last executing test programs: 18.273879652s ago: executing program 2 (id=675): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) eventfd2(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='net/sctp\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r1], 0x24}}, 0x0) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000040)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r2, 0x786b6295d7f1977, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVKEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x18001}, 0x40040) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r6 = dup(r5) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000140)={0x6}, 0x10) write(r7, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000100001000200000000858abf00000000", @ANYRES32=0x0, @ANYBLOB="000000000101040008001b00"], 0x28}}, 0x0) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000"], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 12.6971963s ago: executing program 2 (id=688): sched_setscheduler(0x0, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80140, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x2c9ab000) fadvise64(r2, 0x2, 0x106, 0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x1000) (fail_nth: 7) 11.570979493s ago: executing program 2 (id=695): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, 0x0, 0x20004004) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) (fail_nth: 5) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000007, 0x10, 0xffffffffffffffff, 0x80000000) 7.131722718s ago: executing program 3 (id=705): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000600)={0x29, 0x1, 0x3, "ff050000007eefad00000001ffffffff000000000000000000000900", 0x32314d4e}) 6.847709434s ago: executing program 3 (id=708): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x12000, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window], 0x3) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xce) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYRESDEC=r2, @ANYBLOB="3f9d00000000fedbdf251700000008000300", @ANYRES32=r3, @ANYBLOB="d713459a7a0500020000000000"], 0x3c}}, 0x0) bind$ax25(r1, &(0x7f0000000380)={{0x3, @default, 0x2}, [@default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$sock_ifreq(r4, 0x89f0, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r5 = dup(r1) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r6, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000002080)={0x2, 0x0, {&(0x7f00000006c0)=""/151, 0x97, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000002780)=""/254, 0xfe, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000b40)=""/263, 0x12b, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xfe65, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/107, 0x6b, 0x0, 0x0, 0x3}}, 0x48) read$proc_mixer(r5, &(0x7f0000000100)=""/25, 0x19) mmap(&(0x7f00001d4000/0x1000)=nil, 0x1000, 0x100000e, 0x810, r1, 0xf6d0e000) syz_open_dev$vcsa(&(0x7f0000000000), 0x4, 0x20800) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f000016f000/0x3000)=nil, 0x3000, 0x19) socket$nl_route(0x10, 0x3, 0x0) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r4, 0xc0046686, &(0x7f0000000200)={0x0, 0x7c, "7a9adfd68318917e06539503c1fa47644ae74bd58ac7f3e44d1b1eaf258b8a4d99a1a68174d80f3ea721e82765630b8f98ff1bd08c076738c51a2659584b88e93f779acf8a36a3b85842c616bf8b9e24f0e31527fe49a9c55d3be94f90cf730179fd921aa4a83f1e6bc638c29eca4ab96ff5e7ece8cc2bb3399e7e48"}) 6.042591513s ago: executing program 2 (id=713): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000000bc0)=[{{&(0x7f00000000c0)={0xa, 0xe20, 0x1, @local, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002700)="89", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x9, 0x80000000, 0xd7c7}, &(0x7f0000000140)=0x10) r2 = dup(r0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_usb_connect(0x0, 0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="12015002369d7b10210435032c56010203010902400001070870bc090430fc0002feff09052406000005240002000d240f010e00000004000900010524"], &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0}) syz_open_dev$tty20(0xc, 0x4, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2642, 0x0) writev(r7, &(0x7f0000000180)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000140)}], 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@delneigh={0x28, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r9, 0x80, 0x2}, [@NDA_LLADDR={0xa}]}, 0x28}}, 0x0) close(0x3) ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000000c0)={0x40, 0x202000000000000}) mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESDEC=r0]) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00') acct(&(0x7f00000001c0)='./file0\x00') 5.851113331s ago: executing program 3 (id=714): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYRES32], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000"], &(0x7f00000001c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x1e50, &(0x7f0000000140)={0x0, 0x5883, 0x4000, 0x0, 0xed}, &(0x7f00000006c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) open(&(0x7f0000000640)='./file1\x00', 0x0, 0x11) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00'}, 0x10) r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r8 = open(&(0x7f00000000c0)='.\x00', 0x101800, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r8, &(0x7f0000000100)='./file0\x00') mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) setsockopt$inet6_tcp_int(r9, 0x6, 0x1e, &(0x7f0000000000)=0x8, 0x4) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0x40049366, &(0x7f0000000180)) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000357000000570348349272058d037ab6fac020b50af3fa28785ad796a278ed0898f3edcd5f6248bed277fb71f824001b074ebe5a7acc5d3db8a5cc06ef6622cd09df268b1d37133afbe28b87de39f8470000cd7c3b332699247b5f6b"], 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6c, 0x60, 0x5, 0x7, 0x48, 0xc, 0xc}}}, &(0x7f0000000740)={0x84, &(0x7f0000000240)={0x40, 0x0, 0x78, "30e596797560f095a426e9f49c1369915c4cdbcae0f5a28a3e6dfabb5758ba2e9cc9bc3b185a769caf6ea39767deae6df3c47272b5e2ea920668638552f608460319a686cc26b92d219c8bd3b8ec8527f1f82532ab24487b081596bef54eac5d8bb8a05ee7816478f15688be301a5524b5e453c437cfc6c7"}, 0x0, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f00000005c0)=ANY=[@ANYBLOB="200004000000e001200098b7100d54db7c58ca27f583245b5eeeb465e0eee7a0822370c9dd9587331b"], &(0x7f0000000400)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000440)={0x40, 0x9, 0x1}, &(0x7f0000000480)={0x40, 0xb, 0x2, "11b7"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000500)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000540)={0x40, 0x17, 0x6, @random="c917e312bbe6"}, 0x0, &(0x7f0000000600)={0x40, 0x1a, 0x2, 0x84c4}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x8}, 0x0, &(0x7f0000000700)={0x40, 0x21, 0x1, 0x9}}) 5.443375288s ago: executing program 4 (id=715): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) (async) r1 = syz_open_dev$loop(&(0x7f00000002c0), 0x1, 0xa0182) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 5.414286051s ago: executing program 0 (id=716): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000007d00)={0x14, 0x24, 0x301, 0x0, 0x0, {0x1f}}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) 5.087386432s ago: executing program 4 (id=717): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000180)='so\xcc\xefurc\x16', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}]}}}]}, 0x38}}, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x40081, &(0x7f0000000200)={0x11, 0x6, r1, 0x1, 0x0, 0x6, @local}, 0x14) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000780), &(0x7f00000007c0)=0x4) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000800)={0x0, @remote, @loopback}, &(0x7f0000000840)=0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000880)={'macvtap0\x00'}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r3}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r2], 0x48}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x2, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x200}, @TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x44}}, 0x8004) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r7, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000980)={'ip6gre0\x00', &(0x7f0000000900)={'syztnl0\x00', 0x0, 0x2f, 0xb, 0xf, 0x1257, 0xf, @local, @dev={0xfe, 0x80, '\x00', 0x42}, 0x80, 0x40, 0x4, 0x486}}) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001080)={&(0x7f00000009c0)={0x14, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x90) r10 = gettid() fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000140)='ceph\x00', &(0x7f00000001c0)="e536", 0x2) tkill(r10, 0xb) 3.707416921s ago: executing program 4 (id=718): syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x1058, 0x18, &(0x7f0000000440)={@flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @flat=@binder={0x73622a85, 0xa, 0xffffffffffffffff}, @flat=@weak_binder={0x77622a85, 0x1000, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x479af, 0x1, 0x7fff, 0x263}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)) syz_io_uring_submit(r4, r5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, 0x0, 0x0) sendmsg$nl_xfrm(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[], 0xf8}}, 0x0) 3.489729175s ago: executing program 0 (id=719): ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffffffffffff9}}, './file0\x00'}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9febd90102180000000000000900"/26], &(0x7f00000003c0)=""/214, 0x1a, 0xd6, 0x9, 0x4000}, 0x28) r0 = socket$inet6(0xa, 0x800, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @local, 0x6}, 0x32) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000100", 0x8) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000140)=0x4, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.347681976s ago: executing program 1 (id=720): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYRES16=r2]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYRES32=r3]) 3.216988602s ago: executing program 4 (id=721): r0 = socket(0x2, 0x80805, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680)) open_by_handle_at(r0, &(0x7f0000000000)=@reiserfs_5={0x14, 0x5, {0x200, 0x8e, 0x7b9, 0x8, 0xff}}, 0x400000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0x1, 0x0, {0x2, 0x0, 0x0, 0x0, {0xffe0, 0xa}, {0xb, 0x2}, {0x4}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0xfa, 0xa, 0x0, 0x3, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x4, 0x7, 0x9, 0x1, 0x0, 0x3}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000090}, 0x4040480) listen(r0, 0xb) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000008400000005"], 0x30, 0x4040}], 0x1, 0x0) 2.834623199s ago: executing program 1 (id=722): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000022c0)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000000a0000000000000e05000000000000000000f0d13d54d6c6d9f089d8e8ec149da62142cd0a1f27ea66a50a3012a621c42a37"], 0x0, 0x2a, 0x0, 0x0, 0x2, 0x10000}, 0x28) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000300)={0x1, @sdr={0x31303553, 0x4}}) (async) keyctl$chown(0x6, 0x0, 0x0, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000002200)={0x5, 0x0, [{0x5000, 0x0, &(0x7f00000010c0)}, {0x10000, 0x0, &(0x7f0000001100)}, {0x2, 0x1000, &(0x7f0000001140)=""/4096}, {0xeeef0000, 0x50, &(0x7f0000002140)=""/80}, {0x4000, 0x5, &(0x7f00000021c0)=""/9}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) (async) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7}, 0x10) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000020000006d0500000300000002000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="00000001001b0100"/27], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r8}, 0x38) (async) r9 = openat$null(0xffffffffffffff9c, &(0x7f0000001100), 0x10001, 0x0) lseek(r9, 0x0, 0x1) unshare(0x20000400) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/consoles\x00', 0x0, 0x0) preadv(r10, &(0x7f0000000000)=[{&(0x7f0000000080)=""/4080, 0xff0}], 0x0, 0x33, 0x0) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x400}, {}], 0x2, 0x0, 0x0, 0x0) 2.707558991s ago: executing program 0 (id=723): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa5a"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000180)="000000000000000022385ba986dd", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x20, r6, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xfffffffffffffd42, 0x1, 0xfffffff9}]}]}, 0x20}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000680)={0x188, r6, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xc}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x401}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8c0d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}]}, @TIPC_NLA_BEARER={0x4}, @TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'eth', 0x3a, 'veth0_to_hsr\x00'}}, @TIPC_NLA_BEARER_NAME={0xb, 0x1, @l2={'ib', 0x3a, 'wg0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x9817, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x4}}}}]}, @TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x44}, 0x20004004) 2.593498851s ago: executing program 3 (id=724): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)=@ipv6_getanyicast={0x14, 0x3e, 0x300, 0x70bd2c, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x800) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000011c0)=[@in={0x2, 0x4e23, @private=0xa010100}]}, &(0x7f0000000180)=0x10) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000001280)=""/4106, &(0x7f0000001040)=0x100a) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="1900000004000000080000000b00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000e7fffffffcff2336c61a0b95734093c32b4c", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc) r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000001c0)=0x2) r5 = socket(0x10, 0x803, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x8) rename(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='./file0/file0\x00') sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'team_slave_1\x00', &(0x7f0000000240)=@ethtool_link_settings={0x4d, 0x97, 0x6, 0x80, 0x5, 0x80, 0x4, 0x8, 0x6, 0x4, [0x8, 0x6, 0x81, 0x7ff, 0xc90, 0xaf5, 0x6], [0x0, 0x200, 0x1, 0x5, 0x80000]}}) sendto$inet(0xffffffffffffffff, &(0x7f00000003c0)="cc4d5a3d3543f81142b3964bd371f1ff54e322ffda8d5bdad89810548e070556864e0a3cec633194d4afbd455332ed26d1fd344c41a1e47e9d1fcaf1a4c3ce93f459e7ac590f979be58f7453fb2bfebc9532f6334db19375c22685c8e06e1ac7dd2d6236c8393ee901c431d351766757e597c751da3aeb3482aeaa9662783c7db15928ebe57675a59c1e0f86d63aab6600eb7737d03c2ff46bdfe92a1553546c46b8fe155bcde8c607738f514e07b9dcb7a09094ee19be473b91deb1f38a6e09866291562e394d8e428e0d926cce2725a804f84a4017353925aae9087da58394a21986320f72ee3a4f9520401180e3c94a1c919a90757fa0ef53d06043ab", 0xfe, 0x88c4, 0x0, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x23) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r7, 0x402c542d, &(0x7f0000001180)={0x43, 0x9, 0x7, 0x4, 0x5, "7afc64ec2e1bd09e80adf5151942cb056e3a6b", 0x9, 0x3}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c00000010001fff2dbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0080000000000000240012800b00010067726574617000001400028008000700ac1414aa08000100", @ANYRES32=r6, @ANYBLOB="0807fe33", @ANYRES32=r6, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4048800}, 0xc850) 2.475659252s ago: executing program 1 (id=725): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240020001a0001000000ff7f0000000080200000", @ANYRES32=0x0, @ANYRES32=r0], 0x24}}, 0x0) 2.271674605s ago: executing program 2 (id=726): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYRESHEX=r0], 0x38}, 0x1, 0x0, 0x0, 0x44040}, 0xe000) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f00000001c0), &(0x7f0000000340)=r3}, 0x20) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a80)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000018c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r5}, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000025c0), r6) sendmsg$NL802154_CMD_GET_SEC_KEY(r6, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000026c0)={&(0x7f0000002680)={0x14, r7, 0xb11, 0x401, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x24000000) r8 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, 0x0, 0x0) r9 = fanotify_init(0x200, 0x0) r10 = epoll_create(0x2) epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f00000000c0)={0x30000015}) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000100)={{0x84, @empty, 0x4e23, 0x3, 'sh\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44) 2.271345299s ago: executing program 0 (id=727): r0 = fanotify_init(0x0, 0x0) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x48001018, r1, 0x0) fanotify_mark(r0, 0x441, 0x4800001b, r1, 0x0) 2.197425525s ago: executing program 1 (id=728): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000006c0)='\r', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000640)="e3c7b1a7ede708d25165188ee78cddef28630c1c98588beeb7e8892f361bfb39baa334f484ef0622ff258f89771bd88654704574626544693642320f18aaa710a87e4f61a881af6259d7fc5ef2d442f07243e0c0f4cbefcec8de4bf35cccc03e667fbb23c41d2ffa34e21a989b68957a779c9466fc4d8f0a193c661587cba119", 0x80}, {&(0x7f00000007c0)="34bf15654463c3be39a28c61bb95f5d6fc1aba5e37b02db7cbb98cabc6dd7a57f867adb98bf148732dc2b5301b9b16c0b43a1a009dd185fd0862ed5572a1887117b2adc7a1c982e56f1bce0e0afd3c21417aafc20fce885c54a93dc7358cc4e36f1a47d893dba96f75527452ad09c98a5ebf", 0x72}, {&(0x7f0000000840)="2dd79e0f1e05a2c0804b6a9251c52655fa0f8462e1d0bc3aa7463d4889f9257e13456b7ea0fabac22a348c63eb4e0a8fdef8bfe485ef94eb0ee172c71026714f281b59874c2cffcb058c6b9b33aba80f5f54993425b661531e563d7c728fd57c2cb50621419ee79b538dbdab2841024a674000b496a953293f69b2f4a76d506602dd0a67dc38b67f1711716da49a82d2320eea98a5840bb44c63e38c977dfa92fb82faf42733", 0xa6}, {&(0x7f0000000900)="08ef74923496b602343d0f599f56b5a69feb79ed5e7fb268cf88e65e8aa452900b82c9b4d80a1c3c03801dfb1293ca344f8f36fea96f644009295054a1c385bd00896ab357f8d8d08845a8d5cbbf82cc3beebd444cff06c6ef8eafffd76908801f9dfa3e758514832d0fb289faaf8ccbdd4f1eddb9e0b3b74462b758a254ef7073ccffba4baf63deda2e2380f31abe2ab032c45269c0feff1f83541c015e6694da53dc8a4e5926bd447261876b8f20f65a2e60e67068794036451ad0fd2b637a6226e14544eeae1e8e10fe5faa5503b42fba32f070", 0xd5}, {&(0x7f0000000a40)="e20ecc735d37e3ad8f508b91668183b5be0aef5c86d3d3e804b914641d03424c94b3339bc48c0e46df5369f7e0ecc96a23274cdda6055ecfa4d0cec086916377409abdcb7c6373e5a0d3ce9386f9e747e247247ac587f1e19b24be2fca60d5bd5652ca8f30d2a93079b353f4374bfbc5fb9e1e2651bb7de4f4b1b6227f1185849766c0ffcd336c3c582d3730720fb437e2", 0x91}, {&(0x7f0000000b00)="b31184081ef023f747d7726af5cf9824a0ad5c546da7d1034cd4afc1c2429ed89a1c03b17f41545b0ef5ed2a1467f206f00e6196bd8bdb33c7bb3451ac294dde7bc1b6083f072a7b996d5fc87dc4becb19bd54474b543ee4495239357ade8c5819862488f8766c4dc4e5e968e0b844", 0x6f}, {&(0x7f0000000b80)="a40d430db2f2d5f526647cf0ef3f3b6e5d55fdb76be519b3ad8280c3975af8b97f7bf8630dae9842b9a49fb30a7018371ce3c20c097019218bb00576b40988cf4761190b11ce741d3ab7a080046fbf23d0c44ba2b0d8fa62329dc6fa5996e7692274b3cd33a8c86fe4e071a2b5ad1cc74fa3c275354de95f7eb0cef88530b9319186d46844ebb93513ba", 0x8a}, {&(0x7f0000002580)="84c0c8e9301405a28f8ae7a5fc02631476eb12caabb86ae2ace3a4a57a72b114b8ea1296409c20d9043aeaf5ac54e6c67670bc3cbec572db9d857bd02832ce8223e05b2824488341d6a53a46a000aef08dd8304db87ba68832966931f7c5fc0a7e9831362eac08f69755f830b7fd27c3c496033938a581c0543f07601bb2d3f546e8d00df19da10338a8d941ba3f3f70f2f4e14b02ea19b0d9aa584a7d171283efeab984079b7bb27e0aa4524d5fc74019c004d65f5e8b83761b4cfc810645ae1cc66df361a7a3d15f14d733175a7d17f0a8b557df6abb51262dc83151ab0bbc7994a53e7a3a2b0e2ff72c6d163ab2c9a2d71ad52c3617013556a228ca7c1cad54", 0x101}], 0x8}}], 0x2, 0x0) 1.995659859s ago: executing program 0 (id=729): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000008, 0x20010, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0xd4) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$netlink(0x10, 0x3, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$USBDEVFS_CONNECTINFO(r5, 0x8004550f, 0x0) userfaultfd(0x0) r6 = syz_open_dev$vim2m(&(0x7f0000000180), 0xa, 0x2) r7 = syz_open_dev$vivid(&(0x7f0000000100), 0x3, 0x2) ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000000300)={0x9, 0x81, 0x5, {0x4, @sliced={0x6000, [0x0, 0x9, 0x7, 0x1, 0x7, 0xef, 0x0, 0x4, 0x39c, 0x3, 0x1, 0xffa6, 0x0, 0x3, 0xfff9, 0xfc18, 0x0, 0x3, 0xc06, 0x6e, 0x81, 0x6, 0x6, 0x5, 0x1, 0x3, 0x6, 0xa2, 0x101, 0x0, 0x3, 0x8, 0x2ce, 0x3, 0x9, 0x5, 0x8, 0x9, 0x400, 0x1, 0x7, 0x9, 0x48, 0x401, 0x5, 0x8, 0x6, 0x6], 0x1}}, 0xf9}) ioctl$vim2m_VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000880)={0x10, 0x2, 0x3, "bc3e099e23000600000000000000000000c70f00", 0x34343452}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000200)="5e73663bf4082f7c6cbecbf09d6dd7be5a4563f329c16f799d1836bfc45a7badc8faed24bb77c848723ad00fb243c3111dda42112650cc00", 0x0, 0x48) syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f00000000c0)) 1.897956133s ago: executing program 1 (id=730): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000002240)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) (async) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) r3 = socket$unix(0x1, 0x5, 0x0) fstatfs(r3, &(0x7f0000000000)) (async) write$cgroup_devices(r2, &(0x7f0000000200)=ANY=[@ANYBLOB='b *:* rm'], 0x9) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r0, &(0x7f0000005900)=[{{0x0, 0x0, &(0x7f0000002280)=[{&(0x7f0000002380)=""/190}]}, 0x3}, {{&(0x7f0000002440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x0, &(0x7f00000022c0)=[{&(0x7f00000024c0)=""/221}, {&(0x7f00000025c0)=""/4096}], 0x0, &(0x7f00000035c0)=""/162}, 0x1ff}, {{&(0x7f0000003680), 0x0, &(0x7f0000003900)=[{&(0x7f0000003700)=""/101}, {&(0x7f0000003780)=""/81}, {&(0x7f0000003800)=""/235}]}, 0x4}, {{&(0x7f0000003940)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x0, &(0x7f0000004dc0)=[{&(0x7f00000039c0)=""/228}, {&(0x7f0000003ac0)=""/237}, {&(0x7f0000003bc0)=""/27}, {&(0x7f0000003c00)=""/216}, {&(0x7f0000003d00)=""/4096}, {&(0x7f0000004d00)=""/108}, {&(0x7f0000004d80)=""/9}]}, 0x6}, {{&(0x7f0000004e40)=@hci, 0x0, &(0x7f0000005000)=[{&(0x7f0000004ec0)=""/49}, {&(0x7f0000004f00)=""/253}], 0x0, &(0x7f0000005040)=""/133}}, {{&(0x7f0000005100)=@x25, 0x0, &(0x7f0000005800)=[{&(0x7f0000005180)=""/101}, {&(0x7f0000005200)=""/45}, {&(0x7f0000005240)=""/243}, {&(0x7f0000005340)=""/166}, {&(0x7f0000005400)=""/197}, {&(0x7f0000005500)=""/209}, {&(0x7f0000005600)=""/139}, {&(0x7f00000056c0)=""/207}, {&(0x7f00000057c0)=""/30}], 0x0, &(0x7f00000058c0)=""/19}, 0x7}], 0x566, 0x4001a100, 0x0) 1.827568291s ago: executing program 3 (id=731): syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x1058, 0x18, &(0x7f0000000440)={@flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @flat=@binder={0x73622a85, 0xa, 0xffffffffffffffff}, @flat=@weak_binder={0x77622a85, 0x1000, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x479af, 0x1, 0x7fff, 0x263}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)) syz_io_uring_submit(r4, r5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, 0x0, 0x0) sendmsg$nl_xfrm(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[], 0xf8}}, 0x0) 1.533907606s ago: executing program 1 (id=732): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYRES16=r2]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYRES32=r3]) 608.538902ms ago: executing program 4 (id=733): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000004300010081007000fddbdf2502000000080002"], 0x1c}, 0x1, 0x0, 0x0, 0x20050}, 0x40080) (fail_nth: 7) 513.156272ms ago: executing program 0 (id=734): syz_io_uring_setup(0x8, &(0x7f00000001c0)={0x0, 0xda9f, 0x1, 0x2, 0xf0}, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) listen(r0, 0x1) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="30000000000000008400000001"], 0x30, 0x4040}], 0x1, 0x2000000) 940.967µs ago: executing program 2 (id=735): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f000000b200)='/dev/comedi1\x00', 0x8040, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000100)={'pcl812\x00', [0x8001, 0x20, 0x6, 0x8, 0xfffffffb, 0x3ff, 0x4d7, 0x2, 0x34, 0x4, 0x0, 0x401, 0x3, 0x47, 0x9, 0x7ff, 0xffffffff, 0x0, 0x1f29, 0x5, 0x8000, 0x8, 0x6, 0x5, 0x54, 0x2, 0x101, 0x5, 0x8, 0x8, 0x1]}) 692.151µs ago: executing program 4 (id=736): syz_io_uring_setup(0x8, &(0x7f00000001c0)={0x0, 0xda9f, 0x1, 0x2, 0xf0}, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) listen(r0, 0x1) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x39) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x2236}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r1, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x102) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) ioctl$FICLONERANGE(r5, 0x4020940d, &(0x7f0000000280)={{r5}, 0x400, 0x8000000000000000, 0x7}) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="30000000000000008400000001"], 0x30, 0x4040}], 0x1, 0x0) 0s ago: executing program 3 (id=737): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) capset(&(0x7f0000000000)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000180)={0x10, 0x0, 0x152, 0x0, 0x0, 0xc3}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000640)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000540)="5221d57b0000", 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): v4l2_ioctl+0x10/0x10 [ 294.414300][ T6952] __se_sys_ioctl+0xf9/0x170 [ 294.414323][ T6952] do_syscall_64+0xfa/0x3b0 [ 294.414338][ T6952] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.414361][ T6952] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.414376][ T6952] ? clear_bhb_loop+0x60/0xb0 [ 294.414396][ T6952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.414412][ T6952] RIP: 0033:0x7f9f8b98e929 [ 294.414429][ T6952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.414443][ T6952] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.414462][ T6952] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929 [ 294.414474][ T6952] RDX: 0000200000000180 RSI: 00000000c02c564a RDI: 0000000000000003 [ 294.414493][ T6952] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000 [ 294.414503][ T6952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.414512][ T6952] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138 [ 294.414540][ T6952] [ 294.435211][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e64d400: rx timeout, send abort [ 294.447001][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e64d000: abort rx timeout. Force session deactivation [ 294.930454][ T9] usb 4-1: device descriptor read/64, error -71 [ 294.936929][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e64d400: abort rx timeout. Force session deactivation [ 295.146762][ T5922] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 295.263702][ T9] usb usb4-port1: attempt power cycle [ 295.288538][ T5942] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 295.304250][ T5942] usb 1-1: USB disconnect, device number 9 [ 295.381548][ T5922] usb 5-1: Using ep0 maxpacket: 32 [ 295.402277][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.427835][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.431522][ T6963] binder: BINDER_SET_CONTEXT_MGR already set [ 295.462892][ T6963] binder: 6962:6963 ioctl 4018620d 200000000040 returned -16 [ 295.464325][ T5922] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 295.549128][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.591066][ T5922] usb 5-1: config 0 descriptor?? [ 295.621321][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 295.639944][ T5922] hub 5-1:0.0: USB hub found [ 295.661778][ T9] usb 4-1: device descriptor read/8, error -71 [ 295.825692][ T5922] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 295.911142][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 295.978095][ T9] usb 4-1: device descriptor read/8, error -71 [ 296.352573][ T9] usb usb4-port1: unable to enumerate USB device [ 296.491315][ T5922] hid-generic 0003:046D:C31C.0003: unknown main item tag 0x0 [ 296.608339][ T6980] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 296.623987][ T6980] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 296.980296][ T5922] hid-generic 0003:046D:C31C.0003: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0 [ 297.160817][ T44] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 297.214910][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.4.312'. [ 297.226734][ T6985] 9pnet_fd: Insufficient options for proto=fd [ 297.366082][ T44] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 297.447900][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 297.497530][ T5942] usb 5-1: USB disconnect, device number 11 [ 297.538777][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 297.559135][ T6993] afs: Unknown parameter '' [ 297.569562][ T44] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 297.591776][ T44] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 297.605730][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.649461][ T44] usb 3-1: config 0 descriptor?? [ 297.668501][ T6979] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 297.794800][ T6997] ubi31: attaching mtd0 [ 297.802948][ T6997] ubi31: scanning is finished [ 297.807691][ T6997] ubi31: empty MTD device detected [ 297.870835][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 298.070144][ T9] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 298.090445][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.239560][ T9] usb 2-1: config 0 descriptor?? [ 298.250347][ T9] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 298.262724][ T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 298.310909][ T6997] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 298.324073][ T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 298.358033][ T6997] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 298.370291][ T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 298.398379][ T6997] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 298.407226][ T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 298.447719][ T6979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.321'. [ 298.461767][ T6997] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 298.464231][ T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 298.469310][ T6997] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 298.469348][ T6997] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 298.469366][ T6997] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 164327439 [ 298.469387][ T6997] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 298.483180][ T7003] ubi31: background thread "ubi_bgt31d" started, PID 7003 [ 298.649421][ T9] gspca_cpia1: usb_control_msg 03, error -32 [ 298.684437][ T9] gspca_cpia1: usb_control_msg 03, error -32 [ 298.711286][ T9] cpia1 2-1:0.0: unexpected state after lo power cmd: 00 [ 298.859535][ T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 298.905946][ T9] gspca_cpia1: usb_control_msg 01, error -71 [ 298.906386][ T44] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 299.577130][ T44] usb 3-1: USB disconnect, device number 9 [ 299.670578][ T9] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 299.703197][ T9] usb 2-1: USB disconnect, device number 15 [ 299.910834][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 299.975057][ T7019] fido_id[7019]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 300.128275][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 300.161436][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 300.201499][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 300.237080][ T7031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.335'. [ 300.291870][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 300.349279][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 300.438602][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 300.572680][ T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 300.648500][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.673039][ T44] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 301.609626][ T24] usb 4-1: config 0 descriptor?? [ 301.842416][ T44] usb 5-1: Using ep0 maxpacket: 8 [ 301.851941][ T44] usb 5-1: config 5 has an invalid interface number: 35 but max is 0 [ 301.873987][ T44] usb 5-1: config 5 has no interface number 0 [ 301.880838][ T44] usb 5-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10 [ 301.906247][ T5874] Bluetooth: hci5: urb ffff88805cb33b00 submission failed (90) [ 301.956299][ T7052] 9pnet: Unknown protocol version 9p200 [ 301.999625][ T24] usb 4-1: USB disconnect, device number 13 [ 302.010883][ T44] usb 5-1: config 5 interface 35 has no altsetting 0 [ 302.189454][ T44] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b [ 302.356893][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.660801][ T44] usb 5-1: Product: syz [ 302.665047][ T44] usb 5-1: Manufacturer: syz [ 302.670027][ T44] usb 5-1: SerialNumber: syz [ 302.696758][ T7053] FAULT_INJECTION: forcing a failure. [ 302.696758][ T7053] name failslab, interval 1, probability 0, space 0, times 0 [ 302.747231][ T7053] CPU: 1 UID: 0 PID: 7053 Comm: syz.0.341 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 302.747251][ T7053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.747258][ T7053] Call Trace: [ 302.747263][ T7053] [ 302.747269][ T7053] dump_stack_lvl+0x189/0x250 [ 302.747287][ T7053] ? __pfx____ratelimit+0x10/0x10 [ 302.747305][ T7053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.747318][ T7053] ? __pfx__printk+0x10/0x10 [ 302.747335][ T7053] ? __pfx___might_resched+0x10/0x10 [ 302.747347][ T7053] ? fs_reclaim_acquire+0x7d/0x100 [ 302.747361][ T7053] should_fail_ex+0x414/0x560 [ 302.747380][ T7053] should_failslab+0xa8/0x100 [ 302.747397][ T7053] kmem_cache_alloc_noprof+0x73/0x3c0 [ 302.747412][ T7053] ? fuse_get_req+0x7b9/0x10b0 [ 302.747429][ T7053] fuse_get_req+0x7b9/0x10b0 [ 302.747449][ T7053] ? process_measurement+0x72d/0x1a40 [ 302.747467][ T7053] ? __pfx_fuse_get_req+0x10/0x10 [ 302.747481][ T7053] ? __pfx_autoremove_wake_function+0x10/0x10 [ 302.747496][ T7053] ? __lock_acquire+0xab9/0xd20 [ 302.747514][ T7053] __fuse_simple_request+0x2aa/0x18d0 [ 302.747533][ T7053] ? __pfx___fuse_simple_request+0x10/0x10 [ 302.747555][ T7053] ? mntput_no_expire+0xb9/0x860 [ 302.747571][ T7053] ? mntput_no_expire+0xb9/0x860 [ 302.747582][ T7053] ? mntput_no_expire+0x241/0x860 [ 302.747596][ T7053] ? dput+0x37/0x2b0 [ 302.747609][ T7053] fuse_getxattr+0x2d7/0x470 [ 302.747622][ T7053] ? step_into+0x435/0xf30 [ 302.747635][ T7053] ? __pfx_fuse_getxattr+0x10/0x10 [ 302.747656][ T7053] ? smk_tskacc+0x2fc/0x370 [ 302.747672][ T7053] ? smack_inode_getxattr+0x13e/0x1a0 [ 302.747685][ T7053] ? __pfx_smack_inode_getxattr+0x10/0x10 [ 302.747700][ T7053] ? rcu_is_watching+0x15/0xb0 [ 302.747718][ T7053] fuse_xattr_get+0x80/0xa0 [ 302.747730][ T7053] ? __pfx_fuse_xattr_get+0x10/0x10 [ 302.747743][ T7053] __vfs_getxattr+0x3f1/0x430 [ 302.747766][ T7053] vfs_getxattr+0x231/0x290 [ 302.747785][ T7053] ? __pfx_vfs_getxattr+0x10/0x10 [ 302.747808][ T7053] do_getxattr+0x171/0x320 [ 302.747822][ T7053] filename_getxattr+0x111/0x210 [ 302.747835][ T7053] ? __pfx_filename_getxattr+0x10/0x10 [ 302.747849][ T7053] ? getname_flags+0x1e5/0x540 [ 302.747862][ T7053] __x64_sys_lgetxattr+0x1c6/0x210 [ 302.747877][ T7053] ? __pfx___x64_sys_lgetxattr+0x10/0x10 [ 302.747904][ T7053] ? __pfx_ksys_write+0x10/0x10 [ 302.747917][ T7053] ? rcu_is_watching+0x15/0xb0 [ 302.747931][ T7053] ? do_syscall_64+0xbe/0x3b0 [ 302.747945][ T7053] do_syscall_64+0xfa/0x3b0 [ 302.747955][ T7053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.747965][ T7053] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 302.747976][ T7053] ? clear_bhb_loop+0x60/0xb0 [ 302.747989][ T7053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.747999][ T7053] RIP: 0033:0x7f46cd18e929 [ 302.748010][ T7053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.748019][ T7053] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0 [ 302.748033][ T7053] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929 [ 302.748041][ T7053] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000000 [ 302.748048][ T7053] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000 [ 302.748055][ T7053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.748062][ T7053] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8 [ 302.748079][ T7053] [ 303.127629][ T7043] syz.1.337 (7043) used greatest stack depth: 19520 bytes left [ 303.276442][ T44] ttusbir 5-1:5.35: cannot find expected altsetting [ 303.291702][ T44] usb 5-1: USB disconnect, device number 12 [ 303.334236][ T5867] udevd[5867]: setting owner of /dev/bus/usb/005/012 to uid=0, gid=0 failed: No such file or directory [ 304.593636][ T7083] netlink: 20 bytes leftover after parsing attributes in process `syz.2.350'. [ 304.679908][ T7083] batadv0: entered promiscuous mode [ 304.712620][ T7083] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 304.744793][ T7083] batadv0: left promiscuous mode [ 304.822039][ T7094] FAULT_INJECTION: forcing a failure. [ 304.822039][ T7094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.835891][ T7094] CPU: 1 UID: 0 PID: 7094 Comm: syz.0.351 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 304.835917][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.835927][ T7094] Call Trace: [ 304.835935][ T7094] [ 304.835943][ T7094] dump_stack_lvl+0x189/0x250 [ 304.835968][ T7094] ? __pfx____ratelimit+0x10/0x10 [ 304.835993][ T7094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.836012][ T7094] ? __pfx__printk+0x10/0x10 [ 304.836034][ T7094] ? __might_fault+0xb0/0x130 [ 304.836073][ T7094] should_fail_ex+0x414/0x560 [ 304.836104][ T7094] _copy_from_user+0x2d/0xb0 [ 304.836126][ T7094] ___sys_sendmsg+0x158/0x2a0 [ 304.836152][ T7094] ? __pfx____sys_sendmsg+0x10/0x10 [ 304.836212][ T7094] ? __fget_files+0x2a/0x420 [ 304.836229][ T7094] ? __fget_files+0x3a0/0x420 [ 304.836255][ T7094] __x64_sys_sendmsg+0x19b/0x260 [ 304.836278][ T7094] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 304.836308][ T7094] ? __pfx_ksys_write+0x10/0x10 [ 304.836328][ T7094] ? rcu_is_watching+0x15/0xb0 [ 304.836353][ T7094] ? do_syscall_64+0xbe/0x3b0 [ 304.836385][ T7094] do_syscall_64+0xfa/0x3b0 [ 304.836400][ T7094] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.836424][ T7094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.836443][ T7094] ? clear_bhb_loop+0x60/0xb0 [ 304.836465][ T7094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.836482][ T7094] RIP: 0033:0x7f46cd18e929 [ 304.836500][ T7094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.836515][ T7094] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 304.836535][ T7094] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929 [ 304.836548][ T7094] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000012 [ 304.836559][ T7094] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000 [ 304.836570][ T7094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.836581][ T7094] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8 [ 304.836612][ T7094] [ 305.135512][ T7098] FAULT_INJECTION: forcing a failure. [ 305.135512][ T7098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.247080][ T7098] CPU: 1 UID: 0 PID: 7098 Comm: syz.4.352 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 305.247108][ T7098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.247120][ T7098] Call Trace: [ 305.247128][ T7098] [ 305.247135][ T7098] dump_stack_lvl+0x189/0x250 [ 305.247162][ T7098] ? __pfx____ratelimit+0x10/0x10 [ 305.247190][ T7098] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.247211][ T7098] ? __pfx__printk+0x10/0x10 [ 305.247235][ T7098] ? __might_fault+0xb0/0x130 [ 305.247272][ T7098] should_fail_ex+0x414/0x560 [ 305.247304][ T7098] _copy_from_user+0x2d/0xb0 [ 305.247327][ T7098] video_usercopy+0x354/0x14f0 [ 305.247356][ T7098] ? smk_tskacc+0x2fc/0x370 [ 305.247378][ T7098] ? __pfx___video_do_ioctl+0x10/0x10 [ 305.247410][ T7098] ? __pfx_video_usercopy+0x10/0x10 [ 305.247429][ T7098] ? smack_file_ioctl+0x2a9/0x340 [ 305.247471][ T7098] ? __fget_files+0x2a/0x420 [ 305.247487][ T7098] ? __fget_files+0x3a0/0x420 [ 305.247508][ T7098] v4l2_ioctl+0x18a/0x1e0 [ 305.247530][ T7098] ? __pfx_v4l2_ioctl+0x10/0x10 [ 305.247551][ T7098] __se_sys_ioctl+0xf9/0x170 [ 305.247577][ T7098] do_syscall_64+0xfa/0x3b0 [ 305.247594][ T7098] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.247619][ T7098] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.247636][ T7098] ? clear_bhb_loop+0x60/0xb0 [ 305.247658][ T7098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.247674][ T7098] RIP: 0033:0x7f9f8b98e929 [ 305.247691][ T7098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.247707][ T7098] RSP: 002b:00007f9f897d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 305.247729][ T7098] RAX: ffffffffffffffda RBX: 00007f9f8bbb6080 RCX: 00007f9f8b98e929 [ 305.247742][ T7098] RDX: 0000200000000400 RSI: 00000000c0205648 RDI: 0000000000000005 [ 305.247755][ T7098] RBP: 00007f9f897d5090 R08: 0000000000000000 R09: 0000000000000000 [ 305.247767][ T7098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.247778][ T7098] R13: 0000000000000000 R14: 00007f9f8bbb6080 R15: 00007ffcfb69b138 [ 305.247809][ T7098] [ 306.843675][ T7124] syz.3.361 uses obsolete (PF_INET,SOCK_PACKET) [ 307.090831][ T5942] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 307.559604][ T5942] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 307.579585][ T5942] usb 1-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config [ 307.595634][ T5942] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 307.622615][ T5942] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 307.658949][ T5942] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 307.700899][ T5942] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 307.709088][ T5942] usb 1-1: Product: syz [ 307.779523][ T5942] usb 1-1: Manufacturer: syz [ 307.816958][ T5942] cdc_wdm 1-1:1.0: skipping garbage [ 307.832426][ T5942] cdc_wdm 1-1:1.0: skipping garbage [ 307.837752][ T5942] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 308.025088][ T5942] usb 1-1: USB disconnect, device number 10 [ 308.342296][ T7155] netlink: 'syz.1.370': attribute type 4 has an invalid length. [ 308.350447][ T7155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.370'. [ 309.566220][ T7172] fuse: Bad value for 'fd' [ 309.730935][ T5942] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 310.318854][ T7175] mmap: syz.0.379 (7175): VmData 25972736 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data. [ 310.819198][ T5942] usb 2-1: Using ep0 maxpacket: 8 [ 310.839525][ T5942] usb 2-1: unable to get BOS descriptor or descriptor too short [ 310.856427][ T5942] usb 2-1: config index 0 descriptor too short (expected 274, got 18) [ 310.865482][ T5942] usb 2-1: config 4 interface 0 has no altsetting 0 [ 311.003694][ T5942] usb 2-1: string descriptor 0 read error: -22 [ 311.017894][ T5942] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 311.046068][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.091744][ T5942] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 311.118609][ T5942] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 311.186454][ T5942] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 311.223445][ T5942] usb 2-1: media controller created [ 311.276853][ T7168] usb 2-1: dvb_usb_au6610: wlen=132, aborting [ 311.329473][ T5942] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 311.813995][ T5942] zl10353_read_register: readreg error (reg=127, ret==0) [ 312.001846][ T5942] usb 2-1: USB disconnect, device number 16 [ 312.668364][ T7215] input: syz0 as /devices/virtual/input/input12 [ 312.881203][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 313.141332][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 313.672930][ T24] usb 1-1: config 5 has an invalid interface number: 35 but max is 0 [ 313.703392][ T24] usb 1-1: config 5 has no interface number 0 [ 313.709589][ T24] usb 1-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10 [ 313.761024][ T24] usb 1-1: config 5 interface 35 has no altsetting 0 [ 313.800561][ T24] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b [ 313.832925][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.897406][ T24] usb 1-1: Product: syz [ 313.943558][ T24] usb 1-1: Manufacturer: syz [ 313.973112][ T24] usb 1-1: SerialNumber: syz [ 314.767797][ T7238] netlink: 8 bytes leftover after parsing attributes in process `syz.3.399'. [ 314.836457][ T7238] netlink: 'syz.3.399': attribute type 1 has an invalid length. [ 314.885671][ T7238] netlink: 'syz.3.399': attribute type 2 has an invalid length. [ 315.554447][ T24] ttusbir 1-1:5.35: cannot find expected altsetting [ 315.589428][ T24] usb 1-1: USB disconnect, device number 11 [ 316.012572][ T44] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 316.082246][ T7259] netlink: 112 bytes leftover after parsing attributes in process `syz.2.407'. [ 316.193460][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 316.210050][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.230966][ T5922] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 316.249215][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.260627][ T44] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 316.284244][ T44] usb 4-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.00 [ 316.295111][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.303064][ T5815] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 316.311964][ T44] usb 4-1: config 0 descriptor?? [ 316.482983][ T5815] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 316.494667][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 316.505883][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 316.517003][ T5815] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 316.566449][ T5922] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 316.628485][ T5922] usb 5-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config [ 316.775946][ T5922] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 316.867327][ T5922] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 317.023475][ T5922] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 317.079491][ T5815] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 317.088674][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.103959][ T7249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 317.104444][ T7249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 317.105241][ T5815] usb 2-1: config 0 descriptor?? [ 317.368128][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 317.372455][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.377054][ T5922] usb 5-1: Product: syz [ 317.399544][ T5922] usb 5-1: Manufacturer: syz [ 317.437851][ T5922] cdc_wdm 5-1:1.0: skipping garbage [ 318.049767][ T44] hid (null): global environment stack underflow [ 318.056293][ T5922] cdc_wdm 5-1:1.0: skipping garbage [ 318.069157][ T44] lg-g15 0003:046D:C227.0005: global environment stack underflow [ 318.077180][ T5922] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 318.104290][ T44] lg-g15 0003:046D:C227.0005: item 0 4 1 11 parsing failed [ 318.121231][ T5922] usb 5-1: USB disconnect, device number 13 [ 318.131816][ T44] lg-g15 0003:046D:C227.0005: probe with driver lg-g15 failed with error -22 [ 318.264710][ T7258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.406'. [ 318.280382][ T7258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'. [ 318.366731][ T5815] usbhid 2-1:0.0: can't add hid device: -71 [ 318.384179][ T5815] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 318.403716][ T5815] usb 2-1: USB disconnect, device number 17 [ 318.581434][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 318.741006][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 318.757253][ T10] usb 1-1: config 5 has an invalid interface number: 35 but max is 0 [ 318.772351][ T10] usb 1-1: config 5 has no interface number 0 [ 318.783885][ T10] usb 1-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10 [ 318.799237][ T10] usb 1-1: config 5 interface 35 has no altsetting 0 [ 318.811184][ T10] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b [ 318.821133][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.829862][ T10] usb 1-1: Product: syz [ 318.848984][ T10] usb 1-1: Manufacturer: syz [ 318.858071][ T10] usb 1-1: SerialNumber: syz [ 319.174524][ T44] usb 4-1: USB disconnect, device number 14 [ 321.293792][ T10] ttusbir 1-1:5.35: cannot find expected altsetting [ 321.340921][ T10] usb 1-1: USB disconnect, device number 12 [ 323.353694][ T7340] xt_bpf: check failed: parse error [ 323.513923][ T7341] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 323.645338][ T7341] netlink: 68 bytes leftover after parsing attributes in process `syz.1.425'. [ 323.728280][ T7352] FAULT_INJECTION: forcing a failure. [ 323.728280][ T7352] name failslab, interval 1, probability 0, space 0, times 0 [ 323.741376][ T44] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 323.776120][ T7352] CPU: 1 UID: 0 PID: 7352 Comm: syz.3.439 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 323.776157][ T7352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.776170][ T7352] Call Trace: [ 323.776179][ T7352] [ 323.776188][ T7352] dump_stack_lvl+0x189/0x250 [ 323.776217][ T7352] ? __pfx____ratelimit+0x10/0x10 [ 323.776246][ T7352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.776267][ T7352] ? __pfx__printk+0x10/0x10 [ 323.776299][ T7352] ? __pfx___might_resched+0x10/0x10 [ 323.776326][ T7352] should_fail_ex+0x414/0x560 [ 323.776359][ T7352] should_failslab+0xa8/0x100 [ 323.776389][ T7352] __kmalloc_noprof+0xcb/0x4f0 [ 323.776414][ T7352] ? sk_prot_alloc+0xe7/0x220 [ 323.776441][ T7352] sk_prot_alloc+0xe7/0x220 [ 323.776461][ T7352] ? sk_alloc+0x24/0x370 [ 323.776485][ T7352] sk_alloc+0x3a/0x370 [ 323.776506][ T7352] ? bpf_ctx_init+0x167/0x1d0 [ 323.776531][ T7352] bpf_prog_test_run_skb+0x2ed/0x1560 [ 323.776552][ T7352] ? __fget_files+0x2a/0x420 [ 323.776587][ T7352] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 323.776609][ T7352] bpf_prog_test_run+0x2c4/0x340 [ 323.776643][ T7352] __sys_bpf+0x4a4/0x860 [ 323.776672][ T7352] ? __pfx___sys_bpf+0x10/0x10 [ 323.776714][ T7352] ? ksys_write+0x22a/0x250 [ 323.776743][ T7352] ? __pfx_ksys_write+0x10/0x10 [ 323.776765][ T7352] ? rcu_is_watching+0x15/0xb0 [ 323.776794][ T7352] __x64_sys_bpf+0x7c/0x90 [ 323.776821][ T7352] do_syscall_64+0xfa/0x3b0 [ 323.776839][ T7352] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.776865][ T7352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.776884][ T7352] ? clear_bhb_loop+0x60/0xb0 [ 323.776907][ T7352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.776926][ T7352] RIP: 0033:0x7f1620f8e929 [ 323.776945][ T7352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.776961][ T7352] RSP: 002b:00007f1621d29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 323.776983][ T7352] RAX: ffffffffffffffda RBX: 00007f16211b5fa0 RCX: 00007f1620f8e929 [ 323.776997][ T7352] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 000000000000000a [ 323.777009][ T7352] RBP: 00007f1621d29090 R08: 0000000000000000 R09: 0000000000000000 [ 323.777021][ T7352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.777032][ T7352] R13: 0000000000000000 R14: 00007f16211b5fa0 R15: 00007ffca6d652f8 [ 323.777065][ T7352] [ 324.018928][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.203040][ T30] kauditd_printk_skb: 46 callbacks suppressed [ 324.203061][ T30] audit: type=1326 audit(1751970515.062:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7353 comm="syz.0.440" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f46cd18e929 code=0x0 [ 324.210760][ T44] usb 3-1: Using ep0 maxpacket: 8 [ 324.230603][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.244689][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 324.256050][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 324.265903][ T44] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 324.275679][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 324.285599][ T44] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 324.295490][ T44] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 324.304648][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.318493][ T44] usb 3-1: config 0 descriptor?? [ 324.364538][ T5874] Bluetooth: hci5: urb ffff888034bba700 submission failed (90) [ 324.568475][ T44] usb 3-1: USB disconnect, device number 10 [ 328.011645][ T7407] FAULT_INJECTION: forcing a failure. [ 328.011645][ T7407] name failslab, interval 1, probability 0, space 0, times 0 [ 328.051941][ T7406] FAULT_INJECTION: forcing a failure. [ 328.051941][ T7406] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.095800][ T7407] CPU: 0 UID: 0 PID: 7407 Comm: syz.4.454 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 328.095830][ T7407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.095843][ T7407] Call Trace: [ 328.095851][ T7407] [ 328.095859][ T7407] dump_stack_lvl+0x189/0x250 [ 328.095887][ T7407] ? __pfx____ratelimit+0x10/0x10 [ 328.095915][ T7407] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.095935][ T7407] ? __pfx__printk+0x10/0x10 [ 328.095967][ T7407] ? ref_tracker_alloc+0x318/0x460 [ 328.095997][ T7407] should_fail_ex+0x414/0x560 [ 328.096028][ T7407] should_failslab+0xa8/0x100 [ 328.096057][ T7407] kmem_cache_alloc_noprof+0x73/0x3c0 [ 328.096081][ T7407] ? skb_clone+0x212/0x3a0 [ 328.096108][ T7407] skb_clone+0x212/0x3a0 [ 328.096132][ T7407] __netlink_deliver_tap+0x404/0x850 [ 328.096166][ T7407] ? netlink_deliver_tap+0x2e/0x1b0 [ 328.096188][ T7407] netlink_deliver_tap+0x19c/0x1b0 [ 328.096210][ T7407] netlink_unicast+0x72f/0x8d0 [ 328.096241][ T7407] netlink_sendmsg+0x805/0xb30 [ 328.096273][ T7407] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.096304][ T7407] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 328.096340][ T7407] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.096361][ T7407] __sock_sendmsg+0x21c/0x270 [ 328.096391][ T7407] ____sys_sendmsg+0x505/0x830 [ 328.096420][ T7407] ? __pfx_____sys_sendmsg+0x10/0x10 [ 328.096455][ T7407] ? import_iovec+0x74/0xa0 [ 328.096480][ T7407] ___sys_sendmsg+0x21f/0x2a0 [ 328.096504][ T7407] ? __pfx____sys_sendmsg+0x10/0x10 [ 328.096567][ T7407] ? __fget_files+0x2a/0x420 [ 328.096583][ T7407] ? __fget_files+0x3a0/0x420 [ 328.096611][ T7407] __x64_sys_sendmsg+0x19b/0x260 [ 328.096636][ T7407] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 328.096671][ T7407] ? __pfx_ksys_write+0x10/0x10 [ 328.096693][ T7407] ? rcu_is_watching+0x15/0xb0 [ 328.096720][ T7407] ? do_syscall_64+0xbe/0x3b0 [ 328.096745][ T7407] do_syscall_64+0xfa/0x3b0 [ 328.096761][ T7407] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.096786][ T7407] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.096802][ T7407] ? clear_bhb_loop+0x60/0xb0 [ 328.096824][ T7407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.096841][ T7407] RIP: 0033:0x7f9f8b98e929 [ 328.096858][ T7407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.096871][ T7407] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.096893][ T7407] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929 [ 328.096906][ T7407] RDX: 0000000004008050 RSI: 0000200000000280 RDI: 0000000000000003 [ 328.096918][ T7407] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000 [ 328.096929][ T7407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.096939][ T7407] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138 [ 328.096968][ T7407] [ 328.393338][ T7406] CPU: 1 UID: 0 PID: 7406 Comm: syz.1.451 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 328.393370][ T7406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.393381][ T7406] Call Trace: [ 328.393389][ T7406] [ 328.393398][ T7406] dump_stack_lvl+0x189/0x250 [ 328.393425][ T7406] ? __pfx____ratelimit+0x10/0x10 [ 328.393463][ T7406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.393483][ T7406] ? __pfx__printk+0x10/0x10 [ 328.393508][ T7406] ? __might_fault+0xb0/0x130 [ 328.393548][ T7406] should_fail_ex+0x414/0x560 [ 328.393581][ T7406] _copy_from_iter+0x1db/0x16f0 [ 328.393605][ T7406] ? rcu_is_watching+0x15/0xb0 [ 328.393628][ T7406] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 328.393656][ T7406] ? __pfx__copy_from_iter+0x10/0x10 [ 328.393677][ T7406] ? __build_skb_around+0x257/0x3e0 [ 328.393703][ T7406] ? netlink_sendmsg+0x642/0xb30 [ 328.393723][ T7406] ? skb_put+0x11b/0x210 [ 328.393748][ T7406] netlink_sendmsg+0x6b2/0xb30 [ 328.393782][ T7406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.393814][ T7406] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 328.393839][ T7406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.393862][ T7406] __sock_sendmsg+0x21c/0x270 [ 328.393893][ T7406] ____sys_sendmsg+0x505/0x830 [ 328.393923][ T7406] ? __pfx_____sys_sendmsg+0x10/0x10 [ 328.393957][ T7406] ? import_iovec+0x74/0xa0 [ 328.393982][ T7406] ___sys_sendmsg+0x21f/0x2a0 [ 328.394014][ T7406] ? __pfx____sys_sendmsg+0x10/0x10 [ 328.394081][ T7406] ? __fget_files+0x2a/0x420 [ 328.394097][ T7406] ? __fget_files+0x3a0/0x420 [ 328.394126][ T7406] __x64_sys_sendmsg+0x19b/0x260 [ 328.394154][ T7406] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 328.394187][ T7406] ? __pfx_ksys_write+0x10/0x10 [ 328.394209][ T7406] ? rcu_is_watching+0x15/0xb0 [ 328.394235][ T7406] ? do_syscall_64+0xbe/0x3b0 [ 328.394258][ T7406] do_syscall_64+0xfa/0x3b0 [ 328.394274][ T7406] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.394300][ T7406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.394318][ T7406] ? clear_bhb_loop+0x60/0xb0 [ 328.394341][ T7406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.394359][ T7406] RIP: 0033:0x7f38ad38e929 [ 328.394377][ T7406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.394393][ T7406] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.394416][ T7406] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929 [ 328.394436][ T7406] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000003 [ 328.394448][ T7406] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000 [ 328.394460][ T7406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.394471][ T7406] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8 [ 328.394502][ T7406] [ 328.919055][ T7414] fuse: Unknown parameter '0x0000000000000003' [ 329.085938][ T7420] netlink: 40 bytes leftover after parsing attributes in process `syz.1.459'. [ 329.951168][ T44] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 330.291054][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 330.420806][ T44] usb 4-1: device descriptor read/64, error -32 [ 330.767128][ T44] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 331.105566][ T44] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 331.371688][ T7442] FAULT_INJECTION: forcing a failure. [ 331.371688][ T7442] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.389231][ T44] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 331.430495][ T7442] CPU: 1 UID: 0 PID: 7442 Comm: syz.4.469 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 331.430529][ T7442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 331.430540][ T7442] Call Trace: [ 331.430549][ T7442] [ 331.430557][ T7442] dump_stack_lvl+0x189/0x250 [ 331.430585][ T7442] ? __pfx____ratelimit+0x10/0x10 [ 331.430613][ T7442] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.430634][ T7442] ? __pfx__printk+0x10/0x10 [ 331.430671][ T7442] should_fail_ex+0x414/0x560 [ 331.430701][ T7442] _copy_to_user+0x31/0xb0 [ 331.430725][ T7442] simple_read_from_buffer+0xe1/0x170 [ 331.430758][ T7442] proc_fail_nth_read+0x1df/0x250 [ 331.430783][ T7442] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.430807][ T7442] ? rw_verify_area+0x258/0x650 [ 331.430830][ T7442] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.430851][ T7442] vfs_read+0x1fd/0x980 [ 331.430882][ T7442] ? __pfx___mutex_lock+0x10/0x10 [ 331.430902][ T7442] ? __pfx_vfs_read+0x10/0x10 [ 331.430927][ T7442] ? __fget_files+0x2a/0x420 [ 331.430950][ T7442] ? __fget_files+0x3a0/0x420 [ 331.430966][ T7442] ? __fget_files+0x2a/0x420 [ 331.430994][ T7442] ksys_read+0x145/0x250 [ 331.431015][ T7442] ? __fget_files+0x2a/0x420 [ 331.431035][ T7442] ? __pfx_ksys_read+0x10/0x10 [ 331.431066][ T7442] ? do_syscall_64+0xbe/0x3b0 [ 331.431088][ T7442] do_syscall_64+0xfa/0x3b0 [ 331.431106][ T7442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.431122][ T7442] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 331.431140][ T7442] ? clear_bhb_loop+0x60/0xb0 [ 331.431175][ T7442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.431193][ T7442] RIP: 0033:0x7f9f8b98d33c [ 331.431211][ T7442] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 331.431228][ T7442] RSP: 002b:00007f9f897f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 331.431250][ T7442] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98d33c [ 331.431264][ T7442] RDX: 000000000000000f RSI: 00007f9f897f60a0 RDI: 0000000000000006 [ 331.431276][ T7442] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000 [ 331.431288][ T7442] R10: 0000200000003080 R11: 0000000000000246 R12: 0000000000000001 [ 331.431300][ T7442] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138 [ 331.431333][ T7442] [ 331.743845][ T44] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 331.746537][ T7446] 9pnet_fd: Insufficient options for proto=fd [ 331.753180][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.767852][ T7448] fuse: Unknown parameter '0x0000000000000003' [ 331.774447][ T44] usb 4-1: Product: syz [ 331.778654][ T44] usb 4-1: Manufacturer: syz [ 331.783460][ T44] usb 4-1: SerialNumber: syz [ 331.793510][ T44] usb 4-1: config 0 descriptor?? [ 331.799319][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 331.821011][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 332.038212][ T7453] kvm_intel: kvm [7450]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 332.053135][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 332.060481][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 332.294235][ T7431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 332.320288][ T7431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 332.444876][ T44] Error reading MAC address [ 332.456194][ T44] usb 4-1: USB disconnect, device number 16 [ 334.162463][ T7478] FAULT_INJECTION: forcing a failure. [ 334.162463][ T7478] name failslab, interval 1, probability 0, space 0, times 0 [ 334.246507][ T7478] CPU: 1 UID: 0 PID: 7478 Comm: syz.0.478 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 334.246536][ T7478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.246549][ T7478] Call Trace: [ 334.246557][ T7478] [ 334.246566][ T7478] dump_stack_lvl+0x189/0x250 [ 334.246593][ T7478] ? __pfx____ratelimit+0x10/0x10 [ 334.246621][ T7478] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.246642][ T7478] ? __pfx__printk+0x10/0x10 [ 334.246675][ T7478] ? ref_tracker_alloc+0x318/0x460 [ 334.246706][ T7478] should_fail_ex+0x414/0x560 [ 334.246738][ T7478] should_failslab+0xa8/0x100 [ 334.246767][ T7478] kmem_cache_alloc_noprof+0x73/0x3c0 [ 334.246792][ T7478] ? skb_clone+0x212/0x3a0 [ 334.246822][ T7478] skb_clone+0x212/0x3a0 [ 334.246850][ T7478] __netlink_deliver_tap+0x404/0x850 [ 334.246887][ T7478] ? netlink_deliver_tap+0x2e/0x1b0 [ 334.246911][ T7478] netlink_deliver_tap+0x19c/0x1b0 [ 334.246934][ T7478] netlink_unicast+0x72f/0x8d0 [ 334.246966][ T7478] netlink_sendmsg+0x805/0xb30 [ 334.246999][ T7478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.247031][ T7478] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 334.247055][ T7478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.247086][ T7478] __sock_sendmsg+0x21c/0x270 [ 334.247118][ T7478] ____sys_sendmsg+0x505/0x830 [ 334.247148][ T7478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 334.247182][ T7478] ? import_iovec+0x74/0xa0 [ 334.247208][ T7478] ___sys_sendmsg+0x21f/0x2a0 [ 334.247234][ T7478] ? __pfx____sys_sendmsg+0x10/0x10 [ 334.247300][ T7478] ? __fget_files+0x2a/0x420 [ 334.247317][ T7478] ? __fget_files+0x3a0/0x420 [ 334.247347][ T7478] __x64_sys_sendmsg+0x19b/0x260 [ 334.247374][ T7478] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 334.247410][ T7478] ? __pfx_ksys_write+0x10/0x10 [ 334.247431][ T7478] ? rcu_is_watching+0x15/0xb0 [ 334.247459][ T7478] ? do_syscall_64+0xbe/0x3b0 [ 334.247481][ T7478] do_syscall_64+0xfa/0x3b0 [ 334.247497][ T7478] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.247522][ T7478] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.247546][ T7478] ? clear_bhb_loop+0x60/0xb0 [ 334.247569][ T7478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.247587][ T7478] RIP: 0033:0x7f46cd18e929 [ 334.247605][ T7478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.247620][ T7478] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 334.247642][ T7478] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929 [ 334.247656][ T7478] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 334.247668][ T7478] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000 [ 334.247679][ T7478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.247690][ T7478] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8 [ 334.247723][ T7478] [ 334.942098][ T5868] Bluetooth: hci0: command 0x0406 tx timeout [ 334.949004][ T5868] Bluetooth: hci1: command 0x0406 tx timeout [ 334.955613][ T5868] Bluetooth: hci3: command 0x0406 tx timeout [ 334.963075][ T5875] Bluetooth: hci2: command 0x0406 tx timeout [ 335.827514][ T7487] FAULT_INJECTION: forcing a failure. [ 335.827514][ T7487] name failslab, interval 1, probability 0, space 0, times 0 [ 335.914443][ T7487] CPU: 0 UID: 0 PID: 7487 Comm: syz.1.482 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 335.914473][ T7487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.914485][ T7487] Call Trace: [ 335.914493][ T7487] [ 335.914501][ T7487] dump_stack_lvl+0x189/0x250 [ 335.914529][ T7487] ? __pfx____ratelimit+0x10/0x10 [ 335.914557][ T7487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.914578][ T7487] ? __pfx__printk+0x10/0x10 [ 335.914607][ T7487] ? __pfx___might_resched+0x10/0x10 [ 335.914633][ T7487] should_fail_ex+0x414/0x560 [ 335.914664][ T7487] should_failslab+0xa8/0x100 [ 335.914693][ T7487] kmem_cache_alloc_noprof+0x73/0x3c0 [ 335.914717][ T7487] ? getname_flags+0xb8/0x540 [ 335.914741][ T7487] getname_flags+0xb8/0x540 [ 335.914757][ T7487] ? _copy_from_user+0x94/0xb0 [ 335.914781][ T7487] user_path_at+0x24/0x60 [ 335.914804][ T7487] __se_sys_mount+0x2d3/0x410 [ 335.914829][ T7487] ? __pfx___se_sys_mount+0x10/0x10 [ 335.914844][ T7487] ? rcu_is_watching+0x15/0xb0 [ 335.914870][ T7487] ? do_syscall_64+0xbe/0x3b0 [ 335.914886][ T7487] ? __x64_sys_mount+0x20/0xc0 [ 335.914906][ T7487] do_syscall_64+0xfa/0x3b0 [ 335.914921][ T7487] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.914947][ T7487] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.914966][ T7487] ? clear_bhb_loop+0x60/0xb0 [ 335.914988][ T7487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.915006][ T7487] RIP: 0033:0x7f38ad38e929 [ 335.915024][ T7487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.915040][ T7487] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 335.915060][ T7487] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929 [ 335.915073][ T7487] RDX: 0000200000002280 RSI: 0000200000000100 RDI: 0000200000000040 [ 335.915086][ T7487] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000 [ 335.915097][ T7487] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 335.915108][ T7487] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8 [ 335.915139][ T7487] [ 336.183425][ T7489] fuse: Unknown parameter 'usr_id' [ 338.061393][ T7515] FAULT_INJECTION: forcing a failure. [ 338.061393][ T7515] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.178237][ T7515] CPU: 0 UID: 0 PID: 7515 Comm: syz.3.492 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 338.178264][ T7515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.178274][ T7515] Call Trace: [ 338.178282][ T7515] [ 338.178291][ T7515] dump_stack_lvl+0x189/0x250 [ 338.178317][ T7515] ? __pfx____ratelimit+0x10/0x10 [ 338.178345][ T7515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.178366][ T7515] ? __pfx__printk+0x10/0x10 [ 338.178404][ T7515] should_fail_ex+0x414/0x560 [ 338.178437][ T7515] _copy_to_user+0x31/0xb0 [ 338.178462][ T7515] video_usercopy+0xeb2/0x14f0 [ 338.178497][ T7515] ? __pfx___video_do_ioctl+0x10/0x10 [ 338.178520][ T7515] ? __pfx_video_usercopy+0x10/0x10 [ 338.178540][ T7515] ? smack_file_ioctl+0x2a9/0x340 [ 338.178582][ T7515] ? __fget_files+0x2a/0x420 [ 338.178599][ T7515] ? __fget_files+0x3a0/0x420 [ 338.178620][ T7515] v4l2_ioctl+0x18a/0x1e0 [ 338.178643][ T7515] ? __pfx_v4l2_ioctl+0x10/0x10 [ 338.178664][ T7515] __se_sys_ioctl+0xf9/0x170 [ 338.178691][ T7515] do_syscall_64+0xfa/0x3b0 [ 338.178711][ T7515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.178728][ T7515] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 338.178745][ T7515] ? clear_bhb_loop+0x60/0xb0 [ 338.178768][ T7515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.178787][ T7515] RIP: 0033:0x7f1620f8e929 [ 338.178804][ T7515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.178821][ T7515] RSP: 002b:00007f161edf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 338.178842][ T7515] RAX: ffffffffffffffda RBX: 00007f16211b6080 RCX: 00007f1620f8e929 [ 338.178855][ T7515] RDX: 0000200000000400 RSI: 00000000c0205648 RDI: 0000000000000005 [ 338.178868][ T7515] RBP: 00007f161edf6090 R08: 0000000000000000 R09: 0000000000000000 [ 338.178879][ T7515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 338.178891][ T7515] R13: 0000000000000000 R14: 00007f16211b6080 R15: 00007ffca6d652f8 [ 338.178922][ T7515] [ 338.381788][ C0] vkms_vblank_simulate: vblank timer overrun [ 338.432044][ T7519] syz.1.495: attempt to access beyond end of device [ 338.432044][ T7519] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0 [ 338.446087][ T7519] hfs: can't find a HFS filesystem on dev nbd1 [ 338.622164][ T7519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'. [ 338.656100][ T7526] netlink: 112 bytes leftover after parsing attributes in process `syz.4.493'. [ 338.725154][ T7519] Illegal XDP return value 4294967294 on prog (id 72) dev N/A, expect packet loss! [ 341.248166][ T7554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.508'. [ 341.583592][ T7561] netlink: 112 bytes leftover after parsing attributes in process `syz.1.509'. [ 341.681389][ T5815] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 341.735803][ T7570] FAULT_INJECTION: forcing a failure. [ 341.735803][ T7570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 341.767033][ T7570] CPU: 1 UID: 0 PID: 7570 Comm: syz.2.511 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 341.767061][ T7570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 341.767075][ T7570] Call Trace: [ 341.767082][ T7570] [ 341.767091][ T7570] dump_stack_lvl+0x189/0x250 [ 341.767118][ T7570] ? __pfx____ratelimit+0x10/0x10 [ 341.767147][ T7570] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.767168][ T7570] ? __pfx__printk+0x10/0x10 [ 341.767201][ T7570] ? __might_fault+0xb0/0x130 [ 341.767241][ T7570] should_fail_ex+0x414/0x560 [ 341.767272][ T7570] _copy_from_iter+0x1db/0x16f0 [ 341.767296][ T7570] ? rcu_is_watching+0x15/0xb0 [ 341.767319][ T7570] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 341.767346][ T7570] ? __pfx__copy_from_iter+0x10/0x10 [ 341.767365][ T7570] ? __build_skb_around+0x257/0x3e0 [ 341.767390][ T7570] ? netlink_sendmsg+0x642/0xb30 [ 341.767409][ T7570] ? skb_put+0x11b/0x210 [ 341.767433][ T7570] netlink_sendmsg+0x6b2/0xb30 [ 341.767463][ T7570] ? __pfx_netlink_sendmsg+0x10/0x10 [ 341.767493][ T7570] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 341.767517][ T7570] ? __pfx_netlink_sendmsg+0x10/0x10 [ 341.767539][ T7570] __sock_sendmsg+0x21c/0x270 [ 341.767570][ T7570] ____sys_sendmsg+0x505/0x830 [ 341.767599][ T7570] ? __pfx_____sys_sendmsg+0x10/0x10 [ 341.767632][ T7570] ? import_iovec+0x74/0xa0 [ 341.767658][ T7570] ___sys_sendmsg+0x21f/0x2a0 [ 341.767683][ T7570] ? __pfx____sys_sendmsg+0x10/0x10 [ 341.767747][ T7570] ? __fget_files+0x2a/0x420 [ 341.767763][ T7570] ? __fget_files+0x3a0/0x420 [ 341.767793][ T7570] __x64_sys_sendmsg+0x19b/0x260 [ 341.767819][ T7570] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 341.767854][ T7570] ? __pfx_ksys_write+0x10/0x10 [ 341.767876][ T7570] ? rcu_is_watching+0x15/0xb0 [ 341.767902][ T7570] ? do_syscall_64+0xbe/0x3b0 [ 341.767925][ T7570] do_syscall_64+0xfa/0x3b0 [ 341.767940][ T7570] ? lockdep_hardirqs_on+0x9c/0x150 [ 341.767964][ T7570] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.767983][ T7570] ? clear_bhb_loop+0x60/0xb0 [ 341.768006][ T7570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.768024][ T7570] RIP: 0033:0x7f57bcd8e929 [ 341.768042][ T7570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.768057][ T7570] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 341.768080][ T7570] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929 [ 341.768094][ T7570] RDX: 00000000000448d0 RSI: 0000200000000240 RDI: 0000000000000003 [ 341.768107][ T7570] RBP: 00007f57bdb4d090 R08: 0000000000000000 R09: 0000000000000000 [ 341.768119][ T7570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.768129][ T7570] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8 [ 341.768161][ T7570] [ 342.096641][ T5815] usb 4-1: Using ep0 maxpacket: 8 [ 342.124715][ T5815] usb 4-1: unable to get BOS descriptor or descriptor too short [ 342.147821][ T5815] usb 4-1: config index 0 descriptor too short (expected 274, got 18) [ 342.156362][ T5815] usb 4-1: config 4 interface 0 has no altsetting 0 [ 342.242998][ T7577] FAULT_INJECTION: forcing a failure. [ 342.242998][ T7577] name failslab, interval 1, probability 0, space 0, times 0 [ 342.255959][ T7577] CPU: 0 UID: 0 PID: 7577 Comm: syz.0.514 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 342.255986][ T7577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.255997][ T7577] Call Trace: [ 342.256004][ T7577] [ 342.256012][ T7577] dump_stack_lvl+0x189/0x250 [ 342.256039][ T7577] ? __pfx____ratelimit+0x10/0x10 [ 342.256068][ T7577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.256089][ T7577] ? __pfx__printk+0x10/0x10 [ 342.256120][ T7577] ? __pfx___might_resched+0x10/0x10 [ 342.256146][ T7577] should_fail_ex+0x414/0x560 [ 342.256183][ T7577] should_failslab+0xa8/0x100 [ 342.256213][ T7577] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 342.256240][ T7577] ? __alloc_skb+0x112/0x2d0 [ 342.256266][ T7577] __alloc_skb+0x112/0x2d0 [ 342.256292][ T7577] netlink_sendmsg+0x5c6/0xb30 [ 342.256316][ T7577] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 342.256351][ T7577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.256383][ T7577] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 342.256410][ T7577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.256434][ T7577] __sock_sendmsg+0x21c/0x270 [ 342.256465][ T7577] sock_write_iter+0x258/0x330 [ 342.256495][ T7577] ? __pfx_sock_write_iter+0x10/0x10 [ 342.256534][ T7577] ? __lock_acquire+0xab9/0xd20 [ 342.256563][ T7577] do_iter_readv_writev+0x56e/0x7f0 [ 342.256594][ T7577] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 342.256626][ T7577] ? bpf_lsm_file_permission+0x9/0x20 [ 342.256642][ T7577] ? security_file_permission+0x75/0x290 [ 342.256671][ T7577] ? rw_verify_area+0x258/0x650 [ 342.256699][ T7577] vfs_writev+0x31a/0x960 [ 342.256723][ T7577] ? __lock_acquire+0xab9/0xd20 [ 342.256743][ T7577] ? __pfx_vfs_writev+0x10/0x10 [ 342.256779][ T7577] ? __fget_files+0x2a/0x420 [ 342.256802][ T7577] ? __fget_files+0x3a0/0x420 [ 342.256817][ T7577] ? __fget_files+0x2a/0x420 [ 342.256845][ T7577] do_writev+0x14d/0x2d0 [ 342.256867][ T7577] ? __pfx_do_writev+0x10/0x10 [ 342.256892][ T7577] ? do_syscall_64+0xbe/0x3b0 [ 342.256915][ T7577] do_syscall_64+0xfa/0x3b0 [ 342.256932][ T7577] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.256950][ T7577] ? asm_sysvec_call_function_single+0x1a/0x20 [ 342.256968][ T7577] ? clear_bhb_loop+0x60/0xb0 [ 342.256991][ T7577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.257009][ T7577] RIP: 0033:0x7f46cd18e929 [ 342.257027][ T7577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.257042][ T7577] RSP: 002b:00007f46ce019038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 342.257062][ T7577] RAX: ffffffffffffffda RBX: 00007f46cd3b6080 RCX: 00007f46cd18e929 [ 342.257076][ T7577] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003 [ 342.257089][ T7577] RBP: 00007f46ce019090 R08: 0000000000000000 R09: 0000000000000000 [ 342.257098][ T7577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 342.257108][ T7577] R13: 0000000000000000 R14: 00007f46cd3b6080 R15: 00007ffdba3f25d8 [ 342.257138][ T7577] [ 342.553602][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.993556][ T5815] usb 4-1: string descriptor 0 read error: -22 [ 343.021769][ T5815] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 343.030981][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.083418][ T5815] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 343.097401][ T5815] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 343.110944][ T5815] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 343.118167][ T5815] usb 4-1: media controller created [ 343.146722][ T5815] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 344.241721][ T5815] zl10353_read_register: readreg error (reg=127, ret==0) [ 344.242744][ T7557] usb 4-1: dvb_usb_au6610: wlen=132, aborting [ 344.738988][ T7599] netlink: 112 bytes leftover after parsing attributes in process `syz.0.522'. [ 345.783610][ T5815] usb 4-1: USB disconnect, device number 17 [ 345.803849][ T7612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.911374][ T7612] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.033026][ T6037] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 346.740774][ T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 346.919916][ T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 346.997707][ T9] usb 4-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 347.106545][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 347.193209][ T7646] FAULT_INJECTION: forcing a failure. [ 347.193209][ T7646] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 347.234216][ T9] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 347.362108][ T7646] CPU: 0 UID: 0 PID: 7646 Comm: syz.0.535 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 347.362138][ T7646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 347.362149][ T7646] Call Trace: [ 347.362157][ T7646] [ 347.362166][ T7646] dump_stack_lvl+0x189/0x250 [ 347.362193][ T7646] ? __pfx____ratelimit+0x10/0x10 [ 347.362221][ T7646] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.362242][ T7646] ? __pfx__printk+0x10/0x10 [ 347.362266][ T7646] ? __might_fault+0xb0/0x130 [ 347.362306][ T7646] should_fail_ex+0x414/0x560 [ 347.362339][ T7646] _copy_from_user+0x2d/0xb0 [ 347.362361][ T7646] ___sys_recvmsg+0x12e/0x510 [ 347.362392][ T7646] ? __pfx____sys_recvmsg+0x10/0x10 [ 347.362444][ T7646] ? __fget_files+0x3a0/0x420 [ 347.362475][ T7646] do_recvmmsg+0x307/0x770 [ 347.362508][ T7646] ? __pfx_do_recvmmsg+0x10/0x10 [ 347.362547][ T7646] ? trace_irq_disable+0x37/0x110 [ 347.362589][ T7646] __x64_sys_recvmmsg+0x190/0x240 [ 347.362616][ T7646] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 347.362653][ T7646] do_syscall_64+0xfa/0x3b0 [ 347.362673][ T7646] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.362690][ T7646] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 347.362708][ T7646] ? clear_bhb_loop+0x60/0xb0 [ 347.362731][ T7646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.362748][ T7646] RIP: 0033:0x7f46cd18e929 [ 347.362765][ T7646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.362781][ T7646] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 347.362803][ T7646] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929 [ 347.362816][ T7646] RDX: 0000000000000001 RSI: 0000200000000b40 RDI: 0000000000000003 [ 347.362827][ T7646] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000 [ 347.362837][ T7646] R10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000001 [ 347.362848][ T7646] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8 [ 347.362877][ T7646] [ 347.469664][ T6037] usb 5-1: device descriptor read/64, error -71 [ 347.471827][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7 [ 347.594558][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024 [ 347.612898][ T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 347.646095][ T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 347.690814][ T9] usb 4-1: Product: syz [ 347.729886][ T9] usb 4-1: Manufacturer: syz [ 347.751045][ T6037] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 347.784247][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 347.789524][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 347.815419][ T9] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 347.933750][ T6037] usb 5-1: Using ep0 maxpacket: 32 [ 347.945271][ T6037] usb 5-1: config 5 has an invalid interface number: 27 but max is 3 [ 347.983796][ T6037] usb 5-1: config 5 contains an unexpected descriptor of type 0x1, skipping [ 348.004947][ T6037] usb 5-1: config 5 has an invalid descriptor of length 195, skipping remainder of the config [ 348.030770][ T6037] usb 5-1: config 5 has 1 interface, different from the descriptor's value: 4 [ 348.045596][ T6037] usb 5-1: config 5 has no interface number 0 [ 348.055874][ T6037] usb 5-1: config 5 interface 27 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 348.076786][ T6037] usb 5-1: config 5 interface 27 has no altsetting 0 [ 348.102675][ T6037] usb 5-1: New USB device found, idVendor=1608, idProduct=0004, bcdDevice=e8.3e [ 348.106440][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 348.112543][ T6037] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.127905][ T6037] usb 5-1: Product: ᠊ [ 348.133714][ T6037] usb 5-1: Manufacturer: 樀␀인✆此潟䥡苸ᄇӼﲄ憹✀Ⱁ짻蠟⨿閐拡쵵킃픍㨠죪燦牎萴醤䶬ԗ跘큥ᠾꝼ㍿扔櫊큛Ǭ㎇ℎꎧ࢜폧⦺ꙸ퇅싥仜↙ௐ䩱⼺牂굊际㱣竆ᢵ⨰럢탂㕜鯅낣賀鉰쵒ᦕቁ勃Ḳ⣪᧭鱬㺹ﲲ❎퐨셇鐆 [ 348.161231][ T6037] usb 5-1: SerialNumber: 倊 [ 348.171164][ T5975] usb 4-1: USB disconnect, device number 18 [ 348.294605][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 348.309496][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.331547][ T9] usb 1-1: config 0 descriptor?? [ 348.353761][ T9] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 348.436065][ T6037] io_edgeport 5-1:5.27: required endpoints missing [ 348.486372][ T6037] usb 5-1: USB disconnect, device number 15 [ 349.136537][ T7651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 349.189448][ T7651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 349.240029][ T9] gspca_stv06xx: I2C: Read error writing address: -71 [ 349.336094][ T9] usb 1-1: USB disconnect, device number 13 [ 349.367566][ T7666] IPv6: NLM_F_CREATE should be specified when creating new route [ 349.994992][ T7680] netlink: 112 bytes leftover after parsing attributes in process `syz.0.549'. [ 350.170887][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 350.189467][ T7686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.551'. [ 350.374177][ T9] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 350.393715][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.406539][ T9] usb 2-1: config 0 descriptor?? [ 350.482591][ T5942] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 350.666457][ T5942] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 350.680802][ T5942] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 350.720975][ T5942] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 350.745661][ T5942] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 350.820782][ T5942] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 350.916361][ T5942] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 350.946948][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 350.955869][ T5942] usb 4-1: Product: syz [ 350.960153][ T5942] usb 4-1: Manufacturer: syz [ 351.401228][ T9] pegasus 2-1:0.0: probe with driver pegasus failed with error -121 [ 351.432305][ T5942] cdc_wdm 4-1:1.0: skipping garbage [ 351.437765][ T5942] cdc_wdm 4-1:1.0: skipping garbage [ 351.489682][ T5942] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 351.498151][ T7703] binder: BINDER_SET_CONTEXT_MGR already set [ 351.501033][ T5942] cdc_wdm 4-1:1.0: Unknown control protocol [ 351.525315][ T7703] binder: 7702:7703 ioctl 4018620d 200000000040 returned -16 [ 351.670435][ T6037] usb 4-1: USB disconnect, device number 19 [ 351.820556][ T7715] netlink: 112 bytes leftover after parsing attributes in process `syz.2.561'. [ 351.932737][ T7720] capability: warning: `syz.2.563' uses 32-bit capabilities (legacy support in use) [ 352.140631][ T6037] usb 2-1: USB disconnect, device number 18 [ 352.891916][ T7730] FAULT_INJECTION: forcing a failure. [ 352.891916][ T7730] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.946022][ T7730] CPU: 0 UID: 0 PID: 7730 Comm: syz.2.568 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 352.946051][ T7730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 352.946061][ T7730] Call Trace: [ 352.946070][ T7730] [ 352.946078][ T7730] dump_stack_lvl+0x189/0x250 [ 352.946106][ T7730] ? __pfx____ratelimit+0x10/0x10 [ 352.946143][ T7730] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.946164][ T7730] ? __pfx__printk+0x10/0x10 [ 352.946189][ T7730] ? __might_fault+0xb0/0x130 [ 352.946228][ T7730] should_fail_ex+0x414/0x560 [ 352.946261][ T7730] _copy_from_user+0x2d/0xb0 [ 352.946284][ T7730] ___sys_recvmsg+0x12e/0x510 [ 352.946316][ T7730] ? __pfx____sys_recvmsg+0x10/0x10 [ 352.946376][ T7730] ? __might_fault+0xb0/0x130 [ 352.946406][ T7730] do_recvmmsg+0x307/0x770 [ 352.946441][ T7730] ? __pfx_do_recvmmsg+0x10/0x10 [ 352.946479][ T7730] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 352.946519][ T7730] __x64_sys_recvmmsg+0x190/0x240 [ 352.946547][ T7730] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 352.946568][ T7730] ? rcu_is_watching+0x15/0xb0 [ 352.946593][ T7730] ? do_syscall_64+0xbe/0x3b0 [ 352.946616][ T7730] do_syscall_64+0xfa/0x3b0 [ 352.946631][ T7730] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.946656][ T7730] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.946675][ T7730] ? clear_bhb_loop+0x60/0xb0 [ 352.946698][ T7730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.946716][ T7730] RIP: 0033:0x7f57bcd8e929 [ 352.946733][ T7730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.946750][ T7730] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 352.946772][ T7730] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929 [ 352.946786][ T7730] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003 [ 352.946799][ T7730] RBP: 00007f57bdb4d090 R08: 0000000000000000 R09: 0000000000000000 [ 352.946811][ T7730] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 352.946822][ T7730] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8 [ 352.946853][ T7730] [ 353.110874][ T5922] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 353.916910][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.942330][ T5922] usb 4-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 353.982801][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.000118][ T7751] netlink: 112 bytes leftover after parsing attributes in process `syz.1.573'. [ 354.000601][ T5922] usb 4-1: config 0 descriptor?? [ 354.126000][ T7753] FAULT_INJECTION: forcing a failure. [ 354.126000][ T7753] name failslab, interval 1, probability 0, space 0, times 0 [ 354.194244][ T7755] netlink: 'syz.0.574': attribute type 3 has an invalid length. [ 354.200268][ T7753] CPU: 0 UID: 0 PID: 7753 Comm: syz.1.575 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 354.200295][ T7753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.200305][ T7753] Call Trace: [ 354.200313][ T7753] [ 354.200320][ T7753] dump_stack_lvl+0x189/0x250 [ 354.200344][ T7753] ? __pfx____ratelimit+0x10/0x10 [ 354.200369][ T7753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.200387][ T7753] ? __pfx__printk+0x10/0x10 [ 354.200414][ T7753] ? __pfx___might_resched+0x10/0x10 [ 354.200432][ T7753] ? fs_reclaim_acquire+0x7d/0x100 [ 354.200454][ T7753] should_fail_ex+0x414/0x560 [ 354.200482][ T7753] should_failslab+0xa8/0x100 [ 354.200507][ T7753] __kmalloc_cache_noprof+0x70/0x3d0 [ 354.200530][ T7753] ? rtnl_newlink+0xed/0x1c70 [ 354.200545][ T7753] ? kasan_save_free_info+0x46/0x50 [ 354.200566][ T7753] rtnl_newlink+0xed/0x1c70 [ 354.200581][ T7753] ? netlink_sendmsg+0x805/0xb30 [ 354.200598][ T7753] ? __sock_sendmsg+0x21c/0x270 [ 354.200619][ T7753] ? ____sys_sendmsg+0x505/0x830 [ 354.200637][ T7753] ? ___sys_sendmsg+0x21f/0x2a0 [ 354.200654][ T7753] ? __x64_sys_sendmsg+0x19b/0x260 [ 354.200676][ T7753] ? do_syscall_64+0xfa/0x3b0 [ 354.200691][ T7753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.200715][ T7753] ? __pfx_rtnl_newlink+0x10/0x10 [ 354.200755][ T7753] ? kasan_quarantine_put+0xdd/0x220 [ 354.200775][ T7753] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.200804][ T7753] ? nlmon_xmit+0xb0/0x100 [ 354.200819][ T7753] ? kmem_cache_free+0x18f/0x400 [ 354.200848][ T7753] ? __local_bh_enable_ip+0x12d/0x1c0 [ 354.200874][ T7753] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.200897][ T7753] ? __local_bh_enable_ip+0x12d/0x1c0 [ 354.200914][ T7753] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 354.200935][ T7753] ? __dev_queue_xmit+0x27e/0x3a70 [ 354.200957][ T7753] ? __dev_queue_xmit+0x27e/0x3a70 [ 354.200976][ T7753] ? __dev_queue_xmit+0x27e/0x3a70 [ 354.200998][ T7753] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 354.201024][ T7753] ? __lock_acquire+0xab9/0xd20 [ 354.201065][ T7753] ? __pfx_rtnl_newlink+0x10/0x10 [ 354.201081][ T7753] rtnetlink_rcv_msg+0x7cf/0xb70 [ 354.201102][ T7753] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 354.201119][ T7753] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 354.201133][ T7753] ? ref_tracker_free+0x63a/0x7d0 [ 354.201154][ T7753] ? __copy_skb_header+0xa7/0x550 [ 354.201176][ T7753] ? __pfx_ref_tracker_free+0x10/0x10 [ 354.201210][ T7753] netlink_rcv_skb+0x208/0x470 [ 354.201231][ T7753] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 354.201249][ T7753] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 354.201281][ T7753] ? netlink_deliver_tap+0x2e/0x1b0 [ 354.201298][ T7753] ? netlink_deliver_tap+0x2e/0x1b0 [ 354.201322][ T7753] netlink_unicast+0x75b/0x8d0 [ 354.201350][ T7753] netlink_sendmsg+0x805/0xb30 [ 354.201379][ T7753] ? __pfx_netlink_sendmsg+0x10/0x10 [ 354.201406][ T7753] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 354.201427][ T7753] ? __pfx_netlink_sendmsg+0x10/0x10 [ 354.201447][ T7753] __sock_sendmsg+0x21c/0x270 [ 354.201474][ T7753] ____sys_sendmsg+0x505/0x830 [ 354.201500][ T7753] ? __pfx_____sys_sendmsg+0x10/0x10 [ 354.201530][ T7753] ? import_iovec+0x74/0xa0 [ 354.201552][ T7753] ___sys_sendmsg+0x21f/0x2a0 [ 354.201575][ T7753] ? __pfx____sys_sendmsg+0x10/0x10 [ 354.201631][ T7753] ? __fget_files+0x2a/0x420 [ 354.201646][ T7753] ? __fget_files+0x3a0/0x420 [ 354.201671][ T7753] __x64_sys_sendmsg+0x19b/0x260 [ 354.201695][ T7753] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 354.201724][ T7753] ? __pfx_ksys_write+0x10/0x10 [ 354.201743][ T7753] ? rcu_is_watching+0x15/0xb0 [ 354.201767][ T7753] ? do_syscall_64+0xbe/0x3b0 [ 354.201786][ T7753] do_syscall_64+0xfa/0x3b0 [ 354.201800][ T7753] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.201822][ T7753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.201838][ T7753] ? clear_bhb_loop+0x60/0xb0 [ 354.201858][ T7753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.201880][ T7753] RIP: 0033:0x7f38ad38e929 [ 354.201897][ T7753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.201911][ T7753] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 354.201932][ T7753] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929 [ 354.201944][ T7753] RDX: 0000000004008050 RSI: 0000200000000280 RDI: 0000000000000003 [ 354.201954][ T7753] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000 [ 354.201964][ T7753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 354.201974][ T7753] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8 [ 354.202003][ T7753] [ 354.622098][ T5942] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 354.675707][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0 [ 354.690518][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0 [ 354.699462][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0 [ 354.711091][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0 [ 354.718649][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0 [ 354.769771][ T5922] magicmouse 0003:05AC:0265.0006: unbalanced collection at end of report description [ 354.796273][ T5922] magicmouse 0003:05AC:0265.0006: magicmouse hid parse failed [ 354.841690][ T5922] magicmouse 0003:05AC:0265.0006: probe with driver magicmouse failed with error -22 [ 354.857921][ T7763] overlayfs: failed to resolve '/0': -2 [ 354.943275][ T5942] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 354.952204][ T5942] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 354.966800][ T5942] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 354.976320][ T5942] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 354.994968][ T5942] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 354.997338][ T5922] usb 4-1: USB disconnect, device number 20 [ 355.008355][ T5942] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 355.027934][ T5942] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 355.047414][ T5942] usb 3-1: Product: syz [ 355.063504][ T5942] usb 3-1: Manufacturer: syz [ 355.110557][ T5942] cdc_wdm 3-1:1.0: skipping garbage [ 355.119372][ T5942] cdc_wdm 3-1:1.0: skipping garbage [ 355.153736][ T5942] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 355.160916][ T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 355.175943][ T5942] cdc_wdm 3-1:1.0: Unknown control protocol [ 355.348716][ T5942] usb 3-1: USB disconnect, device number 11 [ 355.357022][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.372919][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 355.396438][ T9] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 355.399414][ T7773] FAULT_INJECTION: forcing a failure. [ 355.399414][ T7773] name failslab, interval 1, probability 0, space 0, times 0 [ 355.406113][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.427873][ T7773] CPU: 1 UID: 0 PID: 7773 Comm: syz.4.581 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 355.427909][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.427921][ T7773] Call Trace: [ 355.427929][ T7773] [ 355.427937][ T7773] dump_stack_lvl+0x189/0x250 [ 355.427964][ T7773] ? __pfx____ratelimit+0x10/0x10 [ 355.427992][ T7773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.428013][ T7773] ? __pfx__printk+0x10/0x10 [ 355.428040][ T7773] ? __kernel_text_address+0xd/0x40 [ 355.428068][ T7773] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 355.428092][ T7773] ? arch_stack_walk+0xfc/0x150 [ 355.428118][ T7773] should_fail_ex+0x414/0x560 [ 355.428149][ T7773] should_failslab+0xa8/0x100 [ 355.428179][ T7773] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 355.428206][ T7773] ? __alloc_skb+0x112/0x2d0 [ 355.428224][ T7773] ? stack_depot_save_flags+0x40/0x900 [ 355.428255][ T7773] __alloc_skb+0x112/0x2d0 [ 355.428281][ T7773] __pskb_copy_fclone+0xa8/0xfb0 [ 355.428323][ T7773] tipc_msg_reassemble+0x10b/0x3b0 [ 355.428349][ T7773] tipc_mcast_xmit+0x1f0/0x1850 [ 355.428389][ T7773] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 355.428419][ T7773] ? _copy_from_iter+0x308/0x16f0 [ 355.428442][ T7773] ? rcu_is_watching+0x15/0xb0 [ 355.428465][ T7773] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 355.428492][ T7773] ? __pfx__copy_from_iter+0x10/0x10 [ 355.428514][ T7773] ? __build_skb_around+0x257/0x3e0 [ 355.428538][ T7773] ? tipc_msg_build+0x400/0xcf0 [ 355.428583][ T7773] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 355.428625][ T7773] ? tipc_group_bc_cong+0x15f/0x210 [ 355.428655][ T7773] tipc_send_group_bcast+0x79e/0xa70 [ 355.428705][ T7773] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 355.428746][ T7773] ? __pfx_woken_wake_function+0x10/0x10 [ 355.428776][ T7773] ? process_measurement+0x72d/0x1a40 [ 355.428806][ T7773] __tipc_sendmsg+0x2d7/0x2960 [ 355.428854][ T7773] ? __pfx___tipc_sendmsg+0x10/0x10 [ 355.428887][ T7773] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 355.428913][ T7773] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 355.428955][ T7773] ? __lock_acquire+0xab9/0xd20 [ 355.428979][ T7773] ? __lock_acquire+0xab9/0xd20 [ 355.429018][ T7773] ? __lock_acquire+0xab9/0xd20 [ 355.429051][ T7773] ? __local_bh_enable_ip+0x12d/0x1c0 [ 355.429071][ T7773] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.429099][ T7773] ? __local_bh_enable_ip+0x12d/0x1c0 [ 355.429118][ T7773] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 355.429149][ T7773] tipc_sendmsg+0x55/0x70 [ 355.429175][ T7773] ? __pfx_tipc_sendmsg+0x10/0x10 [ 355.429200][ T7773] __sock_sendmsg+0x21c/0x270 [ 355.429233][ T7773] ____sys_sendmsg+0x505/0x830 [ 355.429262][ T7773] ? __pfx_____sys_sendmsg+0x10/0x10 [ 355.429297][ T7773] ? import_iovec+0x74/0xa0 [ 355.429322][ T7773] ___sys_sendmsg+0x21f/0x2a0 [ 355.429347][ T7773] ? __pfx____sys_sendmsg+0x10/0x10 [ 355.429414][ T7773] ? __fget_files+0x2a/0x420 [ 355.429430][ T7773] ? __fget_files+0x3a0/0x420 [ 355.429460][ T7773] __x64_sys_sendmsg+0x19b/0x260 [ 355.429486][ T7773] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 355.429521][ T7773] ? __pfx_ksys_write+0x10/0x10 [ 355.429543][ T7773] ? rcu_is_watching+0x15/0xb0 [ 355.429569][ T7773] ? do_syscall_64+0xbe/0x3b0 [ 355.429591][ T7773] do_syscall_64+0xfa/0x3b0 [ 355.429607][ T7773] ? lockdep_hardirqs_on+0x9c/0x150 [ 355.429633][ T7773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.429651][ T7773] ? clear_bhb_loop+0x60/0xb0 [ 355.429675][ T7773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.429692][ T7773] RIP: 0033:0x7f9f8b98e929 [ 355.429710][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.429727][ T7773] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 355.429748][ T7773] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929 [ 355.429762][ T7773] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004 [ 355.429773][ T7773] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000 [ 355.429785][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.429797][ T7773] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138 [ 355.429830][ T7773] [ 355.847639][ T5882] Bluetooth: hci4: link tx timeout [ 355.855737][ T5882] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 355.887805][ T9] usb 2-1: config 0 descriptor?? [ 356.240105][ T7784] netlink: 112 bytes leftover after parsing attributes in process `syz.3.586'. [ 356.344550][ T7767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.362563][ T7767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 356.466512][ T30] audit: type=1326 audit(1751970547.322:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7787 comm="syz.3.588" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1620f8e929 code=0x0 [ 356.522349][ T7794] input: syz1 as /devices/virtual/input/input15 [ 356.567635][ T9] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x4 [ 356.582551][ T9] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x2 [ 356.589848][ T9] hid-steam 0003:28DE:1142.0007: item fetching failed at offset 4/5 [ 356.671207][ T9] hid-steam 0003:28DE:1142.0007: steam_probe:parse of hid interface failed [ 356.679951][ T9] hid-steam 0003:28DE:1142.0007: probe with driver hid-steam failed with error -22 [ 357.270893][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 357.440726][ T7767] comedi comedi3: reset error (fatal) [ 357.457021][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 357.490832][ T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 357.533571][ T9] usb 5-1: New USB device found, idVendor=eb1a, idProduct=2800, bcdDevice=8c.f6 [ 357.553786][ T9] usb 5-1: New USB device strings: Mfr=3, Product=2, SerialNumber=13 [ 357.614568][ T9] usb 5-1: Product: syz [ 357.618822][ T9] usb 5-1: Manufacturer: syz [ 357.644099][ T9] usb 5-1: SerialNumber: syz [ 357.669931][ T9] usb 5-1: config 0 descriptor?? [ 357.876716][ T7822] netlink: 112 bytes leftover after parsing attributes in process `syz.2.598'. [ 357.914008][ T7806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.923169][ T5874] Bluetooth: hci4: command 0x0406 tx timeout [ 357.948836][ T7806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.068381][ T7806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 358.105963][ T7806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 358.209305][ T7834] FAULT_INJECTION: forcing a failure. [ 358.209305][ T7834] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 358.223930][ T7834] CPU: 0 UID: 0 PID: 7834 Comm: syz.0.600 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 358.223957][ T7834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 358.223968][ T7834] Call Trace: [ 358.223976][ T7834] [ 358.223984][ T7834] dump_stack_lvl+0x189/0x250 [ 358.224010][ T7834] ? __pfx____ratelimit+0x10/0x10 [ 358.224047][ T7834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 358.224067][ T7834] ? __pfx__printk+0x10/0x10 [ 358.224087][ T7834] ? __pfx_copy_data+0x10/0x10 [ 358.224106][ T7834] should_fail_ex+0x414/0x560 [ 358.224125][ T7834] _copy_to_user+0x31/0xb0 [ 358.224138][ T7834] ? __pfx_virtio_read+0x10/0x10 [ 358.224151][ T7834] rng_dev_read+0x3f2/0x770 [ 358.224168][ T7834] ? __pfx_rng_dev_read+0x10/0x10 [ 358.224185][ T7834] ? bpf_lsm_file_permission+0x9/0x20 [ 358.224195][ T7834] ? security_file_permission+0x75/0x290 [ 358.224212][ T7834] ? rw_verify_area+0x258/0x650 [ 358.224229][ T7834] vfs_readv+0x5a7/0x850 [ 358.224240][ T7834] ? __pfx_rng_dev_read+0x10/0x10 [ 358.224255][ T7834] ? __pfx_vfs_readv+0x10/0x10 [ 358.224275][ T7834] ? __fget_files+0x2a/0x420 [ 358.224288][ T7834] ? __fget_files+0x3a0/0x420 [ 358.224297][ T7834] ? __fget_files+0x2a/0x420 [ 358.224312][ T7834] __x64_sys_preadv+0x197/0x2a0 [ 358.224329][ T7834] ? __pfx___x64_sys_preadv+0x10/0x10 [ 358.224349][ T7834] ? do_syscall_64+0xbe/0x3b0 [ 358.224361][ T7834] do_syscall_64+0xfa/0x3b0 [ 358.224370][ T7834] ? lockdep_hardirqs_on+0x9c/0x150 [ 358.224385][ T7834] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.224396][ T7834] ? clear_bhb_loop+0x60/0xb0 [ 358.224409][ T7834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.224419][ T7834] RIP: 0033:0x7f46cd18e929 [ 358.224431][ T7834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.224440][ T7834] RSP: 002b:00007f46ce019038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 358.224453][ T7834] RAX: ffffffffffffffda RBX: 00007f46cd3b6080 RCX: 00007f46cd18e929 [ 358.224461][ T7834] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004 [ 358.224468][ T7834] RBP: 00007f46ce019090 R08: 0000000000000000 R09: 0000000000000000 [ 358.224475][ T7834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 358.224482][ T7834] R13: 0000000000000000 R14: 00007f46cd3b6080 R15: 00007ffdba3f25d8 [ 358.224499][ T7834] [ 358.559181][ T5942] usb 5-1: USB disconnect, device number 16 [ 358.577431][ T5975] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 358.784416][ T6037] usb 2-1: USB disconnect, device number 19 [ 358.996535][ T5975] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 359.421447][ T5975] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 359.465250][ T5975] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 359.527425][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 359.626765][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 360.256623][ T5975] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 360.290801][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 360.298867][ T5975] usb 3-1: Product: syz [ 360.308551][ T5975] usb 3-1: Manufacturer: syz [ 360.391731][ T5975] cdc_wdm 3-1:1.0: skipping garbage [ 360.397020][ T5975] cdc_wdm 3-1:1.0: skipping garbage [ 360.451755][ T5975] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 360.466209][ T5975] cdc_wdm 3-1:1.0: Unknown control protocol [ 360.641244][ T7860] FAULT_INJECTION: forcing a failure. [ 360.641244][ T7860] name failslab, interval 1, probability 0, space 0, times 0 [ 360.654319][ T7860] CPU: 0 UID: 0 PID: 7860 Comm: syz.3.606 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 360.654345][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 360.654355][ T7860] Call Trace: [ 360.654361][ T7860] [ 360.654366][ T7860] dump_stack_lvl+0x189/0x250 [ 360.654384][ T7860] ? __pfx____ratelimit+0x10/0x10 [ 360.654402][ T7860] ? __pfx_dump_stack_lvl+0x10/0x10 [ 360.654414][ T7860] ? __pfx__printk+0x10/0x10 [ 360.654430][ T7860] ? __pfx___might_resched+0x10/0x10 [ 360.654442][ T7860] ? fs_reclaim_acquire+0x7d/0x100 [ 360.654458][ T7860] should_fail_ex+0x414/0x560 [ 360.654477][ T7860] should_failslab+0xa8/0x100 [ 360.654494][ T7860] __kmalloc_noprof+0xcb/0x4f0 [ 360.654508][ T7860] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 360.654528][ T7860] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 360.654548][ T7860] genl_start+0x180/0x6c0 [ 360.654562][ T7860] ? __rcu_read_unlock+0x84/0xe0 [ 360.654583][ T7860] __netlink_dump_start+0x469/0x7e0 [ 360.654601][ T7860] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 360.654620][ T7860] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 360.654634][ T7860] ? genl_get_cmd+0x67f/0x910 [ 360.654650][ T7860] ? __pfx___mutex_lock+0x10/0x10 [ 360.654662][ T7860] ? __pfx_genl_start+0x10/0x10 [ 360.654675][ T7860] ? __pfx_genl_dumpit+0x10/0x10 [ 360.654688][ T7860] ? __pfx_genl_done+0x10/0x10 [ 360.654704][ T7860] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 360.654726][ T7860] genl_rcv_msg+0x5da/0x790 [ 360.654749][ T7860] ? __pfx_genl_rcv_msg+0x10/0x10 [ 360.654764][ T7860] ? __pfx_tipc_nl_node_dump_monitor_peer+0x10/0x10 [ 360.654786][ T7860] netlink_rcv_skb+0x208/0x470 [ 360.654799][ T7860] ? __pfx_genl_rcv_msg+0x10/0x10 [ 360.654815][ T7860] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 360.654839][ T7860] ? down_read+0x1ad/0x2e0 [ 360.654852][ T7860] genl_rcv+0x28/0x40 [ 360.654865][ T7860] netlink_unicast+0x75b/0x8d0 [ 360.654884][ T7860] netlink_sendmsg+0x805/0xb30 [ 360.654903][ T7860] ? __pfx_netlink_sendmsg+0x10/0x10 [ 360.654922][ T7860] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 360.654936][ T7860] ? __pfx_netlink_sendmsg+0x10/0x10 [ 360.654949][ T7860] __sock_sendmsg+0x21c/0x270 [ 360.654968][ T7860] ____sys_sendmsg+0x505/0x830 [ 360.654992][ T7860] ? __pfx_____sys_sendmsg+0x10/0x10 [ 360.655012][ T7860] ? import_iovec+0x74/0xa0 [ 360.655027][ T7860] ___sys_sendmsg+0x21f/0x2a0 [ 360.655043][ T7860] ? __pfx____sys_sendmsg+0x10/0x10 [ 360.655080][ T7860] ? __fget_files+0x2a/0x420 [ 360.655090][ T7860] ? __fget_files+0x3a0/0x420 [ 360.655107][ T7860] __x64_sys_sendmsg+0x19b/0x260 [ 360.655122][ T7860] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 360.655152][ T7860] do_syscall_64+0xfa/0x3b0 [ 360.655164][ T7860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.655174][ T7860] ? asm_sysvec_call_function_single+0x1a/0x20 [ 360.655185][ T7860] ? clear_bhb_loop+0x60/0xb0 [ 360.655198][ T7860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.655209][ T7860] RIP: 0033:0x7f1620f8e929 [ 360.655220][ T7860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 360.655230][ T7860] RSP: 002b:00007f161edd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 360.655244][ T7860] RAX: ffffffffffffffda RBX: 00007f16211b6160 RCX: 00007f1620f8e929 [ 360.655252][ T7860] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005 [ 360.655259][ T7860] RBP: 00007f161edd5090 R08: 0000000000000000 R09: 0000000000000000 [ 360.655265][ T7860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 360.655272][ T7860] R13: 0000000000000000 R14: 00007f16211b6160 R15: 00007ffca6d652f8 [ 360.655290][ T7860] [ 361.417935][ T9] usb 3-1: USB disconnect, device number 12 [ 364.088242][ T7911] 9pnet: Could not find request transport: fd0x0000000000000003 [ 366.176011][ T5975] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 366.422667][ T9] usb 4-1: new low-speed USB device number 21 using dummy_hcd [ 366.542808][ T5975] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 366.558936][ T5975] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 366.962679][ T5975] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 367.340797][ T5975] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 367.364917][ T5975] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 367.379591][ T5975] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 367.391489][ T9] usb 4-1: too many configurations: 152, using maximum allowed: 8 [ 367.401413][ T5975] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 367.409471][ T5975] usb 1-1: Product: syz [ 367.416174][ T9] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 367.425024][ T7959] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 367.436120][ T7959] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 367.452509][ T5975] usb 1-1: Manufacturer: syz [ 367.460561][ T7959] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 367.460645][ T9] usb 4-1: can't read configurations, error -61 [ 367.467754][ T7959] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 367.517076][ T5975] cdc_wdm 1-1:1.0: skipping garbage [ 367.536833][ T7959] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 367.547589][ T7959] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 367.555986][ T7959] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 367.562161][ T7959] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 367.571754][ T7959] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 367.661109][ T5975] cdc_wdm 1-1:1.0: skipping garbage [ 367.673339][ T5975] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 367.679313][ T5975] cdc_wdm 1-1:1.0: Unknown control protocol [ 367.681785][ T9] usb 4-1: new low-speed USB device number 22 using dummy_hcd [ 367.719214][ T7964] FAULT_INJECTION: forcing a failure. [ 367.719214][ T7964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.734644][ T5975] usb 1-1: USB disconnect, device number 14 [ 367.742276][ T7964] CPU: 0 UID: 0 PID: 7964 Comm: syz.4.627 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 367.742301][ T7964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.742311][ T7964] Call Trace: [ 367.742318][ T7964] [ 367.742325][ T7964] dump_stack_lvl+0x189/0x250 [ 367.742351][ T7964] ? __pfx____ratelimit+0x10/0x10 [ 367.742377][ T7964] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.742397][ T7964] ? __pfx__printk+0x10/0x10 [ 367.742434][ T7964] should_fail_ex+0x414/0x560 [ 367.742466][ T7964] _copy_to_user+0x31/0xb0 [ 367.742491][ T7964] simple_read_from_buffer+0xe1/0x170 [ 367.742522][ T7964] proc_fail_nth_read+0x1df/0x250 [ 367.742545][ T7964] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.742568][ T7964] ? rw_verify_area+0x258/0x650 [ 367.742590][ T7964] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 367.742610][ T7964] vfs_read+0x1fd/0x980 [ 367.742640][ T7964] ? __pfx___mutex_lock+0x10/0x10 [ 367.742658][ T7964] ? __pfx_vfs_read+0x10/0x10 [ 367.742682][ T7964] ? __fget_files+0x2a/0x420 [ 367.742703][ T7964] ? __fget_files+0x3a0/0x420 [ 367.742718][ T7964] ? __fget_files+0x2a/0x420 [ 367.742746][ T7964] ksys_read+0x145/0x250 [ 367.742771][ T7964] ? __pfx_ksys_read+0x10/0x10 [ 367.742791][ T7964] ? rcu_is_watching+0x15/0xb0 [ 367.742817][ T7964] ? do_syscall_64+0xbe/0x3b0 [ 367.742838][ T7964] do_syscall_64+0xfa/0x3b0 [ 367.742854][ T7964] ? lockdep_hardirqs_on+0x9c/0x150 [ 367.742878][ T7964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.742895][ T7964] ? clear_bhb_loop+0x60/0xb0 [ 367.742917][ T7964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.742942][ T7964] RIP: 0033:0x7f9f8b98d33c [ 367.742961][ T7964] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 367.742975][ T7964] RSP: 002b:00007f9f897f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 367.742996][ T7964] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98d33c [ 367.743009][ T7964] RDX: 000000000000000f RSI: 00007f9f897f60a0 RDI: 0000000000000006 [ 367.743021][ T7964] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000 [ 367.743030][ T7964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.743041][ T7964] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138 [ 367.743072][ T7964] [ 368.181606][ T9] usb 4-1: too many configurations: 152, using maximum allowed: 8 [ 368.191918][ T9] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 368.199542][ T9] usb 4-1: can't read configurations, error -61 [ 368.206341][ T9] usb usb4-port1: attempt power cycle [ 368.511196][ T7973] 9pnet: Could not find request transport: fd0x0000000000000003 [ 368.559946][ T9] usb 4-1: new low-speed USB device number 23 using dummy_hcd [ 368.617593][ T9] usb 4-1: too many configurations: 152, using maximum allowed: 8 [ 369.441011][ T5882] Bluetooth: hci0: command 0x0406 tx timeout [ 369.521496][ T5882] Bluetooth: hci1: command 0x0406 tx timeout [ 369.593284][ T9] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 369.604033][ T5874] Bluetooth: hci3: command 0x0406 tx timeout [ 369.610129][ T5874] Bluetooth: hci2: command 0x0406 tx timeout [ 369.616854][ T5882] Bluetooth: hci4: command 0x0406 tx timeout [ 369.629533][ T9] usb 4-1: can't read configurations, error -71 [ 369.791419][ T7994] netlink: 44 bytes leftover after parsing attributes in process `syz.4.633'. [ 369.861040][ T1207] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 369.955144][ T7997] MPI: mpi too large (128392 bits) [ 369.994365][ T7997] netlink: 8 bytes leftover after parsing attributes in process `syz.3.636'. [ 370.024688][ T1207] usb 1-1: device descriptor read/64, error -71 [ 370.281231][ T1207] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 370.420859][ T1207] usb 1-1: device descriptor read/64, error -71 [ 370.544352][ T1207] usb usb1-port1: attempt power cycle [ 370.830810][ T5975] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 371.035428][ T1207] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 371.068140][ T1207] usb 1-1: device descriptor read/8, error -71 [ 371.083055][ T5975] usb 3-1: Using ep0 maxpacket: 16 [ 371.114620][ T5975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.201129][ T5975] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 371.221615][ T5975] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 371.232499][ T5975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.242645][ T5975] usb 3-1: config 0 descriptor?? [ 371.371150][ T1207] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 371.413843][ T1207] usb 1-1: device descriptor read/8, error -71 [ 371.521216][ T5882] Bluetooth: hci0: command 0x0406 tx timeout [ 371.542631][ T1207] usb usb1-port1: unable to enumerate USB device [ 371.601491][ T5882] Bluetooth: hci1: command 0x0406 tx timeout [ 371.608355][ T8028] 9pnet: Could not find request transport: fd0x0000000000000003 [ 371.671275][ T44] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 371.682002][ T5882] Bluetooth: hci2: command 0x0406 tx timeout [ 371.689244][ T5874] Bluetooth: hci3: command 0x0406 tx timeout [ 371.847518][ T5975] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 371.871507][ T44] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 371.880274][ T44] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 371.899309][ T5975] microsoft 0003:045E:07DA.0008: no inputs found [ 371.909936][ T5975] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 371.923283][ T44] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 371.945071][ T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 371.973406][ T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 371.984780][ T6037] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 372.014958][ T44] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 372.024590][ T44] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 372.039182][ T44] usb 5-1: Product: syz [ 372.046241][ T44] usb 5-1: Manufacturer: syz [ 372.101578][ T44] cdc_wdm 5-1:1.0: skipping garbage [ 372.121298][ T44] cdc_wdm 5-1:1.0: skipping garbage [ 372.148048][ T44] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 372.154638][ T6037] usb 2-1: device descriptor read/64, error -71 [ 372.170218][ T44] cdc_wdm 5-1:1.0: Unknown control protocol [ 372.312206][ T44] usb 5-1: USB disconnect, device number 17 [ 372.401343][ T6037] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 372.550850][ T6037] usb 2-1: device descriptor read/64, error -71 [ 372.613303][ T8060] netlink: 112 bytes leftover after parsing attributes in process `syz.0.649'. [ 372.671488][ T6037] usb usb2-port1: attempt power cycle [ 373.756905][ T8067] MPI: mpi too large (128392 bits) [ 373.775006][ T8067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.651'. [ 373.792792][ T8069] 9pnet_fd: Insufficient options for proto=fd [ 374.121629][ T6037] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 374.401287][ T6037] usb 2-1: device descriptor read/8, error -71 [ 375.054557][ T5942] usb 3-1: USB disconnect, device number 13 [ 375.070854][ T6037] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 375.190352][ T8086] 9pnet_fd: Insufficient options for proto=fd [ 375.310782][ T6037] usb 2-1: device descriptor read/8, error -71 [ 375.471156][ T6037] usb usb2-port1: unable to enumerate USB device [ 375.865891][ T8104] netlink: 112 bytes leftover after parsing attributes in process `syz.2.660'. [ 377.021182][ T44] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 377.977841][ T8123] MPI: mpi too large (128392 bits) [ 377.990850][ T44] usb 1-1: Using ep0 maxpacket: 8 [ 378.000883][ T8123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.665'. [ 378.029280][ T44] usb 1-1: config 5 has an invalid interface number: 35 but max is 0 [ 378.053660][ T44] usb 1-1: config 5 has no interface number 0 [ 378.071152][ T44] usb 1-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10 [ 378.071815][ T5942] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 378.104511][ T44] usb 1-1: config 5 interface 35 has no altsetting 0 [ 378.142269][ T44] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b [ 378.159055][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.179554][ T44] usb 1-1: Product: syz [ 378.183978][ T44] usb 1-1: Manufacturer: syz [ 378.188742][ T44] usb 1-1: SerialNumber: syz [ 378.253628][ T5942] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 378.277358][ T5942] usb 5-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=13.03 [ 378.300949][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.309015][ T5942] usb 5-1: Product: syz [ 378.341161][ T5942] usb 5-1: Manufacturer: syz [ 378.345922][ T5942] usb 5-1: SerialNumber: syz [ 378.363791][ T8127] FAULT_INJECTION: forcing a failure. [ 378.363791][ T8127] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 378.385893][ T5942] usb 5-1: config 0 descriptor?? [ 378.387963][ T8127] CPU: 1 UID: 0 PID: 8127 Comm: syz.1.666 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 378.387988][ T8127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 378.387998][ T8127] Call Trace: [ 378.388005][ T8127] [ 378.388013][ T8127] dump_stack_lvl+0x189/0x250 [ 378.388038][ T8127] ? __pfx____ratelimit+0x10/0x10 [ 378.388066][ T8127] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.388114][ T8127] ? __pfx__printk+0x10/0x10 [ 378.388136][ T8127] ? __might_fault+0xb0/0x130 [ 378.388170][ T8127] should_fail_ex+0x414/0x560 [ 378.388198][ T8127] _copy_from_user+0x2d/0xb0 [ 378.388217][ T8127] ___sys_recvmsg+0x12e/0x510 [ 378.388245][ T8127] ? __pfx____sys_recvmsg+0x10/0x10 [ 378.388297][ T8127] ? __might_fault+0xb0/0x130 [ 378.388323][ T8127] do_recvmmsg+0x307/0x770 [ 378.388353][ T8127] ? __pfx_do_recvmmsg+0x10/0x10 [ 378.388386][ T8127] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 378.388420][ T8127] __x64_sys_recvmmsg+0x190/0x240 [ 378.388444][ T8127] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 378.388463][ T8127] ? rcu_is_watching+0x15/0xb0 [ 378.388487][ T8127] ? do_syscall_64+0xbe/0x3b0 [ 378.388506][ T8127] do_syscall_64+0xfa/0x3b0 [ 378.388520][ T8127] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.388542][ T8127] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.388558][ T8127] ? clear_bhb_loop+0x60/0xb0 [ 378.388577][ T8127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.388592][ T8127] RIP: 0033:0x7f38ad38e929 [ 378.388608][ T8127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.388622][ T8127] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 378.388642][ T8127] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929 [ 378.388654][ T8127] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003 [ 378.388665][ T8127] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000 [ 378.388675][ T8127] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 378.388685][ T8127] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8 [ 378.388713][ T8127] [ 378.767530][ T5942] s2255 5-1:0.0: Could not find bulk-in endpoint [ 378.808741][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.826921][ T5942] Sensoray 2255 driver load failed: 0xfffffff4 [ 378.864686][ T5942] s2255 5-1:0.0: probe with driver s2255 failed with error -12 [ 378.987493][ T8115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.997436][ T8115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.051024][ T9] usb 5-1: USB disconnect, device number 18 [ 379.125194][ T8149] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 379.283112][ T5942] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 379.474530][ T44] ttusbir 1-1:5.35: cannot find expected altsetting [ 379.490948][ T5942] usb 2-1: Using ep0 maxpacket: 32 [ 379.498228][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11 [ 379.538045][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024 [ 379.551116][ T44] usb 1-1: USB disconnect, device number 19 [ 379.624024][ T5942] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 379.659753][ T8158] netlink: 28 bytes leftover after parsing attributes in process `syz.3.672'. [ 379.670823][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.722858][ T8158] netlink: 'syz.3.672': attribute type 7 has an invalid length. [ 379.751250][ T5942] usb 2-1: config 0 descriptor?? [ 379.764860][ T8146] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 379.774193][ T8158] netlink: 'syz.3.672': attribute type 8 has an invalid length. [ 379.830585][ T5942] hub 2-1:0.0: USB hub found [ 379.855687][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.3.672'. [ 380.094809][ T5942] hub 2-1:0.0: 1 port detected [ 380.163839][ T8172] smk_cipso_doi:692 cipso add rc = -22 [ 380.220724][ T8172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.676'. [ 380.231354][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'. [ 380.265873][ T5815] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 380.780788][ T5815] usb 4-1: Using ep0 maxpacket: 32 [ 380.838809][ T5815] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.899850][ T5815] usb 4-1: config 0 interface 0 has no altsetting 0 [ 380.923091][ T5815] usb 4-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 380.984649][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.043981][ T5815] usb 4-1: config 0 descriptor?? [ 381.112294][ T8174] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.121055][ T8174] bridge0: port 1(bridge_slave_0) entered disabled state [ 381.214599][ T1207] usb 2-1: reset high-speed USB device number 24 using dummy_hcd [ 381.564533][ T8191] sctp: [Deprecated]: syz.0.678 (pid 8191) Use of struct sctp_assoc_value in delayed_ack socket option. [ 381.564533][ T8191] Use struct sctp_sack_info instead [ 382.473851][ T8187] usb 2-1: USB disconnect, device number 24 [ 382.503634][ T8195] FAULT_INJECTION: forcing a failure. [ 382.503634][ T8195] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 382.517560][ T8195] CPU: 1 UID: 0 PID: 8195 Comm: syz.0.679 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 382.517587][ T8195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 382.517598][ T8195] Call Trace: [ 382.517605][ T8195] [ 382.517613][ T8195] dump_stack_lvl+0x189/0x250 [ 382.517640][ T8195] ? __pfx____ratelimit+0x10/0x10 [ 382.517666][ T8195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 382.517686][ T8195] ? __pfx__printk+0x10/0x10 [ 382.517724][ T8195] should_fail_ex+0x414/0x560 [ 382.517756][ T8195] _copy_to_user+0x31/0xb0 [ 382.517779][ T8195] simple_read_from_buffer+0xe1/0x170 [ 382.517809][ T8195] proc_fail_nth_read+0x1df/0x250 [ 382.517831][ T8195] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 382.517854][ T8195] ? rw_verify_area+0x258/0x650 [ 382.517877][ T8195] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 382.517896][ T8195] vfs_read+0x1fd/0x980 [ 382.517924][ T8195] ? __pfx___mutex_lock+0x10/0x10 [ 382.517943][ T8195] ? __pfx_vfs_read+0x10/0x10 [ 382.517967][ T8195] ? __fget_files+0x2a/0x420 [ 382.517989][ T8195] ? __fget_files+0x3a0/0x420 [ 382.518004][ T8195] ? __fget_files+0x2a/0x420 [ 382.518030][ T8195] ksys_read+0x145/0x250 [ 382.518056][ T8195] ? __pfx_ksys_read+0x10/0x10 [ 382.518077][ T8195] ? rcu_is_watching+0x15/0xb0 [ 382.518102][ T8195] ? do_syscall_64+0xbe/0x3b0 [ 382.518123][ T8195] do_syscall_64+0xfa/0x3b0 [ 382.518138][ T8195] ? lockdep_hardirqs_on+0x9c/0x150 [ 382.518163][ T8195] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.518180][ T8195] ? clear_bhb_loop+0x60/0xb0 [ 382.518202][ T8195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.518219][ T8195] RIP: 0033:0x7f46cd18d33c [ 382.518236][ T8195] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 382.518251][ T8195] RSP: 002b:00007f46ce03a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 382.518272][ T8195] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18d33c [ 382.518285][ T8195] RDX: 000000000000000f RSI: 00007f46ce03a0a0 RDI: 0000000000000006 [ 382.518296][ T8195] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000 [ 382.518307][ T8195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.518318][ T8195] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8 [ 382.518349][ T8195] [ 382.809564][ T8199] MPI: mpi too large (128392 bits) [ 382.815496][ T8199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.680'. [ 383.203671][ T5815] usbhid 4-1:0.0: can't add hid device: -71 [ 383.228201][ T5815] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 383.259294][ T5815] usb 4-1: USB disconnect, device number 25 [ 383.449294][ T8174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 383.501909][ T8174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 383.703620][ T8174] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.759824][ T8174] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.800871][ T8174] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.837919][ T8174] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.377490][ T8174] macsec1: left promiscuous mode [ 385.668893][ T8229] FAULT_INJECTION: forcing a failure. [ 385.668893][ T8229] name failslab, interval 1, probability 0, space 0, times 0 [ 385.740994][ T8228] netlink: 112 bytes leftover after parsing attributes in process `syz.3.691'. [ 385.793871][ T8229] CPU: 0 UID: 0 PID: 8229 Comm: syz.2.688 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 385.793898][ T8229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 385.793909][ T8229] Call Trace: [ 385.793916][ T8229] [ 385.793924][ T8229] dump_stack_lvl+0x189/0x250 [ 385.793951][ T8229] ? __pfx____ratelimit+0x10/0x10 [ 385.793978][ T8229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 385.793998][ T8229] ? __pfx__printk+0x10/0x10 [ 385.794028][ T8229] ? __pfx___might_resched+0x10/0x10 [ 385.794048][ T8229] ? fs_reclaim_acquire+0x7d/0x100 [ 385.794072][ T8229] should_fail_ex+0x414/0x560 [ 385.794104][ T8229] should_failslab+0xa8/0x100 [ 385.794132][ T8229] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 385.794157][ T8229] ? __d_alloc+0x31/0x6f0 [ 385.794181][ T8229] __d_alloc+0x31/0x6f0 [ 385.794208][ T8229] d_alloc_pseudo+0x1f/0xb0 [ 385.794230][ T8229] alloc_file_pseudo+0xcc/0x210 [ 385.794257][ T8229] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 385.794279][ T8229] ? shmem_get_inode+0xbc5/0xe90 [ 385.794318][ T8229] __shmem_file_setup+0x284/0x300 [ 385.794347][ T8229] shmem_zero_setup+0x8d/0x130 [ 385.794373][ T8229] mmap_region+0x121e/0x1f30 [ 385.794419][ T8229] ? __pfx_mmap_region+0x10/0x10 [ 385.794448][ T8229] ? is_bpf_text_address+0x26/0x2b0 [ 385.794489][ T8229] ? __lock_acquire+0xab9/0xd20 [ 385.794558][ T8229] ? mm_get_unmapped_area+0xa7/0xd0 [ 385.794600][ T8229] ? bpf_lsm_mmap_addr+0x9/0x20 [ 385.794617][ T8229] ? security_mmap_addr+0x71/0x270 [ 385.794653][ T8229] do_mmap+0xc45/0x10d0 [ 385.794692][ T8229] ? __pfx_do_mmap+0x10/0x10 [ 385.794712][ T8229] ? down_write_killable+0x178/0x230 [ 385.794731][ T8229] ? __pfx_vfs_write+0x10/0x10 [ 385.794755][ T8229] ? __pfx_down_write_killable+0x10/0x10 [ 385.794775][ T8229] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 385.794799][ T8229] vm_mmap_pgoff+0x31b/0x4c0 [ 385.794831][ T8229] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 385.794850][ T8229] ? ksys_write+0x22a/0x250 [ 385.794876][ T8229] ? __pfx_ksys_write+0x10/0x10 [ 385.794902][ T8229] ? rcu_is_watching+0x15/0xb0 [ 385.794924][ T8229] ? ksys_mmap_pgoff+0xf4/0x760 [ 385.794948][ T8229] ? __x64_sys_mmap+0x7f/0x140 [ 385.794972][ T8229] do_syscall_64+0xfa/0x3b0 [ 385.794988][ T8229] ? lockdep_hardirqs_on+0x9c/0x150 [ 385.795011][ T8229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.795028][ T8229] ? clear_bhb_loop+0x60/0xb0 [ 385.795051][ T8229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.795069][ T8229] RIP: 0033:0x7f57bcd8e929 [ 385.795085][ T8229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.795101][ T8229] RSP: 002b:00007f57bdb2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 385.795122][ T8229] RAX: ffffffffffffffda RBX: 00007f57bcfb6080 RCX: 00007f57bcd8e929 [ 385.795135][ T8229] RDX: 0000000000000000 RSI: 0000000000b36000 RDI: 0000200000000000 [ 385.795147][ T8229] RBP: 00007f57bdb2c090 R08: ffffffffffffffff R09: 0000000000001000 [ 385.795160][ T8229] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000001 [ 385.795171][ T8229] R13: 0000000000000000 R14: 00007f57bcfb6080 R15: 00007ffc07b637c8 [ 385.795204][ T8229] [ 386.685652][ T8249] FAULT_INJECTION: forcing a failure. [ 386.685652][ T8249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 386.741080][ T8249] CPU: 0 UID: 0 PID: 8249 Comm: syz.2.695 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 386.741109][ T8249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 386.741119][ T8249] Call Trace: [ 386.741126][ T8249] [ 386.741132][ T8249] dump_stack_lvl+0x189/0x250 [ 386.741151][ T8249] ? __pfx____ratelimit+0x10/0x10 [ 386.741169][ T8249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 386.741181][ T8249] ? __pfx__printk+0x10/0x10 [ 386.741197][ T8249] ? __pfx_copy_data+0x10/0x10 [ 386.741216][ T8249] should_fail_ex+0x414/0x560 [ 386.741235][ T8249] _copy_to_user+0x31/0xb0 [ 386.741249][ T8249] ? __pfx_virtio_read+0x10/0x10 [ 386.741262][ T8249] rng_dev_read+0x3f2/0x770 [ 386.741279][ T8249] ? __pfx_rng_dev_read+0x10/0x10 [ 386.741296][ T8249] ? bpf_lsm_file_permission+0x9/0x20 [ 386.741307][ T8249] ? security_file_permission+0x75/0x290 [ 386.741323][ T8249] ? rw_verify_area+0x258/0x650 [ 386.741340][ T8249] vfs_readv+0x5a7/0x850 [ 386.741352][ T8249] ? __pfx_rng_dev_read+0x10/0x10 [ 386.741366][ T8249] ? __pfx_vfs_readv+0x10/0x10 [ 386.741386][ T8249] ? __fget_files+0x2a/0x420 [ 386.741399][ T8249] ? __fget_files+0x3a0/0x420 [ 386.741408][ T8249] ? __fget_files+0x2a/0x420 [ 386.741423][ T8249] __x64_sys_preadv+0x197/0x2a0 [ 386.741441][ T8249] ? __pfx___x64_sys_preadv+0x10/0x10 [ 386.741467][ T8249] ? do_syscall_64+0xbe/0x3b0 [ 386.741481][ T8249] do_syscall_64+0xfa/0x3b0 [ 386.741492][ T8249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.741502][ T8249] ? asm_sysvec_call_function_single+0x1a/0x20 [ 386.741513][ T8249] ? clear_bhb_loop+0x60/0xb0 [ 386.741526][ T8249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.741536][ T8249] RIP: 0033:0x7f57bcd8e929 [ 386.741548][ T8249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.741558][ T8249] RSP: 002b:00007f57bdb2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 386.741572][ T8249] RAX: ffffffffffffffda RBX: 00007f57bcfb6080 RCX: 00007f57bcd8e929 [ 386.741580][ T8249] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004 [ 386.741588][ T8249] RBP: 00007f57bdb2c090 R08: 0000000000000000 R09: 0000000000000000 [ 386.741594][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.741601][ T8249] R13: 0000000000000000 R14: 00007f57bcfb6080 R15: 00007ffc07b637c8 [ 386.741619][ T8249] [ 387.491180][ T10] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 387.640779][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 387.651440][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 387.690013][ T10] usb 5-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 387.767694][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.786403][ T10] usb 5-1: Product: syz [ 387.790873][ T10] usb 5-1: Manufacturer: syz [ 387.801690][ T10] usb 5-1: SerialNumber: syz [ 387.812659][ T10] usb 5-1: config 0 descriptor?? [ 387.827510][ T10] cdc_phonet 5-1:0.0: probe with driver cdc_phonet failed with error -22 [ 388.039664][ T8253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.067146][ T8253] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.519439][ T8261] ptrace attach of "./syz-executor exec"[8262] was attempted by "./syz-executor exec"[8261] [ 390.323109][ T8264] block nbd3: NBD_DISCONNECT [ 390.342858][ T8264] block nbd3: Disconnected due to user request. [ 390.349383][ T8264] block nbd3: shutting down sockets [ 390.496582][ T8266] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 390.539278][ T8266] 9pnet_fd: Insufficient options for proto=fd [ 390.702148][ T8270] netlink: 112 bytes leftover after parsing attributes in process `syz.3.703'. [ 390.953410][ T56] usb 5-1: USB disconnect, device number 19 [ 391.451584][ T8284] kvm: user requested TSC rate below hardware speed [ 391.585447][ T8288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.722557][ T8288] bond0: (slave rose0): Enslaving as an active interface with an up link [ 392.247042][ T8299] netlink: 80 bytes leftover after parsing attributes in process `syz.4.712'. [ 392.525803][ T56] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 392.590871][ T5975] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 392.720888][ T56] usb 3-1: Using ep0 maxpacket: 16 [ 392.742702][ T56] usb 3-1: unable to get BOS descriptor or descriptor too short [ 392.756879][ T5975] usb 4-1: device descriptor read/64, error -71 [ 392.773787][ T56] usb 3-1: config 7 has an invalid interface number: 48 but max is 0 [ 392.785037][ T56] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 392.796533][ T56] usb 3-1: config 7 has no interface number 0 [ 392.831804][ T56] usb 3-1: config 7 interface 48 has no altsetting 0 [ 392.857457][ T56] usb 3-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=56.2c [ 392.880201][ T56] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.940111][ T56] usb 3-1: Product: syz [ 392.960940][ T56] usb 3-1: Manufacturer: syz [ 392.974574][ T56] usb 3-1: SerialNumber: syz [ 393.000798][ T5975] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 393.172505][ T5975] usb 4-1: device descriptor read/64, error -71 [ 393.500074][ T5975] usb usb4-port1: attempt power cycle [ 394.894560][ T5975] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 394.941686][ T5975] usb 4-1: device descriptor read/8, error -71 [ 395.200798][ T5975] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 395.271687][ T5975] usb 4-1: device descriptor read/8, error -71 [ 395.353183][ T56] cdc_phonet 3-1:7.48: probe with driver cdc_phonet failed with error -22 [ 395.412834][ T5975] usb usb4-port1: unable to enumerate USB device [ 395.429617][ T56] usb 3-1: USB disconnect, device number 14 [ 395.528372][ T8365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.723'. [ 395.726860][ T8368] netlink: 'syz.3.724': attribute type 1 has an invalid length. [ 395.788906][ T8368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'. [ 395.920259][ T8368] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 397.583027][ T8402] FAULT_INJECTION: forcing a failure. [ 397.583027][ T8402] name failslab, interval 1, probability 0, space 0, times 0 [ 397.659539][ T8402] CPU: 1 UID: 0 PID: 8402 Comm: syz.4.733 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 397.659567][ T8402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 397.659579][ T8402] Call Trace: [ 397.659587][ T8402] [ 397.659595][ T8402] dump_stack_lvl+0x189/0x250 [ 397.659640][ T8402] ? __pfx____ratelimit+0x10/0x10 [ 397.659669][ T8402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 397.659690][ T8402] ? __pfx__printk+0x10/0x10 [ 397.659721][ T8402] ? __pfx___might_resched+0x10/0x10 [ 397.659741][ T8402] ? fs_reclaim_acquire+0x7d/0x100 [ 397.659765][ T8402] should_fail_ex+0x414/0x560 [ 397.659797][ T8402] should_failslab+0xa8/0x100 [ 397.659827][ T8402] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 397.659853][ T8402] ? __alloc_skb+0x112/0x2d0 [ 397.659878][ T8402] __alloc_skb+0x112/0x2d0 [ 397.659903][ T8402] netlink_ack+0x146/0xa50 [ 397.659920][ T8402] ? __pfx_genl_rcv_msg+0x10/0x10 [ 397.659941][ T8402] ? ref_tracker_free+0x63a/0x7d0 [ 397.659970][ T8402] ? __pfx_ref_tracker_free+0x10/0x10 [ 397.660009][ T8402] netlink_rcv_skb+0x28c/0x470 [ 397.660031][ T8402] ? __pfx_genl_rcv_msg+0x10/0x10 [ 397.660058][ T8402] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 397.660100][ T8402] ? down_read+0x1ad/0x2e0 [ 397.660122][ T8402] genl_rcv+0x28/0x40 [ 397.660145][ T8402] netlink_unicast+0x75b/0x8d0 [ 397.660178][ T8402] netlink_sendmsg+0x805/0xb30 [ 397.660211][ T8402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 397.660242][ T8402] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 397.660267][ T8402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 397.660289][ T8402] __sock_sendmsg+0x21c/0x270 [ 397.660320][ T8402] ____sys_sendmsg+0x505/0x830 [ 397.660351][ T8402] ? __pfx_____sys_sendmsg+0x10/0x10 [ 397.660383][ T8402] ? import_iovec+0x74/0xa0 [ 397.660409][ T8402] ___sys_sendmsg+0x21f/0x2a0 [ 397.660435][ T8402] ? __pfx____sys_sendmsg+0x10/0x10 [ 397.660502][ T8402] ? __fget_files+0x2a/0x420 [ 397.660518][ T8402] ? __fget_files+0x3a0/0x420 [ 397.660548][ T8402] __x64_sys_sendmsg+0x19b/0x260 [ 397.660580][ T8402] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 397.660615][ T8402] ? __pfx_ksys_write+0x10/0x10 [ 397.660643][ T8402] ? rcu_is_watching+0x15/0xb0 [ 397.660667][ T8402] ? do_syscall_64+0xbe/0x3b0 [ 397.660688][ T8402] do_syscall_64+0xfa/0x3b0 [ 397.660703][ T8402] ? lockdep_hardirqs_on+0x9c/0x150 [ 397.660726][ T8402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.660742][ T8402] ? clear_bhb_loop+0x60/0xb0 [ 397.660766][ T8402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.660783][ T8402] RIP: 0033:0x7f9f8b98e929 [ 397.660800][ T8402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.660816][ T8402] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 397.660837][ T8402] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929 [ 397.660850][ T8402] RDX: 0000000000040080 RSI: 0000200000000a80 RDI: 0000000000000003 [ 397.660862][ T8402] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000 [ 397.660873][ T8402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.660884][ T8402] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138 [ 397.660917][ T8402] [ 398.066059][ T8406] ------------[ cut here ]------------ [ 398.071659][ T8406] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10 [ 398.080202][ T8406] shift exponent 32 is too large for 32-bit type 'int' [ 398.092014][ T8406] CPU: 1 UID: 0 PID: 8406 Comm: syz.2.735 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 398.092044][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 398.092056][ T8406] Call Trace: [ 398.092065][ T8406] [ 398.092074][ T8406] dump_stack_lvl+0x189/0x250 [ 398.092108][ T8406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 398.092131][ T8406] ? __pfx__printk+0x10/0x10 [ 398.092173][ T8406] ubsan_epilogue+0xa/0x40 [ 398.092199][ T8406] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 398.092246][ T8406] pcl812_attach+0x1b9e/0x2300 [ 398.092299][ T8406] comedi_device_attach+0x520/0x670 [ 398.092342][ T8406] comedi_unlocked_ioctl+0x686/0xf40 [ 398.092390][ T8406] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 398.092435][ T8406] ? __pfx_smack_log+0x10/0x10 [ 398.092459][ T8406] ? smk_access+0x14c/0x4e0 [ 398.092490][ T8406] ? smk_tskacc+0x2fc/0x370 [ 398.092519][ T8406] ? smack_file_ioctl+0x24a/0x340 [ 398.092548][ T8406] ? __pfx_smack_file_ioctl+0x10/0x10 [ 398.092587][ T8406] ? __fget_files+0x2a/0x420 [ 398.092603][ T8406] ? __fget_files+0x3a0/0x420 [ 398.092620][ T8406] ? __fget_files+0x2a/0x420 [ 398.092643][ T8406] ? bpf_lsm_file_ioctl+0x9/0x20 [ 398.092662][ T8406] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 398.092688][ T8406] __se_sys_ioctl+0xf9/0x170 [ 398.092717][ T8406] do_syscall_64+0xfa/0x3b0 [ 398.092734][ T8406] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.092762][ T8406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.092782][ T8406] ? clear_bhb_loop+0x60/0xb0 [ 398.092806][ T8406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.092825][ T8406] RIP: 0033:0x7f57bcd8e929 [ 398.092845][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.092862][ T8406] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.092884][ T8406] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929 [ 398.092898][ T8406] RDX: 0000200000000100 RSI: 0000000040946400 RDI: 0000000000000003 [ 398.092911][ T8406] RBP: 00007f57bce10b39 R08: 0000000000000000 R09: 0000000000000000 [ 398.092923][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.092936][ T8406] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8 [ 398.092970][ T8406] [ 398.092977][ T8406] ---[ end trace ]--- [ 398.316325][ T8411] netlink: 12 bytes leftover after parsing attributes in process `syz.4.736'. [ 398.318979][ T8406] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 398.318999][ T8406] CPU: 1 UID: 0 PID: 8406 Comm: syz.2.735 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 398.319021][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 398.319032][ T8406] Call Trace: [ 398.319041][ T8406] [ 398.319049][ T8406] dump_stack_lvl+0x99/0x250 [ 398.319075][ T8406] ? __asan_memcpy+0x40/0x70 [ 398.319098][ T8406] ? __pfx_dump_stack_lvl+0x10/0x10 [ 398.319119][ T8406] ? __pfx__printk+0x10/0x10 [ 398.319155][ T8406] panic+0x2db/0x790 [ 398.319180][ T8406] ? __pfx_panic+0x10/0x10 [ 398.319196][ T8406] ? _printk+0xcf/0x120 [ 398.319223][ T8406] ? __pfx__printk+0x10/0x10 [ 398.319254][ T8406] check_panic_on_warn+0x89/0xb0 [ 398.319281][ T8406] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 398.319342][ T8406] pcl812_attach+0x1b9e/0x2300 [ 398.319388][ T8406] comedi_device_attach+0x520/0x670 [ 398.319422][ T8406] comedi_unlocked_ioctl+0x686/0xf40 [ 398.319453][ T8406] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 398.319491][ T8406] ? __pfx_smack_log+0x10/0x10 [ 398.319511][ T8406] ? smk_access+0x14c/0x4e0 [ 398.319538][ T8406] ? smk_tskacc+0x2fc/0x370 [ 398.319562][ T8406] ? smack_file_ioctl+0x24a/0x340 [ 398.319588][ T8406] ? __pfx_smack_file_ioctl+0x10/0x10 [ 398.319628][ T8406] ? __fget_files+0x2a/0x420 [ 398.319643][ T8406] ? __fget_files+0x3a0/0x420 [ 398.319659][ T8406] ? __fget_files+0x2a/0x420 [ 398.319678][ T8406] ? bpf_lsm_file_ioctl+0x9/0x20 [ 398.319696][ T8406] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 398.319718][ T8406] __se_sys_ioctl+0xf9/0x170 [ 398.319744][ T8406] do_syscall_64+0xfa/0x3b0 [ 398.319760][ T8406] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.319784][ T8406] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.319801][ T8406] ? clear_bhb_loop+0x60/0xb0 [ 398.319823][ T8406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.319840][ T8406] RIP: 0033:0x7f57bcd8e929 [ 398.319856][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.319872][ T8406] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.319894][ T8406] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929 [ 398.319908][ T8406] RDX: 0000200000000100 RSI: 0000000040946400 RDI: 0000000000000003 [ 398.319920][ T8406] RBP: 00007f57bce10b39 R08: 0000000000000000 R09: 0000000000000000 [ 398.319932][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.319944][ T8406] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8 [ 398.319974][ T8406] [ 398.326006][ T8406] Kernel Offset: disabled