last executing test programs: 12m29.469313462s ago: executing program 1 (id=387): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000019"], 0x40}}, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300090a00000000000000feff13000400060000000e0002000000e0000009000000000000000002000100000100000000000200000000030005003c00000002000000e00000010000000000000000"], 0x50}}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) socket(0x21, 0x2, 0x10000000000002) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_tcp(0x2, 0x1, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYRES32=r2], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 12m26.021978281s ago: executing program 1 (id=391): syz_emit_ethernet(0x4e, &(0x7f0000000480)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "e5ff04", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x2, 0x0, 0x200, {[@mss={0x2, 0x4, 0x9}]}}}}}}}}, 0x0) 12m25.635140077s ago: executing program 1 (id=395): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 12m23.132338153s ago: executing program 1 (id=398): r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000380)=0x7, 0x4) sendto$inet6(r0, 0x0, 0xfffffffffffffd2f, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x2042, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x8, [@int={0xd, 0x0, 0x0, 0x1, 0x0, 0x5e, 0x0, 0x32, 0x3}]}, {0x0, [0x30, 0x5f, 0x5f, 0x61, 0x30, 0x30]}}, &(0x7f0000000040)=""/127, 0x30, 0x7f, 0x0, 0x9, 0x0, @void, @value}, 0x28) tee(r2, r1, 0x6, 0x5) r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000006c0), 0xffffffffffffffff) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) splice(r5, 0x0, r4, 0x0, 0x1, 0x0) fcntl$setpipe(r4, 0x408, 0x7) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x10000) sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f00000007c0)={&(0x7f0000000680), 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x44, r3, 0x903, 0x0, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x10}}, {0x6}}]}, 0x44}}, 0x0) 12m17.228021102s ago: executing program 1 (id=404): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x8200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) pipe2(&(0x7f0000000bc0)={0xffffffffffffffff}, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000004c0)={r3, 0xffffffff, 0x2}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r4, 0x400454c9, 0x1) ioctl$TUNSETLINK(r4, 0x400454cd, 0x300) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000001680)={0x4, "edc492ca4200000078eaffff0300000000000000000000d400", 0xffffffffffffffff}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[r5, r7]}, 0x2) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000500)={0x117c, r8, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1168, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x53, 0x5, "a4b3fee3a7cce462023897d7ec089e1f7720aa3af3983b7c359920238aff38da27a7e9471f53073a153f061f2aff874683ebcfefd901ad94c51133347f1bfeab177c1b6fdc8d2ce8cfba55f8b5a4aa"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "53849c0a3d535d4d111b8e508763332a8f7ef97b63995669becd4e10b4684167e761ae4a33714425ac29fc41bed48c41d4a138c3f736b455d8b4a730acb607a5b370d81bfa9767c7def2f280e400a0e5e5d7434d01f4972d6e364faf46df83cdb3dfae8f17d0dd9bf2c30862354be919ccbd62e58901cdea8e9d18439d9f47d5d82b2863a2c1a0bc271c4c25db044417b01b0bb4c3296f44b3c0e4780d3e2208e661eef7d68e8afe5a0f4f867ff0881046cff83596e31639806b31109fff061afe461b38cdf47c2b2845b2a1c76e11d2dc44529ad8c4b47cb79b7fd0392003299ecd2aa7af7acac6aa94a07539abc4f9ce5559ae7f866ed0b03817764d4ea35b132357ff2df0449850a2b219014c34379634318c531441c65dbfdadfa51518c9bd7eba8b89273e5c470fbc20e8ef08aa669989678dba4c6cc107a7c70c8fa2be773095b92720da5d01ae601de6a26cdb2c1b30c50f287b7307cbd1c9091f61161e51c0321dda96c8ffc0c66cecded1979c219d8c53e9e3046317c22566a854e6b9703b7d8fb2f02926743ba40552a1d163c33dba81b2fde45656dc26cf7c64b7bed47335056e754546f7c376f9343fce69417fda9f92e2d597dae6dbf6b2a557f8a8e572008dafdf329de5a7d40b9fe78f22159d3f0e9bce66f152df48810c140a7f27a72b6675c4119661bf9a643a1721b657e0f87dc68d56222f3b83514f414918a4fe617d69169c949b19aee4269063b243ce1fd72b37308b1fe7b3216fbe36ce0f59343d5c611a64f9f01eab3543c844c53d775817175ef5a381321c2388c66445a1e4a92a29f9edf0778161875862225fef07171b19fc83231092d07fbf60c9256e196c768d8f951b582c3d4af19517cd24cc734455964ed07bd42e45b8f84b6bd0fe970e8f2d5f5881f9f2ea2887f13432b34308c8decda5e75a0cf754423bde3851e879dbd749d7c12770624a8e012274299d9be47c95a609557d01f3ae17d196aa7c2ed498a03d1b27dfcb72145b8e6f74ce783e7d4ae182471be07713b785b75fdfcbc3eab2172ee38c98bd301633ead19aab2984f50f6efdbc6c21780fad2e6e837b219ca6a9ae2b0c619610424e3be178b6ea82cda53b18b5ff24d77eea10c29c02537de22ce656c5f44c028969e71de9b913fd9934321021d5d311f3ec75b7421fc1acff6adc2df615f1dd1f13c427537ada6110643dc525bc9a7bb9218ce04baf6bbcae9d245cc60816f3915679825b33d34c6974c16e4507076f4fa3564b0ad08c64526eb86addd8ac5281b2f98b4b03d097d52765109cb161591dab5b528ea10a773fea8b89c6e824707301ee60cd5c80a7a812e1e08986819b4f343f4fbf659ba4420293e827149e144ba4247f8e8091eb5bc5a3c47cc685e24fd81d2164f89eb3b8efe7d4e9ed443a5172066a5cc42219c6d9e6aa48445691a44b395847e0f220476b08a23d8bd662f7e94cc1505813fb8381a060d163593ef6b44ec89158e88867757946b89c8f46ec1c2a1f5d6b6945cfc1756762d9ffcb2a30954d93aecaaa5e59ce974b39f78969d3e5f27ed076e4db3bee2e7c385f09811d74429069176ffd2a1322ebb61f4cbf8841630b83e0f7db965046cc853fe502ea8bb6debc4d37465a936da389d04c358c1bae63222f8107d4a1d48d659f11982297a3b575fcbe874ca9c697f41383b80db2736ea79d8e9b4f7c5c098649ed95e21a5ad75aeb16c2013f1e2b7a1b98687300b39414fcea74bdd7c12ee00ce97f1ba3bc8e1daef144dcbf95aea54d7717828c612a2dd66c58a04af3cb3d2f801989c4efe3389b6bf18801560d92d257b41875d6f42b5c88c751c185a43039ed348e94c8ef24f1b4389ea97f2c4377b4cd65281d41cfd5336ae9bc95272fb047cca47b0aea20551c5cfda50100200915ff140230f9bc32c0b9cd578b046cb206369741686e9f6c1c8e8a66fa8f1248a157bdffecf87bece5143843c922108e9e37cf4ade665e00c224c2ec153b1988c84eea087470f2bae76c786ab542769ac338aa445dcd24ce2fece40197ea7e42be245d4aea1d8fd70d23c511cf833270cda545edfd23d9634b2bc0ac43651f7ada430f65768daaa7558b836f842632e96b3cbebf0a8420794e582d28b49ada338e9b78a6efbf5fb58319aaec5b4610fe6a2272d51a0235a41656e42911dcf0aea28207ea914b64df447dd2688add8e2e228bf468353c90cf9f8a5a39e99a42448491590e224981104c79db632545b226c68deb878d15df828e2251bea6826c6a01b9d30ed8ce0c3a1cf542a8ed4657b2ad61396d4910ebdd7a2bc2709417dacfaaf0835891c1819af09e2eea385de9503f56a6859044e103535a8e7ffb65b1577aba62efa749cfa3d084992a4fef3ae5b2f9e4379b223a9c18403b10b6ee3a0004961d9cc32d4309aa6ada127dcf4a88c4dc999fdb5434fed43737e8fd85a37f2f55e7a9f88003d03ee27b0778c8a4057dc5cec64332dbe2edb01ef0130ef67f1ef8576d222db4a18122fa01b51939ebccb1331b5b64bb1d3ccfc27084505a93b778d4e643c1a0c34065d341339725dd44859c62c1ec377aa245bdf19404f92797968ca7fd49387a445c621c67c9a62bc3a035159c40f8735529397111cb93293d481a4cb2baec4bdb2e6c448ae3b2ed848a7ec3f2116a772ba4f799b68019af66c6d61061746d73a4cbed4815c450c70438844c48b6b235d38e47ad177bd49e1ea47fc3c65f1a146d3d1723a62a16f8231f366cd9c89febffce2a9b2a6ff950e5c6fb14315855fa56e697c61422a040369bd8860b629a5f9734d1d4a28f18ebdf81db859856401a120c7a000a0e1341b7ffa0c60f5680c6f400ce914292506d5467ce433636edc24e661bd3338aa9b9b8c93db53a47fce38d652391ec345cf8102afb1d39eb3bc94102e191f4b7c02839fc65d2091c25ebee001116a65312002053ea12f06c938d0526b54217c6ee64635556972c1dc387d3718517b642fd35c73c4724d4fcf57b8cff1594b821c9fe4bb01d354fe75f02a2bf587d217a92546f8b75100f56f0aef5fd0d827645ae3b3a5a2f0b4cf2440cfefe05d6e25708d5595d46a796c9c7ffafaff26df3c9a29b2b092c0cd9a6e2a936befbbda6139517b2f72e0e3ae502bce1427617e18121a7b11e3344251c35cf2618572cddeef14a30baf46a488dfd8afdc51f09328be0574286076cca7a5a9474a08b7666bb658efc19ee4810dff9504a8e2a1d807d770266389f6a6571d305028976d1c16d8aad4fd66600e27e50a64d6878a16136bc20d4a9c9d6726ee90f0078eadf179736f07e21a55d520ded63cd6a078adf4b588fc6ef1a2e45cb4f803d2416c9500d460d5cbbc379c4e0bf44a9cd733b31ef2ecae6fa58a2889019314b4e709ae512b58176209661f6efaa9f6875008c154657d6da0bee37fc46d193f3b2eea1876f6c45d2c7022c55856c8869601a6ca08983cc758e73e3e78e3d1d28e921043887f2dfe44656dec7c6f2bdd8a30385a1580019a230ba201fa45d2d61d9db2d98fa30876e872f95b9928fda9a13606cf02eb6f583b5063c20fbc3d019457336840729fffcc14acdcbe58ec8d18cc432a07cb489ae3385c710afcbf91e742a558c7acd5cc8624dd0c2bb6c29ec9a508af362aec149275c71627ddee7db1e3d1a3179229ca2b02e622db288fc1c7b78f4ed2bd9edf01ee7b5b3d3d3e2649cfb491c2fb8acf694325064328e9ee758f74a53f9c6fed69970fec0c0c34daacd5f5f6f8de73ef4e118928ec3595a342de06451a63aef7edbf2a07e1cdb999f7a8ca7df27477829c41edea390d4d7b9a9f4066875d4d09b285e2e4a180c40faee77d1af9ebe4b09bcb247dfdc09c91c3e7ed92502863e90017ba5c626c9947c3120250033ad6fa41740c9771053532b6e5b527246366be29d937b87fe9f8ed99fea43c4f9030f53ca5c9c06e8fa73800bb2670026a2550828cd2474ad8ec587cd4a6a4535936681dc41c0ad136bad3b958c0bd7ad217f7bfca772edf88a924144c62e79e5addf7b3d91a4fe5f07dbadfb276fa612d16423a91cf9dc8746fd9da8f1deb053bad507de66f795ad241e708eb97cc793321fe595ff98c1373891285d2ab9b8dda616d43c9a537c116711b5236fc0962caebce7beb88a0077d35ad31e0df7fc8796b910243945ad6b7fa903a6046bf238b60d6843f264aaf31111fbd0724513af83318b5ea1230f095cb60e6d29a9c0dd68a545615f3bd8f90e55188dd863ebdb83fc5e2763729570c6310a7dbd366b570a877b934e3d1048a446051a10e2c2df8c0833e4cae801f48708eef40c8acc47c6799ec6ad442b4305235ca10febeef206869b5e0795ea666a67688a53ecc2454e35973bfd61650b40cc8616c3250607348f07aa9161057cd225a6a2b0b75c2fdb3094827ab29fc13021202031ac76cf11cd266d77e8df6b4f188a61da925a65dd68098ca677a661a642939ae446f695f0fb813266c1532d61252b78e81d1b679fef3e31aefcd05af8432ff33da039b8c9506d1620e53d8973f0d64b13fa23d57587d7f7d9ec18814ee445fff0209babe5ada29a9456973891f86af21bc53edaad5acbfb5d61e3d35707846dcd9836a81b5c875ef3edff32544382f8f12a0926ca01d851c7e18e700a65ab96249c5db3d0344b9972f2cde41f5deffa20795896af2830911315010e3581f666c5bb288b93cf36510e8d21340c2262da7a35ed743196881604cdbbb3fbe79889af53206fb5f34dd7057472b85e6b3be268356b3d73172d9a26195fa40bacc491e674b0603e2ffaf11f819b9a34b12dd38732d318241af6f391eb966d30d6e5d4cc20c8eecc5e444b4d548a120ee2d81fa6bbf317146cf729a553baddc0a369f2a76103c8461a2dd0d6ac5cd836a63e5762e3b20b1decf9890ffd6c84871098c72ac44eddab7c663eef6f9a3c9fbf73ff7cb8b4cecaca42a133568ed0c9b95594abd3a3e5f18297654ed9724be40d2af32d63c5e465031b3fe9f465d38c27618ff0eeb2a0e0db251196754c0e190e0caf0217d514c138783dfe1ce5def61a2e613f3428dbc73a87d2b4231f5ec543ee201086999131d930968ce786308a25af3b3e661171718fbdeb88993e81e5056555bf1baa2af630879b1415bc16ff63854cc42a14f845a6fbf883280ee6acfaa0d11bb3bc76dadcf5a8354ac4a0be90523dbf7525d99fbf79fe897c5201d5996138c18e661724639941acb25fcbdf95f89b44adc328a71b16898aabd08d0367451aa90490dff9db9da783766e8df957c67003d9b3c4d9435a7072ee68bc9d1172735985292b45b4090cb695d0417f325a5746724da5c94cfda8638684eff5f5323db2c63a42d530b345621f346b8e13006894671c8e35d2193b24267ed8c36273748a13c32728b7d2fffeaef69af25f0dfdd09ec2bac163d30c94955577d6600d49277e0ed6359336e43498f6766549b1bbb9462fb5edb83724848c19db730c1da165488ddc7349e185cc160948e7919c8af21dcf7b5e42c9f98ee2f9db74ef5ea6c61cc1c42076380f0d84364467a361658d443e5046102d0436577fd1c3206bcd73acea567027d67dcc44304de86d23118be1fe1b0a713b9eb61f6bbd371b7761d1b0ea363fd4b53ca3e94fdb39c8f82b8f5a64ce0ef4ccbd281e10a33e272b4da2d6f2d8decf37eb5b085c999382e63e932273f58a8aff576140a8df2358520012398a6211c175a2fc1e6444925fe7d99eb68f815d030089f2bff76a11cc6b634b4772397a2e"}, @ETHTOOL_A_BITSET_MASK={0x9, 0x5, "e95b2a9d39"}, @ETHTOOL_A_BITSET_VALUE={0xfa, 0x4, "c16f99eb9659655f8ab6856c8d840305066222651f312cf5b81dca640058cdf885bda7e3da838f3dde1f7e2b94b808f72019e95fa602d49c0e8f17e86db7995b77fb19242357f4419fa1c73190b4d67fc81674c1f0f6a2519ddaeef889ffa748ec322ce2fb8756c471eb26d66f2976a7baebbd8709f6725ba934841e5be62e135e160ac615534ec2e32d360bf54b910d50b472356a21bd673c8ce6a92fdd3bcd3864b2cffcd5d99914df4cd13eab049c0208edbfcf349164eac3c7b0919757cec068ae093132f5bba7ccf939985924ccac0ac00c88751cf397add562327d284b004eccab67acd87991dd2f95885cfbab83ff604cf1c1"}]}]}, 0x117c}, 0x1, 0x0, 0x0, 0x20000810}, 0x30000004) ioctl$DMA_HEAP_IOCTL_ALLOC(r7, 0xc0184800, &(0x7f0000000100)={0x4, r6}) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r10, 0x0, 0x1}, 0x18) ioctl$DMA_BUF_SET_NAME_A(r9, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DRM_IOCTL_GET_CLIENT(r9, 0xc0286405, &(0x7f0000000340)={0x8, 0xd5c, {0xffffffffffffffff}, {0xee00}, 0x4, 0x8000000000000000}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018002000000000003000000030000000020000800000000001000004ffffffff0000000003000000000000000000000000000002030000000000000000000009020000000000"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) quotactl_fd$Q_SETQUOTA(r10, 0xffffffff80000802, r11, &(0x7f0000000440)={0x4, 0x9, 0x2a, 0x7fffffff, 0x100, 0x5, 0xfffffffffffffff9, 0x7, 0x6d39}) 12m14.961080167s ago: executing program 1 (id=410): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) bpf$BPF_GET_MAP_INFO(0x15, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000500)={0x14, 0x2, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}}, 0x10) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x803, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0xa4, 0x99, 0x40, 0x7d0, 0x4101, 0x3ffc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x51, 0xed, 0x15}}]}}]}}, 0x0) 11m59.306074825s ago: executing program 32 (id=410): syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) bpf$BPF_GET_MAP_INFO(0x15, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000500)={0x14, 0x2, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}}, 0x10) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x803, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0xa4, 0x99, 0x40, 0x7d0, 0x4101, 0x3ffc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x51, 0xed, 0x15}}]}}]}}, 0x0) 5m25.340836588s ago: executing program 4 (id=1215): r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)=0x7ffd) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000180)={0x2, &(0x7f00000000c0)=[{0x40, 0x0, 0x4, 0x4a4000}, {0x6, 0x0, 0x0, 0xf}]}) write$ppp(r1, &(0x7f0000000200)='xS', 0x2) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="66643d2affffffff2c876442cd464d1972c1b72d2ad400286e99a9cb9ad2219643f9de6bd2e88094c675ae26e31529cd657d6340bf3c55ea83cc44bd0571", @ANYRESHEX=r2, @ANYBLOB="2c726f6f746d6f64653d3030303030303030303030fca5c101303009fb1b0edc268c0991bef952e678dc51b1927a8d84d1b512a5eb085d8a07c2cf9dbc8ebdd3ee76114b0fb4ae4f6c9b1d203e8f0a5a02680513ce6c152d6101022a655efc7a19e95d5638baf8d706c59ed6340bb5729b8c99c7643a8659f791388472b9cfd11c7c37888d1446465a5cc52cc9d37217dba47caeabc935af7073fbfcb5ea28c090091bceb379d90878e5884783f71882861cf2e124eb0880cd7820612a308058ba6ef5a4329b96f45d46fd8034be03bccaf8126925696967db725606f726b543c9642bebe20fa5ec1128578d2486b0b4032b9463ed979ce30168430d49fb9294f5f1e6af3ab62c09714e958acd4700974748e615474a80e3b5295a6ec6582534ebbaf6de50a7950195e7f574ab7f43526e68bcc3ba080d348a9023b8d6a5b9526707f9cb67a9b2b79f37b468b0efea97d630184bd073676d17d2763afffd3b34258be2d3af022f2be8154068935b9b110e8cb694bd580db72538de92da788573ca2ce3ae28e77cda7fbe6a732a257d4096c127627f0ade743f21780c037f0951b1c24060f1a80094cdce65cff0974f32b0ece83e1038135449483d3ebce42a73145c648a7548a9759f3d23766f5301a06348fa489b79a0c3db0aa217a25968fa62ab089825d8", @ANYRES32=r4, @ANYRESOCT=r0, @ANYRESDEC=r3]) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50) syz_fuse_handle_req(r2, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xec801, 0x9a) io_setup(0x2, &(0x7f0000000200)=0x0) io_submit(r7, 0x140b, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x700fbff, 0x4, 0x1, 0x0, r6, &(0x7f0000000180)='\x00', 0x1001}]) dup3(r2, r6, 0x6700000000000000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 5m23.121584525s ago: executing program 4 (id=1220): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0xa, 0x1) socket(0x18, 0x5, 0x86b0) openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xf555}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, 0x1, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1000}, [@NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1ff}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x477}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040890}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='mm_vmscan_lru_shrink_inactive\x00', r6, 0x0, 0x8000}, 0x18) r8 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r8, 0x0, 0x0) r10 = openat$cgroup_subtree(r9, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r10, &(0x7f0000000040)={[{0x2d, 'cpu'}]}, 0x5) r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x11, r11, 0x800000000000) bind$inet6(r1, 0x0, 0x0) 5m21.23657059s ago: executing program 4 (id=1224): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r3, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) (fail_nth: 6) 5m20.428322921s ago: executing program 4 (id=1225): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000faffffff0f0000001000000004000000010000000000000e0300000064767229f28f4747"], 0x0, 0x2c, 0x0, 0x1, 0x7, 0x0, @void, @value}, 0x28) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0) r3 = dup(r2) sendfile(r2, r3, 0x0, 0x80006) recvmsg$unix(r3, &(0x7f00000002c0)={&(0x7f0000000140), 0x6e, &(0x7f0000000a00)=[{&(0x7f0000000340)=""/179, 0xb3}, {&(0x7f0000000580)=""/200, 0xc8}, {&(0x7f0000000400)=""/166, 0xa6}, {&(0x7f0000000680)=""/210, 0xd2}, {&(0x7f00000007c0)=""/100, 0x64}, {&(0x7f0000000840)=""/159, 0x9f}, {&(0x7f0000000900)=""/205, 0xcd}], 0x7, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x38}, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000480)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r6 = fsopen(&(0x7f0000000180)='ntfs3\x00', 0x1) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="480000001000030500dbbb004edbdf2500000001", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000200000100c28000050006"], 0x48}}, 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a80)={'veth0_virt_wifi\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3ff, 0x7, 0x3ff, 0x8, 0x4}, 0xee8, 0x0, 0x7fff, 0x0, 0x4, 0x1a, 0x19, 0x18, 0x2, 0x81, {0xffffffff, 0x2, 0x4, 0x0, 0xb, 0x5}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', r5, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@o_path={0x0, r8}, 0x18) 5m17.580238331s ago: executing program 4 (id=1231): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080), 0x243950128ef65367, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) syz_usb_connect$cdc_ecm(0x3, 0x52, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x1, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9}, [@call_mgmt={0x5, 0x24, 0x1, 0x1}]}, {[], {}, {{0x9, 0x5, 0x3, 0x2, 0x8}}}}}]}}]}}, 0x0) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x14, 0x14, 0x1, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00'}) connect$pppl2tp(r0, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @multicast2}, 0x3, 0x1, 0x3, 0x2}}, 0x26) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000100), r0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r6, 0xc0044d08, &(0x7f0000000040)=0x45) connect$802154_dgram(r5, &(0x7f0000000000)={0x24, @none={0x0, 0x1}}, 0x14) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) r8 = fcntl$getown(r4, 0x9) sched_getparam(r8, &(0x7f0000000200)) socket$qrtr(0x2a, 0x2, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00') syz_init_net_socket$x25(0x9, 0x5, 0x0) getdents(r9, 0x0, 0x0) 5m17.579003282s ago: executing program 4 (id=1232): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)}], 0x2}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x82000, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f044}) ppoll(&(0x7f0000000080), 0x0, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r6, 0x8000000) socket$inet_udp(0x2, 0x2, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x20, r7, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}}, 0x0) 5m17.316932626s ago: executing program 33 (id=1232): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)}], 0x2}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x82000, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f044}) ppoll(&(0x7f0000000080), 0x0, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5) r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000008, 0x11, r6, 0x8000000) socket$inet_udp(0x2, 0x2, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x20, r7, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}}, 0x0) 6.368248078s ago: executing program 3 (id=2016): madvise(&(0x7f00000d4000/0x4000)=nil, 0x4000, 0xc) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r0, &(0x7f0000000580)='1\x00', 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086d040ec20000000000010902"], 0x0) write$sysctl(r0, &(0x7f0000000000)='2\x00', 0x2) 4.428468979s ago: executing program 5 (id=2036): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7, 0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 4.272170293s ago: executing program 3 (id=2038): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)={0x7}) syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340), &(0x7f0000000280)) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_expedited', 0x161b82, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4048aecb, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r4, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0) 4.10776368s ago: executing program 2 (id=2041): syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000001300)="92", 0x2) 3.901958737s ago: executing program 3 (id=2043): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffffffe}]}}}]}]}], {0x14}}, 0x7c}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={0x0, 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0) connect$unix(r4, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 3.874598306s ago: executing program 6 (id=2044): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0) 3.51645601s ago: executing program 6 (id=2045): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x40014) 3.291590979s ago: executing program 6 (id=2046): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') preadv(r0, &(0x7f0000001740)=[{&(0x7f0000000640)=""/4096, 0x1000}], 0x1, 0x2, 0xff7ef001) 3.257306744s ago: executing program 5 (id=2047): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000003, 0x31, 0xffffffffffffffff, 0xfffff000) set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x4010) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000100)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x16, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5b2, 0x0, 0x0, 0x0, 0xe9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @exit, @btf_id={0x18, 0x6, 0x3, 0x0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000, @void, @value}, 0x94) 3.112324082s ago: executing program 6 (id=2048): syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') 3.112104104s ago: executing program 5 (id=2049): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000002400)=ANY=[@ANYBLOB="0100000000f2ffff00000040"]) 3.022915299s ago: executing program 6 (id=2050): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r2 = dup2(r1, r0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e23, 0x3a600b3f, @mcast2, 0x33}, 0x1c) 2.966755918s ago: executing program 5 (id=2051): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000007a40)=[{0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000b80)="1a816649d5bf265d732360c99fc72bbf", 0x10}], 0x1, 0x0, 0x0, 0x80}], 0x1, 0x4004041) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/15, 0xf}, {&(0x7f0000000400)=""/208, 0xd0}], 0x2}}], 0x1, 0x0, 0x0) 2.897933882s ago: executing program 3 (id=2052): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f00000014c0)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c2f8d", 0x1a}, {&(0x7f0000001500)="937518de32000000000760b89580244383a17815de495b23d2c1a4009c71254f", 0x20}], 0x2) 2.812320349s ago: executing program 0 (id=2053): r0 = syz_io_uring_setup(0xca1, &(0x7f0000000100)={0x0, 0x8de0, 0x10310, 0xfffffffe, 0x4a}, &(0x7f0000000180)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r0, 0x2ded, 0x4000, 0x0, 0x0, 0x0) 2.808010718s ago: executing program 3 (id=2054): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000001040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000001080)={r2, 0xfff}, &(0x7f00000010c0)=0x8) 2.771749877s ago: executing program 0 (id=2055): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x200, 0x2, 0x2, 0x0, 0x2}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000cc0)=0x2) 2.696247561s ago: executing program 3 (id=2056): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000ec0)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x4e24, @remote}, 0x3, 0x0, 0x3}}, 0x26) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0x64, 0x4, 0x368, 0xffffffff, 0x1b8, 0x1b8, 0x0, 0xffffffff, 0xffffffff, 0x298, 0x298, 0x298, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, [], [], 'veth0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c8) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x20000, @rand_addr=' \x01\x00'}}}, 0x32) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r5) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) sendfile(r9, r8, &(0x7f00000000c0)=0x58, 0x5) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) write(r9, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000340)={'wpan1\x00'}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r6, &(0x7f0000000000)={0x0, 0xb, &(0x7f0000000200)={&(0x7f0000000180)={0x38, r7, 0x852dd6c070cd7e4d, 0x70bd26, 0x25dfdbff}, 0x38}, 0x4, 0x700000002000000}, 0xc040) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r4, 0x5, 0x70bd27, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110440000000000dc0500002000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xc3, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x5}, 0x8, 0x10, &(0x7f0000000080), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.670282393s ago: executing program 0 (id=2057): r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x2000, 0x0) getdents64(r2, &(0x7f00000032c0)=""/50, 0x32) 2.52054967s ago: executing program 2 (id=2058): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x20000010304, @dev}, 0x4, {0x2, 0x4e20, @remote}}) 2.460316655s ago: executing program 0 (id=2059): getsockname$l2tp(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, r0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8005}, 0x20000000) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$igmp(0x2, 0x3, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="0200"], 0x10) socket$l2tp(0x2, 0x2, 0x73) 2.347745337s ago: executing program 2 (id=2060): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000002400)=ANY=[@ANYBLOB="0100000000f2fffff1000040"]) 2.268245773s ago: executing program 0 (id=2061): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000200)={0x0, 0x0, 0x20, 0x10000000000000}, &(0x7f0000000340)=0x18) 1.944444882s ago: executing program 6 (id=2062): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0xf5982500, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ptrace$poke(0x4, 0x0, 0x0, 0x4) syz_clone(0x3000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.944207523s ago: executing program 2 (id=2063): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0x7, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}, @TCA_FLOWER_CLASSID={0x8, 0x1, {0x1, 0xffff}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x585f9b0aafb31033}, 0x800) 1.944063507s ago: executing program 5 (id=2064): r0 = syz_clone(0x200, 0x0, 0xfffffffffffffea4, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000005c0)=r0, 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef0000000109021200010000"], 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1, 0x12) 1.594434914s ago: executing program 0 (id=2065): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000e40)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x4]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) 653.399972ms ago: executing program 2 (id=2066): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000200)={0xbe, 0x0, 0x1}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0x8, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {0xb}, {0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}]}]}}]}, 0x4c}}, 0x4840) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)) 184.345527ms ago: executing program 2 (id=2067): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x7, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x4040800) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYBLOB="070000000000000007000000ffffffff"]) 0s ago: executing program 5 (id=2068): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0, 0x2}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086201, &(0x7f0000000040)=0x1) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, 0x0) kernel console output (not intermixed with test programs): scall_64+0xfa/0x3b0 [ 762.575977][T11686] ? lockdep_hardirqs_on+0x9c/0x150 [ 762.575999][T11686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.576020][T11686] ? clear_bhb_loop+0x60/0xb0 [ 762.576048][T11686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.576069][T11686] RIP: 0033:0x7f942d58e969 [ 762.576088][T11686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 762.576108][T11686] RSP: 002b:00007f942e4e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 762.576133][T11686] RAX: ffffffffffffffda RBX: 00007f942d7b5fa0 RCX: 00007f942d58e969 [ 762.576149][T11686] RDX: 0000000024004800 RSI: 0000200000000000 RDI: 0000000000000003 [ 762.576164][T11686] RBP: 00007f942e4e4090 R08: 0000000000000000 R09: 0000000000000000 [ 762.576178][T11686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 762.576191][T11686] R13: 0000000000000000 R14: 00007f942d7b5fa0 R15: 00007ffd72a8e828 [ 762.576227][T11686] [ 763.912565][T11699] FAULT_INJECTION: forcing a failure. [ 763.912565][T11699] name failslab, interval 1, probability 0, space 0, times 0 [ 765.023504][T11699] CPU: 0 UID: 0 PID: 11699 Comm: syz.0.1417 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 765.023539][T11699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 765.023553][T11699] Call Trace: [ 765.023561][T11699] [ 765.023571][T11699] dump_stack_lvl+0x189/0x250 [ 765.023609][T11699] ? __pfx____ratelimit+0x10/0x10 [ 765.023645][T11699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 765.023676][T11699] ? __pfx__printk+0x10/0x10 [ 765.023704][T11699] ? __lock_acquire+0xab9/0xd20 [ 765.023730][T11699] should_fail_ex+0x414/0x560 [ 765.023757][T11699] should_failslab+0xa8/0x100 [ 765.023792][T11699] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 765.023825][T11699] ? alloc_io_context+0x27/0x290 [ 765.023854][T11699] alloc_io_context+0x27/0x290 [ 765.023881][T11699] set_task_ioprio+0x462/0x5e0 [ 765.023904][T11699] ? set_task_ioprio+0x60/0x5e0 [ 765.023931][T11699] __se_sys_ioprio_set+0x519/0xa30 [ 765.023963][T11699] ? __se_sys_ioprio_set+0xd0/0xa30 [ 765.024001][T11699] do_syscall_64+0xfa/0x3b0 [ 765.024024][T11699] ? lockdep_hardirqs_on+0x9c/0x150 [ 765.024045][T11699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.024066][T11699] ? clear_bhb_loop+0x60/0xb0 [ 765.024092][T11699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.024113][T11699] RIP: 0033:0x7fcb6bd8e969 [ 765.024132][T11699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 765.024150][T11699] RSP: 002b:00007fcb6cb14038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb [ 765.024173][T11699] RAX: ffffffffffffffda RBX: 00007fcb6bfb5fa0 RCX: 00007fcb6bd8e969 [ 765.024189][T11699] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 765.024201][T11699] RBP: 00007fcb6cb14090 R08: 0000000000000000 R09: 0000000000000000 [ 765.024215][T11699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.024227][T11699] R13: 0000000000000000 R14: 00007fcb6bfb5fa0 R15: 00007ffd4a52ce58 [ 765.024267][T11699] [ 765.723378][T10223] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 766.052498][T10223] usb 4-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 766.071068][T10223] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.080301][T10223] usb 4-1: Product: syz [ 766.084518][T10223] usb 4-1: Manufacturer: syz [ 766.099029][T10223] usb 4-1: SerialNumber: syz [ 766.671511][T10223] usb 4-1: config 0 descriptor?? [ 766.820062][T10223] cypress_m8 4-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 766.881070][T10223] nokiaca42v2 ttyUSB0: required endpoint is missing [ 767.817860][T10929] usb 4-1: USB disconnect, device number 39 [ 767.835006][T10929] cypress_m8 4-1:0.0: device disconnected [ 769.732820][T11764] hub 8-0:1.0: USB hub found [ 769.738283][T11764] hub 8-0:1.0: 1 port detected [ 771.058609][T11764] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1431'. [ 771.068434][T11764] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1431'. [ 772.215775][T10223] usb 6-1: new full-speed USB device number 34 using dummy_hcd [ 772.288330][T10929] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 772.519764][T11782] vivid-007: disconnect [ 772.558946][T10929] usb 3-1: Using ep0 maxpacket: 8 [ 772.589821][T10223] usb 6-1: not running at top speed; connect to a high speed hub [ 772.657543][T10223] usb 6-1: config 1 interface 0 has no altsetting 0 [ 772.680712][T10929] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 772.743208][T10223] usb 6-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 772.753364][T10223] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.758554][T10929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.788347][T10223] usb 6-1: Product: syz [ 772.798631][T10223] usb 6-1: Manufacturer: syz [ 772.818361][T10929] usb 3-1: Product: syz [ 772.828578][T10223] usb 6-1: SerialNumber: syz [ 772.833576][T10929] usb 3-1: Manufacturer: syz [ 772.863739][T10929] usb 3-1: SerialNumber: syz [ 772.925982][T10929] usb 3-1: config 0 descriptor?? [ 772.957005][T11779] vivid-007: reconnect [ 773.242336][T10929] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 773.282880][T10929] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 773.314072][T11793] tipc: Started in network mode [ 773.320877][T11793] tipc: Node identity ac14140f, cluster identity 4711 [ 773.328052][T11793] tipc: New replicast peer: 255.255.255.255 [ 773.335129][T11793] tipc: Enabled bearer , priority 10 [ 773.373631][T10929] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 773.398465][T10929] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 773.428410][ T5910] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 773.457611][T10929] usb 3-1: USB disconnect, device number 35 [ 773.596553][ T5910] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 773.697958][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 773.749762][ T5910] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 773.785934][T10223] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input23 [ 773.843516][ T5176] bcm5974 6-1:1.0: could not read from device [ 773.857547][ T5910] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 773.910694][ T5910] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 773.943953][ T5176] bcm5974 6-1:1.0: could not read from device [ 773.952462][ T5910] usb 1-1: Manufacturer: syz [ 773.986388][T10223] usb 6-1: USB disconnect, device number 34 [ 773.997150][ T5910] usb 1-1: config 0 descriptor?? [ 774.110705][T11807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1440'. [ 774.174329][ T5910] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 774.449689][ T5910] tipc: Node number set to 2886997007 [ 774.680677][T10223] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 774.707135][T11816] netlink: 'syz.6.1443': attribute type 21 has an invalid length. [ 776.536713][ T5876] usb 1-1: USB disconnect, device number 53 [ 776.882921][T10223] usb 6-1: Using ep0 maxpacket: 8 [ 777.798519][T10223] usb 6-1: device descriptor read/all, error -71 [ 778.134140][T11847] trusted_key: encrypted_key: key user:syz not found [ 778.239077][ T5910] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 779.982390][ T5910] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 780.022944][ T5910] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 780.112546][ T5910] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 780.244935][T11842] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 780.252339][T11842] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 780.283418][ T5910] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 780.314539][T11842] vhci_hcd vhci_hcd.0: Device attached [ 780.362186][T11860] vhci_hcd: connection closed [ 780.387021][ T12] vhci_hcd: stop threads [ 780.407982][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 780.497050][ T12] vhci_hcd: release socket [ 780.598416][ T2150] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 780.609152][ T12] vhci_hcd: disconnect device [ 780.857003][ T5910] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 780.982947][ T5910] usb 3-1: invalid MIDI out EP 0 [ 781.098843][ T24] usb 1-1: new full-speed USB device number 54 using dummy_hcd [ 781.286305][ T24] usb 1-1: not running at top speed; connect to a high speed hub [ 781.427651][ T24] usb 1-1: config 1 interface 0 has no altsetting 0 [ 781.504815][T11877] xt_CONNSECMARK: invalid mode: 0 [ 781.650153][T11877] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1452'. [ 781.658026][ T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 781.671676][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 781.671699][ T30] audit: type=1326 audit(1748593390.469:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 781.812110][T11872] netlink: 'syz.3.1454': attribute type 27 has an invalid length. [ 781.813387][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.869985][ T30] audit: type=1326 audit(1748593390.469:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 781.929505][ T24] usb 1-1: Product: syz [ 781.939623][ T8182] udevd[8182]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 781.940362][ T24] usb 1-1: Manufacturer: syz [ 781.976087][ T30] audit: type=1326 audit(1748593390.499:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 782.032895][ T5910] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 782.068363][ T30] audit: type=1326 audit(1748593390.499:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 782.091614][ T24] usb 1-1: SerialNumber: syz [ 782.103345][ T5910] usb 3-1: USB disconnect, device number 36 [ 782.128490][T10929] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 782.172356][ T30] audit: type=1326 audit(1748593390.499:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 782.222852][ T30] audit: type=1326 audit(1748593390.569:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 782.292635][T10929] usb 4-1: config 0 has an invalid interface number: 216 but max is 0 [ 782.308483][T10929] usb 4-1: config 0 has no interface number 0 [ 782.311014][ T30] audit: type=1326 audit(1748593390.569:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 782.326272][T10929] usb 4-1: config 0 interface 216 altsetting 0 endpoint 0x7 has invalid maxpacket 528, setting to 64 [ 782.343364][ T30] audit: type=1326 audit(1748593390.569:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7251b8e969 code=0x7ffc0000 [ 782.403053][T10929] usb 4-1: New USB device found, idVendor=05da, idProduct=0094, bcdDevice=f6.f7 [ 782.431620][ T30] audit: type=1326 audit(1748593390.579:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7251b90887 code=0x7ffc0000 [ 782.453393][T10223] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 782.462037][ T30] audit: type=1326 audit(1748593390.579:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11871 comm="syz.3.1454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7251b907fc code=0x7ffc0000 [ 782.463376][T10929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 782.517041][T10929] usb 4-1: Product: syz [ 782.522664][T10929] usb 4-1: Manufacturer: syz [ 782.527484][T10929] usb 4-1: SerialNumber: syz [ 782.605588][T10929] usb 4-1: config 0 descriptor?? [ 782.660988][T10929] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 7 is not bulk. [ 782.702693][T10929] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 3 is not bulk. [ 782.756223][T10929] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out. [ 782.831214][T10223] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 782.843082][T10223] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 782.859432][T10223] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 782.880623][T10223] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 782.919890][T10223] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 782.934404][T10223] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 782.953592][T10223] usb 7-1: Manufacturer: syz [ 783.005086][T10223] usb 7-1: config 0 descriptor?? [ 783.062906][ T24] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input24 [ 783.077134][T10929] usb 4-1: USB disconnect, device number 40 [ 783.131165][ T5176] bcm5974 1-1:1.0: could not read from device [ 783.157146][ T24] usb 1-1: USB disconnect, device number 54 [ 783.180118][ T5176] bcm5974 1-1:1.0: could not read from device [ 783.266275][ T5176] bcm5974 1-1:1.0: could not read from device [ 785.177589][T10223] usbhid 7-1:0.0: can't add hid device: -71 [ 785.185358][T10223] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 785.215406][T10223] usb 7-1: USB disconnect, device number 3 [ 785.278318][ T5921] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 785.798631][ T2150] vhci_hcd: vhci_device speed not set [ 786.410677][ T5921] usb 4-1: New USB device found, idVendor=0b48, idProduct=300d, bcdDevice=ab.a0 [ 786.438317][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.501060][ T5921] usb 4-1: config 0 descriptor?? [ 786.520680][ T5921] dvb-usb: found a 'Technotrend TT-connect CT-3650' in cold state, will try to load a firmware [ 786.551021][ T5921] dvb-usb: did not find the firmware file '(null)' (status -22). You can use /scripts/get_dvb_firmware to get the firmware [ 786.958905][ T24] usb 6-1: new low-speed USB device number 37 using dummy_hcd [ 786.968451][T11929] 9pnet_fd: Insufficient options for proto=fd [ 786.985058][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 786.998558][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.006180][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.024808][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.032730][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x2 [ 787.042338][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.053651][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.065330][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.081182][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.089952][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.097535][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.114100][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.123132][ T24] usb 6-1: Invalid ep0 maxpacket: 32 [ 787.128975][ T5921] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 787.147335][ T5921] hid-generic 00A0:0006:0003.0006: hidraw0: HID v0.05 Device [syz1] on syz0 [ 787.228565][T10929] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 787.268673][ T24] usb 6-1: new low-speed USB device number 38 using dummy_hcd [ 787.389103][T10929] usb 1-1: Using ep0 maxpacket: 16 [ 787.397832][T10929] usb 1-1: config 0 has no interfaces? [ 787.414691][T10929] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 787.426357][T10929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.441707][ T24] usb 6-1: Invalid ep0 maxpacket: 32 [ 787.447606][T10929] usb 1-1: Product: syz [ 787.454393][ T24] usb usb6-port1: attempt power cycle [ 787.465386][T10929] usb 1-1: Manufacturer: syz [ 787.474696][T10929] usb 1-1: SerialNumber: syz [ 787.486508][T10929] usb 1-1: config 0 descriptor?? [ 787.979160][ T24] usb 6-1: new low-speed USB device number 39 using dummy_hcd [ 788.078568][T11955] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1468'. [ 788.702445][T10223] usb 4-1: USB disconnect, device number 41 [ 788.750533][ T24] usb 6-1: Invalid ep0 maxpacket: 32 [ 789.090470][ T24] usb 6-1: new low-speed USB device number 40 using dummy_hcd [ 789.109479][ T977] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 789.125703][ T24] usb 6-1: Invalid ep0 maxpacket: 32 [ 789.132209][ T24] usb usb6-port1: unable to enumerate USB device [ 789.828477][T10223] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 789.858360][ T977] usb 3-1: Using ep0 maxpacket: 8 [ 789.918785][ T977] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 789.945039][ T24] usb 1-1: USB disconnect, device number 55 [ 789.979307][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.024243][T10223] usb 4-1: Using ep0 maxpacket: 8 [ 790.036155][ T977] usb 3-1: Product: syz [ 790.055273][ T977] usb 3-1: Manufacturer: syz [ 790.062657][T10223] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 790.093611][ T977] usb 3-1: SerialNumber: syz [ 790.102989][T10223] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.121207][ T977] usb 3-1: config 0 descriptor?? [ 790.133200][T10223] usb 4-1: Product: syz [ 790.325359][T10223] usb 4-1: Manufacturer: syz [ 790.331312][T10223] usb 4-1: SerialNumber: syz [ 790.339730][ T977] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 790.347914][ T977] usb 3-1: setting power ON [ 790.353728][ T977] dvb-usb: bulk message failed: -22 (2/0) [ 790.360346][T10223] usb 4-1: config 0 descriptor?? [ 790.384794][ T977] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 790.453602][T11982] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1473'. [ 793.274098][ T977] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 793.283230][ T977] usb 3-1: media controller created [ 793.309863][ T977] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 793.319575][T10223] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -110 [ 793.327019][T10223] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 793.363595][ T977] usb 3-1: selecting invalid altsetting 6 [ 793.396939][ T977] usb 3-1: digital interface selection failed (-22) [ 793.482300][ T977] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 793.482300][ T2150] usb 4-1: USB disconnect, device number 42 [ 793.558006][ T977] usb 3-1: setting power OFF [ 793.674658][ T977] dvb-usb: bulk message failed: -22 (2/0) [ 793.773513][ T977] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 793.955885][ T977] (NULL device *): no alternate interface [ 794.792406][T12002] syz.0.1479: attempt to access beyond end of device [ 794.792406][T12002] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 794.811513][T12002] MINIX-fs: unable to read superblock [ 795.338748][T10223] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 796.848270][T12002] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 797.261398][ T977] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 797.317682][T12010] syz.3.1481: attempt to access beyond end of device [ 797.317682][T12010] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 797.336162][T12010] MINIX-fs: unable to read superblock [ 797.430260][ T977] usb 3-1: USB disconnect, device number 37 [ 797.820695][ T5877] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 797.948467][ T5876] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 798.009717][ T5877] usb 4-1: device descriptor read/64, error -71 [ 798.217634][ T5876] usb 6-1: New USB device found, idVendor=0b48, idProduct=300d, bcdDevice=ab.a0 [ 798.455718][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.568615][ T5877] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 798.909711][ T5876] usb 6-1: config 0 descriptor?? [ 798.942651][ T5877] usb 4-1: device descriptor read/64, error -71 [ 799.195984][ T5877] usb usb4-port1: attempt power cycle [ 799.422947][ T5876] dvb-usb: found a 'Technotrend TT-connect CT-3650' in cold state, will try to load a firmware [ 799.453437][T12010] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 799.818698][ T5876] dvb-usb: did not find the firmware file '(null)' (status -22). You can use /scripts/get_dvb_firmware to get the firmware [ 800.007028][ T5877] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 800.790038][T12025] tipc: Can't bind to reserved service type 0 [ 801.200909][ T5877] usb 4-1: device descriptor read/8, error -71 [ 801.527930][ T24] usb 6-1: USB disconnect, device number 41 [ 801.897271][T12037] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1486'. [ 803.019697][T12042] FAULT_INJECTION: forcing a failure. [ 803.019697][T12042] name failslab, interval 1, probability 0, space 0, times 0 [ 803.066340][T12042] CPU: 1 UID: 0 PID: 12042 Comm: syz.5.1489 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 803.066373][T12042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 803.066388][T12042] Call Trace: [ 803.066396][T12042] [ 803.066406][T12042] dump_stack_lvl+0x189/0x250 [ 803.066445][T12042] ? __pfx____ratelimit+0x10/0x10 [ 803.066469][T12042] ? __pfx_dump_stack_lvl+0x10/0x10 [ 803.066501][T12042] ? __pfx__printk+0x10/0x10 [ 803.066526][T12042] ? get_random_u32+0x155/0x940 [ 803.066568][T12042] should_fail_ex+0x414/0x560 [ 803.066597][T12042] should_failslab+0xa8/0x100 [ 803.066633][T12042] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 803.066667][T12042] ? __alloc_skb+0x112/0x2d0 [ 803.066700][T12042] __alloc_skb+0x112/0x2d0 [ 803.066734][T12042] ip6_frag_next+0x12d/0xb60 [ 803.066786][T12042] ip6_fragment+0x1381/0x1e20 [ 803.066839][T12042] ? __pfx_ip6_finish_output2+0x10/0x10 [ 803.066883][T12042] ? __pfx_ip6_fragment+0x10/0x10 [ 803.066912][T12042] ? ip6_mtu+0x7d/0x3f0 [ 803.066944][T12042] ? ip6_mtu+0x7d/0x3f0 [ 803.066977][T12042] ip6_finish_output+0x296/0x7d0 [ 803.067008][T12042] ? ip6_send_skb+0x10f/0x390 [ 803.067042][T12042] ip6_send_skb+0x1d5/0x390 [ 803.067077][T12042] rawv6_push_pending_frames+0x6e9/0x8d0 [ 803.067117][T12042] ? __pfx_rawv6_push_pending_frames+0x10/0x10 [ 803.067144][T12042] ? __pfx_raw6_getfrag+0x10/0x10 [ 803.067173][T12042] rawv6_sendmsg+0x12ff/0x17f0 [ 803.067208][T12042] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 803.067227][T12042] ? __lock_acquire+0xab9/0xd20 [ 803.067256][T12042] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 803.067309][T12042] ? sock_rps_record_flow+0x19/0x410 [ 803.067337][T12042] ? inet_sendmsg+0x2f4/0x370 [ 803.067358][T12042] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 803.067383][T12042] __sock_sendmsg+0x19c/0x270 [ 803.067410][T12042] ____sys_sendmsg+0x505/0x830 [ 803.067447][T12042] ? __pfx_____sys_sendmsg+0x10/0x10 [ 803.067489][T12042] ? import_iovec+0x74/0xa0 [ 803.067524][T12042] ___sys_sendmsg+0x21f/0x2a0 [ 803.067557][T12042] ? __pfx____sys_sendmsg+0x10/0x10 [ 803.067629][T12042] ? __fget_files+0x2a/0x420 [ 803.067647][T12042] ? __fget_files+0x3a0/0x420 [ 803.067678][T12042] __x64_sys_sendmsg+0x19b/0x260 [ 803.067712][T12042] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 803.067755][T12042] ? __pfx_ksys_write+0x10/0x10 [ 803.067780][T12042] ? rcu_is_watching+0x15/0xb0 [ 803.067812][T12042] ? do_syscall_64+0xbe/0x3b0 [ 803.067840][T12042] do_syscall_64+0xfa/0x3b0 [ 803.067862][T12042] ? lockdep_hardirqs_on+0x9c/0x150 [ 803.067883][T12042] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.067905][T12042] ? clear_bhb_loop+0x60/0xb0 [ 803.067932][T12042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.067953][T12042] RIP: 0033:0x7f083318e969 [ 803.067973][T12042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 803.067992][T12042] RSP: 002b:00007f0834042038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 803.068016][T12042] RAX: ffffffffffffffda RBX: 00007f08333b5fa0 RCX: 00007f083318e969 [ 803.068032][T12042] RDX: 0000000000044004 RSI: 00002000000000c0 RDI: 0000000000000003 [ 803.068046][T12042] RBP: 00007f0834042090 R08: 0000000000000000 R09: 0000000000000000 [ 803.068060][T12042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 803.068073][T12042] R13: 0000000000000000 R14: 00007f08333b5fa0 R15: 00007ffe648c4e68 [ 803.068119][T12042] [ 804.550721][ T24] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 804.607359][T12051] lo speed is unknown, defaulting to 1000 [ 804.613856][T12051] lo speed is unknown, defaulting to 1000 [ 804.622270][T12051] lo speed is unknown, defaulting to 1000 [ 804.639434][T12051] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 804.665656][T12051] lo speed is unknown, defaulting to 1000 [ 804.674025][T12051] lo speed is unknown, defaulting to 1000 [ 804.681384][T12051] lo speed is unknown, defaulting to 1000 [ 804.688758][T12051] lo speed is unknown, defaulting to 1000 [ 804.695894][T12051] lo speed is unknown, defaulting to 1000 [ 804.738342][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 804.787681][ T24] usb 3-1: device descriptor read/all, error -71 [ 804.965539][T12062] syz.2.1494: attempt to access beyond end of device [ 804.965539][T12062] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0 [ 805.063763][T12062] MINIX-fs: unable to read superblock [ 806.356076][ T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 807.089032][T12065] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 807.272649][T12077] netlink: 'syz.3.1496': attribute type 29 has an invalid length. [ 807.292533][T12077] netlink: 'syz.3.1496': attribute type 29 has an invalid length. [ 807.378300][ T24] usb 3-1: device descriptor read/64, error -71 [ 807.501977][ T24] usb usb3-port1: attempt power cycle [ 808.033260][ T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 808.068277][ T2150] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 808.425688][ T24] usb 3-1: device not accepting address 40, error -71 [ 808.442890][ T2150] usb 1-1: New USB device found, idVendor=0b48, idProduct=300d, bcdDevice=ab.a0 [ 808.461014][ T2150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 809.367154][ T2150] usb 1-1: config 0 descriptor?? [ 809.493842][ T2150] dvb-usb: found a 'Technotrend TT-connect CT-3650' in cold state, will try to load a firmware [ 809.876285][ T2150] dvb-usb: did not find the firmware file '(null)' (status -22). You can use /scripts/get_dvb_firmware to get the firmware [ 811.833150][T12103] 9pnet_fd: Insufficient options for proto=fd [ 812.743035][ T5877] usb 1-1: USB disconnect, device number 57 [ 813.016530][T12128] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 814.260087][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.838526][T10929] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 814.967345][T12151] tmpfs: Unknown parameter '00000000000000000000' [ 816.723105][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 816.866496][T10929] usb 6-1: device descriptor read/all, error -71 [ 817.159298][T12162] trusted_key: syz.5.1515 sent an empty control message without MSG_MORE. [ 817.179943][T12162] FAULT_INJECTION: forcing a failure. [ 817.179943][T12162] name failslab, interval 1, probability 0, space 0, times 0 [ 817.244176][T12162] CPU: 1 UID: 0 PID: 12162 Comm: syz.5.1515 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 817.244210][T12162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 817.244224][T12162] Call Trace: [ 817.244232][T12162] [ 817.244242][T12162] dump_stack_lvl+0x189/0x250 [ 817.244280][T12162] ? __pfx____ratelimit+0x10/0x10 [ 817.244304][T12162] ? __pfx_dump_stack_lvl+0x10/0x10 [ 817.244335][T12162] ? __pfx__printk+0x10/0x10 [ 817.244360][T12162] ? __pfx___might_resched+0x10/0x10 [ 817.244386][T12162] ? fs_reclaim_acquire+0x7d/0x100 [ 817.244444][T12162] should_fail_ex+0x414/0x560 [ 817.244474][T12162] should_failslab+0xa8/0x100 [ 817.244510][T12162] __kmalloc_noprof+0xcb/0x4f0 [ 817.244541][T12162] ? sock_kmalloc+0xd6/0x160 [ 817.244580][T12162] sock_kmalloc+0xd6/0x160 [ 817.244617][T12162] skcipher_recvmsg+0x55c/0x11c0 [ 817.244666][T12162] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 817.244695][T12162] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 817.244711][T12162] ? security_socket_recvmsg+0x7e/0x2e0 [ 817.244745][T12162] ? __pfx_skcipher_recvmsg+0x10/0x10 [ 817.244770][T12162] sock_recvmsg+0x22c/0x270 [ 817.244805][T12162] ____sys_recvmsg+0x1c9/0x460 [ 817.244849][T12162] ? __pfx_____sys_recvmsg+0x10/0x10 [ 817.244900][T12162] ? import_iovec+0x74/0xa0 [ 817.244936][T12162] ___sys_recvmsg+0x1b5/0x510 [ 817.244975][T12162] ? __pfx____sys_recvmsg+0x10/0x10 [ 817.245036][T12162] ? __fget_files+0x3a0/0x420 [ 817.245069][T12162] do_recvmmsg+0x307/0x770 [ 817.245113][T12162] ? __pfx_do_recvmmsg+0x10/0x10 [ 817.245185][T12162] __x64_sys_recvmmsg+0x190/0x240 [ 817.245222][T12162] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 817.245256][T12162] ? rcu_is_watching+0x15/0xb0 [ 817.245283][T12162] ? trace_sys_enter+0x25/0x120 [ 817.245311][T12162] do_syscall_64+0xfa/0x3b0 [ 817.245334][T12162] ? lockdep_hardirqs_on+0x9c/0x150 [ 817.245356][T12162] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.245377][T12162] ? clear_bhb_loop+0x60/0xb0 [ 817.245405][T12162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.245426][T12162] RIP: 0033:0x7f083318e969 [ 817.245446][T12162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.245466][T12162] RSP: 002b:00007f0834042038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 817.245490][T12162] RAX: ffffffffffffffda RBX: 00007f08333b5fa0 RCX: 00007f083318e969 [ 817.245507][T12162] RDX: 0000000000000001 RSI: 0000200000004100 RDI: 0000000000000004 [ 817.245522][T12162] RBP: 00007f0834042090 R08: 0000000000000000 R09: 0000000000000000 [ 817.245536][T12162] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001 [ 817.245550][T12162] R13: 0000000000000000 R14: 00007f08333b5fa0 R15: 00007ffe648c4e68 [ 817.245585][T12162] [ 821.115584][T12198] fuse: Unknown parameter 'user_id00000000000000000000' [ 822.386769][T12210] tmpfs: Unknown parameter '00000000000000000000' [ 823.669257][T12220] batadv_slave_0: left promiscuous mode [ 824.260001][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 824.260020][ T30] audit: type=1326 audit(1748593433.049:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 824.591050][ T30] audit: type=1326 audit(1748593433.049:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.129566][ T30] audit: type=1326 audit(1748593433.049:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.164257][ T30] audit: type=1326 audit(1748593433.049:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.190597][ T30] audit: type=1326 audit(1748593433.109:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.218114][ T30] audit: type=1326 audit(1748593433.109:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.512156][ T30] audit: type=1326 audit(1748593433.109:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.535928][ T30] audit: type=1326 audit(1748593433.139:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 826.560467][T12238] siw: device registration error -23 [ 826.724020][ T30] audit: type=1326 audit(1748593433.139:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 827.731553][ T30] audit: type=1326 audit(1748593433.139:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12223 comm="syz.0.1527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 827.753451][ C1] vkms_vblank_simulate: vblank timer overrun [ 828.098457][T12252] fuse: Unknown parameter 'user_id00000000000000000000' [ 831.242005][ T977] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 831.901214][T12276] ucma_write: process 767 (syz.5.1539) changed security contexts after opening file descriptor, this is not allowed. [ 832.435651][ T977] usb 3-1: device descriptor read/all, error -71 [ 834.204176][T12285] tmpfs: Unknown parameter '00000000000000000000' [ 834.844584][T12294] fuse: Unknown parameter 'user_id00000000000000000000' [ 834.925729][T12291] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1546'. [ 836.398281][ T5876] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 837.209652][ T5876] usb 1-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 837.523826][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 837.777962][ T5876] usb 1-1: Product: syz [ 837.882453][ T5876] usb 1-1: Manufacturer: syz [ 837.887134][ T5876] usb 1-1: SerialNumber: syz [ 837.931594][ T5876] usb 1-1: config 0 descriptor?? [ 837.954267][ T5876] usb 1-1: can't set config #0, error -71 [ 837.981358][ T5876] usb 1-1: USB disconnect, device number 58 [ 839.061856][T12324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1554'. [ 839.182367][ T5876] IPVS: starting estimator thread 0... [ 839.999292][T12333] IPVS: using max 32 ests per chain, 76800 per kthread [ 840.717165][T12344] FAULT_INJECTION: forcing a failure. [ 840.717165][T12344] name failslab, interval 1, probability 0, space 0, times 0 [ 840.781696][T12345] tmpfs: Unknown parameter '00000000000000000000' [ 841.157449][T12344] CPU: 0 UID: 0 PID: 12344 Comm: syz.6.1559 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 841.157485][T12344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 841.157499][T12344] Call Trace: [ 841.157508][T12344] [ 841.157517][T12344] dump_stack_lvl+0x189/0x250 [ 841.157555][T12344] ? __pfx____ratelimit+0x10/0x10 [ 841.157580][T12344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 841.157612][T12344] ? __pfx__printk+0x10/0x10 [ 841.157649][T12344] should_fail_ex+0x414/0x560 [ 841.157676][T12344] should_failslab+0xa8/0x100 [ 841.157702][T12344] kmem_cache_alloc_noprof+0x73/0x3c0 [ 841.157725][T12344] ? skb_clone+0x212/0x3a0 [ 841.157753][T12344] skb_clone+0x212/0x3a0 [ 841.157779][T12344] __netlink_deliver_tap+0x404/0x850 [ 841.157818][T12344] ? netlink_deliver_tap+0x2e/0x1b0 [ 841.157840][T12344] netlink_deliver_tap+0x19c/0x1b0 [ 841.157862][T12344] netlink_sendskb+0x68/0x140 [ 841.157882][T12344] netlink_rcv_skb+0x28c/0x470 [ 841.157903][T12344] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 841.157921][T12344] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 841.157951][T12344] ? bpf_lsm_capable+0x9/0x20 [ 841.157970][T12344] ? security_capable+0x7e/0x2e0 [ 841.157996][T12344] nfnetlink_rcv+0x26a/0x2520 [ 841.158015][T12344] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 841.158033][T12344] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 841.158058][T12344] ? __dev_queue_xmit+0x27e/0x3a70 [ 841.158072][T12344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.158096][T12344] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 841.158112][T12344] ? __pfx___dev_queue_xmit+0x10/0x10 [ 841.158142][T12344] ? ref_tracker_free+0x63a/0x7d0 [ 841.158164][T12344] ? __copy_skb_header+0xa7/0x550 [ 841.158197][T12344] ? __pfx_ref_tracker_free+0x10/0x10 [ 841.158241][T12344] ? skb_clone+0x246/0x3a0 [ 841.158276][T12344] ? __netlink_deliver_tap+0x807/0x850 [ 841.158297][T12344] ? netlink_deliver_tap+0x2e/0x1b0 [ 841.158323][T12344] ? netlink_deliver_tap+0x2e/0x1b0 [ 841.158343][T12344] ? netlink_deliver_tap+0x2e/0x1b0 [ 841.158369][T12344] netlink_unicast+0x75b/0x8d0 [ 841.158396][T12344] netlink_sendmsg+0x805/0xb30 [ 841.158425][T12344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 841.158453][T12344] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 841.158467][T12344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 841.158489][T12344] __sock_sendmsg+0x21c/0x270 [ 841.158508][T12344] ____sys_sendmsg+0x505/0x830 [ 841.158535][T12344] ? __pfx_____sys_sendmsg+0x10/0x10 [ 841.158567][T12344] ? import_iovec+0x74/0xa0 [ 841.158596][T12344] ___sys_sendmsg+0x21f/0x2a0 [ 841.158632][T12344] ? __pfx____sys_sendmsg+0x10/0x10 [ 841.158697][T12344] ? __fget_files+0x2a/0x420 [ 841.158711][T12344] ? __fget_files+0x3a0/0x420 [ 841.158733][T12344] __x64_sys_sendmsg+0x19b/0x260 [ 841.158758][T12344] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 841.158794][T12344] ? __pfx_ksys_write+0x10/0x10 [ 841.158813][T12344] ? rcu_is_watching+0x15/0xb0 [ 841.158836][T12344] ? do_syscall_64+0xbe/0x3b0 [ 841.158856][T12344] do_syscall_64+0xfa/0x3b0 [ 841.158871][T12344] ? lockdep_hardirqs_on+0x9c/0x150 [ 841.158886][T12344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.158901][T12344] ? clear_bhb_loop+0x60/0xb0 [ 841.158920][T12344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.158935][T12344] RIP: 0033:0x7f73a5b8e969 [ 841.158949][T12344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 841.158964][T12344] RSP: 002b:00007f73a69c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 841.158981][T12344] RAX: ffffffffffffffda RBX: 00007f73a5db5fa0 RCX: 00007f73a5b8e969 [ 841.158993][T12344] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003 [ 841.159003][T12344] RBP: 00007f73a69c2090 R08: 0000000000000000 R09: 0000000000000000 [ 841.159013][T12344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 841.159022][T12344] R13: 0000000000000000 R14: 00007f73a5db5fa0 R15: 00007fffe88d3438 [ 841.159047][T12344] [ 843.315373][T12365] sp0: Synchronizing with TNC [ 843.478064][T12369] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1565'. [ 844.765679][ T24] lo speed is unknown, defaulting to 1000 [ 844.879083][T12378] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 845.240709][T12389] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 850.590644][ T977] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 850.885450][ T977] usb 3-1: Using ep0 maxpacket: 32 [ 850.930260][ T977] usb 3-1: config 64 has an invalid interface number: 241 but max is 1 [ 850.988680][ T977] usb 3-1: config 64 has an invalid interface number: 186 but max is 1 [ 851.021166][ T977] usb 3-1: config 64 has an invalid descriptor of length 97, skipping remainder of the config [ 851.044376][ T977] usb 3-1: config 64 has no interface number 0 [ 851.044404][ T977] usb 3-1: config 64 has no interface number 1 [ 851.044454][ T977] usb 3-1: config 64 interface 186 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 851.044486][ T977] usb 3-1: config 64 interface 241 has no altsetting 0 [ 851.047644][ T977] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.04 [ 851.047677][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.047700][ T977] usb 3-1: Product: syz [ 851.047718][ T977] usb 3-1: Manufacturer: syz [ 851.047736][ T977] usb 3-1: SerialNumber: syz [ 851.114359][ T977] go7007 3-1:64.241: probe with driver go7007 failed with error -12 [ 851.122386][ T977] go7007 3-1:64.186: probe with driver go7007 failed with error -12 [ 851.345908][T12412] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1578'. [ 851.376359][T10929] usb 3-1: USB disconnect, device number 44 [ 851.681201][T12442] use of bytesused == 0 is deprecated and will be removed in the future, [ 851.697937][T12442] use the actual size instead. [ 853.455124][ T5877] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 853.908456][ T5877] usb 7-1: Using ep0 maxpacket: 32 [ 853.917781][T12462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 853.956821][ T5877] usb 7-1: config 0 has an invalid interface number: 230 but max is 0 [ 853.985050][T12462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 854.008653][ T5877] usb 7-1: config 0 has no interface number 0 [ 854.027331][ T5877] usb 7-1: config 0 interface 230 has no altsetting 0 [ 854.552738][ T5877] usb 7-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 854.561939][ T977] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 854.586973][ T5877] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=255 [ 854.597716][ T5877] usb 7-1: Product: syz [ 854.602813][ T5877] usb 7-1: Manufacturer: syz [ 854.607511][ T5877] usb 7-1: SerialNumber: syz [ 854.637544][ T5877] usb 7-1: config 0 descriptor?? [ 854.702478][ T5877] ums-usbat 7-1:0.230: USB Mass Storage device detected [ 854.796714][ T5877] ums-usbat 7-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 854.976502][ T5877] ums-usbat 7-1:0.230: probe with driver ums-usbat failed with error -5 [ 855.055421][ T5877] usb 7-1: USB disconnect, device number 4 [ 855.768741][T10929] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 856.316926][T10929] usb 4-1: New USB device found, idVendor=0b48, idProduct=300d, bcdDevice=ab.a0 [ 856.367002][T10929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.451869][T12486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1592'. [ 856.641576][T10929] usb 4-1: config 0 descriptor?? [ 856.696387][T10929] dvb-usb: found a 'Technotrend TT-connect CT-3650' in cold state, will try to load a firmware [ 856.728218][T10929] dvb-usb: did not find the firmware file '(null)' (status -22). You can use /scripts/get_dvb_firmware to get the firmware [ 856.954139][T12491] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 856.960732][T12491] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 857.026419][T12498] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1596'. [ 857.085543][T12491] vhci_hcd vhci_hcd.0: Device attached [ 857.248972][T10929] vhci_hcd: vhci_device speed not set [ 857.368596][ T2150] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 857.405008][T10929] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 857.677543][ T2150] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 857.727769][ T2150] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.787437][ T2150] usb 6-1: Product: syz [ 857.794443][ T2150] usb 6-1: Manufacturer: syz [ 857.804028][ T2150] usb 6-1: SerialNumber: syz [ 857.821827][ T2150] usb 6-1: config 0 descriptor?? [ 858.618556][T12507] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1600'. [ 858.651666][ T2150] usb 6-1: ignoring: probably an ADSL modem [ 858.807035][T12493] vhci_hcd: connection reset by peer [ 858.813120][ T2150] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19! [ 858.848764][ T977] usb 4-1: USB disconnect, device number 47 [ 858.861656][ T2934] vhci_hcd: stop threads [ 858.904001][ T2150] usb 6-1: USB disconnect, device number 44 [ 858.916074][ T2934] vhci_hcd: release socket [ 858.953581][ T2934] vhci_hcd: disconnect device [ 859.070953][T12521] FAULT_INJECTION: forcing a failure. [ 859.070953][T12521] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 859.107825][T12521] CPU: 0 UID: 0 PID: 12521 Comm: syz.0.1603 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 859.107858][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 859.107871][T12521] Call Trace: [ 859.107880][T12521] [ 859.107890][T12521] dump_stack_lvl+0x189/0x250 [ 859.107925][T12521] ? __pfx____ratelimit+0x10/0x10 [ 859.107948][T12521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 859.107980][T12521] ? __pfx__printk+0x10/0x10 [ 859.108001][T12521] ? __might_fault+0xb0/0x130 [ 859.108047][T12521] should_fail_ex+0x414/0x560 [ 859.108075][T12521] _copy_from_user+0x2d/0xb0 [ 859.108107][T12521] do_sock_getsockopt+0x1cd/0x650 [ 859.108146][T12521] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 859.108176][T12521] ? __fget_files+0x3a0/0x420 [ 859.108194][T12521] ? __fget_files+0x2a/0x420 [ 859.108221][T12521] __x64_sys_getsockopt+0x1a5/0x250 [ 859.108269][T12521] do_syscall_64+0xfa/0x3b0 [ 859.108291][T12521] ? lockdep_hardirqs_on+0x9c/0x150 [ 859.108313][T12521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.108335][T12521] ? clear_bhb_loop+0x60/0xb0 [ 859.108360][T12521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 859.108381][T12521] RIP: 0033:0x7fcb6bd8e969 [ 859.108400][T12521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 859.108418][T12521] RSP: 002b:00007fcb69bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 859.108442][T12521] RAX: ffffffffffffffda RBX: 00007fcb6bfb6160 RCX: 00007fcb6bd8e969 [ 859.108457][T12521] RDX: 000000000000007c RSI: 0000000000000084 RDI: 0000000000000003 [ 859.108471][T12521] RBP: 00007fcb69bd5090 R08: 00002000000002c0 R09: 0000000000000000 [ 859.108485][T12521] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 859.108499][T12521] R13: 0000000000000001 R14: 00007fcb6bfb6160 R15: 00007ffd4a52ce58 [ 859.108533][T12521] [ 861.239416][T12551] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1610'. [ 862.025761][ T5877] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 862.296664][ T5877] usb 6-1: device descriptor read/64, error -71 [ 862.635285][ T5877] usb 6-1: new full-speed USB device number 46 using dummy_hcd [ 862.868546][T10929] vhci_hcd: vhci_device speed not set [ 862.868808][ T5877] usb 6-1: device descriptor read/64, error -71 [ 862.923423][T12567] FAULT_INJECTION: forcing a failure. [ 862.923423][T12567] name failslab, interval 1, probability 0, space 0, times 0 [ 862.998763][ T5877] usb usb6-port1: attempt power cycle [ 863.049334][T12567] CPU: 0 UID: 0 PID: 12567 Comm: syz.0.1617 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 863.049365][T12567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 863.049379][T12567] Call Trace: [ 863.049387][T12567] [ 863.049396][T12567] dump_stack_lvl+0x189/0x250 [ 863.049432][T12567] ? __pfx____ratelimit+0x10/0x10 [ 863.049454][T12567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 863.049485][T12567] ? __pfx__printk+0x10/0x10 [ 863.049511][T12567] ? __pfx___might_resched+0x10/0x10 [ 863.049534][T12567] ? fs_reclaim_acquire+0x7d/0x100 [ 863.049561][T12567] should_fail_ex+0x414/0x560 [ 863.049588][T12567] should_failslab+0xa8/0x100 [ 863.049640][T12567] __kmalloc_cache_noprof+0x70/0x3d0 [ 863.049670][T12567] ? alloc_fs_context+0x61/0x7d0 [ 863.049701][T12567] alloc_fs_context+0x61/0x7d0 [ 863.049727][T12567] ? do_raw_read_unlock+0x3d/0x80 [ 863.049752][T12567] ? _raw_read_unlock+0x28/0x50 [ 863.049777][T12567] ? get_fs_type+0x407/0x480 [ 863.049811][T12567] do_new_mount+0x10e/0xa40 [ 863.049843][T12567] __se_sys_mount+0x317/0x410 [ 863.049863][T12567] ? __pfx___se_sys_mount+0x10/0x10 [ 863.049876][T12567] ? rcu_is_watching+0x15/0xb0 [ 863.049899][T12567] ? do_syscall_64+0xbe/0x3b0 [ 863.049915][T12567] ? __x64_sys_mount+0x20/0xc0 [ 863.049949][T12567] do_syscall_64+0xfa/0x3b0 [ 863.049966][T12567] ? lockdep_hardirqs_on+0x9c/0x150 [ 863.049982][T12567] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.049998][T12567] ? clear_bhb_loop+0x60/0xb0 [ 863.050018][T12567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.050034][T12567] RIP: 0033:0x7fcb6bd8e969 [ 863.050049][T12567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 863.050064][T12567] RSP: 002b:00007fcb6cb14038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 863.050083][T12567] RAX: ffffffffffffffda RBX: 00007fcb6bfb5fa0 RCX: 00007fcb6bd8e969 [ 863.050096][T12567] RDX: 0000200000000040 RSI: 0000200000000180 RDI: 0000000000000000 [ 863.050107][T12567] RBP: 00007fcb6cb14090 R08: 0000200000000200 R09: 0000000000000000 [ 863.050118][T12567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 863.050128][T12567] R13: 0000000000000000 R14: 00007fcb6bfb5fa0 R15: 00007ffd4a52ce58 [ 863.050153][T12567] [ 863.285132][ C0] vkms_vblank_simulate: vblank timer overrun [ 864.202212][ T5877] usb 6-1: new full-speed USB device number 47 using dummy_hcd [ 864.359780][ T5877] usb 6-1: device descriptor read/8, error -71 [ 864.598598][ T5877] usb 6-1: new full-speed USB device number 48 using dummy_hcd [ 864.669478][ T5877] usb 6-1: device descriptor read/8, error -71 [ 864.778777][ T5877] usb usb6-port1: unable to enumerate USB device [ 864.779599][T10929] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 864.835810][T12594] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1625'. [ 865.010328][ T43] usb 4-1: new full-speed USB device number 48 using dummy_hcd [ 865.028561][T10929] usb 1-1: device descriptor read/64, error -71 [ 865.278557][T10929] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 865.353451][ T43] usb 4-1: not running at top speed; connect to a high speed hub [ 865.384171][ T43] usb 4-1: config 1 interface 0 has no altsetting 0 [ 865.404564][ T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 865.434194][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 865.496427][ T43] usb 4-1: Product: syz [ 865.508394][ T43] usb 4-1: Manufacturer: syz [ 865.519451][T10929] usb 1-1: device descriptor read/64, error -71 [ 865.545262][ T43] usb 4-1: SerialNumber: syz [ 865.658827][T10929] usb usb1-port1: attempt power cycle [ 866.692497][T10929] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 866.719370][T10929] usb 1-1: device descriptor read/8, error -71 [ 867.508992][ T43] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input26 [ 867.551876][T10929] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 867.600188][ T5176] bcm5974 4-1:1.0: could not read from device [ 867.638533][ T43] usb 4-1: USB disconnect, device number 48 [ 867.673966][ T5176] bcm5974 4-1:1.0: could not read from device [ 867.800677][T10929] usb 1-1: device not accepting address 62, error -71 [ 867.915844][T10929] usb usb1-port1: unable to enumerate USB device [ 870.414681][T12640] netlink: 'syz.0.1641': attribute type 2 has an invalid length. [ 870.678135][T12644] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1639'. [ 872.913514][ T5877] usb 1-1: new full-speed USB device number 63 using dummy_hcd [ 873.045336][T12661] fuse: Unknown parameter '0x0000000000000004' [ 873.104892][ T5877] usb 1-1: not running at top speed; connect to a high speed hub [ 873.139302][ T5877] usb 1-1: config 1 interface 0 has no altsetting 0 [ 873.151866][ T5877] usb 1-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 873.184695][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 873.204014][ T5877] usb 1-1: Product: syz [ 873.248367][ T5877] usb 1-1: Manufacturer: syz [ 873.263402][ T5877] usb 1-1: SerialNumber: syz [ 875.423578][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.591691][T12678] ip6t_srh: unknown srh invflags 7863 [ 875.681190][ T5877] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input27 [ 875.734715][ T5176] bcm5974 1-1:1.0: could not read from device [ 876.702023][ T5176] bcm5974 1-1:1.0: could not read from device [ 876.913411][ T5877] usb 1-1: USB disconnect, device number 63 [ 876.915438][ T5176] bcm5974 1-1:1.0: could not read from device [ 878.022445][T12696] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1656'. [ 878.055762][T12696] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1656'. [ 878.448557][T12708] fuse: Unknown parameter '0x0000000000000004' [ 880.948582][ T977] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 881.020919][T12731] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1665'. [ 881.064368][T12733] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 881.137358][ T977] usb 3-1: not running at top speed; connect to a high speed hub [ 881.181447][ T977] usb 3-1: config 1 interface 0 has no altsetting 0 [ 881.224486][ T977] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 881.301026][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 881.318418][T12736] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 881.342294][ T977] usb 3-1: Product: syz [ 882.038815][ T977] usb 3-1: Manufacturer: syz [ 882.043965][ T977] usb 3-1: SerialNumber: syz [ 882.241016][ T977] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input28 [ 882.302074][ T5176] bcm5974 3-1:1.0: could not read from device [ 882.361579][ T5176] bcm5974 3-1:1.0: could not read from device [ 882.367323][T12750] bridge1: entered allmulticast mode [ 882.376487][ T977] usb 3-1: USB disconnect, device number 46 [ 882.540519][ T5176] bcm5974 3-1:1.0: could not read from device [ 884.368671][T12747] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 884.389445][ T977] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 884.548333][ T977] usb 3-1: device descriptor read/64, error -71 [ 884.558211][ T2150] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 885.021789][ T977] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 885.473229][ T2150] usb 4-1: device descriptor read/64, error -71 [ 886.369688][T12777] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1680'. [ 886.679455][ T5876] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 886.688805][ T43] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 886.778286][T12785] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 886.796535][T12785] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 886.848353][ T5876] usb 6-1: Using ep0 maxpacket: 16 [ 886.861382][ T5876] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 886.888858][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 886.897502][ T5876] usb 6-1: Product: syz [ 886.910017][ T43] usb 7-1: Using ep0 maxpacket: 16 [ 886.917177][ T5876] usb 6-1: Manufacturer: syz [ 886.924129][ T43] usb 7-1: config 0 interface 0 has no altsetting 0 [ 886.938969][ T5876] usb 6-1: SerialNumber: syz [ 886.961160][ T5876] usb 6-1: config 0 descriptor?? [ 887.041362][ T5876] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 887.071750][ T5876] usb 6-1: Detected FT232H [ 887.174139][ T5876] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 887.181295][ T977] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 887.190481][ T5876] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 887.212026][ T5876] ftdi_sio 6-1:0.0: GPIO initialisation failed: -71 [ 887.230423][ T5876] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 887.259319][ T5876] usb 6-1: USB disconnect, device number 49 [ 887.278973][ T5876] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 887.299194][ T5876] ftdi_sio 6-1:0.0: device disconnected [ 887.339459][ T977] usb 3-1: not running at top speed; connect to a high speed hub [ 887.350239][ T977] usb 3-1: config 1 interface 0 has no altsetting 0 [ 887.366371][ T977] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 887.375995][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 887.396263][ T977] usb 3-1: Product: syz [ 887.401471][ T977] usb 3-1: Manufacturer: syz [ 887.406109][ T977] usb 3-1: SerialNumber: syz [ 887.437177][ T43] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 887.458860][ T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.518391][ T43] usb 7-1: config 0 descriptor?? [ 888.100217][T12794] No source specified [ 888.920949][ T5876] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 888.970706][ T43] usbhid 7-1:0.0: can't add hid device: -71 [ 888.976798][ T43] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 888.979129][ T977] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input29 [ 889.037775][T12811] bridge: RTM_NEWNEIGH with invalid ether address [ 889.208584][ T5876] usb 6-1: device descriptor read/64, error -71 [ 889.296057][ T5176] bcm5974 3-1:1.0: could not read from device [ 889.427075][ T5176] bcm5974 3-1:1.0: could not read from device [ 889.571202][ T5876] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 889.723615][ T5176] bcm5974 3-1:1.0: could not read from device [ 889.819754][ T977] usb 3-1: USB disconnect, device number 49 [ 889.928562][ T5876] usb 6-1: device descriptor read/64, error -71 [ 889.961801][ T5176] bcm5974 3-1:1.0: could not read from device [ 890.193978][ T5876] usb usb6-port1: attempt power cycle [ 890.548369][T12805] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 890.740624][ T5876] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 890.957370][ T5876] usb 6-1: device descriptor read/8, error -71 [ 891.380792][ T5876] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 891.490089][ T43] usb 7-1: USB disconnect, device number 5 [ 891.781141][ T5876] usb 6-1: device descriptor read/8, error -71 [ 891.893974][ T5876] usb usb6-port1: unable to enumerate USB device [ 891.917373][T12824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1691'. [ 892.699437][ T5876] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 892.948477][ T5876] usb 6-1: Using ep0 maxpacket: 16 [ 892.966119][ T5876] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 892.986402][ T5876] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 893.017180][ T5876] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 893.050881][ T5876] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 893.078829][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 893.107771][ T5876] usb 6-1: Product: syz [ 893.124484][T12838] netlink: 'syz.0.1697': attribute type 10 has an invalid length. [ 893.135907][ T5876] usb 6-1: Manufacturer: syz [ 893.141945][T12838] team0: Device wlan1 is of different type [ 893.141959][ T5876] usb 6-1: SerialNumber: syz [ 893.728426][ T5876] usb 6-1: 0:2 : does not exist [ 893.946139][T12830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1695'. [ 894.508555][T10223] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 894.693685][T10223] usb 7-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 894.729175][T10223] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 894.760253][T10223] usb 7-1: Product: syz [ 894.764654][T10223] usb 7-1: Manufacturer: syz [ 894.773664][T10223] usb 7-1: SerialNumber: syz [ 894.781680][ T43] usb 4-1: new full-speed USB device number 51 using dummy_hcd [ 894.782692][T10223] usb 7-1: config 0 descriptor?? [ 894.803285][T10223] cypress_m8 7-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 894.822069][T10223] nokiaca42v2 ttyUSB0: required endpoint is missing [ 894.980809][ T43] usb 4-1: not running at top speed; connect to a high speed hub [ 894.994765][ T43] usb 4-1: config 1 interface 0 has no altsetting 0 [ 895.015002][ T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 895.035636][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 895.046749][T10929] usb 6-1: USB disconnect, device number 54 [ 895.060049][ T5876] usb 7-1: USB disconnect, device number 6 [ 895.080304][ T43] usb 4-1: Product: syz [ 895.084539][ T43] usb 4-1: Manufacturer: syz [ 895.094924][ T43] usb 4-1: SerialNumber: syz [ 895.118988][ T5876] cypress_m8 7-1:0.0: device disconnected [ 895.569196][T10929] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 895.938671][T10929] usb 1-1: device descriptor read/64, error -71 [ 896.332177][T10929] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 896.710766][T10929] usb 1-1: device descriptor read/64, error -71 [ 896.978408][T10929] usb usb1-port1: attempt power cycle [ 897.169031][T12867] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 897.518777][T10929] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 897.707721][T10929] usb 1-1: device descriptor read/8, error -71 [ 898.080050][ T43] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input30 [ 898.158593][T10929] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 898.193406][T12873] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 898.222563][ T5176] bcm5974 4-1:1.0: could not read from device [ 898.656573][ T43] usb 4-1: USB disconnect, device number 51 [ 898.683731][T10929] usb 1-1: device descriptor read/8, error -71 [ 898.833410][T10929] usb usb1-port1: unable to enumerate USB device [ 899.210697][T12889] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1710'. [ 899.658439][ T43] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 899.921905][ T43] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 899.930570][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 899.951144][ T43] usb 4-1: config 0 has no interface number 0 [ 899.957521][ T43] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0x13, changing to 0x3 [ 899.991906][ T43] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 10 [ 900.014541][ T43] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 900.043293][ T43] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 900.097212][ T43] usb 4-1: config 0 interface 52 has no altsetting 0 [ 900.106385][ T43] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 900.125887][ T43] usb 4-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 900.146132][ T43] usb 4-1: Product: syz [ 900.156314][ T43] usb 4-1: SerialNumber: syz [ 900.169656][ T43] usb 4-1: config 0 descriptor?? [ 900.319552][ T2150] usb 3-1: new low-speed USB device number 50 using dummy_hcd [ 900.507453][ T2150] usb 3-1: config 32 has 1 interface, different from the descriptor's value: 2 [ 900.537210][ T2150] usb 3-1: config 32 interface 0 altsetting 0 has an endpoint descriptor with address 0x98, changing to 0x88 [ 900.568418][ T2150] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x88 is Bulk; changing to Interrupt [ 900.588229][ T2150] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 900.617861][ T2150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 900.643851][ T5876] usb 4-1: USB disconnect, device number 52 [ 900.646276][T12902] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 903.301523][ T2150] usb 3-1: string descriptor 0 read error: -71 [ 903.328835][ T24] usb 1-1: new full-speed USB device number 68 using dummy_hcd [ 904.065296][T12966] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1722'. [ 904.412671][T12965] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1722'. [ 904.419624][ T2150] usb 3-1: USB disconnect, device number 50 [ 904.437895][ T24] usb 1-1: not running at top speed; connect to a high speed hub [ 904.450974][ T24] usb 1-1: config 1 interface 0 has no altsetting 0 [ 904.619887][ T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 904.640965][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 904.669501][ T24] usb 1-1: Product: syz [ 904.682532][ T24] usb 1-1: Manufacturer: syz [ 904.707667][ T24] usb 1-1: SerialNumber: syz [ 905.859022][T10223] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 906.195278][T12979] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1725'. [ 906.407737][ T24] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input31 [ 906.568651][T10223] usb 6-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 906.604630][ T5176] bcm5974 1-1:1.0: could not read from device [ 906.633145][T10223] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 906.633177][T10223] usb 6-1: Product: syz [ 906.674119][ T5176] bcm5974 1-1:1.0: could not read from device [ 906.851639][T10223] usb 6-1: Manufacturer: syz [ 906.856332][T10223] usb 6-1: SerialNumber: syz [ 907.034877][ T24] usb 1-1: USB disconnect, device number 68 [ 907.049231][T10223] usb 6-1: config 0 descriptor?? [ 907.070018][T10223] cypress_m8 6-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 907.156404][T12990] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1727'. [ 907.914969][ T5176] bcm5974 1-1:1.0: could not read from device [ 907.936974][T10223] nokiaca42v2 ttyUSB0: required endpoint is missing [ 909.300769][ T977] usb 6-1: USB disconnect, device number 55 [ 910.079887][ T977] cypress_m8 6-1:0.0: device disconnected [ 910.428367][T10223] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 910.594548][T13026] netem: change failed [ 910.599647][T10223] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 910.629209][T10223] usb 4-1: config 0 has no interface number 0 [ 910.635399][T10223] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 910.697780][T10223] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 910.721808][T13022] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1737'. [ 910.730842][T10223] usb 4-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 910.730911][T10223] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 910.730939][T10223] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 910.739426][T10223] usb 4-1: config 0 descriptor?? [ 911.196586][T13036] tmpfs: Unknown parameter '00000000000000000000' [ 912.164359][T10223] usbhid 4-1:0.1: can't add hid device: -71 [ 912.188427][T10223] usbhid 4-1:0.1: probe with driver usbhid failed with error -71 [ 912.232990][T10223] usb 4-1: USB disconnect, device number 53 [ 912.558542][T13057] input: syz1 as /devices/virtual/input/input32 [ 912.765910][T13064] tmpfs: Unknown parameter '00000000000000000000' [ 912.848249][ T977] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 912.906843][T13073] FAULT_INJECTION: forcing a failure. [ 912.906843][T13073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 912.940512][T13073] CPU: 0 UID: 0 PID: 13073 Comm: syz.3.1750 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 912.940546][T13073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 912.940561][T13073] Call Trace: [ 912.940569][T13073] [ 912.940580][T13073] dump_stack_lvl+0x189/0x250 [ 912.940619][T13073] ? __pfx____ratelimit+0x10/0x10 [ 912.940643][T13073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 912.940676][T13073] ? __pfx__printk+0x10/0x10 [ 912.940713][T13073] should_fail_ex+0x414/0x560 [ 912.940742][T13073] _copy_to_user+0x31/0xb0 [ 912.940776][T13073] simple_read_from_buffer+0xe1/0x170 [ 912.940814][T13073] proc_fail_nth_read+0x1df/0x250 [ 912.940841][T13073] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 912.940868][T13073] ? rw_verify_area+0x258/0x650 [ 912.940896][T13073] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 912.940922][T13073] vfs_read+0x1fd/0x980 [ 912.940957][T13073] ? __pfx___mutex_lock+0x10/0x10 [ 912.940982][T13073] ? __pfx_vfs_read+0x10/0x10 [ 912.941013][T13073] ? __fget_files+0x2a/0x420 [ 912.941039][T13073] ? __fget_files+0x3a0/0x420 [ 912.941057][T13073] ? __fget_files+0x2a/0x420 [ 912.941087][T13073] ksys_read+0x145/0x250 [ 912.941115][T13073] ? __fget_files+0x3a0/0x420 [ 912.941136][T13073] ? __pfx_ksys_read+0x10/0x10 [ 912.941172][T13073] ? do_syscall_64+0xbe/0x3b0 [ 912.941201][T13073] do_syscall_64+0xfa/0x3b0 [ 912.941223][T13073] ? lockdep_hardirqs_on+0x9c/0x150 [ 912.941245][T13073] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.941266][T13073] ? clear_bhb_loop+0x60/0xb0 [ 912.941294][T13073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.941315][T13073] RIP: 0033:0x7f7251b8d37c [ 912.941335][T13073] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 912.941355][T13073] RSP: 002b:00007f72529d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 912.941379][T13073] RAX: ffffffffffffffda RBX: 00007f7251db5fa0 RCX: 00007f7251b8d37c [ 912.941395][T13073] RDX: 000000000000000f RSI: 00007f72529d70a0 RDI: 0000000000000003 [ 912.941409][T13073] RBP: 00007f72529d7090 R08: 0000000000000000 R09: 0000000000000000 [ 912.941423][T13073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 912.941443][T13073] R13: 0000000000000000 R14: 00007f7251db5fa0 R15: 00007ffc18549de8 [ 912.941478][T13073] [ 913.220717][ T977] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 913.232971][ T977] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 913.254117][ T977] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 913.263495][ T977] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 913.271806][ T977] usb 7-1: SerialNumber: syz [ 913.526825][T13082] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1752'. [ 913.581623][T13088] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 913.813917][ T977] usb 7-1: 0:2 : does not exist [ 913.937389][ T977] usb 7-1: unit 5 not found! [ 914.078594][ T977] usb 7-1: USB disconnect, device number 7 [ 914.173746][ T8259] udevd[8259]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 914.198345][ T43] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 914.378380][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 914.394316][ T43] usb 4-1: config 0 has an invalid interface number: 195 but max is 0 [ 914.411222][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 914.640210][ T43] usb 4-1: config 0 has no interface number 0 [ 914.650318][ T43] usb 4-1: New USB device found, idVendor=0421, idProduct=0418, bcdDevice=95.ff [ 914.664371][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 914.672549][ T43] usb 4-1: Product: syz [ 914.676839][ T43] usb 4-1: Manufacturer: syz [ 914.681514][ T43] usb 4-1: SerialNumber: syz [ 914.695939][ T43] usb 4-1: config 0 descriptor?? [ 915.396498][ T43] usb 4-1: bad CDC descriptors [ 915.601819][ T43] usb 4-1: USB disconnect, device number 54 [ 915.992774][ T977] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 916.003134][ C0] raw-gadget.1 gadget.2: ignoring, device is not running [ 916.064865][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 916.064886][ T30] audit: type=1326 audit(1748593524.859:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 916.101337][ T30] audit: type=1326 audit(1748593524.859:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 916.125717][ T30] audit: type=1326 audit(1748593524.859:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 916.138323][ T977] usb 3-1: device descriptor read/64, error -32 [ 916.153043][ T30] audit: type=1326 audit(1748593524.859:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 916.201496][ T30] audit: type=1326 audit(1748593524.859:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb6bd8e969 code=0x7ffc0000 [ 916.228461][T10929] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 916.237566][ T30] audit: type=1326 audit(1748593524.859:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcb6bd90887 code=0x7ffc0000 [ 916.269681][ T30] audit: type=1326 audit(1748593524.859:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fcb6bd907fc code=0x7ffc0000 [ 916.301548][ T30] audit: type=1326 audit(1748593524.859:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fcb6bd90734 code=0x7ffc0000 [ 916.329547][ T30] audit: type=1326 audit(1748593524.859:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fcb6bd90734 code=0x7ffc0000 [ 916.352230][ T30] audit: type=1326 audit(1748593524.869:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13112 comm="syz.0.1760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcb6bd8d5ca code=0x7ffc0000 [ 916.918505][ T977] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 916.938664][T10929] usb 7-1: Using ep0 maxpacket: 8 [ 916.959813][T10929] usb 7-1: config 0 has an invalid interface number: 234 but max is 0 [ 916.968053][T10929] usb 7-1: config 0 has no interface number 0 [ 917.000631][T13122] FAULT_INJECTION: forcing a failure. [ 917.000631][T13122] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 917.006871][T10929] usb 7-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice=96.a7 [ 917.032329][T10929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.044170][T10929] usb 7-1: Product: syz [ 917.048656][T13122] CPU: 0 UID: 0 PID: 13122 Comm: syz.3.1764 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 917.048688][T13122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 917.048703][T13122] Call Trace: [ 917.048712][T13122] [ 917.048721][T13122] dump_stack_lvl+0x189/0x250 [ 917.048759][T13122] ? __pfx____ratelimit+0x10/0x10 [ 917.048783][T13122] ? __pfx_dump_stack_lvl+0x10/0x10 [ 917.048816][T13122] ? __pfx__printk+0x10/0x10 [ 917.048838][T13122] ? __might_fault+0xb0/0x130 [ 917.048884][T13122] should_fail_ex+0x414/0x560 [ 917.048913][T13122] _copy_from_user+0x2d/0xb0 [ 917.048945][T13122] ___sys_sendmsg+0x158/0x2a0 [ 917.048980][T13122] ? __pfx____sys_sendmsg+0x10/0x10 [ 917.049054][T13122] ? __fget_files+0x2a/0x420 [ 917.049073][T13122] ? __fget_files+0x3a0/0x420 [ 917.049105][T13122] __x64_sys_sendmsg+0x19b/0x260 [ 917.049140][T13122] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 917.049186][T13122] ? __pfx_ksys_write+0x10/0x10 [ 917.049215][T13122] ? rcu_is_watching+0x15/0xb0 [ 917.049250][T13122] ? do_syscall_64+0xbe/0x3b0 [ 917.049280][T13122] do_syscall_64+0xfa/0x3b0 [ 917.049311][T13122] ? lockdep_hardirqs_on+0x9c/0x150 [ 917.049334][T13122] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.049357][T13122] ? clear_bhb_loop+0x60/0xb0 [ 917.049387][T13122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 917.049410][T13122] RIP: 0033:0x7f7251b8e969 [ 917.049431][T13122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 917.049451][T13122] RSP: 002b:00007f72529d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 917.049476][T13122] RAX: ffffffffffffffda RBX: 00007f7251db5fa0 RCX: 00007f7251b8e969 [ 917.049493][T13122] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 917.049508][T13122] RBP: 00007f72529d7090 R08: 0000000000000000 R09: 0000000000000000 [ 917.049523][T13122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 917.049537][T13122] R13: 0000000000000000 R14: 00007f7251db5fa0 R15: 00007ffc18549de8 [ 917.049573][T13122] [ 917.267140][T13128] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 917.757814][T13124] netlink: 'syz.5.1763': attribute type 4 has an invalid length. [ 917.765678][T13124] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1763'. [ 917.885225][T10929] usb 7-1: Manufacturer: syz [ 917.890478][T10929] usb 7-1: SerialNumber: syz [ 917.902701][T10929] usb 7-1: config 0 descriptor?? [ 918.126489][T10929] usb 7-1: can't set config #0, error -71 [ 918.161309][ T977] usb 3-1: device descriptor read/all, error -71 [ 918.172266][ T977] usb usb3-port1: attempt power cycle [ 918.228814][T10929] usb 7-1: USB disconnect, device number 8 [ 919.211538][ T2150] usb 6-1: new full-speed USB device number 56 using dummy_hcd [ 919.374877][T13144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 919.592357][T13148] syz.3.1772: attempt to access beyond end of device [ 919.592357][T13148] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 919.610095][T13148] gfs2: error -5 reading superblock [ 919.948483][ T5877] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 920.131880][ T5877] usb 4-1: not running at top speed; connect to a high speed hub [ 920.184527][ T5877] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 920.378647][ T5877] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 920.390500][ T5877] usb 4-1: config 1 interface 0 has no altsetting 0 [ 920.448978][ T5877] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 920.485007][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 920.528810][ T5877] usb 4-1: Product: @﹅䴣 [ 920.532042][ T2150] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 920.535400][ T5877] usb 4-1: Manufacturer: 뜇ꇎ夥絏␯󄹦噁ꅾ軆耚⁠ઊά⮱따ᩫ挙⻼᫲奄웒⾊ൔ뜰瓱츽Ⓛ捆⧫䉂殱ற泧뗺叙媚歒ᩫ㙣폺#咈쏉똩釗觉阈⭊᮹໻션祵ꘄ匝鄉컹嶷碓Ửઆ䩁څ瑎ջ䬛෇㜍西薻ꢤ퐨棍舗궁撻薕鎾拗ҽ퐝㍦䉴䤨ਝ塃㣷ꆨ婥귻铿ۧᰣ召뼜㰛 [ 920.558197][ T2150] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 920.604369][ T5877] usb 4-1: SerialNumber: ᇀ쁽蛥ኤ꼫㑙֗狮ᦄ놕뗜儸䀽̆았꿣궾숒캾ꍒ܇乜ᚄ臌費怜辟渐穝ꍜ⊏᠖ऴ뜇諭蹣⚮棇쿆ꆩ꞊㝉歞緍蒨倏ﳭ럺᠛鯌憰藓퉲㲓労릓娂鮸席솿쫻긳渡䳭샪ퟱ䟜 [ 920.644802][T13148] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 920.682398][T13148] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 920.851523][ T2150] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 920.862647][ T2150] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 65535, setting to 64 [ 921.462542][T13161] tmpfs: Unknown parameter '00000000000000000000' [ 922.314173][ T2150] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 922.356894][ T2150] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.434660][ T2150] usb 6-1: can't set config #1, error -71 [ 922.464614][ T2150] usb 6-1: USB disconnect, device number 56 [ 922.754983][ T5877] usblp 4-1:1.0: usblp0: USB Bidirectional printer dev 55 if 0 alt 8 proto 2 vid 0x0525 pid 0xA4A8 [ 922.860344][T13177] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1775'. [ 923.455624][ T5877] usb 4-1: USB disconnect, device number 55 [ 923.543617][ T5877] usblp0: removed [ 924.318405][T10223] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 925.038272][T10929] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 925.629199][T13195] ptrace attach of "./syz-executor exec"[5820] was attempted by " eth0 #uu0*iƇ޿_k.\x22#p/yLa~+>3l{@!2!9k\x0b8I$Q=r\x09/vӧJ#KT_$A=z/XmOX)s޾_N)6m\x0a\x0b뻑z|d\x1byx\x1bLTrw|0\x09\x5c[ ]V:Þ\x07x.TTϿa%QCuTYZy!Ѧ7vs\x07j*I{]*5JtsĪ~0fۮG:Q\x1b㣤}`eL\x0dyg1\x09i/!,u~)\x1b2jNTh\x1bo:\x0bq7SHLBq([aF*q v ANTeL+u^\x07sha 넙LD7DQ2!8,%$֜yKƴ%:0dLWՐl\x1b\x0bh=m.\x0bhQ}8/P+:E\x5cԬטլCRr^gQ(>⺨=\x0c04*@vTځg:hzW6s)x\x [ 927.408248][T10929] usb 1-1: device not accepting address 69, error -71 [ 927.735207][T13202] tmpfs: Unknown parameter '00000000000000000000' [ 928.408258][T10223] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 928.416388][T10223] usb 7-1: can't read configurations, error -71 [ 928.820555][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 928.820575][ T30] audit: type=1804 audit(1748593537.619:165): pid=13208 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1789" name="/newroot/365/file0" dev="tmpfs" ino=1929 res=1 errno=0 [ 929.835949][ T30] audit: type=1326 audit(1748593538.629:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13206 comm="syz.5.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f083318e969 code=0x7fc00000 [ 930.408364][ T5877] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 931.382695][ T5877] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 931.399602][ T5877] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 931.413479][ T5877] usb 3-1: config 0 has no interface number 0 [ 931.948916][ T5877] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 931.972824][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 931.981875][T10223] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 931.998955][ T5877] usb 3-1: Product: syz [ 931.998979][ T5877] usb 3-1: Manufacturer: syz [ 931.998995][ T5877] usb 3-1: SerialNumber: syz [ 932.003926][ T5877] usb 3-1: config 0 descriptor?? [ 932.405128][T10223] usb 1-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 932.431489][T10223] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 932.439955][ T5877] usb 3-1: USB disconnect, device number 54 [ 932.514997][T13257] tmpfs: Unknown parameter '00000000000000000000' [ 933.245130][T10223] usb 1-1: Product: syz [ 933.253827][T10223] usb 1-1: Manufacturer: syz [ 933.258723][T10223] usb 1-1: SerialNumber: syz [ 933.266560][T10223] usb 1-1: config 0 descriptor?? [ 933.274312][T10223] cypress_m8 1-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 933.297488][T10223] nokiaca42v2 ttyUSB0: required endpoint is missing [ 935.635866][T10929] usb 1-1: USB disconnect, device number 71 [ 935.738638][ T5921] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 935.889812][T10929] cypress_m8 1-1:0.0: device disconnected [ 936.060119][ T5921] usb 4-1: device descriptor read/64, error -71 [ 936.651856][T13271] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 936.699973][T13279] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1805'. [ 936.723144][ T5921] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 936.775801][T13279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1805'. [ 936.852498][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.937294][T13277] orangefs_mount: mount request failed with -4 [ 938.656808][T13305] tmpfs: Unknown parameter '00000000000000000000' [ 941.919677][T13333] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1820'. [ 942.547255][T13359] tmpfs: Unknown parameter '00000000000000000000' [ 943.178369][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1825'. [ 943.187380][T13354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 944.072622][T13381] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1831'. [ 944.351681][T13397] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 944.732761][T13414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 944.791022][T13414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 945.068375][ T43] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 945.144059][T13420] tmpfs: Unknown parameter '00000000000000000000' [ 946.258270][ T43] usb 6-1: device descriptor read/64, error -71 [ 946.508197][ T43] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 946.658358][ T43] usb 6-1: device descriptor read/64, error -71 [ 946.772028][ T43] usb usb6-port1: attempt power cycle [ 946.832248][T13432] sp0: Synchronizing with TNC [ 946.833964][T13433] FAULT_INJECTION: forcing a failure. [ 946.833964][T13433] name failslab, interval 1, probability 0, space 0, times 0 [ 946.855851][T13433] CPU: 0 UID: 0 PID: 13433 Comm: syz.6.1840 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 946.855883][T13433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 946.855896][T13433] Call Trace: [ 946.855905][T13433] [ 946.855915][T13433] dump_stack_lvl+0x189/0x250 [ 946.855952][T13433] ? __pfx____ratelimit+0x10/0x10 [ 946.855975][T13433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 946.856007][T13433] ? __pfx__printk+0x10/0x10 [ 946.856036][T13433] ? __pfx___might_resched+0x10/0x10 [ 946.856062][T13433] ? fs_reclaim_acquire+0x7d/0x100 [ 946.856092][T13433] should_fail_ex+0x414/0x560 [ 946.856121][T13433] should_failslab+0xa8/0x100 [ 946.856156][T13433] __kmalloc_noprof+0xcb/0x4f0 [ 946.856187][T13433] ? kfree+0x4d/0x440 [ 946.856213][T13433] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 946.856247][T13433] tomoyo_realpath_from_path+0xe3/0x5d0 [ 946.856279][T13433] ? tomoyo_domain+0xda/0x130 [ 946.856314][T13433] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 946.856338][T13433] tomoyo_path_number_perm+0x1e8/0x5a0 [ 946.856365][T13433] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 946.856409][T13433] ? __lock_acquire+0xab9/0xd20 [ 946.856460][T13433] ? __fget_files+0x2a/0x420 [ 946.856491][T13433] ? __fget_files+0x2a/0x420 [ 946.856509][T13433] ? __fget_files+0x3a0/0x420 [ 946.856527][T13433] ? __fget_files+0x2a/0x420 [ 946.856552][T13433] security_file_ioctl+0xcb/0x2d0 [ 946.856579][T13433] __se_sys_ioctl+0x47/0x170 [ 946.856611][T13433] do_syscall_64+0xfa/0x3b0 [ 946.856634][T13433] ? lockdep_hardirqs_on+0x9c/0x150 [ 946.856656][T13433] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.856678][T13433] ? clear_bhb_loop+0x60/0xb0 [ 946.856705][T13433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.856727][T13433] RIP: 0033:0x7f73a5b8e969 [ 946.856746][T13433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 946.856766][T13433] RSP: 002b:00007f73a69a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 946.856789][T13433] RAX: ffffffffffffffda RBX: 00007f73a5db6080 RCX: 00007f73a5b8e969 [ 946.856806][T13433] RDX: 0000200000000100 RSI: 000000000000541a RDI: 0000000000000003 [ 946.856820][T13433] RBP: 00007f73a69a1090 R08: 0000000000000000 R09: 0000000000000000 [ 946.856834][T13433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 946.856848][T13433] R13: 0000000000000001 R14: 00007f73a5db6080 R15: 00007fffe88d3438 [ 946.856883][T13433] [ 946.856989][T13433] ERROR: Out of memory at tomoyo_realpath_from_path. [ 947.138913][ T43] usb 6-1: new high-speed USB device number 59 using dummy_hcd [ 947.189366][ T43] usb 6-1: device descriptor read/8, error -71 [ 947.588964][T13437] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1841'. [ 948.413894][T13444] veth0_macvtap: left promiscuous mode [ 948.613293][T13444] macvtap0: refused to change device tx_queue_len [ 948.636249][ T5921] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 949.335804][ T5921] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 949.456364][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 949.480619][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 949.531939][ T5921] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 949.582172][ T5921] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 950.574871][ T5921] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 950.887622][ T5921] usb 7-1: Manufacturer: syz [ 951.068392][ T2150] usb 6-1: new high-speed USB device number 61 using dummy_hcd [ 951.077769][ T5921] usb 7-1: config 0 descriptor?? [ 951.495141][ T2150] usb 6-1: device descriptor read/64, error -71 [ 951.578292][T13458] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 951.859763][ T5921] usbhid 7-1:0.0: can't add hid device: -71 [ 952.058722][ T5921] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 952.119782][ T2150] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 952.128617][ T5921] usb 7-1: USB disconnect, device number 11 [ 952.143417][T13463] FAULT_INJECTION: forcing a failure. [ 952.143417][T13463] name failslab, interval 1, probability 0, space 0, times 0 [ 952.168439][T13463] CPU: 1 UID: 0 PID: 13463 Comm: syz.6.1848 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 952.168470][T13463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 952.168484][T13463] Call Trace: [ 952.168492][T13463] [ 952.168502][T13463] dump_stack_lvl+0x189/0x250 [ 952.168539][T13463] ? __pfx____ratelimit+0x10/0x10 [ 952.168563][T13463] ? __pfx_dump_stack_lvl+0x10/0x10 [ 952.168606][T13463] ? __pfx__printk+0x10/0x10 [ 952.168634][T13463] ? __pfx___might_resched+0x10/0x10 [ 952.168658][T13463] ? fs_reclaim_acquire+0x7d/0x100 [ 952.168687][T13463] should_fail_ex+0x414/0x560 [ 952.168714][T13463] should_failslab+0xa8/0x100 [ 952.168748][T13463] __kmalloc_noprof+0xcb/0x4f0 [ 952.168777][T13463] ? kfree+0x4d/0x440 [ 952.168802][T13463] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 952.168836][T13463] tomoyo_realpath_from_path+0xe3/0x5d0 [ 952.168865][T13463] ? tomoyo_domain+0xda/0x130 [ 952.168899][T13463] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 952.168920][T13463] tomoyo_path_number_perm+0x1e8/0x5a0 [ 952.168946][T13463] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 952.168988][T13463] ? __lock_acquire+0xab9/0xd20 [ 952.169033][T13463] ? __fget_files+0x2a/0x420 [ 952.169055][T13463] ? __fget_files+0x2a/0x420 [ 952.169073][T13463] ? __fget_files+0x3a0/0x420 [ 952.169090][T13463] ? __fget_files+0x2a/0x420 [ 952.169114][T13463] security_file_ioctl+0xcb/0x2d0 [ 952.169139][T13463] __se_sys_ioctl+0x47/0x170 [ 952.169170][T13463] do_syscall_64+0xfa/0x3b0 [ 952.169191][T13463] ? lockdep_hardirqs_on+0x9c/0x150 [ 952.169212][T13463] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.169233][T13463] ? clear_bhb_loop+0x60/0xb0 [ 952.169259][T13463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.169279][T13463] RIP: 0033:0x7f73a5b8e969 [ 952.169297][T13463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 952.169316][T13463] RSP: 002b:00007f73a69a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 952.169338][T13463] RAX: ffffffffffffffda RBX: 00007f73a5db6080 RCX: 00007f73a5b8e969 [ 952.169354][T13463] RDX: 0000200000000040 RSI: 00000000c008561c RDI: 0000000000000006 [ 952.169369][T13463] RBP: 00007f73a69a1090 R08: 0000000000000000 R09: 0000000000000000 [ 952.169382][T13463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 952.169401][T13463] R13: 0000000000000000 R14: 00007f73a5db6080 R15: 00007fffe88d3438 [ 952.169435][T13463] [ 952.169443][T13463] ERROR: Out of memory at tomoyo_realpath_from_path. [ 952.429748][T13463] vivid-002: disconnect [ 952.489497][ T2150] usb 6-1: device descriptor read/64, error -71 [ 952.598883][ T2150] usb usb6-port1: attempt power cycle [ 953.598686][T13461] vivid-002: reconnect [ 955.083739][ T2150] usb usb6-port1: Cannot enable. Maybe the USB cable is bad? [ 955.258253][ T2150] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 955.291211][ T2150] usb 6-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 955.868282][ T2150] usb 6-1: config 4 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 955.902805][ T2150] usb 6-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 955.956642][ T2150] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 955.966527][ T2150] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 956.164177][T10223] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 956.227262][ T2150] ath6kl: Failed to submit usb control message: -71 [ 956.234279][ T2150] ath6kl: unable to send the bmi data to the device: -71 [ 956.288893][T13492] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1855'. [ 956.776052][ T5876] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 956.959232][ T2150] ath6kl: Unable to send get target info: -71 [ 956.972565][T10223] usb 4-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 956.983986][ T2150] ath6kl: Failed to init ath6kl core: -71 [ 956.990468][ T2150] ath6kl_usb 6-1:4.0: probe with driver ath6kl_usb failed with error -71 [ 957.021271][ T5876] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 957.032328][ T2150] usb 6-1: USB disconnect, device number 64 [ 957.054070][T10223] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 957.078470][ T5876] usb 3-1: config 0 has no interface number 0 [ 957.115341][ T5876] usb 3-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 957.126419][T10223] usb 4-1: Product: syz [ 957.126443][T10223] usb 4-1: Manufacturer: syz [ 957.126460][T10223] usb 4-1: SerialNumber: syz [ 957.136144][T10223] usb 4-1: config 0 descriptor?? [ 957.140165][T10223] cypress_m8 4-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 957.141052][T10223] nokiaca42v2 ttyUSB0: required endpoint is missing [ 957.161073][ T5876] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 957.161109][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 957.161133][ T5876] usb 3-1: Product: syz [ 957.161150][ T5876] usb 3-1: Manufacturer: syz [ 957.161167][ T5876] usb 3-1: SerialNumber: syz [ 957.167314][ T5876] usb 3-1: config 0 descriptor?? [ 957.435223][T10223] usb 4-1: USB disconnect, device number 58 [ 957.604492][T13503] No control pipe specified [ 958.260109][T10223] cypress_m8 4-1:0.0: device disconnected [ 958.404014][ T5876] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected [ 958.404260][ T5876] keyspan 3-1:0.133: unsupported endpoint type 0 [ 958.405833][ T5876] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81 [ 958.405928][ T5876] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1 [ 958.406017][ T5876] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2 [ 958.419687][ T5876] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 958.435993][ T5876] usb 3-1: USB disconnect, device number 55 [ 958.481068][ T5876] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 958.481811][ T5876] keyspan 3-1:0.133: device disconnected [ 958.736820][T13496] tty tty33: ldisc open failed (-12), clearing slot 32 [ 958.746616][T13497] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 958.788382][ T2150] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 958.986836][ T2150] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 959.011321][ T2150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 959.024683][ T2150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 959.036809][ T2150] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 959.327361][ T2150] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 959.531889][T13521] netlink: 'syz.2.1862': attribute type 1 has an invalid length. [ 959.539918][T13521] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1862'. [ 960.042339][ T2150] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 960.057952][ T2150] usb 6-1: Manufacturer: syz [ 960.239101][ T2150] usb 6-1: config 0 descriptor?? [ 960.448403][T13533] Invalid logical block size (67) [ 960.457955][T13534] loop8: detected capacity change from 0 to 1 [ 960.496033][T13534] Dev loop8: unable to read RDB block 1 [ 960.504047][T13534] loop8: unable to read partition table [ 960.511242][T13534] loop8: partition table beyond EOD, truncated [ 960.529387][T13534] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 960.691682][ T2150] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 960.703061][T13540] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 960.730673][ T2150] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 960.803806][ T2150] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 961.041941][T13546] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1870'. [ 961.925552][T13556] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1872'. [ 962.194552][ T2150] usb 6-1: reset high-speed USB device number 65 using dummy_hcd [ 962.231860][T13560] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1874'. [ 963.154682][T13568] FAULT_INJECTION: forcing a failure. [ 963.154682][T13568] name failslab, interval 1, probability 0, space 0, times 0 [ 963.167957][T13568] CPU: 0 UID: 0 PID: 13568 Comm: syz.6.1877 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 963.167988][T13568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 963.168002][T13568] Call Trace: [ 963.168011][T13568] [ 963.168021][T13568] dump_stack_lvl+0x189/0x250 [ 963.168059][T13568] ? __pfx____ratelimit+0x10/0x10 [ 963.168084][T13568] ? __pfx_dump_stack_lvl+0x10/0x10 [ 963.168119][T13568] ? __pfx__printk+0x10/0x10 [ 963.168148][T13568] ? __pfx___might_resched+0x10/0x10 [ 963.168174][T13568] ? fs_reclaim_acquire+0x7d/0x100 [ 963.168203][T13568] should_fail_ex+0x414/0x560 [ 963.168233][T13568] should_failslab+0xa8/0x100 [ 963.168269][T13568] __kmalloc_node_noprof+0xd1/0x4e0 [ 963.168302][T13568] ? qdisc_alloc+0x97/0xaa0 [ 963.168336][T13568] qdisc_alloc+0x97/0xaa0 [ 963.168384][T13568] qdisc_create+0x12c/0xea0 [ 963.168420][T13568] tc_modify_qdisc+0x1426/0x2010 [ 963.168461][T13568] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 963.168521][T13568] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 963.168545][T13568] rtnetlink_rcv_msg+0x77c/0xb70 [ 963.168577][T13568] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 963.168603][T13568] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 963.168628][T13568] ? ref_tracker_free+0x63a/0x7d0 [ 963.168650][T13568] ? __copy_skb_header+0xa7/0x550 [ 963.168685][T13568] ? __pfx_ref_tracker_free+0x10/0x10 [ 963.168723][T13568] netlink_rcv_skb+0x208/0x470 [ 963.168755][T13568] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 963.168783][T13568] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 963.168829][T13568] ? netlink_deliver_tap+0x2e/0x1b0 [ 963.168857][T13568] ? netlink_deliver_tap+0x2e/0x1b0 [ 963.168893][T13568] netlink_unicast+0x75b/0x8d0 [ 963.168933][T13568] netlink_sendmsg+0x805/0xb30 [ 963.168963][T13568] ? check_buffer+0x259/0x750 [ 963.169005][T13568] ? __pfx_netlink_sendmsg+0x10/0x10 [ 963.169045][T13568] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 963.169066][T13568] ? __pfx_netlink_sendmsg+0x10/0x10 [ 963.169098][T13568] __sock_sendmsg+0x21c/0x270 [ 963.169124][T13568] ____sys_sendmsg+0x52d/0x830 [ 963.169155][T13568] ? __pfx_____sys_sendmsg+0x10/0x10 [ 963.169196][T13568] ? import_iovec+0x74/0xa0 [ 963.169231][T13568] ___sys_sendmsg+0x21f/0x2a0 [ 963.169267][T13568] ? __pfx____sys_sendmsg+0x10/0x10 [ 963.169342][T13568] ? __fget_files+0x2a/0x420 [ 963.169375][T13568] ? __fget_files+0x3a0/0x420 [ 963.169409][T13568] __sys_sendmmsg+0x227/0x430 [ 963.169449][T13568] ? __pfx___sys_sendmmsg+0x10/0x10 [ 963.169494][T13568] ? bpf_trace_run2+0x322/0x4b0 [ 963.169551][T13568] ? rcu_is_watching+0x15/0xb0 [ 963.169583][T13568] __x64_sys_sendmmsg+0xa0/0xc0 [ 963.169617][T13568] do_syscall_64+0xfa/0x3b0 [ 963.169641][T13568] ? lockdep_hardirqs_on+0x9c/0x150 [ 963.169663][T13568] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 963.169685][T13568] ? clear_bhb_loop+0x60/0xb0 [ 963.169713][T13568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 963.169734][T13568] RIP: 0033:0x7f73a5b8e969 [ 963.169754][T13568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 963.169774][T13568] RSP: 002b:00007f73a69c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 963.169797][T13568] RAX: ffffffffffffffda RBX: 00007f73a5db5fa0 RCX: 00007f73a5b8e969 [ 963.169815][T13568] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 963.169830][T13568] RBP: 00007f73a69c2090 R08: 0000000000000000 R09: 0000000000000000 [ 963.169844][T13568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 963.169857][T13568] R13: 0000000000000000 R14: 00007f73a5db5fa0 R15: 00007fffe88d3438 [ 963.169892][T13568] [ 964.569934][ T24] usb 6-1: USB disconnect, device number 65 [ 965.138333][T13586] Invalid logical block size (67) [ 965.196215][T13590] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1883'. [ 965.890690][T13606] binder: 13597:13606 ioctl c0306201 2000000001c0 returned -14 [ 966.412339][ T2150] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 966.657657][ T2150] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 966.707332][ T2150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 966.752692][ T2150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 966.811715][ T2150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 966.887846][ T2150] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 967.051896][ T2150] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 967.111963][ T2150] usb 4-1: Manufacturer: syz [ 967.148986][T13636] lo speed is unknown, defaulting to 1000 [ 967.167327][ T2150] usb 4-1: config 0 descriptor?? [ 967.882598][ T2150] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 967.901910][ T2150] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 967.943424][T13648] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1899'. [ 967.962601][ T2150] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 969.002469][ T5876] usb 6-1: new full-speed USB device number 66 using dummy_hcd [ 969.056391][ T977] usb 4-1: USB disconnect, device number 59 [ 969.281292][ T5876] usb 6-1: device descriptor read/64, error -71 [ 970.218382][ T5876] usb 6-1: new full-speed USB device number 67 using dummy_hcd [ 970.493770][ T5876] usb 6-1: device descriptor read/64, error -71 [ 970.673408][ T5876] usb usb6-port1: attempt power cycle [ 971.028427][ T5876] usb 6-1: new full-speed USB device number 68 using dummy_hcd [ 971.059059][ T5876] usb 6-1: device descriptor read/8, error -71 [ 971.274946][T13667] netlink: 260 bytes leftover after parsing attributes in process `syz.3.1907'. [ 972.268229][ T5876] usb 6-1: new full-speed USB device number 69 using dummy_hcd [ 972.378514][ T5876] usb 6-1: device descriptor read/8, error -71 [ 972.538789][ T5876] usb usb6-port1: unable to enumerate USB device [ 973.069594][T13691] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1910'. [ 973.988245][ T5921] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 974.288460][T13703] xt_CT: You must specify a L4 protocol and not use inversions on it [ 974.982196][ T5921] usb 4-1: Using ep0 maxpacket: 16 [ 975.008044][ T5921] usb 4-1: config 1 interface 0 has no altsetting 0 [ 975.018750][ T5876] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 975.037306][ T5921] usb 4-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.40 [ 975.084228][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 975.113598][ T5921] usb 4-1: Product: ࠠ [ 975.146740][ T5921] usb 4-1: Manufacturer: န [ 976.039269][ T5876] usb 3-1: not running at top speed; connect to a high speed hub [ 976.074376][ T5921] usb 4-1: can't set config #1, error -71 [ 976.075461][ T5876] usb 3-1: config 1 interface 0 has no altsetting 0 [ 976.111415][ T5876] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 976.121074][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 976.129262][ T5876] usb 3-1: Product: syz [ 976.133430][ T5876] usb 3-1: Manufacturer: syz [ 976.138038][ T5876] usb 3-1: SerialNumber: syz [ 976.148555][ T5921] usb 4-1: USB disconnect, device number 60 [ 978.298791][ T5876] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input34 [ 978.373105][ T5176] bcm5974 3-1:1.0: could not read from device [ 978.462526][ T5876] usb 3-1: USB disconnect, device number 56 [ 978.485899][ T5176] bcm5974 3-1:1.0: could not read from device [ 978.988865][T13741] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1924'. [ 979.069633][ T977] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 979.419616][ T977] usb 4-1: Using ep0 maxpacket: 32 [ 979.723835][T13743] fuse: Bad value for 'fd' [ 979.801887][ T977] usb 4-1: config 0 has no interfaces? [ 980.019981][ T977] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 980.108395][ T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 980.191901][ T977] usb 4-1: Product: syz [ 980.372959][ T977] usb 4-1: Manufacturer: syz [ 980.378777][ T977] usb 4-1: SerialNumber: syz [ 980.399389][ T977] usb 4-1: config 0 descriptor?? [ 981.038138][T13751] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1928'. [ 981.047642][T13751] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1928'. [ 981.057047][T13749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1929'. [ 981.808586][T13755] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1929'. [ 982.041268][T13755] bridge0: port 3(vlan3) entered blocking state [ 982.050950][T13755] bridge0: port 3(vlan3) entered disabled state [ 982.061911][T13755] vlan3: entered allmulticast mode [ 982.229927][ T977] usb 4-1: USB disconnect, device number 61 [ 982.519769][T13755] vlan3: left allmulticast mode [ 983.595994][T13773] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1933'. [ 984.082131][ T977] usb 1-1: new full-speed USB device number 72 using dummy_hcd [ 984.160189][T13777] openvswitch: netlink: Key type 51 is out of range max 32 [ 984.429876][ T977] usb 1-1: not running at top speed; connect to a high speed hub [ 984.448513][ T977] usb 1-1: config 1 interface 0 has no altsetting 0 [ 984.475602][ T977] usb 1-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 984.495405][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 984.547725][ T977] usb 1-1: Product: syz [ 984.562069][T13786] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1934'. [ 984.639923][ T977] usb 1-1: Manufacturer: syz [ 984.697309][ T977] usb 1-1: SerialNumber: syz [ 985.952590][T13821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1937'. [ 986.627545][ T977] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input35 [ 986.662884][ T5176] bcm5974 1-1:1.0: could not read from device [ 986.678877][ T5176] bcm5974 1-1:1.0: could not read from device [ 986.720865][ T5176] bcm5974 1-1:1.0: could not read from device [ 986.742680][ T977] usb 1-1: USB disconnect, device number 72 [ 987.048195][ T5877] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 987.255497][ T5877] usb 3-1: New USB device found, idVendor=0b48, idProduct=300d, bcdDevice=ab.a0 [ 987.278267][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.067931][ T5877] usb 3-1: config 0 descriptor?? [ 988.077845][ T5877] dvb-usb: found a 'Technotrend TT-connect CT-3650' in cold state, will try to load a firmware [ 988.092462][ T5877] dvb-usb: did not find the firmware file '(null)' (status -22). You can use /scripts/get_dvb_firmware to get the firmware [ 988.288417][ T5876] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 988.313950][ T5877] usb 3-1: USB disconnect, device number 57 [ 988.499462][ T5876] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 988.527634][ T5876] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 988.578753][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 988.598684][T13845] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1945'. [ 988.703959][ T5876] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 988.809930][ T5876] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 988.941502][ T5876] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 989.049526][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 989.177679][ T5876] usb 4-1: Product: syz [ 989.182979][ T5876] usb 4-1: Manufacturer: syz [ 989.252650][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 989.288256][ T5876] cdc_wdm 4-1:1.0: skipping garbage [ 989.340157][ T5876] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 989.366582][ T5876] cdc_wdm 4-1:1.0: Unknown control protocol [ 990.138209][ T2150] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 990.556872][ T2150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 990.707870][ T2150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 990.862996][ T2150] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 990.915874][ T2150] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 990.925272][ T2150] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 990.945388][ T2150] usb 6-1: config 0 descriptor?? [ 991.290512][ T2150] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 992.281816][ T5921] usb 4-1: USB disconnect, device number 62 [ 992.300100][ T2150] plantronics 0003:047F:FFFF.0009: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 992.527895][T10223] usb 6-1: USB disconnect, device number 70 [ 992.588568][T13851] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 992.601283][T13866] fido_id[13866]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 992.768624][ T2150] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 993.038190][ T2150] usb 3-1: Using ep0 maxpacket: 16 [ 993.054121][ T30] audit: type=1326 audit(1748593601.849:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13880 comm="syz.5.1955" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f083318e969 code=0x0 [ 993.054979][ T2150] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 993.088217][ T2150] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 993.100032][ T2150] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 993.123295][ T2150] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 993.152996][ T2150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 993.172359][ T2150] usb 3-1: SerialNumber: syz [ 993.615359][T13894] syz.2.1951: attempt to access beyond end of device [ 993.615359][T13894] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0 [ 993.632356][T13894] hfs: can't find a HFS filesystem on dev nbd2 [ 994.027603][ T2150] usb 3-1: USB disconnect, device number 58 [ 994.186226][T13904] nbd: nbd0 already in use [ 994.550988][T10929] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 994.733720][T10929] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 994.759440][T13921] 9pnet_virtio: no channels available for device syz [ 994.766384][T10929] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 994.789726][T10929] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 994.818599][T10929] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 994.870660][T10929] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 994.906100][T10929] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 994.934018][T10929] usb 1-1: Manufacturer: syz [ 994.979669][T10929] usb 1-1: config 0 descriptor?? [ 995.402412][T10929] appleir 0003:05AC:8243.000A: unknown main item tag 0x0 [ 995.459192][T10929] appleir 0003:05AC:8243.000A: No inputs registered, leaving [ 995.498687][T13916] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 995.519455][T10929] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 995.928216][ T5876] usb 1-1: USB disconnect, device number 73 [ 996.274348][T13952] netlink: 'syz.5.1981': attribute type 8 has an invalid length. [ 996.980067][T10223] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 997.018973][T13971] syzkaller1: entered promiscuous mode [ 997.037930][T13971] syzkaller1: entered allmulticast mode [ 997.192752][T10223] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 997.265079][T10223] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 997.319702][T10223] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 997.366103][T10223] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 997.409552][T10223] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 997.429821][T10223] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 997.466496][T10223] usb 1-1: config 0 descriptor?? [ 997.474155][T13975] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1989'. [ 997.483248][T13963] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 997.913251][T10223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 997.936307][T10223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 997.961863][T10223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 997.978617][T10223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 997.996482][T10223] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 998.018725][T10223] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 998.054871][T10223] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 998.298544][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 999.124976][T14030] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 999.580130][T14044] input: syz0 as /devices/virtual/input/input39 [ 999.898425][ T2150] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 999.934242][T14054] 9pnet_virtio: no channels available for device syz [ 1000.010339][T10223] usb 1-1: USB disconnect, device number 74 [ 1000.079532][ T2150] usb 4-1: Using ep0 maxpacket: 8 [ 1000.111148][ T2150] usb 4-1: config index 0 descriptor too short (expected 28277, got 36) [ 1000.146856][ T2150] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1000.187646][ T2150] usb 4-1: config 0 has no interfaces? [ 1000.211306][ T2150] usb 4-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 1000.233066][ T2150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1000.279393][ T2150] usb 4-1: config 0 descriptor?? [ 1000.305517][T14057] block nbd0: server does not support multiple connections per device. [ 1000.346952][T14056] block nbd0: shutting down sockets [ 1000.548569][T14061] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2025'. [ 1000.575110][ T2150] usb 4-1: USB disconnect, device number 63 [ 1000.593282][T14061] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2025'. [ 1000.668320][T10223] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 1000.838951][T10223] usb 1-1: Using ep0 maxpacket: 32 [ 1000.848024][T10223] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1000.873676][T10223] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1000.892561][T10223] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1000.905085][T10223] usb 1-1: Product: syz [ 1000.912282][T10223] usb 1-1: Manufacturer: syz [ 1000.935546][T10223] usb 1-1: SerialNumber: syz [ 1000.963854][T10223] usb 1-1: config 0 descriptor?? [ 1000.991468][T14059] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1001.043825][T10223] hub 1-1:0.0: bad descriptor, ignoring hub [ 1001.071272][T10223] hub 1-1:0.0: probe with driver hub failed with error -5 [ 1001.171073][T14079] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1001.372599][ T5877] usb 1-1: USB disconnect, device number 75 [ 1001.648626][T12144] Bluetooth: hci4: command 0x0406 tx timeout [ 1001.654712][T10929] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 1001.681195][T10929] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 1001.708497][ T5877] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1001.881191][ T5877] usb 1-1: Using ep0 maxpacket: 32 [ 1001.922640][ T5877] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1001.968603][ T43] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 1001.973335][ T5877] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1001.993383][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1002.007219][ T5877] usb 1-1: Product: syz [ 1002.032323][T14102] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2044'. [ 1002.042433][ T5877] usb 1-1: Manufacturer: syz [ 1002.047092][ T5877] usb 1-1: SerialNumber: syz [ 1002.059222][T14102] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2044'. [ 1002.086673][ T5877] usb 1-1: config 0 descriptor?? [ 1002.106707][T14059] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1002.126671][ T5877] hub 1-1:0.0: bad descriptor, ignoring hub [ 1002.144668][ T5877] hub 1-1:0.0: probe with driver hub failed with error -5 [ 1002.148611][ T43] usb 3-1: Using ep0 maxpacket: 8 [ 1002.184656][ T43] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1002.205410][ T43] usb 3-1: config 0 has no interface number 0 [ 1002.224586][ T43] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1002.264002][ T43] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1002.301909][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.323747][T14108] netlink: 'syz.6.2045': attribute type 2 has an invalid length. [ 1002.333147][ T43] usb 3-1: config 0 descriptor?? [ 1002.352073][T14108] netlink: 244 bytes leftover after parsing attributes in process `syz.6.2045'. [ 1002.375819][ T43] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 1002.439060][ T5877] usb 1-1: USB disconnect, device number 76 [ 1002.592888][T10223] usb 3-1: USB disconnect, device number 59 [ 1003.036653][T14132] ip6t_REJECT: ECHOREPLY is not supported [ 1004.047639][T14146] lo speed is unknown, defaulting to 1000 [ 1004.199100][ T5923] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.408308][ T5877] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1004.563073][ T5923] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.638205][ T5877] usb 6-1: Using ep0 maxpacket: 32 [ 1004.646143][ T5877] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1004.696933][ T5877] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1004.748219][ T5877] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 1004.757331][ T5877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1004.828529][ T5877] usb 6-1: config 0 descriptor?? [ 1004.940249][ T5923] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.075372][ T5877] usb 6-1: USB disconnect, device number 71 [ 1005.456117][ T5923] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1005.823565][ C0] [ 1005.825973][ C0] ============================= [ 1005.830844][ C0] [ BUG: Invalid wait context ] [ 1005.835726][ C0] 6.15.0-syzkaller-08297-ge0797d3b91de #0 Not tainted [ 1005.842517][ C0] ----------------------------- [ 1005.847388][ C0] syz.3.2056/14132 is trying to lock: [ 1005.852788][ C0] ffffc9000bd14410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9a0 [ 1005.862337][ C0] other info that might help us debug this: [ 1005.868260][ C0] context-{2:2} [ 1005.871777][ C0] 2 locks held by syz.3.2056/14132: [ 1005.877001][ C0] #0: ffff88805bec2428 (sb_writers#3){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 1005.886741][ C0] #1: ffffc9000bd14960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9a0 [ 1005.896695][ C0] stack backtrace: [ 1005.900418][ C0] CPU: 0 UID: 0 PID: 14132 Comm: syz.3.2056 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1005.900439][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1005.900450][ C0] Call Trace: [ 1005.900456][ C0] [ 1005.900464][ C0] dump_stack_lvl+0x189/0x250 [ 1005.900493][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1005.900518][ C0] ? __pfx__printk+0x10/0x10 [ 1005.900540][ C0] ? print_lock_name+0xde/0x100 [ 1005.900568][ C0] __lock_acquire+0xbcb/0xd20 [ 1005.900588][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9a0 [ 1005.900607][ C0] lock_acquire+0x120/0x360 [ 1005.900622][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9a0 [ 1005.900648][ C0] _raw_read_lock_irqsave+0xaf/0x100 [ 1005.900676][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9a0 [ 1005.900696][ C0] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1005.900722][ C0] ? xa_load+0x1ea/0x210 [ 1005.900744][ C0] kvm_xen_set_evtchn_fast+0x1fb/0x9a0 [ 1005.900763][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 1005.900788][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1005.900814][ C0] ? kvm_xen_set_evtchn_fast+0x1c3/0x9a0 [ 1005.900836][ C0] xen_timer_callback+0x109/0x220 [ 1005.900858][ C0] ? __pfx_xen_timer_callback+0x10/0x10 [ 1005.900878][ C0] __hrtimer_run_queues+0x4dd/0xc60 [ 1005.900905][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1005.900923][ C0] ? read_tsc+0x9/0x20 [ 1005.900940][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 1005.900970][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 1005.900992][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1005.901019][ C0] [ 1005.901025][ C0] [ 1005.901031][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1005.901049][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x46/0x70 [ 1005.901075][ C0] Code: ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 <48> 8d 7e 01 8b 89 1c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 [ 1005.901090][ C0] RSP: 0018:ffffc9000bf370a0 EFLAGS: 00000246 [ 1005.901105][ C0] RAX: ffffffff8203dd54 RBX: ffffea0000cfba80 RCX: ffff88806e9b9e00 [ 1005.901119][ C0] RDX: ffffc9000ce2c000 RSI: 000000000007ffff RDI: 0000000000000000 [ 1005.901130][ C0] RBP: dffffc0000000000 R08: ffffea0000cfba47 R09: 1ffffd400019f748 [ 1005.901143][ C0] R10: dffffc0000000000 R11: fffff9400019f749 R12: 0000000000000000 [ 1005.901155][ C0] R13: ffffea0000cfba88 R14: ffff8881404ae000 R15: ffffea0000000000 [ 1005.901171][ C0] ? isolate_migratepages_block+0x894/0x3c70 [ 1005.901200][ C0] isolate_migratepages_block+0x894/0x3c70 [ 1005.901239][ C0] compact_zone+0x22ab/0x4af0 [ 1005.901276][ C0] ? __pfx_compact_zone+0x10/0x10 [ 1005.901298][ C0] sysctl_compaction_handler+0x3a4/0x7b0 [ 1005.901317][ C0] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 1005.901350][ C0] ? rcu_is_watching+0x15/0xb0 [ 1005.901369][ C0] ? proc_sys_call_handler+0x3f2/0x7c0 [ 1005.901389][ C0] ? trace_kmalloc+0x1f/0xd0 [ 1005.901412][ C0] ? __kvmalloc_node_noprof+0x338/0x600 [ 1005.901438][ C0] ? proc_sys_call_handler+0x3f2/0x7c0 [ 1005.901460][ C0] proc_sys_call_handler+0x509/0x7c0 [ 1005.901483][ C0] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1005.901506][ C0] ? __asan_memset+0x22/0x50 [ 1005.901527][ C0] iter_file_splice_write+0x937/0x1000 [ 1005.901569][ C0] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1005.901595][ C0] ? rcu_read_lock_any_held+0xb3/0x120 [ 1005.901620][ C0] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1005.901644][ C0] direct_splice_actor+0xfe/0x160 [ 1005.901670][ C0] splice_direct_to_actor+0x5a8/0xcc0 [ 1005.901702][ C0] ? __pfx_direct_splice_actor+0x10/0x10 [ 1005.901726][ C0] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1005.901754][ C0] do_splice_direct+0x181/0x270 [ 1005.901779][ C0] ? __pfx_do_splice_direct+0x10/0x10 [ 1005.901804][ C0] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1005.901834][ C0] ? rw_verify_area+0x258/0x650 [ 1005.901857][ C0] do_sendfile+0x4da/0x7e0 [ 1005.901877][ C0] ? __pfx_do_sendfile+0x10/0x10 [ 1005.901898][ C0] __se_sys_sendfile64+0xd9/0x190 [ 1005.901914][ C0] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 1005.901928][ C0] ? rcu_is_watching+0x15/0xb0 [ 1005.901949][ C0] ? do_syscall_64+0xbe/0x3b0 [ 1005.901968][ C0] do_syscall_64+0xfa/0x3b0 [ 1005.901984][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1005.902000][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.902015][ C0] ? clear_bhb_loop+0x60/0xb0 [ 1005.902034][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.902050][ C0] RIP: 0033:0x7f7251b8e969 [ 1005.902065][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1005.902079][ C0] RSP: 002b:00007f72529d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1005.902095][ C0] RAX: ffffffffffffffda RBX: 00007f7251db5fa0 RCX: 00007f7251b8e969 [ 1005.902107][ C0] RDX: 00002000000000c0 RSI: 0000000000000007 RDI: 000000000000000a [ 1005.902118][ C0] RBP: 00007f7251c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1005.902128][ C0] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1005.902138][ C0] R13: 0000000000000000 R14: 00007f7251db5fa0 R15: 00007ffc18549de8 [ 1005.902156][ C0] [ 1006.469642][ T5923] vlan1: left promiscuous mode [ 1006.474530][ T5923] bond0: left promiscuous mode [ 1006.528292][ T5923] bond_slave_0: left promiscuous mode [ 1006.534021][ T5923] bond_slave_1: left promiscuous mode SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1006.573728][ T5923] bridge0: port 3(vlan1) entered disabled state [ 1006.765177][ T5923] bridge_slave_1: left allmulticast mode [ 1006.797288][ T5923] bridge_slave_1: left promiscuous mode [ 1006.987399][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.360956][ T5923] bridge_slave_0: left allmulticast mode [ 1007.366690][ T5923] bridge_slave_0: left promiscuous mode [ 1007.398367][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.933024][ T5923] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1007.942132][ T5923] bond_slave_0: left allmulticast mode [ 1007.950035][ T5923] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1007.963912][ T5923] bond_slave_1: left allmulticast mode [ 1007.970499][ T5923] bond0 (unregistering): Released all slaves [ 1008.042618][ T5923] tipc: Disabling bearer [ 1008.049337][ T5923] tipc: Left network mode [ 1008.304714][ T5923] hsr_slave_0: left promiscuous mode [ 1008.321563][ T5923] hsr_slave_1: left promiscuous mode [ 1008.327485][ T5923] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1008.336813][ T5923] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1008.349258][ T5923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1008.356729][ T5923] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1008.392394][ T5923] veth1_macvtap: left promiscuous mode [ 1008.398951][ T5923] veth0_macvtap: left promiscuous mode [ 1008.405977][ T5923] veth1_vlan: left promiscuous mode [ 1008.415636][ T5923] veth0_vlan: left promiscuous mode [ 1008.751735][ T5923] team0 (unregistering): Port device team_slave_1 removed [ 1008.779691][ T5923] team0 (unregistering): Port device team_slave_0 removed [ 1009.217360][ T5923] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.262279][ T5923] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.327222][ T5923] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.384692][ T5923] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.497769][ T5923] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.564567][ T5923] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.627287][ T5923] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.676976][ T5923] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.797941][ T5923] vlan2: left promiscuous mode [ 1009.807652][ T5923] vlan1: left promiscuous mode [ 1009.813570][ T5923] bridge0: port 3(vlan2) entered disabled state [ 1009.823576][ T5923] bridge_slave_1: left allmulticast mode [ 1009.829293][ T5923] bridge_slave_1: left promiscuous mode [ 1009.835166][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 1009.845436][ T5923] bridge_slave_0: left allmulticast mode [ 1009.851224][ T5923] bridge_slave_0: left promiscuous mode [ 1009.856946][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 1009.870453][ T5923] bridge_slave_1: left allmulticast mode [ 1009.876174][ T5923] bridge_slave_1: left promiscuous mode [ 1009.883696][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 1009.892373][ T5923] bridge_slave_0: left allmulticast mode [ 1009.898060][ T5923] bridge_slave_0: left promiscuous mode [ 1009.906203][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 1010.145841][ T5923] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1010.155996][ T5923] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1010.165816][ T5923] bond0 (unregistering): Released all slaves [ 1010.412140][ T5923] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1010.422650][ T5923] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1010.432478][ T5923] bond0 (unregistering): Released all slaves [ 1010.829866][ T5923] hsr_slave_0: left promiscuous mode [ 1010.835598][ T5923] hsr_slave_1: left promiscuous mode [ 1010.841641][ T5923] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1010.851677][ T5923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1010.859435][ T5923] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1010.870038][ T5923] hsr_slave_0: left promiscuous mode [ 1010.875733][ T5923] hsr_slave_1: left promiscuous mode [ 1010.881721][ T5923] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1010.891086][ T5923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1010.898806][ T5923] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1010.911573][ T5923] veth1_macvtap: left promiscuous mode [ 1010.917134][ T5923] veth1_vlan: left promiscuous mode [ 1010.922792][ T5923] veth0_vlan: left promiscuous mode [ 1010.930870][ T5923] veth1_macvtap: left promiscuous mode [ 1010.936386][ T5923] veth0_macvtap: left promiscuous mode [ 1010.942027][ T5923] veth1_vlan: left promiscuous mode [ 1010.947305][ T5923] veth0_vlan: left promiscuous mode [ 1011.161370][ T5923] team0 (unregistering): Port device team_slave_1 removed [ 1011.188404][ T5923] team0 (unregistering): Port device team_slave_0 removed [ 1011.433963][ T5923] team0 (unregistering): Port device team_slave_1 removed [ 1011.462637][ T5923] team0 (unregistering): Port device team_slave_0 removed [ 1012.093991][ T5923] IPVS: stop unused estimator thread 0...