 210.961729][ T5946] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 211.014217][ T5946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 211.066779][ T5946] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 211.084270][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.092342][ T5946] usb 5-1: Product: syz [ 211.107565][ T5946] usb 5-1: Manufacturer: syz [ 211.153717][ T5946] usb 5-1: SerialNumber: syz [ 211.184050][ T5946] usb 5-1: config 0 descriptor?? [ 211.195316][ T7005] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 211.394684][ T7005] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 212.098720][ T5946] usb 5-1: ucan: probing device on interface #0 [ 212.114824][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 212.124543][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 212.131535][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 212.141161][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 212.142072][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 212.228545][ T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 212.723207][ T7005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.795610][ T7005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.804448][ T43] usb 1-1: Using ep0 maxpacket: 16 [ 212.835406][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.896053][ T5877] usb 3-1: USB disconnect, device number 4 [ 213.085990][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 213.107148][ T43] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 213.134529][ T43] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 213.162347][ T43] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 213.225593][ T7033] netlink: 28 bytes leftover after parsing attributes in process `syz.3.308'. [ 213.914286][ T5946] usb 5-1: ucan: could not read protocol version, ret=-110 [ 213.924440][ T5946] usb 5-1: ucan: probe failed; try to update the device firmware [ 214.043446][ T5946] usb 5-1: USB disconnect, device number 8 [ 214.110974][ T43] usb 1-1: string descriptor 0 read error: -71 [ 214.134115][ T7036] netlink: 'syz.2.309': attribute type 2 has an invalid length. [ 214.145302][ T7038] netlink: 16 bytes leftover after parsing attributes in process `syz.3.310'. [ 214.163825][ T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 214.182715][ T7036] netlink: 723 bytes leftover after parsing attributes in process `syz.2.309'. [ 214.223391][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 214.288026][ T43] usb 1-1: can't set config #1, error -71 [ 214.410066][ T43] usb 1-1: USB disconnect, device number 4 [ 216.645560][ T7071] netlink: 60 bytes leftover after parsing attributes in process `syz.0.319'. [ 216.664353][ T117] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 217.673339][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 217.680995][ T117] usb 5-1: device descriptor read/64, error -71 [ 218.493453][ T117] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 218.505192][ T7087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.324'. [ 218.529688][ T24] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 218.548035][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.593749][ T24] usb 4-1: Product: syz [ 218.600791][ T24] usb 4-1: Manufacturer: syz [ 218.665470][ T117] usb 5-1: device descriptor read/64, error -71 [ 218.686089][ T24] usb 4-1: SerialNumber: syz [ 218.701485][ T24] usb 4-1: config 0 descriptor?? [ 218.853991][ T117] usb usb5-port1: attempt power cycle [ 218.866992][ T5946] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 218.882328][ T24] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 219.744813][ T117] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 219.774855][ T5946] usb 1-1: Using ep0 maxpacket: 16 [ 219.797189][ T117] usb 5-1: device descriptor read/8, error -71 [ 219.874131][ T5946] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.900093][ T5946] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 219.951320][ T5946] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 219.953945][ T7100] tmpfs: Bad value for 'grpquota_inode_hardlimit' [ 219.981971][ T5946] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 220.044256][ T5946] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 220.106047][ T5946] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 220.153357][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 220.183884][ T5946] usb 1-1: SerialNumber: syz [ 220.220271][ T7085] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 220.234753][ T7110] syz.2.330: attempt to access beyond end of device [ 220.234753][ T7110] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 220.263740][ T7110] befs: (nbd2): unable to read superblock [ 220.274798][ T5946] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 220.308471][ T5946] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12 [ 221.365508][ T5873] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 221.391471][ T5915] usb 1-1: USB disconnect, device number 5 [ 221.470011][ T7121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.334'. [ 221.482520][ T117] usb 4-1: USB disconnect, device number 7 [ 221.503976][ T5873] usb 2-1: device descriptor read/64, error -71 [ 221.605847][ T7127] netlink: 16 bytes leftover after parsing attributes in process `syz.3.335'. [ 221.753473][ T5873] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 222.759323][ T5873] usb 2-1: device descriptor read/64, error -71 [ 222.784809][ T7134] netlink: 12 bytes leftover after parsing attributes in process `syz.3.337'. [ 223.250940][ T5873] usb usb2-port1: attempt power cycle [ 223.618012][ T7143] fuse: Unknown parameter 'fd-! [ 223.618012][ T7143] ®~íꂡŢÚ°6®gťk:¬' [ 223.839448][ T7150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.339'. [ 224.836382][ T7162] netlink: 40 bytes leftover after parsing attributes in process `syz.1.345'. [ 225.031171][ T7169] loop8: detected capacity change from 0 to 7 [ 225.062816][ T7169] Dev loop8: unable to read RDB block 7 [ 225.073425][ T7169] loop8: unable to read partition table [ 225.096136][ T7169] loop8: partition table beyond EOD, truncated [ 225.115354][ T7169] loop_reread_partitions: partition scan of loop8 (ţ被xü^>ŕ– ) failed (rc=-5) [ 225.164422][ T5946] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 225.230190][ T7174] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 225.328606][ T5946] usb 5-1: config 0 has an invalid interface number: 205 but max is 0 [ 225.371370][ T5946] usb 5-1: config 0 has no interface number 0 [ 225.401549][ T5946] usb 5-1: config 0 interface 205 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 225.520271][ T5946] usb 5-1: config 0 interface 205 has no altsetting 0 [ 225.544636][ T5946] usb 5-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a [ 225.568375][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.594281][ T5946] usb 5-1: Product: syz [ 225.610606][ T5946] usb 5-1: Manufacturer: syz [ 225.639505][ T5946] usb 5-1: SerialNumber: syz [ 225.684479][ T5946] usb 5-1: config 0 descriptor?? [ 225.732881][ T5946] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state. [ 225.902017][ T5946] dvb-usb: bulk message failed: -22 (3/0) [ 225.943973][ T7182] netlink: 252 bytes leftover after parsing attributes in process `syz.1.353'. [ 226.223580][ T5915] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 226.286062][ T5946] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 226.306248][ T5946] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device) [ 226.333709][ T5946] usb 5-1: media controller created [ 226.365104][ T5946] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 226.388696][ T5946] dvb-usb: bulk message failed: -22 (6/0) [ 226.403998][ T5946] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' [ 226.472943][ T5946] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6 [ 226.477635][ T5915] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 226.510417][ T5946] dvb-usb: schedule remote query interval to 150 msecs. [ 226.518089][ T5946] dvb-usb: bulk message failed: -22 (3/0) [ 226.542494][ T5915] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 226.543591][ T5946] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected. [ 226.567563][ T5915] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 226.586247][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 226.617912][ T5915] usb 1-1: SerialNumber: syz [ 226.623964][ T5946] usb 5-1: USB disconnect, device number 13 [ 226.846561][ T5946] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected. [ 227.329865][ T7199] FAULT_INJECTION: forcing a failure. [ 227.329865][ T7199] name failslab, interval 1, probability 0, space 0, times 1 [ 227.329907][ T7199] CPU: 1 UID: 0 PID: 7199 Comm: syz.4.359 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 227.329932][ T7199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.329945][ T7199] Call Trace: [ 227.329956][ T7199] [ 227.329965][ T7199] dump_stack_lvl+0x189/0x250 [ 227.330002][ T7199] ? __pfx____ratelimit+0x10/0x10 [ 227.330038][ T7199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.330070][ T7199] ? __pfx__printk+0x10/0x10 [ 227.330098][ T7199] ? __pfx___might_resched+0x10/0x10 [ 227.330123][ T7199] ? fs_reclaim_acquire+0x7d/0x100 [ 227.330152][ T7199] should_fail_ex+0x414/0x560 [ 227.330187][ T7199] should_failslab+0xa8/0x100 [ 227.330223][ T7199] __kmalloc_noprof+0xcb/0x4f0 [ 227.330253][ T7199] ? kfree+0x4d/0x440 [ 227.330280][ T7199] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 227.330315][ T7199] tomoyo_realpath_from_path+0xe3/0x5d0 [ 227.330345][ T7199] ? tomoyo_domain+0xda/0x130 [ 227.330380][ T7199] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 227.330403][ T7199] tomoyo_path_number_perm+0x1e8/0x5a0 [ 227.330430][ T7199] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 227.330473][ T7199] ? __lock_acquire+0xab9/0xd20 [ 227.330519][ T7199] ? __fget_files+0x2a/0x420 [ 227.330543][ T7199] ? __fget_files+0x2a/0x420 [ 227.330562][ T7199] ? __fget_files+0x3a0/0x420 [ 227.330581][ T7199] ? __fget_files+0x2a/0x420 [ 227.330606][ T7199] security_file_ioctl+0xcb/0x2d0 [ 227.330634][ T7199] __se_sys_ioctl+0x47/0x170 [ 227.330665][ T7199] do_syscall_64+0xfa/0x3b0 [ 227.330686][ T7199] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.330706][ T7199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.330727][ T7199] ? clear_bhb_loop+0x60/0xb0 [ 227.330754][ T7199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.330775][ T7199] RIP: 0033:0x7f2a6ab8e969 [ 227.330793][ T7199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.330811][ T7199] RSP: 002b:00007f2a6baa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.330833][ T7199] RAX: ffffffffffffffda RBX: 00007f2a6adb6080 RCX: 00007f2a6ab8e969 [ 227.330849][ T7199] RDX: 0000200000002000 RSI: 0000000000004b66 RDI: 0000000000000005 [ 227.330863][ T7199] RBP: 00007f2a6baa3090 R08: 0000000000000000 R09: 0000000000000000 [ 227.330876][ T7199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.330889][ T7199] R13: 0000000000000001 R14: 00007f2a6adb6080 R15: 00007ffd900904f8 [ 227.330922][ T7199] [ 227.342229][ T7199] ERROR: Out of memory at tomoyo_realpath_from_path. [ 227.707061][ T5915] usb 1-1: 0:2 : does not exist [ 227.756062][ T5915] usb 1-1: USB disconnect, device number 6 [ 227.983333][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 228.269949][ T7204] xt_CT: You must specify a L4 protocol and not use inversions on it [ 228.860792][ T7201] dns_resolver: Unsupported content type (24) [ 229.100047][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 229.100067][ T30] audit: type=1326 audit(1748678928.925:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 229.325639][ T7216] netlink: 252 bytes leftover after parsing attributes in process `syz.3.364'. [ 229.637532][ T30] audit: type=1326 audit(1748678928.925:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 229.721566][ T30] audit: type=1326 audit(1748678928.925:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 229.810631][ T30] audit: type=1326 audit(1748678928.925:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 229.868852][ T30] audit: type=1326 audit(1748678928.925:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 230.810349][ T30] audit: type=1326 audit(1748678928.925:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 231.192991][ T30] audit: type=1326 audit(1748678928.925:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 231.246492][ T30] audit: type=1326 audit(1748678928.925:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 231.263580][ T30] audit: type=1326 audit(1748678928.925:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 231.269044][ T30] audit: type=1326 audit(1748678928.925:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7212 comm="syz.0.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecb38e969 code=0x7ffc0000 [ 231.565755][ C1] vkms_vblank_simulate: vblank timer overrun [ 231.616131][ C1] vkms_vblank_simulate: vblank timer overrun [ 231.774690][ T7226] tty tty22: ldisc open failed (-12), clearing slot 21 [ 232.833381][ T7243] Invalid ELF header magic: != ELF [ 233.319740][ T7257] fuse: Unknown parameter 'dd' [ 234.454012][ T43] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 234.462064][ T7279] xt_CT: You must specify a L4 protocol and not use inversions on it [ 234.803577][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 234.988788][ T43] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.019871][ T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 235.052768][ T7278] dns_resolver: Unsupported content type (24) [ 235.063121][ T43] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 235.100630][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.128157][ T43] usb 2-1: Product: syz [ 235.148208][ T43] usb 2-1: Manufacturer: syz [ 235.177599][ T43] usb 2-1: SerialNumber: syz [ 235.343878][ T5872] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 235.356868][ T7290] input: syz1 as /devices/virtual/input/input7 [ 235.498460][ T5872] usb 4-1: unable to get BOS descriptor or descriptor too short [ 235.517243][ T5872] usb 4-1: not running at top speed; connect to a high speed hub [ 235.538007][ T5872] usb 4-1: config 4 has an invalid interface number: 147 but max is 0 [ 235.557625][ T5872] usb 4-1: config 4 has an invalid descriptor of length 1, skipping remainder of the config [ 235.561169][ T43] usb 2-1: 0:118 : does not exist [ 235.585259][ T5872] usb 4-1: config 4 has no interface number 0 [ 235.608096][ T5872] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 235.632388][ T43] usb 2-1: USB disconnect, device number 7 [ 235.642594][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.677604][ T5872] usb 4-1: Product: syz [ 235.694994][ T5872] usb 4-1: Manufacturer: syz [ 235.707893][ T5872] usb 4-1: SerialNumber: syz [ 235.736616][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.741801][ T7298] overlayfs: failed to decode file handle (len=12, type=248, flags=0, err=-61) [ 235.841597][ C0] hrtimer: interrupt took 19078 ns [ 235.874602][ T7302] netlink: 'syz.0.393': attribute type 7 has an invalid length. [ 235.889074][ T7302] : entered promiscuous mode [ 238.157145][ T5872] usb 4-1: USB disconnect, device number 8 [ 238.302941][ T7318] xt_CT: You must specify a L4 protocol and not use inversions on it [ 238.522691][ T7318] dns_resolver: Unsupported content type (24) [ 240.212084][ T7330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.399'. [ 241.353428][ T5878] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 241.633551][ T5878] usb 2-1: Using ep0 maxpacket: 16 [ 241.709039][ T5878] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.857195][ T5878] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 242.342339][ T5878] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 242.369265][ T5878] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 242.393462][ T5878] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 242.461184][ T5878] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 242.475845][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 242.493508][ T5878] usb 2-1: SerialNumber: syz [ 242.584764][ T7325] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 242.653342][ T5878] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 242.743541][ T5878] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12 [ 242.983460][ T7353] netlink: 'syz.3.407': attribute type 11 has an invalid length. [ 242.991206][ T7353] netlink: 224 bytes leftover after parsing attributes in process `syz.3.407'. [ 243.326374][ T43] usb 2-1: USB disconnect, device number 8 [ 243.513329][ T5878] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 243.665944][ T5878] usb 1-1: unable to get BOS descriptor or descriptor too short [ 243.678370][ T5878] usb 1-1: not running at top speed; connect to a high speed hub [ 243.694940][ T5878] usb 1-1: config 4 has an invalid interface number: 147 but max is 0 [ 243.707454][ T5878] usb 1-1: config 4 has an invalid descriptor of length 1, skipping remainder of the config [ 244.583501][ T5878] usb 1-1: config 4 has no interface number 0 [ 244.652486][ T5878] usb 1-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 244.664445][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.672948][ T5878] usb 1-1: Product: syz [ 244.687341][ T5878] usb 1-1: Manufacturer: syz [ 244.692098][ T5878] usb 1-1: SerialNumber: syz [ 245.331715][ T7388] netlink: 4 bytes leftover after parsing attributes in process `syz.4.413'. [ 245.347892][ T7388] bond_slave_0: entered promiscuous mode [ 245.353781][ T7388] bond_slave_1: entered promiscuous mode [ 245.359664][ T7388] macvlan2: entered promiscuous mode [ 245.365022][ T7388] bond0: entered promiscuous mode [ 245.372787][ T7388] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 246.082610][ T7382] netlink: 252 bytes leftover after parsing attributes in process `syz.3.411'. [ 247.204171][ T7391] syz.4.413: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 247.219514][ T7391] CPU: 1 UID: 0 PID: 7391 Comm: syz.4.413 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 247.219552][ T7391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.219570][ T7391] Call Trace: [ 247.219583][ T7391] [ 247.219592][ T7391] dump_stack_lvl+0x189/0x250 [ 247.219636][ T7391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.219672][ T7391] ? __pfx__printk+0x10/0x10 [ 247.219696][ T7391] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 247.219729][ T7391] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 247.219763][ T7391] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 247.219798][ T7391] warn_alloc+0x214/0x310 [ 247.219822][ T7391] ? stack_depot_save_flags+0x40/0x900 [ 247.219853][ T7391] ? __pfx_warn_alloc+0x10/0x10 [ 247.219880][ T7391] ? kasan_save_track+0x4f/0x80 [ 247.219912][ T7391] ? xskq_create+0x56/0x170 [ 247.219930][ T7391] ? xsk_init_queue+0xb0/0x110 [ 247.219962][ T7391] ? xsk_setsockopt+0x43f/0x710 [ 247.219992][ T7391] ? do_sock_setsockopt+0x257/0x3e0 [ 247.220020][ T7391] ? __x64_sys_setsockopt+0x18b/0x220 [ 247.220048][ T7391] ? do_syscall_64+0xfa/0x3b0 [ 247.220069][ T7391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.220102][ T7391] __vmalloc_node_range_noprof+0x125/0x1340 [ 247.220162][ T7391] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 247.220195][ T7391] ? __kasan_kmalloc+0x93/0xb0 [ 247.220232][ T7391] vmalloc_user_noprof+0xad/0xf0 [ 247.220257][ T7391] ? xskq_create+0xbf/0x170 [ 247.220278][ T7391] xskq_create+0xbf/0x170 [ 247.220302][ T7391] xsk_init_queue+0xb0/0x110 [ 247.220339][ T7391] xsk_setsockopt+0x43f/0x710 [ 247.220376][ T7391] ? __pfx_xsk_setsockopt+0x10/0x10 [ 247.220409][ T7391] ? __lock_acquire+0xab9/0xd20 [ 247.220445][ T7391] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 247.220467][ T7391] ? __pfx_xsk_setsockopt+0x10/0x10 [ 247.220502][ T7391] do_sock_setsockopt+0x257/0x3e0 [ 247.220536][ T7391] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 247.220579][ T7391] ? __fget_files+0x2a/0x420 [ 247.220611][ T7391] __x64_sys_setsockopt+0x18b/0x220 [ 247.220649][ T7391] do_syscall_64+0xfa/0x3b0 [ 247.220675][ T7391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.220697][ T7391] ? asm_sysvec_irq_work+0x1a/0x20 [ 247.220719][ T7391] ? clear_bhb_loop+0x60/0xb0 [ 247.220747][ T7391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.220769][ T7391] RIP: 0033:0x7f2a6ab8e969 [ 247.220790][ T7391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.220809][ T7391] RSP: 002b:00007f2a6ba61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 247.220832][ T7391] RAX: ffffffffffffffda RBX: 00007f2a6adb6240 RCX: 00007f2a6ab8e969 [ 247.220850][ T7391] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a [ 247.220863][ T7391] RBP: 00007f2a6ac10ab1 R08: 0000000000000052 R09: 0000000000000000 [ 247.220877][ T7391] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.220891][ T7391] R13: 0000000000000000 R14: 00007f2a6adb6240 R15: 00007ffd900904f8 [ 247.220928][ T7391] [ 247.521207][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.531737][ T7391] Mem-Info: [ 247.535038][ T7391] active_anon:16 inactive_anon:11381 isolated_anon:0 [ 247.535038][ T7391] active_file:3816 inactive_file:994 isolated_file:0 [ 247.535038][ T7391] unevictable:768 dirty:259 writeback:0 [ 247.535038][ T7391] slab_reclaimable:10113 slab_unreclaimable:98099 [ 247.535038][ T7391] mapped:36998 shmem:7102 pagetables:1033 [ 247.535038][ T7391] sec_pagetables:0 bounce:0 [ 247.535038][ T7391] kernel_misc_reclaimable:0 [ 247.535038][ T7391] free:1379043 free_pcp:877 free_cma:0 [ 247.580143][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.591776][ T7391] Node 0 active_anon:64kB inactive_anon:45524kB active_file:15264kB inactive_file:3836kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:147992kB dirty:1032kB writeback:0kB shmem:26872kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11556kB pagetables:4132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 247.625261][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.631692][ T7391] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 247.663154][ T7391] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 247.690357][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.813302][ T7391] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 247.819436][ T7391] Node 0 DMA32 free:1580820kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB active_anon:60kB inactive_anon:45364kB active_file:13736kB inactive_file:3736kB unevictable:1536kB writepending:968kB present:3129332kB managed:2561708kB mlocked:0kB bounce:0kB free_pcp:1512kB local_pcp:464kB free_cma:0kB [ 247.849907][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.856486][ T7391] lowmem_reserve[]: 0 0 1 1 1 [ 247.861451][ T7391] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:4kB inactive_anon:160kB active_file:1528kB inactive_file:100kB unevictable:0kB writepending:64kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:100kB local_pcp:68kB free_cma:0kB [ 247.889385][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.899420][ T7391] lowmem_reserve[]: 0 0 0 0 0 [ 247.904416][ T7391] Node 1 Normal free:3919764kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:140kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2048kB local_pcp:0kB free_cma:0kB [ 247.933594][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.939755][ T7391] lowmem_reserve[]: 0 0 0 0 0 [ 247.944631][ T7391] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 247.957820][ T7391] Node 0 DMA32: 27*4kB (UE) 859*8kB (UE) 364*16kB (UME) 117*32kB (UE) 153*64kB (UME) 104*128kB (ME) 69*256kB (UME) 23*512kB (UM) 14*1024kB (UME) 11*2048kB (UME) 360*4096kB (UM) = 1580516kB [ 247.978449][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'. [ 248.233268][ T7391] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 248.245995][ T7391] Node 1 Normal: 179*4kB (UME) 45*8kB (UME) 38*16kB (UME) 196*32kB (UME) 92*64kB (UME) 31*128kB (UME) 14*256kB (UME) 8*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 949*4096kB (M) = 3919764kB [ 248.264862][ C1] vkms_vblank_simulate: vblank timer overrun [ 248.271063][ T7391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 248.280731][ T7391] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 248.290267][ T7391] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 248.305084][ T7391] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 248.314667][ T7391] 11908 total pagecache pages [ 248.319484][ T7391] 0 pages in swap cache [ 248.323754][ T7391] Free swap = 124996kB [ 248.327992][ T7391] Total swap = 124996kB [ 248.332262][ T7391] 2097051 pages RAM [ 248.336266][ T7391] 0 pages HighMem/MovableOnly [ 248.341021][ T7391] 424517 pages reserved [ 248.553284][ T7391] 0 pages cma reserved [ 249.788883][ T5878] usb 1-1: USB disconnect, device number 7 [ 250.071707][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 250.071960][ T30] audit: type=1326 audit(1748678949.905:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.1.418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x0 [ 250.099222][ C1] vkms_vblank_simulate: vblank timer overrun [ 250.596942][ T117] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 251.503337][ T117] usb 1-1: Using ep0 maxpacket: 8 [ 251.613719][ T117] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 251.636837][ T117] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 251.647130][ T117] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 251.657274][ T7411] syz.2.423 (7411): attempted to duplicate a private mapping with mremap. This is not supported. [ 251.657335][ T117] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 251.657365][ T117] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 251.657409][ T117] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 251.872170][ T117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.894768][ T117] usb 1-1: config 0 descriptor?? [ 251.917930][ T7399] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 252.073380][ T5877] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 253.274762][ T117] usb 1-1: USB disconnect, device number 8 [ 253.333398][ T5825] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 253.406212][ T7428] sg_write: data in/out 2268/10 bytes for SCSI command 0xfc-- guessing data in; [ 253.406212][ T7428] program syz.1.427 not setting count and/or reply_len properly [ 253.583299][ T5877] usb 5-1: Using ep0 maxpacket: 16 [ 253.600237][ T5877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.622767][ T5877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 253.638328][ T5877] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 253.648187][ T5877] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 253.658760][ T5877] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 253.688208][ T5877] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 253.730300][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 253.764816][ T5877] usb 5-1: SerialNumber: syz [ 253.804071][ T7415] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 253.839788][ T5877] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 253.857925][ T5877] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 254.001005][ T5872] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 254.994726][ T5872] usb 2-1: Using ep0 maxpacket: 16 [ 255.013906][ T5876] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 255.043302][ T7441] netlink: 252 bytes leftover after parsing attributes in process `syz.0.431'. [ 255.261556][ T5876] usb 3-1: config 0 has an invalid interface number: 95 but max is 0 [ 255.282658][ T5872] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 255.301771][ T5876] usb 3-1: config 0 has no interface number 0 [ 255.313450][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.313994][ T117] usb 5-1: USB disconnect, device number 15 [ 255.347207][ T5872] usb 2-1: config 0 descriptor?? [ 255.356754][ T5876] usb 3-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 255.386872][ T5876] usb 3-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 255.398882][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.418660][ T5876] usb 3-1: Product: syz [ 255.422870][ T5876] usb 3-1: Manufacturer: syz [ 255.428350][ T5876] usb 3-1: SerialNumber: syz [ 255.449692][ T5876] usb 3-1: config 0 descriptor?? [ 255.476438][ T7444] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 255.696396][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.702874][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.791326][ T5872] usbhid 2-1:0.0: can't add hid device: -71 [ 255.815793][ T5872] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 255.860135][ T5872] usb 2-1: USB disconnect, device number 9 [ 256.884313][ T5876] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 256.897259][ T5876] usb 3-1: MIDIStreaming interface descriptor not found [ 256.965692][ T7462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.020818][ T7462] bond0: (slave rose0): Enslaving as an active interface with an up link [ 257.594916][ T5876] usb 3-1: USB disconnect, device number 5 [ 257.888659][ T5832] udevd[5832]: failed to send result of seq 12200 to main daemon: Connection refused [ 258.035047][ T7483] binder: Unknown parameter 'statsŬ†Ů3‰5¶' [ 258.307151][ T117] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 258.708606][ T117] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 259.093317][ T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.101406][ T117] usb 1-1: Product: syz [ 259.145582][ T117] usb 1-1: Manufacturer: syz [ 259.150400][ T117] usb 1-1: SerialNumber: syz [ 259.168437][ T117] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 259.215679][ T43] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 259.541452][ T7495] netlink: 252 bytes leftover after parsing attributes in process `syz.1.445'. [ 259.734360][ T5877] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 259.973383][ T5877] usb 5-1: Using ep0 maxpacket: 16 [ 259.990005][ T5877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.033258][ T5877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 260.043042][ T5877] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 260.083509][ T5877] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 260.147115][ T5877] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 260.182164][ T5877] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 260.204466][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 260.226248][ T5877] usb 5-1: SerialNumber: syz [ 260.233529][ T5946] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 260.298483][ T7490] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 260.311674][ T5877] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 260.339048][ T5877] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 260.404438][ T5946] usb 3-1: Using ep0 maxpacket: 16 [ 260.413148][ T5946] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 260.428086][ T5946] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.441077][ T5946] usb 3-1: config 0 descriptor?? [ 260.810811][ T43] usb 1-1: Service connection timeout for: 256 [ 261.164878][ T43] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 261.196002][ T5946] usbhid 3-1:0.0: can't add hid device: -71 [ 261.204851][ T5872] usb 5-1: USB disconnect, device number 16 [ 261.207782][ T43] ath9k_htc: Failed to initialize the device [ 261.227556][ T5946] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 261.266360][ T43] usb 1-1: ath9k_htc: USB layer deinitialized [ 261.294197][ T5946] usb 3-1: USB disconnect, device number 6 [ 261.318901][ T43] usb 1-1: USB disconnect, device number 9 [ 262.775515][ T7521] netlink: 12 bytes leftover after parsing attributes in process `syz.4.453'. [ 263.626431][ T7528] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 263.633152][ T7528] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 263.678607][ T7528] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 263.685034][ T7528] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 263.699680][ T7528] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 263.706218][ T7528] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 263.718109][ T7528] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 263.724506][ T7528] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 263.735504][ T7528] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 263.741665][ T7528] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 264.125310][ T7536] syzkaller1: entered promiscuous mode [ 264.155030][ T7536] syzkaller1: entered allmulticast mode [ 264.454237][ T5872] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 264.573397][ T5946] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 264.593347][ T5872] usb 3-1: device descriptor read/64, error -71 [ 264.828603][ T5946] usb 1-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 264.837997][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.846311][ T5946] usb 1-1: Product: syz [ 264.850650][ T5946] usb 1-1: Manufacturer: syz [ 264.859042][ T5946] usb 1-1: SerialNumber: syz [ 264.863886][ T5872] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 265.053026][ T5872] usb 3-1: device descriptor read/64, error -71 [ 265.173694][ T5872] usb usb3-port1: attempt power cycle [ 265.283613][ T5825] Bluetooth: hci0: command 0x0406 tx timeout [ 265.395170][ T5946] gspca_main: pac207-2.14.0 probing 093a:2476 [ 265.425920][ T5946] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 265.596091][ T5946] usb 1-1: Found UVC 0.00 device syz (093a:2476) [ 265.602520][ T5946] usb 1-1: No valid video chain found. [ 265.611267][ T5946] usb 1-1: USB disconnect, device number 10 [ 265.653335][ T5872] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 265.685315][ T5825] Bluetooth: hci1: command 0x0406 tx timeout [ 265.779951][ T5825] Bluetooth: hci4: command 0x0406 tx timeout [ 265.786285][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 265.792483][ T5825] Bluetooth: hci3: command 0x0406 tx timeout [ 266.364740][ T5872] usb 3-1: device descriptor read/8, error -71 [ 267.450711][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 267.763396][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 267.780046][ T7578] netlink: 168 bytes leftover after parsing attributes in process `syz.0.472'. [ 267.843596][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 267.843731][ T5835] Bluetooth: hci4: command 0x0406 tx timeout [ 267.849752][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 269.570594][ T7611] tipc: Started in network mode [ 269.586116][ T5876] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 269.612046][ T7611] tipc: Node identity ac14140f, cluster identity 4711 [ 269.645208][ T7611] tipc: New replicast peer: 255.255.255.255 [ 269.696354][ T7611] tipc: Enabled bearer , priority 10 [ 269.813331][ T5876] usb 4-1: Using ep0 maxpacket: 16 [ 269.883336][ T5876] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 269.892438][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.168264][ T5876] usb 4-1: config 0 descriptor?? [ 271.017295][ T5877] tipc: Node number set to 2886997007 [ 271.503365][ T5876] usbhid 4-1:0.0: can't add hid device: -71 [ 271.519776][ T5876] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 271.571590][ T5876] usb 4-1: USB disconnect, device number 9 [ 272.156037][ T7635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.485'. [ 273.950818][ T7646] FAULT_INJECTION: forcing a failure. [ 273.950818][ T7646] name failslab, interval 1, probability 0, space 0, times 0 [ 273.966389][ T7646] CPU: 0 UID: 0 PID: 7646 Comm: syz.2.489 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 273.966418][ T7646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 273.966431][ T7646] Call Trace: [ 273.966439][ T7646] [ 273.966447][ T7646] dump_stack_lvl+0x189/0x250 [ 273.966484][ T7646] ? __pfx____ratelimit+0x10/0x10 [ 273.966519][ T7646] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.966551][ T7646] ? __pfx__printk+0x10/0x10 [ 273.966576][ T7646] ? __pfx___might_resched+0x10/0x10 [ 273.966602][ T7646] ? fs_reclaim_acquire+0x7d/0x100 [ 273.966631][ T7646] should_fail_ex+0x414/0x560 [ 273.966669][ T7646] should_failslab+0xa8/0x100 [ 273.966704][ T7646] __kmalloc_noprof+0xcb/0x4f0 [ 273.966736][ T7646] ? tomoyo_encode+0x28b/0x550 [ 273.966768][ T7646] tomoyo_encode+0x28b/0x550 [ 273.966802][ T7646] tomoyo_realpath_from_path+0x58d/0x5d0 [ 273.966843][ T7646] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 273.966866][ T7646] tomoyo_path_number_perm+0x1e8/0x5a0 [ 273.966892][ T7646] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 273.966935][ T7646] ? __lock_acquire+0xab9/0xd20 [ 273.966980][ T7646] ? __fget_files+0x2a/0x420 [ 273.967004][ T7646] ? __fget_files+0x2a/0x420 [ 273.967022][ T7646] ? __fget_files+0x3a0/0x420 [ 273.967041][ T7646] ? __fget_files+0x2a/0x420 [ 273.967066][ T7646] security_file_ioctl+0xcb/0x2d0 [ 273.967094][ T7646] __se_sys_ioctl+0x47/0x170 [ 273.967125][ T7646] do_syscall_64+0xfa/0x3b0 [ 273.967145][ T7646] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.967165][ T7646] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.967186][ T7646] ? clear_bhb_loop+0x60/0xb0 [ 273.967214][ T7646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.967234][ T7646] RIP: 0033:0x7f31ced8e969 [ 273.967253][ T7646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.967271][ T7646] RSP: 002b:00007f31cfc95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.967293][ T7646] RAX: ffffffffffffffda RBX: 00007f31cefb5fa0 RCX: 00007f31ced8e969 [ 273.967309][ T7646] RDX: 0000200000000100 RSI: 0000000040505331 RDI: 0000000000000003 [ 273.967322][ T7646] RBP: 00007f31cfc95090 R08: 0000000000000000 R09: 0000000000000000 [ 273.967336][ T7646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.967348][ T7646] R13: 0000000000000000 R14: 00007f31cefb5fa0 R15: 00007ffcaa6c19a8 [ 273.967382][ T7646] [ 274.350834][ T7646] ERROR: Out of memory at tomoyo_realpath_from_path. [ 274.584013][ T7658] FAULT_INJECTION: forcing a failure. [ 274.584013][ T7658] name failslab, interval 1, probability 0, space 0, times 0 [ 274.584049][ T7658] CPU: 0 UID: 0 PID: 7658 Comm: syz.4.493 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 274.584074][ T7658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 274.584091][ T7658] Call Trace: [ 274.584099][ T7658] [ 274.584108][ T7658] dump_stack_lvl+0x189/0x250 [ 274.584144][ T7658] ? __pfx____ratelimit+0x10/0x10 [ 274.584178][ T7658] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.584208][ T7658] ? __pfx__printk+0x10/0x10 [ 274.584235][ T7658] ? __pfx___might_resched+0x10/0x10 [ 274.584260][ T7658] ? fs_reclaim_acquire+0x7d/0x100 [ 274.584290][ T7658] should_fail_ex+0x414/0x560 [ 274.584319][ T7658] should_failslab+0xa8/0x100 [ 274.584355][ T7658] __kmalloc_noprof+0xcb/0x4f0 [ 274.584384][ T7658] ? kfree+0x4d/0x440 [ 274.584411][ T7658] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 274.584446][ T7658] tomoyo_realpath_from_path+0xe3/0x5d0 [ 274.584477][ T7658] ? tomoyo_domain+0xda/0x130 [ 274.584511][ T7658] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 274.584534][ T7658] tomoyo_path_number_perm+0x1e8/0x5a0 [ 274.584560][ T7658] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 274.584598][ T7658] ? __lock_acquire+0xab9/0xd20 [ 274.584641][ T7658] ? __fget_files+0x2a/0x420 [ 274.584660][ T7658] ? __fget_files+0x2a/0x420 [ 274.584675][ T7658] ? __fget_files+0x3a0/0x420 [ 274.584689][ T7658] ? __fget_files+0x2a/0x420 [ 274.584709][ T7658] security_file_ioctl+0xcb/0x2d0 [ 274.584731][ T7658] __se_sys_ioctl+0x47/0x170 [ 274.584756][ T7658] do_syscall_64+0xfa/0x3b0 [ 274.584773][ T7658] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.584788][ T7658] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.584805][ T7658] ? clear_bhb_loop+0x60/0xb0 [ 274.584826][ T7658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.584843][ T7658] RIP: 0033:0x7f2a6ab8e969 [ 274.584858][ T7658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.584873][ T7658] RSP: 002b:00007f2a6baa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.584891][ T7658] RAX: ffffffffffffffda RBX: 00007f2a6adb6080 RCX: 00007f2a6ab8e969 [ 274.584903][ T7658] RDX: 0000200000002000 RSI: 0000000000004b66 RDI: 0000000000000005 [ 274.584914][ T7658] RBP: 00007f2a6baa3090 R08: 0000000000000000 R09: 0000000000000000 [ 274.584924][ T7658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.584934][ T7658] R13: 0000000000000001 R14: 00007f2a6adb6080 R15: 00007ffd900904f8 [ 274.584960][ T7658] [ 274.613347][ T7658] ERROR: Out of memory at tomoyo_realpath_from_path. [ 274.813331][ T5946] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 274.967968][ T5946] usb 4-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 274.968003][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.968024][ T5946] usb 4-1: Product: syz [ 274.968040][ T5946] usb 4-1: Manufacturer: syz [ 274.968056][ T5946] usb 4-1: SerialNumber: syz [ 275.794473][ T5946] gspca_main: pac207-2.14.0 probing 093a:2476 [ 275.801879][ T5946] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 275.803525][ T5946] usb 4-1: Found UVC 0.00 device syz (093a:2476) [ 276.005660][ T5946] usb 4-1: No valid video chain found. [ 276.047426][ T5946] usb 4-1: USB disconnect, device number 10 [ 276.769572][ T7679] netlink: 1036 bytes leftover after parsing attributes in process `syz.3.499'. [ 276.779459][ T7679] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 277.495257][ T7683] netlink: 'syz.1.497': attribute type 12 has an invalid length. [ 279.160741][ T7700] netlink: 12 bytes leftover after parsing attributes in process `syz.3.505'. [ 281.830814][ T30] audit: type=1326 audit(1748678981.655:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7707 comm="syz.4.508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x0 [ 283.253676][ T7725] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[7725] [ 285.700149][ T7762] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 286.255212][ T30] audit: type=1326 audit(1748678986.085:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7764 comm="syz.4.523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x0 [ 287.942743][ T7777] vivid-000: kernel_thread() failed [ 289.765852][ T30] audit: type=1326 audit(1748678989.605:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 289.808470][ T30] audit: type=1326 audit(1748678989.635:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 289.869813][ T30] audit: type=1326 audit(1748678989.635:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 289.952201][ T30] audit: type=1326 audit(1748678989.635:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 289.974304][ T30] audit: type=1326 audit(1748678989.635:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 289.995603][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.003722][ T30] audit: type=1326 audit(1748678989.635:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 290.025318][ T30] audit: type=1326 audit(1748678989.635:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2ff398d2d0 code=0x7ffc0000 [ 290.046613][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.053148][ T30] audit: type=1326 audit(1748678989.645:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f2ff3990197 code=0x7ffc0000 [ 290.075063][ T30] audit: type=1326 audit(1748678989.645:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2ff398e969 code=0x7ffc0000 [ 290.365288][ T7775] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 290.532910][ T7775] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 290.793544][ T7775] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 290.800328][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 290.813842][ T7775] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 290.846451][ T7775] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 290.849587][ T30] audit: type=1326 audit(1748678989.645:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7798 comm="syz.1.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f2ff3990197 code=0x7ffc0000 [ 291.153501][ T5872] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 291.538232][ T5872] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 769 [ 291.574566][ T5872] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 291.599963][ T5872] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 291.623522][ T5872] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.99 [ 291.643080][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.677647][ T7799] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 291.900661][ T5872] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 292.189864][ T5872] usb 2-1: invalid MIDI in EP 0 [ 292.207757][ T7799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.220608][ T7820] Invalid ELF header magic: != ELF [ 292.230489][ T7799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.309295][ T5872] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 292.330567][ T5872] usb 2-1: USB disconnect, device number 10 [ 292.590928][ T5834] Bluetooth: hci1: command 0x0406 tx timeout [ 292.643316][ T5878] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 292.772058][ T7827] netlink: 252 bytes leftover after parsing attributes in process `syz.0.540'. [ 292.933447][ T5825] Bluetooth: hci4: command 0x0406 tx timeout [ 292.933463][ T5878] usb 3-1: Using ep0 maxpacket: 8 [ 292.956312][ T5825] Bluetooth: hci2: command 0x0406 tx timeout [ 292.968764][ T5829] Bluetooth: hci3: command 0x0406 tx timeout [ 292.984010][ T5834] Bluetooth: hci5: command 0x1003 tx timeout [ 292.984849][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 292.993504][ T5835] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 293.180794][ T5878] usb 3-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 293.210106][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.259011][ T5878] usb 3-1: config 0 descriptor?? [ 295.763795][ T7845] vivid-000: kernel_thread() failed [ 295.972315][ T5946] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 296.048256][ T5878] usbhid 3-1:0.0: can't add hid device: -71 [ 296.059821][ T5878] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 296.262320][ T5878] usb 3-1: USB disconnect, device number 11 [ 296.277685][ T5946] usb 5-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 296.297923][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.306476][ T5946] usb 5-1: Product: syz [ 296.311332][ T5946] usb 5-1: Manufacturer: syz [ 296.342068][ T5946] usb 5-1: SerialNumber: syz [ 296.404970][ T7859] random: crng reseeded on system resumption [ 297.820198][ T5946] gspca_main: pac207-2.14.0 probing 093a:2476 [ 298.790003][ T5946] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 298.799600][ T5946] usb 5-1: Found UVC 0.00 device syz (093a:2476) [ 298.806117][ T5946] usb 5-1: No valid video chain found. [ 298.813827][ T5946] usb 5-1: USB disconnect, device number 17 [ 299.435768][ T7877] netlink: 252 bytes leftover after parsing attributes in process `syz.1.552'. [ 301.803883][ T7890] loop6: detected capacity change from 0 to 524287999 [ 302.194891][ T7876] delete_channel: no stack [ 302.461523][ T5946] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 302.507299][ T7895] netlink: 16 bytes leftover after parsing attributes in process `syz.2.558'. [ 302.793390][ T117] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 303.134410][ T117] usb 1-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 303.277245][ T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.401577][ T7905] vivid-000: kernel_thread() failed [ 303.549590][ T117] usb 1-1: Product: syz [ 303.553924][ T117] usb 1-1: Manufacturer: syz [ 303.558553][ T117] usb 1-1: SerialNumber: syz [ 303.583489][ T5946] usb 5-1: device descriptor read/all, error -71 [ 303.761039][ T7917] netlink: 8 bytes leftover after parsing attributes in process `syz.4.564'. [ 304.035524][ T117] gspca_main: pac207-2.14.0 probing 093a:2476 [ 304.047726][ T117] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 304.064704][ T117] usb 1-1: Found UVC 0.00 device syz (093a:2476) [ 304.071106][ T117] usb 1-1: No valid video chain found. [ 304.078947][ T117] usb 1-1: USB disconnect, device number 11 [ 304.155062][ T7922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.565'. [ 304.279279][ T7923] netlink: 12 bytes leftover after parsing attributes in process `syz.3.565'. [ 307.157241][ T7962] netlink: 'syz.1.579': attribute type 4 has an invalid length. [ 307.644466][ T7972] 9pnet_fd: Insufficient options for proto=fd [ 308.584968][ T7987] netlink: 'syz.3.586': attribute type 11 has an invalid length. [ 308.592776][ T7987] netlink: 224 bytes leftover after parsing attributes in process `syz.3.586'. [ 308.843282][ T5877] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 308.869293][ T7995] netlink: 28 bytes leftover after parsing attributes in process `syz.2.588'. [ 308.912271][ T7995] netlink: 328 bytes leftover after parsing attributes in process `syz.2.588'. [ 309.031665][ T5877] usb 2-1: unable to get BOS descriptor or descriptor too short [ 309.050474][ T5877] usb 2-1: not running at top speed; connect to a high speed hub [ 309.070718][ T5877] usb 2-1: config 4 has an invalid interface number: 147 but max is 0 [ 309.081260][ T5877] usb 2-1: config 4 has an invalid descriptor of length 1, skipping remainder of the config [ 309.292737][ T8009] warning: `syz.4.590' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 309.373691][ T5833] Bluetooth: hci4: unexpected event for opcode 0x0c7c [ 310.003397][ T5877] usb 2-1: config 4 has no interface number 0 [ 310.033064][ T5877] usb 2-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 310.062787][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.101631][ T5877] usb 2-1: Product: syz [ 310.114223][ T5877] usb 2-1: Manufacturer: syz [ 310.118871][ T5877] usb 2-1: SerialNumber: syz [ 310.135170][ T8004] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 310.153773][ T8004] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 310.180981][ T8004] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 310.197671][ T8004] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 310.216716][ T8004] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 310.616090][ T8018] FAULT_INJECTION: forcing a failure. [ 310.616090][ T8018] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.733707][ T8018] CPU: 0 UID: 0 PID: 8018 Comm: syz.3.596 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 310.733739][ T8018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 310.733753][ T8018] Call Trace: [ 310.733762][ T8018] [ 310.733771][ T8018] dump_stack_lvl+0x189/0x250 [ 310.733810][ T8018] ? __pfx____ratelimit+0x10/0x10 [ 310.733850][ T8018] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.733882][ T8018] ? __pfx__printk+0x10/0x10 [ 310.733904][ T8018] ? __might_fault+0xb0/0x130 [ 310.733951][ T8018] should_fail_ex+0x414/0x560 [ 310.733980][ T8018] _copy_from_user+0x2d/0xb0 [ 310.734013][ T8018] ____sys_sendmsg+0x2fe/0x830 [ 310.734051][ T8018] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.734092][ T8018] ? import_iovec+0x74/0xa0 [ 310.734134][ T8018] ___sys_sendmsg+0x21f/0x2a0 [ 310.734167][ T8018] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.734237][ T8018] ? __fget_files+0x2a/0x420 [ 310.734259][ T8018] ? __fget_files+0x3a0/0x420 [ 310.734291][ T8018] __sys_sendmmsg+0x227/0x430 [ 310.734328][ T8018] ? __pfx___sys_sendmmsg+0x10/0x10 [ 310.734370][ T8018] ? preempt_schedule_irq+0xde/0x150 [ 310.734436][ T8018] __x64_sys_sendmmsg+0xa0/0xc0 [ 310.734469][ T8018] do_syscall_64+0xfa/0x3b0 [ 310.734490][ T8018] ? lockdep_hardirqs_on+0x9c/0x150 [ 310.734510][ T8018] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.734532][ T8018] ? clear_bhb_loop+0x60/0xb0 [ 310.734559][ T8018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.734580][ T8018] RIP: 0033:0x7f8e0a78e969 [ 310.734599][ T8018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.734617][ T8018] RSP: 002b:00007f8e0b5a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 310.734640][ T8018] RAX: ffffffffffffffda RBX: 00007f8e0a9b5fa0 RCX: 00007f8e0a78e969 [ 310.734656][ T8018] RDX: 0000000000000001 RSI: 0000200000000a40 RDI: 0000000000000003 [ 310.734670][ T8018] RBP: 00007f8e0b5a2090 R08: 0000000000000000 R09: 0000000000000000 [ 310.734683][ T8018] R10: 0000000000040080 R11: 0000000000000246 R12: 0000000000000001 [ 310.734696][ T8018] R13: 0000000000000000 R14: 00007f8e0a9b5fa0 R15: 00007ffc160a0328 [ 310.734729][ T8018] [ 311.893987][ T8032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.598'. [ 312.132408][ T5877] usb 2-1: USB disconnect, device number 11 [ 312.214424][ T5835] Bluetooth: hci1: command 0x0406 tx timeout [ 312.220489][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 312.243599][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 312.249750][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 312.256071][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 314.806126][ T5922] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 315.003592][ T5922] usb 1-1: Using ep0 maxpacket: 16 [ 315.021018][ T5922] usb 1-1: config 181 has an invalid descriptor of length 4, skipping remainder of the config [ 315.036654][ T5922] usb 1-1: config 181 has 0 interfaces, different from the descriptor's value: 2 [ 315.060369][ T5922] usb 1-1: New USB device found, idVendor=185b, idProduct=1e78, bcdDevice=33.a9 [ 315.080586][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.093264][ T5922] usb 1-1: Product: syz [ 315.097520][ T5922] usb 1-1: Manufacturer: syz [ 315.112402][ T5922] usb 1-1: SerialNumber: syz [ 315.153325][ T5873] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 315.183408][ T117] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 315.303559][ T5873] usb 4-1: device descriptor read/64, error -71 [ 315.343541][ T117] usb 2-1: Using ep0 maxpacket: 8 [ 315.362632][ T117] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 315.383038][ T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.401352][ T117] usb 2-1: Product: syz [ 315.411498][ T117] usb 2-1: Manufacturer: syz [ 315.435409][ T117] usb 2-1: SerialNumber: syz [ 315.456400][ T117] usb 2-1: config 0 descriptor?? [ 315.480884][ T117] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 315.504571][ T117] usb 2-1: setting power ON [ 315.514741][ T117] dvb-usb: bulk message failed: -22 (2/0) [ 315.536769][ T117] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 315.559681][ T117] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 315.570647][ T5873] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 315.589059][ T117] usb 2-1: media controller created [ 315.630872][ T117] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 315.743284][ T5873] usb 4-1: device descriptor read/64, error -71 [ 315.856316][ T5873] usb usb4-port1: attempt power cycle [ 316.179919][ T117] usb 2-1: selecting invalid altsetting 6 [ 316.195656][ T117] usb 2-1: digital interface selection failed (-22) [ 316.203773][ T117] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 316.222193][ T117] usb 2-1: setting power OFF [ 316.234564][ T117] dvb-usb: bulk message failed: -22 (2/0) [ 316.250826][ T117] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 316.269713][ T117] (NULL device *): no alternate interface [ 316.378334][ T117] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 316.407084][ T117] usb 2-1: USB disconnect, device number 12 [ 316.433244][ T5873] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 316.454011][ T5873] usb 4-1: device descriptor read/8, error -71 [ 317.133512][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.133680][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.367517][ T5873] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 317.382783][ T5922] usb 1-1: USB disconnect, device number 12 [ 317.397951][ T5873] usb 4-1: device descriptor read/8, error -71 [ 317.482036][ T8076] ucma_write: process 458 (syz.2.612) changed security contexts after opening file descriptor, this is not allowed. [ 317.525641][ T5873] usb usb4-port1: unable to enumerate USB device [ 317.704671][ T8091] netlink: 'syz.4.614': attribute type 1 has an invalid length. [ 317.835298][ T8092] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.618'. [ 317.983701][ T8090] netlink: 'syz.2.617': attribute type 11 has an invalid length. [ 317.983743][ T8090] netlink: 224 bytes leftover after parsing attributes in process `syz.2.617'. [ 318.320693][ T8091] 8021q: adding VLAN 0 to HW filter on device bond1 [ 318.354996][ T8098] vlan2: entered allmulticast mode [ 318.360333][ T8098] veth1: entered allmulticast mode [ 318.587447][ T8103] syzkaller1: entered promiscuous mode [ 318.592976][ T8103] syzkaller1: entered allmulticast mode [ 318.741936][ T8107] netlink: 48 bytes leftover after parsing attributes in process `syz.0.622'. [ 320.096129][ T8124] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 320.096129][ T8124] program syz.3.626 not setting count and/or reply_len properly [ 320.373302][ T5876] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 320.653316][ T5876] usb 1-1: Using ep0 maxpacket: 8 [ 320.783822][ T5876] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.809353][ T5876] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 320.823623][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.834480][ T5876] usb 1-1: config 0 descriptor?? [ 320.878799][ T8135] netlink: 1004 bytes leftover after parsing attributes in process `syz.3.630'. [ 320.970407][ T8137] deleting an unspecified loop device is not supported. [ 322.066674][ T5876] lenovo 0003:17EF:6062.0002: item fetching failed at offset 4/5 [ 322.091127][ T5876] lenovo 0003:17EF:6062.0002: hid_parse failed [ 322.100355][ T5876] lenovo 0003:17EF:6062.0002: probe with driver lenovo failed with error -22 [ 322.242227][ T8147] netlink: 40 bytes leftover after parsing attributes in process `syz.3.632'. [ 322.253556][ T8147] netlink: 40 bytes leftover after parsing attributes in process `syz.3.632'. [ 322.262972][ T8147] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 322.516326][ T8149] netlink: 'syz.1.633': attribute type 11 has an invalid length. [ 322.524193][ T8149] netlink: 224 bytes leftover after parsing attributes in process `syz.1.633'. [ 322.800288][ T43] usb 1-1: USB disconnect, device number 13 [ 323.910502][ T8171] netlink: 12 bytes leftover after parsing attributes in process `syz.2.638'. [ 324.310448][ T8181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.643'. [ 326.594270][ T5877] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 326.808941][ T8216] netlink: 'syz.0.651': attribute type 11 has an invalid length. [ 326.808961][ T8216] netlink: 224 bytes leftover after parsing attributes in process `syz.0.651'. [ 326.990011][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 327.151098][ T5877] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 327.151136][ T5877] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 327.152207][ T5877] usb 4-1: Product: syz [ 327.152487][ T5877] usb 4-1: Manufacturer: syz [ 327.153169][ T5877] usb 4-1: SerialNumber: syz [ 327.159757][ T5877] usb 4-1: config 0 descriptor?? [ 327.164438][ T5877] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 327.377451][ T8220] netlink: 'syz.2.652': attribute type 1 has an invalid length. [ 327.379276][ T8220] netlink: 28 bytes leftover after parsing attributes in process `syz.2.652'. [ 327.876076][ T8225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.653'. [ 327.899271][ T5877] gspca_zc3xx: reg_r err -110 [ 327.899361][ T5877] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 328.131586][ T8220] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 328.131638][ T8220] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 328.182380][ T8220] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 328.182408][ T8220] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 328.187338][ T8220] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 328.187362][ T8220] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 328.192326][ T8220] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 328.193637][ T8220] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 328.195352][ T8220] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 328.195373][ T8220] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 331.400257][ T5876] usb 4-1: USB disconnect, device number 15 [ 331.844654][ T8251] ======================================================= [ 331.844654][ T8251] WARNING: The mand mount option has been deprecated and [ 331.844654][ T8251] and is ignored by this kernel. Remove the mand [ 331.844654][ T8251] option from the mount to silence this warning. [ 331.844654][ T8251] ======================================================= [ 331.940915][ T8251] Bluetooth: hci5: Frame reassembly failed (-84) [ 332.634827][ T8253] netlink: 'syz.1.663': attribute type 11 has an invalid length. [ 332.642586][ T8253] netlink: 224 bytes leftover after parsing attributes in process `syz.1.663'. [ 332.863377][ T5876] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 333.124399][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 333.138318][ T5876] usb 4-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 333.151456][ T5876] usb 4-1: config 0 has an invalid interface number: 150 but max is 64 [ 333.169615][ T5876] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 333.193371][ T5876] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 65 [ 333.213157][ T5876] usb 4-1: config 0 has no interface number 0 [ 333.226067][ T5876] usb 4-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 333.262483][ T5876] usb 4-1: config 0 interface 150 has no altsetting 0 [ 333.435873][ T5876] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 333.453894][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.475037][ T5876] usb 4-1: config 0 descriptor?? [ 333.863304][ T5872] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 333.895402][ T5876] usb 4-1: USB disconnect, device number 16 [ 334.005350][ T5825] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 334.464223][ T5872] usb 5-1: Using ep0 maxpacket: 8 [ 334.484894][ T5872] usb 5-1: config 11 has an invalid interface number: 95 but max is 0 [ 334.519963][ T5872] usb 5-1: config 11 has no interface number 0 [ 334.547619][ T5872] usb 5-1: config 11 interface 95 altsetting 64 endpoint 0x82 has invalid wMaxPacketSize 0 [ 334.598105][ T5872] usb 5-1: config 11 interface 95 has no altsetting 0 [ 334.649425][ T5872] usb 5-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d [ 334.684916][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.704256][ T8273] netlink: 'syz.1.669': attribute type 29 has an invalid length. [ 334.705813][ T5872] usb 5-1: Product: syz [ 334.726085][ T8273] netlink: 'syz.1.669': attribute type 29 has an invalid length. [ 334.728628][ T5872] usb 5-1: Manufacturer: syz [ 334.753529][ T5872] usb 5-1: SerialNumber: syz [ 335.026731][ T8263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.666'. [ 335.074711][ T5872] usbtouchscreen 5-1:11.95: probe with driver usbtouchscreen failed with error -71 [ 335.660112][ T5872] usb 5-1: USB disconnect, device number 20 [ 335.950840][ T8291] loop4: detected capacity change from 0 to 524288000 [ 335.988111][ T8293] /dev/nullb0: Can't open blockdev [ 336.209273][ T8293] netlink: 'syz.3.677': attribute type 11 has an invalid length. [ 336.217101][ T8293] netlink: 224 bytes leftover after parsing attributes in process `syz.3.677'. [ 337.916144][ T8319] kernel read not supported for file /!selinu˙ (pid: 8319 comm: syz.2.684) [ 338.167466][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 338.167487][ T30] audit: type=1800 audit(1748679037.765:147): pid=8319 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.684" name=2173656C696E75FF7F dev="mqueue" ino=20642 res=0 errno=0 [ 339.096432][ T8320] loop6: detected capacity change from 0 to 524287999 [ 339.794308][ T8317] delete_channel: no stack [ 340.546896][ T8343] netlink: 252 bytes leftover after parsing attributes in process `syz.0.690'. [ 341.040571][ T8342] netlink: 'syz.4.691': attribute type 11 has an invalid length. [ 341.048443][ T8342] netlink: 224 bytes leftover after parsing attributes in process `syz.4.691'. [ 341.964981][ T8354] FAULT_INJECTION: forcing a failure. [ 341.964981][ T8354] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 341.983539][ T8354] CPU: 0 UID: 0 PID: 8354 Comm: syz.4.694 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 341.983570][ T8354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 341.983583][ T8354] Call Trace: [ 341.983592][ T8354] [ 341.983602][ T8354] dump_stack_lvl+0x189/0x250 [ 341.983641][ T8354] ? __pfx____ratelimit+0x10/0x10 [ 341.983677][ T8354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.983710][ T8354] ? __pfx__printk+0x10/0x10 [ 341.983732][ T8354] ? __might_fault+0xb0/0x130 [ 341.983779][ T8354] should_fail_ex+0x414/0x560 [ 341.983808][ T8354] _copy_from_user+0x2d/0xb0 [ 341.983843][ T8354] ___sys_sendmsg+0x158/0x2a0 [ 341.983877][ T8354] ? __pfx____sys_sendmsg+0x10/0x10 [ 341.983954][ T8354] ? __fget_files+0x2a/0x420 [ 341.983974][ T8354] ? __fget_files+0x3a0/0x420 [ 341.984007][ T8354] __x64_sys_sendmsg+0x19b/0x260 [ 341.984041][ T8354] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 341.984083][ T8354] ? __pfx_ksys_write+0x10/0x10 [ 341.984111][ T8354] ? rcu_is_watching+0x15/0xb0 [ 341.984143][ T8354] ? do_syscall_64+0xbe/0x3b0 [ 341.984170][ T8354] do_syscall_64+0xfa/0x3b0 [ 341.984190][ T8354] ? lockdep_hardirqs_on+0x9c/0x150 [ 341.984211][ T8354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.984232][ T8354] ? clear_bhb_loop+0x60/0xb0 [ 341.984259][ T8354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.984280][ T8354] RIP: 0033:0x7f2a6ab8e969 [ 341.984299][ T8354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.984319][ T8354] RSP: 002b:00007f2a6bac4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 341.984354][ T8354] RAX: ffffffffffffffda RBX: 00007f2a6adb5fa0 RCX: 00007f2a6ab8e969 [ 341.984369][ T8354] RDX: 000000000404c850 RSI: 0000200000000380 RDI: 0000000000000004 [ 341.984383][ T8354] RBP: 00007f2a6bac4090 R08: 0000000000000000 R09: 0000000000000000 [ 341.984396][ T8354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.984409][ T8354] R13: 0000000000000000 R14: 00007f2a6adb5fa0 R15: 00007ffd900904f8 [ 341.984442][ T8354] [ 343.169009][ T8366] netlink: 72 bytes leftover after parsing attributes in process `syz.0.698'. [ 343.181115][ T8366] netlink: 72 bytes leftover after parsing attributes in process `syz.0.698'. [ 344.592284][ T8377] mmap: syz.2.702 (8377) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 344.819266][ T8383] netlink: 252 bytes leftover after parsing attributes in process `syz.4.703'. [ 345.263280][ T5946] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 345.486809][ T5946] usb 1-1: config 0 has no interfaces? [ 345.502253][ T5946] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 345.536486][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.593429][ T5946] usb 1-1: Product: syz [ 345.608494][ T5946] usb 1-1: Manufacturer: syz [ 345.613136][ T5946] usb 1-1: SerialNumber: syz [ 345.664502][ T5946] usb 1-1: config 0 descriptor?? [ 346.433445][ T5915] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 346.438657][ T8398] xt_CT: You must specify a L4 protocol and not use inversions on it [ 346.492100][ T8398] dns_resolver: Unsupported content type (24) [ 346.703293][ T5915] usb 2-1: device descriptor read/64, error -71 [ 346.983364][ T5915] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 347.291103][ T5915] usb 2-1: device descriptor read/64, error -71 [ 347.433957][ T5915] usb usb2-port1: attempt power cycle [ 347.458278][ T8410] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 347.783320][ T5915] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 347.930105][ T5915] usb 2-1: device descriptor read/8, error -71 [ 347.934007][ T5946] usb 1-1: USB disconnect, device number 14 [ 348.002603][ T8428] FAULT_INJECTION: forcing a failure. [ 348.002603][ T8428] name failslab, interval 1, probability 0, space 0, times 0 [ 348.015665][ T8428] CPU: 0 UID: 0 PID: 8428 Comm: syz.0.719 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 348.015686][ T8428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 348.015695][ T8428] Call Trace: [ 348.015703][ T8428] [ 348.015710][ T8428] dump_stack_lvl+0x189/0x250 [ 348.015737][ T8428] ? __pfx____ratelimit+0x10/0x10 [ 348.015769][ T8428] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.015793][ T8428] ? __pfx__printk+0x10/0x10 [ 348.015808][ T8428] ? _raw_write_lock_irq+0xae/0xf0 [ 348.015832][ T8428] ? __pfx__raw_write_lock_irq+0x10/0x10 [ 348.015863][ T8428] should_fail_ex+0x414/0x560 [ 348.015883][ T8428] should_failslab+0xa8/0x100 [ 348.015910][ T8428] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 348.015935][ T8428] ? netlink_realloc_groups+0x11b/0x340 [ 348.015956][ T8428] ? rcu_is_watching+0x15/0xb0 [ 348.015976][ T8428] ? netlink_realloc_groups+0x11b/0x340 [ 348.015996][ T8428] krealloc_noprof+0x124/0x340 [ 348.016019][ T8428] ? netlink_realloc_groups+0xd4/0x340 [ 348.016042][ T8428] netlink_realloc_groups+0x11b/0x340 [ 348.016068][ T8428] netlink_setsockopt+0x37a/0x770 [ 348.016093][ T8428] ? __pfx_netlink_setsockopt+0x10/0x10 [ 348.016117][ T8428] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 348.016132][ T8428] ? __pfx_netlink_setsockopt+0x10/0x10 [ 348.016154][ T8428] do_sock_setsockopt+0x257/0x3e0 [ 348.016177][ T8428] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 348.016201][ T8428] ? ksys_write+0x1e1/0x250 [ 348.016229][ T8428] __x64_sys_setsockopt+0x18b/0x220 [ 348.016254][ T8428] do_syscall_64+0xfa/0x3b0 [ 348.016269][ T8428] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.016284][ T8428] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.016298][ T8428] ? clear_bhb_loop+0x60/0xb0 [ 348.016317][ T8428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.016332][ T8428] RIP: 0033:0x7efecb38e969 [ 348.016346][ T8428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.016360][ T8428] RSP: 002b:00007efec91f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 348.016376][ T8428] RAX: ffffffffffffffda RBX: 00007efecb5b5fa0 RCX: 00007efecb38e969 [ 348.016388][ T8428] RDX: 0000000000000002 RSI: 000000000000010e RDI: 0000000000000003 [ 348.016396][ T8428] RBP: 00007efec91f6090 R08: 0000000000000004 R09: 0000000000000000 [ 348.016406][ T8428] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 348.016416][ T8428] R13: 0000000000000000 R14: 00007efecb5b5fa0 R15: 00007fffa9504508 [ 348.016438][ T8428] [ 348.535552][ T5915] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 348.597482][ T5922] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 348.618648][ T8431] xt_CT: You must specify a L4 protocol and not use inversions on it [ 348.623022][ T8431] dns_resolver: Unsupported content type (24) [ 348.660770][ T5915] usb 2-1: device descriptor read/8, error -71 [ 348.905572][ T5922] usb 4-1: Using ep0 maxpacket: 8 [ 348.941415][ T5915] usb usb2-port1: unable to enumerate USB device [ 348.953313][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 348.988920][ T5922] usb 4-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 349.012514][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.064576][ T5922] usb 4-1: config 0 descriptor?? [ 352.421447][ T5922] usbhid 4-1:0.0: can't add hid device: -71 [ 352.452047][ T5922] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 352.497594][ T5922] usb 4-1: USB disconnect, device number 17 [ 353.053280][ T30] audit: type=1326 audit(1748679052.865:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8460 comm="syz.3.729" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8e0a78e969 code=0x0 [ 354.199319][ T8485] xt_CT: You must specify a L4 protocol and not use inversions on it [ 354.393381][ T8481] dns_resolver: Unsupported content type (24) [ 354.713450][ T5876] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 355.083841][ T8501] fuse: Bad value for 'fd' [ 355.343354][ T5876] usb 5-1: Using ep0 maxpacket: 8 [ 355.359911][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 355.398321][ T5876] usb 5-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 356.207523][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.282637][ T5876] usb 5-1: config 0 descriptor?? [ 357.773793][ T8512] delete_channel: no stack [ 358.082123][ T5876] usbhid 5-1:0.0: can't add hid device: -71 [ 358.133533][ T5876] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 358.203499][ T5876] usb 5-1: USB disconnect, device number 21 [ 359.973366][ T5922] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 360.169764][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.191038][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 360.222482][ T5922] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 360.278530][ T5922] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 360.322459][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.160408][ T5922] usb 5-1: config 0 descriptor?? [ 361.880980][ T8551] kernel read not supported for file /!selinu˙ (pid: 8551 comm: syz.1.756) [ 361.890189][ T30] audit: type=1800 audit(1748679061.735:149): pid=8551 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.756" name=2173656C696E75FF7F dev="mqueue" ino=21236 res=0 errno=0 [ 362.108355][ T5922] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 362.139027][ T5922] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 363.067726][ T5876] usb 5-1: USB disconnect, device number 22 [ 364.231452][ T8561] netlink: 'syz.0.759': attribute type 6 has an invalid length. [ 364.483705][ T5915] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 364.883442][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 365.153412][ T5915] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 365.196471][ T5915] usb 3-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 365.391615][ T8569] Invalid ELF header magic: != ELF [ 365.509083][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.634241][ T5915] usb 3-1: config 0 descriptor?? [ 365.843511][ T5876] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 366.033418][ T5876] usb 4-1: Using ep0 maxpacket: 16 [ 366.055850][ T5876] usb 4-1: config 8 has an invalid interface number: 198 but max is 0 [ 366.073418][ T5876] usb 4-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config [ 366.105665][ T5876] usb 4-1: config 8 has no interface number 0 [ 366.126870][ T5876] usb 4-1: config 8 interface 198 has no altsetting 0 [ 366.332980][ T5876] usb 4-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=6c.67 [ 366.342194][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.352320][ T5876] usb 4-1: Product: syz [ 366.359411][ T5876] usb 4-1: Manufacturer: syz [ 366.365237][ T5876] usb 4-1: SerialNumber: syz [ 366.616763][ T117] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 367.376705][ T8584] vhost-8564: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 367.418924][ T8584] CPU: 0 UID: 0 PID: 8584 Comm: vhost-8564 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 367.418957][ T8584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.418983][ T8584] Call Trace: [ 367.418992][ T8584] [ 367.419001][ T8584] dump_stack_lvl+0x189/0x250 [ 367.419044][ T8584] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.419077][ T8584] ? __pfx__printk+0x10/0x10 [ 367.419100][ T8584] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 367.419130][ T8584] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 367.419163][ T8584] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 367.419195][ T8584] warn_alloc+0x214/0x310 [ 367.419226][ T8584] ? __pfx_warn_alloc+0x10/0x10 [ 367.419259][ T8584] ? __get_vm_area_node+0x28f/0x300 [ 367.419295][ T8584] ? kcov_remote_start+0x336/0x7f0 [ 367.419335][ T8584] __vmalloc_node_range_noprof+0x67e/0x1340 [ 367.419392][ T8584] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 367.419434][ T8584] ? kcov_remote_start+0x336/0x7f0 [ 367.419469][ T8584] vmalloc_noprof+0xb2/0xf0 [ 367.419491][ T8584] ? kcov_remote_start+0x336/0x7f0 [ 367.419525][ T8584] ? kcov_remote_start+0x97/0x7f0 [ 367.419558][ T8584] kcov_remote_start+0x336/0x7f0 [ 367.419591][ T8584] ? kcov_remote_start+0x97/0x7f0 [ 367.419629][ T8584] vhost_run_work_list+0x12a/0x1e0 [ 367.419659][ T8584] ? __pfx_vhost_run_work_list+0x10/0x10 [ 367.419686][ T8584] vhost_task_fn+0x281/0x430 [ 367.419725][ T8584] ? __pfx_vhost_task_fn+0x10/0x10 [ 367.419770][ T8584] ? _raw_spin_unlock_irq+0x23/0x50 [ 367.419803][ T8584] ? lockdep_hardirqs_on+0x9c/0x150 [ 367.419822][ T8584] ? __pfx_vhost_task_fn+0x10/0x10 [ 367.419855][ T8584] ret_from_fork+0x3fc/0x770 [ 367.419886][ T8584] ? __pfx_ret_from_fork+0x10/0x10 [ 367.419918][ T8584] ? __switch_to_asm+0x39/0x70 [ 367.419937][ T8584] ? __switch_to_asm+0x33/0x70 [ 367.419956][ T8584] ? __pfx_vhost_task_fn+0x10/0x10 [ 367.419989][ T8584] ret_from_fork_asm+0x1a/0x30 [ 367.420030][ T8584] [ 367.422314][ T8584] Mem-Info: [ 367.719446][ T8584] active_anon:17 inactive_anon:21477 isolated_anon:0 [ 367.719446][ T8584] active_file:4434 inactive_file:9626 isolated_file:0 [ 367.719446][ T8584] unevictable:768 dirty:205 writeback:8 [ 367.719446][ T8584] slab_reclaimable:10355 slab_unreclaimable:98377 [ 367.719446][ T8584] mapped:41156 shmem:18795 pagetables:847 [ 367.719446][ T8584] sec_pagetables:0 bounce:0 [ 367.719446][ T8584] kernel_misc_reclaimable:0 [ 367.719446][ T8584] free:1356050 free_pcp:3256 free_cma:0 [ 367.727781][ T117] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.779490][ T8584] Node 0 active_anon:68kB inactive_anon:86108kB active_file:17736kB inactive_file:38564kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:164724kB dirty:816kB writeback:32kB shmem:73844kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11000kB pagetables:3288kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 367.813751][ T8596] Driver unsupported XDP return value 0 on prog (id 179) dev N/A, expect packet loss! [ 367.895821][ T8584] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 367.927426][ T117] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 367.942280][ T117] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 367.969855][ T117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.022680][ T8584] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 368.025632][ T117] usb 1-1: config 0 descriptor?? [ 368.159520][ T8584] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 368.168925][ T8584] Node 0 DMA32 free:1489380kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB active_anon:64kB inactive_anon:91016kB active_file:16180kB inactive_file:41736kB unevictable:1536kB writepending:848kB present:3129332kB managed:2561708kB mlocked:0kB bounce:0kB free_pcp:2448kB local_pcp:440kB free_cma:0kB [ 368.213664][ T8584] lowmem_reserve[]: 0 0 1 1 1 [ 368.218846][ T8584] Node 0 Normal free:12kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:4kB inactive_anon:76kB active_file:1588kB inactive_file:196kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:24kB free_cma:0kB [ 368.256599][ T8584] lowmem_reserve[]: 0 0 0 0 0 [ 368.261830][ T8584] Node 1 Normal free:3922164kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:140kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 368.306570][ T8584] lowmem_reserve[]: 0 0 0 0 0 [ 368.330470][ T8584] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 368.358860][ T8584] Node 0 DMA32: 11*4kB (ME) 136*8kB (UME) 183*16kB (UE) 25*32kB (UE) 360*64kB (UE) 155*128kB (UME) 68*256kB (U) 41*512kB (U) 5*1024kB (U) 4*2048kB (UME) 339*4096kB (UM) = 1487996kB [ 368.420300][ T8584] Node 0 Normal: 3*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 368.468374][ T8584] Node 1 Normal: 179*4kB (UME) 45*8kB (UME) 36*16kB (UME) 194*32kB (UME) 93*64kB (UME) 32*128kB (UME) 13*256kB (UME) 9*512kB (UM) 3*1024kB (UME) 3*2048kB (UME) 949*4096kB (M) = 3922164kB [ 368.550070][ T8598] can: request_module (can-proto-0) failed. [ 368.562103][ T8584] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 368.596219][ T8584] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 368.638149][ T8584] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 368.681581][ T8584] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 368.722329][ T8584] 35648 total pagecache pages [ 368.741026][ T8584] 0 pages in swap cache [ 368.763913][ T8584] Free swap = 124996kB [ 368.783407][ T8584] Total swap = 124996kB [ 368.800688][ T8584] 2097051 pages RAM [ 368.818977][ T8584] 0 pages HighMem/MovableOnly [ 368.855342][ T8584] 424517 pages reserved [ 368.875590][ T8584] 0 pages cma reserved [ 369.110482][ T5915] usbhid 3-1:0.0: can't add hid device: -71 [ 369.146433][ T5915] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 369.184462][ T5876] ums-onetouch 4-1:8.198: USB Mass Storage device detected [ 369.203471][ T5835] Bluetooth: hci5: command 0x1003 tx timeout [ 369.210600][ T5825] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 369.217197][ T5915] usb 3-1: USB disconnect, device number 12 [ 369.594884][ T5876] usb 4-1: USB disconnect, device number 18 [ 369.812688][ T5915] usb 1-1: USB disconnect, device number 15 [ 371.900224][ T8623] delete_channel: no stack [ 372.164198][ T5922] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 372.733656][ T5915] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 373.010510][ T5915] usb 1-1: Using ep0 maxpacket: 32 [ 373.035461][ T5915] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 373.078240][ T5915] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 373.107948][ T5915] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 373.162022][ T5915] usb 1-1: config 0 interface 0 has no altsetting 1 [ 373.195493][ T5915] usb 1-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57 [ 373.217975][ T5922] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 373.243283][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.246752][ T5922] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 373.274076][ T5915] usb 1-1: Product: syz [ 373.278297][ T5915] usb 1-1: Manufacturer: syz [ 373.283265][ T5922] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 373.312428][ T5915] usb 1-1: SerialNumber: syz [ 373.346537][ T5922] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 373.351485][ T5915] usb 1-1: config 0 descriptor?? [ 373.362252][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.405192][ T5922] usb 3-1: Product: syz [ 373.409429][ T5922] usb 3-1: Manufacturer: syz [ 373.438067][ T5922] usb 3-1: SerialNumber: syz [ 373.459039][ T5922] cdc_mbim 3-1:1.0: skipping garbage [ 373.483244][ T5922] cdc_mbim 3-1:1.0: CDC Union missing and no IAD found [ 373.503535][ T5922] cdc_mbim 3-1:1.0: bind() failure [ 373.791666][ T8647] netlink: 16 bytes leftover after parsing attributes in process `syz.3.781'. [ 373.865182][ T5946] usb 3-1: USB disconnect, device number 13 [ 375.152942][ T30] audit: type=1400 audit(1748679074.985:150): lsm=SMACK fn=smack_inode_removexattr action=denied subject="w" object="_" requested=w pid=8621 comm="syz.4.774" name="file1" dev="tmpfs" ino=761 [ 375.437563][ T5946] usb 1-1: USB disconnect, device number 16 [ 378.620917][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.627353][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.663915][ T8690] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 379.674222][ T8690] cramfs: wrong magic [ 380.238400][ T8696] FAULT_INJECTION: forcing a failure. [ 380.238400][ T8696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 380.276588][ T8696] CPU: 1 UID: 0 PID: 8696 Comm: syz.3.784 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 380.276620][ T8696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 380.276632][ T8696] Call Trace: [ 380.276641][ T8696] [ 380.276650][ T8696] dump_stack_lvl+0x189/0x250 [ 380.276687][ T8696] ? __pfx____ratelimit+0x10/0x10 [ 380.276723][ T8696] ? __pfx_dump_stack_lvl+0x10/0x10 [ 380.276753][ T8696] ? __pfx__printk+0x10/0x10 [ 380.276788][ T8696] should_fail_ex+0x414/0x560 [ 380.276817][ T8696] _copy_to_user+0x31/0xb0 [ 380.276850][ T8696] sk_getsockopt+0x19dd/0x2530 [ 380.276885][ T8696] ? __pfx_sk_getsockopt+0x10/0x10 [ 380.276910][ T8696] ? do_user_addr_fault+0xbc1/0x1390 [ 380.276931][ T8696] ? do_syscall_64+0xa0/0x3b0 [ 380.276957][ T8696] ? do_user_addr_fault+0xc8a/0x1390 [ 380.276987][ T8696] ? irqentry_exit+0x74/0x90 [ 380.277008][ T8696] ? lockdep_hardirqs_on+0x9c/0x150 [ 380.277029][ T8696] ? irqentry_exit+0x74/0x90 [ 380.277046][ T8696] ? exc_page_fault+0x9f/0xf0 [ 380.277096][ T8696] ? rep_movs_alternative+0xf/0x90 [ 380.277127][ T8696] do_sock_getsockopt+0x275/0x650 [ 380.277155][ T8696] ? do_syscall_64+0xa0/0x3b0 [ 380.277180][ T8696] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 380.277207][ T8696] ? do_syscall_64+0xa0/0x3b0 [ 380.277228][ T8696] ? __fget_files+0x3a0/0x420 [ 380.277247][ T8696] ? __fget_files+0x2a/0x420 [ 380.277275][ T8696] __x64_sys_getsockopt+0x1a5/0x250 [ 380.277304][ T8696] ? do_syscall_64+0xa0/0x3b0 [ 380.277326][ T8696] ? do_syscall_64+0xa0/0x3b0 [ 380.277352][ T8696] do_syscall_64+0xfa/0x3b0 [ 380.277372][ T8696] ? lockdep_hardirqs_on+0x9c/0x150 [ 380.277392][ T8696] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.277413][ T8696] ? clear_bhb_loop+0x60/0xb0 [ 380.277439][ T8696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.277460][ T8696] RIP: 0033:0x7f8e0a78e969 [ 380.277478][ T8696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.277497][ T8696] RSP: 002b:00007f8e0b5a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 380.277520][ T8696] RAX: ffffffffffffffda RBX: 00007f8e0a9b5fa0 RCX: 00007f8e0a78e969 [ 380.277542][ T8696] RDX: 0000000000000007 RSI: 0000000000000001 RDI: 0000000000000004 [ 380.277555][ T8696] RBP: 00007f8e0b5a2090 R08: 0000200000000000 R09: 0000000000000000 [ 380.277569][ T8696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 380.277582][ T8696] R13: 0000000000000000 R14: 00007f8e0a9b5fa0 R15: 00007ffc160a0328 [ 380.277615][ T8696] [ 381.329108][ T8724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.801'. [ 381.475057][ T8730] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 381.563589][ T8728] net veth1_virt_wifi virt_wifi0 (unregistering): left allmulticast mode [ 382.661051][ T30] audit: type=1326 audit(1748679082.445:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8743 comm="syz.1.806" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x0 [ 383.883233][ T30] audit: type=1326 audit(1748679083.635:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8750 comm="syz.4.808" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a6ab8e969 code=0x0 [ 384.602354][ T8764] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 386.751624][ T8778] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 386.794669][ T8778] syzkaller1: Refused to change device type [ 386.872991][ T8791] netlink: 48 bytes leftover after parsing attributes in process `syz.4.821'. [ 386.883075][ T8791] netlink: 24 bytes leftover after parsing attributes in process `syz.4.821'. [ 386.913268][ T8793] netlink: 36 bytes leftover after parsing attributes in process `syz.3.822'. [ 386.944258][ T8792] netlink: 36 bytes leftover after parsing attributes in process `syz.3.822'. [ 387.552474][ T8799] netlink: 8 bytes leftover after parsing attributes in process `syz.2.823'. [ 387.571389][ T8799] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 387.589746][ T8799] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 387.628350][ T8799] netlink: 72 bytes leftover after parsing attributes in process `syz.2.823'. [ 387.638409][ T8804] netlink: 88 bytes leftover after parsing attributes in process `syz.2.823'. [ 387.788676][ T8804] bond_slave_0: entered promiscuous mode [ 387.794577][ T8804] bond_slave_1: entered promiscuous mode [ 387.803703][ T8804] macsec1: entered promiscuous mode [ 387.808986][ T8804] bond0: entered promiscuous mode [ 387.815432][ T8804] macsec1: entered allmulticast mode [ 387.820847][ T8804] bond0: entered allmulticast mode [ 387.826529][ T8804] bond_slave_0: entered allmulticast mode [ 387.832727][ T8804] bond_slave_1: entered allmulticast mode [ 387.843999][ T8804] bond0: left allmulticast mode [ 387.877886][ T8804] bond_slave_0: left allmulticast mode [ 387.885192][ T8804] bond_slave_1: left allmulticast mode [ 387.890779][ T8804] bond0: left promiscuous mode [ 387.898741][ T8804] bond_slave_0: left promiscuous mode [ 387.904282][ T8804] bond_slave_1: left promiscuous mode [ 388.023347][ T117] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 388.121744][ T5877] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 388.213527][ T5915] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 388.300888][ T117] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 388.317278][ T5877] usb 2-1: Using ep0 maxpacket: 32 [ 388.319017][ T117] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 388.371679][ T117] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 388.372979][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.383338][ T5915] usb 4-1: Using ep0 maxpacket: 32 [ 388.426040][ T117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.483091][ T5915] usb 4-1: config 3 has an invalid interface number: 202 but max is 0 [ 388.492649][ T5877] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.576331][ T5915] usb 4-1: config 3 has no interface number 0 [ 388.583405][ T5915] usb 4-1: config 3 interface 202 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 8 [ 388.591290][ T5877] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 388.594843][ T117] usb 5-1: config 0 descriptor?? [ 388.622497][ T5915] usb 4-1: New USB device found, idVendor=0b95, idProduct=178a, bcdDevice=b0.61 [ 388.632821][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.678920][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.687052][ T5915] usb 4-1: Product: syz [ 388.687109][ T5915] usb 4-1: Manufacturer: syz [ 388.687185][ T5915] usb 4-1: SerialNumber: syz [ 388.778066][ T8817] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 388.829823][ T5877] usb 2-1: config 0 descriptor?? [ 389.067229][ T5877] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 389.219807][ T5915] ax88179_178a 4-1:3.202: probe with driver ax88179_178a failed with error -71 [ 389.248513][ T5877] usb 2-1: USB disconnect, device number 17 [ 389.300770][ T5915] usb 4-1: USB disconnect, device number 19 [ 389.534944][ T8837] netlink: 60 bytes leftover after parsing attributes in process `syz.0.833'. [ 391.167923][ T8850] batadv1: entered promiscuous mode [ 391.174727][ T8850] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 391.498022][ T5946] usb 5-1: USB disconnect, device number 23 [ 392.593382][ T8846] netlink: 252 bytes leftover after parsing attributes in process `syz.2.838'. [ 392.657975][ T8865] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 392.665139][ T8865] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 392.717113][ T8867] vlan0: entered promiscuous mode [ 392.802030][ T8868] netlink: 24 bytes leftover after parsing attributes in process `syz.0.840'. [ 392.884762][ T8871] netlink: 'syz.3.843': attribute type 1 has an invalid length. [ 392.988340][ T8871] 8021q: adding VLAN 0 to HW filter on device bond1 [ 393.149811][ T8865] bond1: (slave gretap1): making interface the new active one [ 393.220087][ T8865] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 398.100709][ T8916] netlink: 48 bytes leftover after parsing attributes in process `syz.0.857'. [ 398.866116][ T8919] delete_channel: no stack [ 399.144493][ T8928] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 399.171438][ T8928] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 399.193424][ T8928] bridge_slave_0: default FDB implementation only supports local addresses [ 399.230163][ T8932] kernel read not supported for file /!selinu˙ (pid: 8932 comm: syz.3.862) [ 399.243593][ T30] audit: type=1800 audit(1748679099.085:153): pid=8932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.862" name=2173656C696E75FF7F dev="mqueue" ino=22162 res=0 errno=0 [ 401.330474][ T8963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.871'. [ 402.044336][ T5878] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 402.187889][ T8974] 8021q: adding VLAN 0 to HW filter on device bond1 [ 402.197499][ T8974] bridge0: port 3(bond1) entered blocking state [ 402.204121][ T8974] bridge0: port 3(bond1) entered disabled state [ 402.210840][ T8974] bond1: entered allmulticast mode [ 402.216101][ T5878] usb 4-1: Using ep0 maxpacket: 32 [ 402.225347][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.230973][ T8974] bond1: entered promiscuous mode [ 402.236700][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.251602][ T5878] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 402.261765][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.277580][ T8974] bridge0: port 3(bond1) entered blocking state [ 402.284789][ T8974] bridge0: port 3(bond1) entered forwarding state [ 402.293955][ T5878] usb 4-1: config 0 descriptor?? [ 402.386250][ T6335] bridge0: port 3(bond1) entered disabled state [ 402.549664][ T117] IPVS: starting estimator thread 0... [ 402.555969][ T8979] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 402.572121][ T8981] kernel read not supported for file /!selinu˙ (pid: 8981 comm: syz.4.876) [ 402.601283][ T30] audit: type=1800 audit(1748679102.435:154): pid=8981 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.876" name=2173656C696E75FF7F dev="mqueue" ino=22406 res=0 errno=0 [ 402.683864][ T8980] IPVS: using max 25 ests per chain, 60000 per kthread [ 402.822941][ T5878] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 403.037897][ T117] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 403.223480][ T117] usb 2-1: config 0 has an invalid interface number: 49 but max is 0 [ 403.284161][ T117] usb 2-1: config 0 has no interface number 0 [ 403.523623][ T117] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=2d.ad [ 403.576291][ T117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.597130][ T5915] usb 4-1: USB disconnect, device number 20 [ 403.670402][ T117] usb 2-1: config 0 descriptor?? [ 403.978811][ T8979] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 404.068803][ T5877] usb 2-1: USB disconnect, device number 18 [ 404.223374][ T5878] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 404.393428][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 404.409208][ T5878] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 404.425506][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.443480][ T5878] usb 3-1: Product: syz [ 404.447977][ T5878] usb 3-1: Manufacturer: syz [ 404.452606][ T5878] usb 3-1: SerialNumber: syz [ 404.505999][ T5878] r8152-cfgselector 3-1: Unknown version 0x0000 [ 404.512350][ T5878] r8152-cfgselector 3-1: config 0 descriptor?? [ 405.678961][ T9016] netlink: 550 bytes leftover after parsing attributes in process `syz.1.889'. [ 405.692503][ T9013] binder: 9012:9013 ioctl c0306201 2000000003c0 returned -14 [ 405.718477][ T9013] binder: 9012:9013 ioctl c0306201 200000000540 returned -11 [ 405.810545][ T5946] r8152-cfgselector 3-1: USB disconnect, device number 14 [ 407.662663][ T9040] FAULT_INJECTION: forcing a failure. [ 407.662663][ T9040] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 407.701149][ T9040] CPU: 1 UID: 0 PID: 9040 Comm: syz.2.894 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 407.701181][ T9040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 407.701194][ T9040] Call Trace: [ 407.701203][ T9040] [ 407.701212][ T9040] dump_stack_lvl+0x189/0x250 [ 407.701249][ T9040] ? __pfx____ratelimit+0x10/0x10 [ 407.701283][ T9040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 407.701314][ T9040] ? __pfx__printk+0x10/0x10 [ 407.701336][ T9040] ? __might_fault+0xb0/0x130 [ 407.701389][ T9040] should_fail_ex+0x414/0x560 [ 407.701417][ T9040] _copy_from_user+0x2d/0xb0 [ 407.701448][ T9040] ___sys_sendmsg+0x158/0x2a0 [ 407.701481][ T9040] ? __pfx____sys_sendmsg+0x10/0x10 [ 407.701549][ T9040] ? __fget_files+0x2a/0x420 [ 407.701568][ T9040] ? __fget_files+0x3a0/0x420 [ 407.701599][ T9040] __sys_sendmmsg+0x227/0x430 [ 407.701635][ T9040] ? __pfx___sys_sendmmsg+0x10/0x10 [ 407.701662][ T9040] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 407.701712][ T9040] ? ksys_write+0x22a/0x250 [ 407.701744][ T9040] ? __pfx_ksys_write+0x10/0x10 [ 407.701771][ T9040] ? rcu_is_watching+0x15/0xb0 [ 407.701803][ T9040] __x64_sys_sendmmsg+0xa0/0xc0 [ 407.701834][ T9040] do_syscall_64+0xfa/0x3b0 [ 407.701855][ T9040] ? lockdep_hardirqs_on+0x9c/0x150 [ 407.701874][ T9040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.701895][ T9040] ? clear_bhb_loop+0x60/0xb0 [ 407.701921][ T9040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.701941][ T9040] RIP: 0033:0x7f31ced8e969 [ 407.701961][ T9040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.701979][ T9040] RSP: 002b:00007f31cfc95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 407.702001][ T9040] RAX: ffffffffffffffda RBX: 00007f31cefb5fa0 RCX: 00007f31ced8e969 [ 407.702018][ T9040] RDX: 0400000000000181 RSI: 00002000000030c0 RDI: 0000000000000006 [ 407.702032][ T9040] RBP: 00007f31cfc95090 R08: 0000000000000000 R09: 0000000000000000 [ 407.702046][ T9040] R10: 9200000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.702059][ T9040] R13: 0000000000000000 R14: 00007f31cefb5fa0 R15: 00007ffcaa6c19a8 [ 407.702091][ T9040] [ 408.475799][ T9052] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 409.043566][ T5946] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 409.268901][ T5946] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 409.461161][ T5946] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 409.517480][ T5946] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 409.557762][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.626077][ T5946] usb 4-1: config 0 descriptor?? [ 409.666420][ T9066] xt_CT: You must specify a L4 protocol and not use inversions on it [ 411.035666][ T9087] xt_CT: You must specify a L4 protocol and not use inversions on it [ 411.036731][ T9087] dns_resolver: Unsupported content type (24) [ 412.037108][ T5915] usb 4-1: USB disconnect, device number 21 [ 413.432660][ T9105] netlink: 252 bytes leftover after parsing attributes in process `syz.0.914'. [ 413.618052][ T30] audit: type=1326 audit(1748679113.455:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9113 comm="syz.1.917" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ff398e969 code=0x0 [ 414.170020][ T9121] xt_CT: You must specify a L4 protocol and not use inversions on it [ 414.172946][ T9121] dns_resolver: Unsupported content type (24) [ 414.745069][ T9123] block nbd0: NBD_DISCONNECT [ 416.816230][ T9138] netlink: 'syz.4.924': attribute type 11 has an invalid length. [ 416.824061][ T9138] netlink: 224 bytes leftover after parsing attributes in process `syz.4.924'. [ 417.033391][ T5946] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 417.206788][ T5946] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 417.227180][ T5946] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 417.250393][ T5946] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 418.047869][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.065302][ T5946] usb 2-1: config 0 descriptor?? [ 418.283507][ T9163] netlink: 36 bytes leftover after parsing attributes in process `syz.0.934'. [ 523.543124][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 523.550148][ C1] rcu: 0-...!: (0 ticks this GP) idle=800c/1/0x4000000000000000 softirq=36329/36329 fqs=0 [ 523.561098][ C1] rcu: (detected by 1, t=10502 jiffies, g=29277, q=199 ncpus=2) [ 523.568845][ C1] Sending NMI from CPU 1 to CPUs 0: [ 523.568884][ C0] NMI backtrace for cpu 0 [ 523.568903][ C0] CPU: 0 UID: 0 PID: 9166 Comm: syz.4.931 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 523.568926][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 523.568938][ C0] RIP: 0010:__lock_acquire+0x2e1/0xd20 [ 523.568986][ C0] Code: fa 10 31 f6 85 d2 40 0f 95 c6 31 d2 83 bf d4 0a 00 00 00 0f 95 c2 c1 e2 0d c1 e6 0e 09 d6 8b 54 24 1c c1 e2 0f 0f b7 d2 09 f2 <41> 83 e4 03 41 c1 e4 10 41 09 d4 8b 54 24 0c 83 e2 01 c1 e2 12 44 [ 523.569002][ C0] RSP: 0018:ffffc90000007ad0 EFLAGS: 00000006 [ 523.569018][ C0] RAX: 0000000000000014 RBX: ffffffff99c80140 RCX: 0000000000000000 [ 523.569030][ C0] RDX: 0000000000004000 RSI: 0000000000004000 RDI: ffff88802c181e00 [ 523.569042][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff84beaafa [ 523.569053][ C0] R10: ffffc90000007cb0 R11: fffff52000000f98 R12: 0000000000000000 [ 523.569066][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802c1828f0 [ 523.569078][ C0] FS: 0000000000000000(0000) GS:ffff888125c99000(0000) knlGS:0000000000000000 [ 523.569092][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 523.569104][ C0] CR2: 00007f8e0a97d2d8 CR3: 000000005f5b0000 CR4: 00000000003526f0 [ 523.569120][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 523.569130][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 523.569141][ C0] Call Trace: [ 523.569148][ C0] [ 523.569161][ C0] ? debug_object_deactivate+0x9a/0x250 [ 523.569190][ C0] lock_acquire+0x120/0x360 [ 523.569206][ C0] ? debug_object_deactivate+0x9a/0x250 [ 523.569236][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 523.569264][ C0] _raw_spin_lock_irqsave+0xa7/0xf0 [ 523.569296][ C0] ? debug_object_deactivate+0x9a/0x250 [ 523.569323][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 523.569354][ C0] debug_object_deactivate+0x9a/0x250 [ 523.569386][ C0] debug_deactivate+0x1d/0x200 [ 523.569408][ C0] __hrtimer_run_queues+0x2b0/0xc60 [ 523.569436][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 523.569455][ C0] ? read_tsc+0x9/0x20 [ 523.569475][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 523.569507][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 523.569530][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 523.569559][ C0] [ 523.569565][ C0] [ 523.569572][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 523.569591][ C0] RIP: 0010:unmap_page_range+0xe8b/0x4580 [ 523.569617][ C0] Code: 89 74 24 50 0f 84 18 03 00 00 e8 40 6c b8 ff 4c 89 a4 24 98 00 00 00 44 89 e0 4c 8d 24 c3 48 c1 e0 0c 4c 01 f8 48 89 44 24 58 <4c> 8b 7c 24 28 4c 89 fe 48 81 e6 01 01 00 00 31 ff e8 ef 70 b8 ff [ 523.569632][ C0] RSP: 0018:ffffc9000aed7660 EFLAGS: 00000293 [ 523.569647][ C0] RAX: ffffffff8207cf60 RBX: ffff88802f169e70 RCX: ffff88802c181e00 [ 523.569660][ C0] RDX: 0000000000000000 RSI: 800000006b8a4007 RDI: 0000000000000000 [ 523.569672][ C0] RBP: ffffc9000aed7910 R08: ffffea0001ae28f3 R09: 1ffffd400035c51e [ 523.569685][ C0] R10: dffffc0000000000 R11: fffff9400035c51f R12: ffff88802f169e70 [ 523.569698][ C0] R13: dffffc0000000000 R14: 00007f2a69dce000 R15: 00007f2a69dce000 [ 523.569715][ C0] ? unmap_page_range+0xd50/0x4580 [ 523.569760][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 523.569783][ C0] ? unmap_single_vma+0x1b2/0x2a0 [ 523.569805][ C0] unmap_vmas+0x25d/0x3c0 [ 523.569827][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 523.569857][ C0] exit_mmap+0x245/0xba0 [ 523.569875][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 523.569896][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 523.569914][ C0] ? __khugepaged_exit+0x319/0x470 [ 523.569931][ C0] ? kmem_cache_free+0x18f/0x400 [ 523.569956][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 523.569982][ C0] ? __khugepaged_exit+0x347/0x470 [ 523.570000][ C0] __mmput+0x118/0x420 [ 523.570021][ C0] exit_mm+0x1da/0x2c0 [ 523.570047][ C0] ? __pfx_exit_mm+0x10/0x10 [ 523.570071][ C0] ? hrtimer_try_to_cancel+0x3d9/0x420 [ 523.570092][ C0] ? rcu_is_watching+0x15/0xb0 [ 523.570113][ C0] do_exit+0x864/0x2550 [ 523.570138][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 523.570164][ C0] ? __pfx_do_exit+0x10/0x10 [ 523.570192][ C0] ? rcu_is_watching+0x15/0xb0 [ 523.570216][ C0] __x64_sys_exit+0x40/0x40 [ 523.570241][ C0] x64_sys_call+0x21a3/0x21c0 [ 523.570258][ C0] do_syscall_64+0xfa/0x3b0 [ 523.570275][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 523.570296][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.570314][ C0] ? clear_bhb_loop+0x60/0xb0 [ 523.570333][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.570350][ C0] RIP: 0033:0x7f2a6ab8e969 [ 523.570364][ C0] Code: Unable to access opcode bytes at 0x7f2a6ab8e93f. [ 523.570373][ C0] RSP: 002b:00007f2a6bac3fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 523.570390][ C0] RAX: ffffffffffffffda RBX: 00007f2a6adb5fa0 RCX: 00007f2a6ab8e969 [ 523.570403][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 523.570414][ C0] RBP: 00007f2a6ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 523.570425][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 523.570435][ C0] R13: 0000000000000000 R14: 00007f2a6adb5fa0 R15: 00007ffd900904f8 [ 523.570455][ C0] [ 523.570877][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g29277 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 524.092537][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=24619 [ 524.100455][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g29277 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 524.111858][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 524.122021][ C1] rcu: RCU grace-period kthread stack dump: [ 524.127929][ C1] task:rcu_preempt state:I stack:26024 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 524.139992][ C1] Call Trace: [ 524.143289][ C1] [ 524.146246][ C1] __schedule+0x16a2/0x4cb0 [ 524.150810][ C1] ? schedule+0x165/0x360 [ 524.155183][ C1] ? __pfx___schedule+0x10/0x10 [ 524.160090][ C1] ? schedule+0x91/0x360 [ 524.164375][ C1] schedule+0x165/0x360 [ 524.168589][ C1] schedule_timeout+0x12b/0x270 [ 524.173473][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 524.178968][ C1] ? __pfx_process_timeout+0x10/0x10 [ 524.184290][ C1] ? prepare_to_swait_event+0x341/0x380 [ 524.189887][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 524.194775][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 524.200016][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 524.204995][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 524.210310][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 524.215561][ C1] ? finish_swait+0xcd/0x1f0 [ 524.220192][ C1] rcu_gp_kthread+0x99/0x390 [ 524.224811][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 524.230120][ C1] ? __kthread_parkme+0x7b/0x200 [ 524.235095][ C1] ? __kthread_parkme+0x1a1/0x200 [ 524.240154][ C1] kthread+0x70e/0x8a0 [ 524.244258][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 524.249476][ C1] ? __pfx_kthread+0x10/0x10 [ 524.254120][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 524.259351][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 524.264572][ C1] ? __pfx_kthread+0x10/0x10 [ 524.269198][ C1] ret_from_fork+0x3fc/0x770 [ 524.273813][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 524.278951][ C1] ? __switch_to_asm+0x39/0x70 [ 524.283738][ C1] ? __switch_to_asm+0x33/0x70 [ 524.288528][ C1] ? __pfx_kthread+0x10/0x10 [ 524.293158][ C1] ret_from_fork_asm+0x1a/0x30 [ 524.297976][ C1]