last executing test programs: 11.787925666s ago: executing program 4 (id=1029): r0 = socket$netlink(0x10, 0x3, 0x9) writev(r0, &(0x7f0000000300), 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0xcc, r1, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x40003b32}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe, 0xa8, @random="a2e2d169595fffba6a86493f9024d5fe9b11e8da5620a1be0d5e3dfbb85cfacfef74e0ba9b4fa2e0e6943620c293a364bed6787c04863691b75a3651606e94e1f91b7edd78f4ce7211f297b05a308f2cea765915ab6d4dc7461ab11e419979deef24138a8e2ed9edb8dad5372c009ce8d8ef7976ac4047ae033136485194c443b5635bc52c4358543ebf6aa5f3974697d1d1c5d150b29ef3"}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x625a315}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xe1}, @DEVLINK_ATTR_RATE_TX_SHARE={0x0, 0xa6, 0x7}]}, 0xfffffffffffffc4e}, 0x1, 0x0, 0x0, 0x4}, 0x24000020) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0) read$eventfd(r2, 0x0, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000200)={0x10001, 0x80, 0xc, 0x7, 0xb, "6b1f3bb2f1fc9bf0037c7234fd6d099a914213"}) 11.592555397s ago: executing program 4 (id=1034): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3ffc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) socket$inet_icmp(0x2, 0x2, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c8, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a4269f755b56479987a6ed0bf815b1056775ea8e6ee3e06faba074251ff4044f81b697b437313278f48d195dbce667a1086396182b058b187f9aa78f03a4e0dc1b576e0c530017ca34d44f9bd1c7d66df9e7e9322cf4b0443fa960cb5626fae546e5dadafd7c7194e5d7305610ec4608c7ac690b07c36be45c47961fffbbdeb377e8df0a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x11, &(0x7f0000000380)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@map_val={0x18, 0x1, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = socket(0xa, 0x3, 0x3a) r8 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0xfe, 0x0, 0x0, 0x20, 0xfd, [0x0, 0x0, 0x0, 0xc, 0x2, 0x0, 0x0, 0x2]}}) r9 = socket(0x1e, 0x3, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f00000000c0)={0xa4, 0x0, 0x1}) sendmsg$nl_route(r9, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x38, 0x68, 0x1, 0xfcfd, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP_TYPE={0xfffffffffffffe87, 0x7, 0x4}, @NHA_OIF={0x8}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8}]}, 0x38}}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) 10.889855672s ago: executing program 0 (id=1036): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x40000, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000a010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) 10.273339882s ago: executing program 0 (id=1038): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffff7c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r5 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r4]) mmap(&(0x7f00007de000/0x1000)=nil, 0x1000, 0x5, 0x101010, r4, 0x85b1e000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000001400)=""/200, 0xfffffffffffffecd, 0x0, 0x0}, &(0x7f0000001380)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6a3, 0xcd7, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x5, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x2, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7f, 0xb}}}}}]}}]}}, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, &(0x7f0000000200)={0x14, &(0x7f0000000000)={0x40, 0x30, 0x3, {0x3, 0xe, "dc"}}, 0x0, 0x0, 0x0}, 0x0) getsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000140)=""/14, &(0x7f0000000280)=0xe) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x30, r1, 0xf6d0d000) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x480, 0x0, 0xa, 0x148, 0x0, 0x10, 0x3e8, 0x2a8, 0x2a8, 0x3e8, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x120, 0x190, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@inet=@hashlimit1={{0x58}, {'pim6reg0\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x6, 0xa359e000}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b90ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc0d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'pimreg1\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x258, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve0\x00', {0x0, 0xff, 0x0, 0x0, 0x0, 0x7fff, 0x200}}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4e0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 9.640036503s ago: executing program 3 (id=1040): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000eeff00000000000000000000711247000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) 9.361670885s ago: executing program 3 (id=1041): r0 = syz_usb_connect$cdc_ncm(0x6, 0x0, 0x0, &(0x7f0000000680)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x300, 0x4, 0x2, 0x2, 0x20, 0x3}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000840)={0x14, 0x0, 0x0}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0xfffffff8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x50) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) r3 = socket(0x1e, 0x1, 0x0) sendfile(r3, r2, 0x0, 0x101) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000080)) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xec, 0xec, 0xb, [@typedef={0xc}, @fwd={0x1}, @type_tag={0x9, 0x0, 0x0, 0x12, 0x1}, @enum={0x0, 0x4, 0x0, 0x6, 0x4, [{0xc, 0x904}, {0x3, 0x1f}, {0xe, 0x9}, {0xb, 0x1}]}, @func={0x3, 0x0, 0x0, 0xc, 0x2}, @typedef={0xf, 0x0, 0x0, 0x8, 0x4}, @enum={0x8, 0xa, 0x0, 0x6, 0x4, [{0xe, 0x2}, {0x7}, {0x0, 0x200}, {0xa, 0x6}, {0x4, 0xfffffff8}, {0x1, 0x4}, {0x5}, {0x3, 0x1ff}, {0xd, 0x6}, {0xe, 0x6}]}, @type_tag={0x3, 0x0, 0x0, 0x12, 0x3}, @func={0x4, 0x0, 0x0, 0xc, 0x3}, @var={0x5, 0x0, 0x0, 0xe, 0x1, 0x2}]}, {0x0, [0x5f, 0x17, 0x30, 0x2e, 0x0, 0x5f, 0x30, 0x5f, 0x30]}}, &(0x7f0000000280)=""/9, 0x10f, 0x9, 0x1, 0x8}, 0x28) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000006c0)={0xfffffffc, 0x0}, 0x8) r6 = memfd_secret(0x0) write$FUSE_INIT(r6, 0x0, 0x0) ftruncate(r6, 0x4) finit_module(r6, 0x0, 0x1) r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000740)=@generic={&(0x7f0000000700)='./file0\x00', 0x0, 0x8}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x1, &(0x7f0000000300)=@raw=[@jmp={0x5, 0x0, 0x5, 0x7, 0xb, 0x40}], &(0x7f0000000240)='GPL\x00', 0x100, 0xba, &(0x7f0000000400)=""/186, 0x40f00, 0x28, '\x00', 0x0, @fallback=0x29, r4, 0x8, &(0x7f0000000640)={0x9, 0x5}, 0x8, 0x10, 0x0, 0x0, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[r6, r7], 0x0, 0x10, 0x8}, 0x94) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r11, 0x84, 0x81, &(0x7f00000002c0)="0100000000000000", 0x8) ioctl$KVM_GET_MSRS(r10, 0xc048aeca, &(0x7f0000000200)) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x1, 0x0, 0x2}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, 0x0, 0x0, 0x12, 0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000001c0)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x100, 0x4, {0x77359400}, {0x4, 0xc, 0x8, 0x40, 0x0, 0x1, "12dd455d"}, 0x4, 0x1, {0x0}, 0xd}) ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2) 9.03401026s ago: executing program 1 (id=1042): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x62ca3000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000140)='xen_mc_entry_alloc\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0xa0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xa0}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="400000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000a0001000000000000000000140012800b00010065727370616e0000040002"], 0x40}}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@uuid_auto}, {@xino_auto}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}, {@uuid_null}, {@xino_auto}, {@xino_auto}, {@redirect_dir_nofollow}, {@volatile}, {@verity_require}, {@redirect_dir_off}]}) chdir(&(0x7f00000000c0)='./bus\x00') r3 = creat(&(0x7f0000000440)='./file0\x00', 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x7fffffff, 0x5, 0x1, {0xa, @pix_mp={0x9, 0x81, 0x0, 0x8, 0x2, [{0xc, 0xffffffff}, {0x3, 0x7}, {0xa64a80ed, 0x7fffffff}, {0x200, 0x2}, {0x45, 0x1}, {0x4ce, 0x8}, {0x7ff, 0x9}, {0x6, 0x1}], 0x5, 0xff, 0x6, 0x1, 0x5}}, 0x1}) open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000f8000300"], 0x830200) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f00000007c0)={0x48, 0x2, r6}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r6, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e}) 7.477678368s ago: executing program 1 (id=1043): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x298, 0x150, 0x11, 0x148, 0x150, 0x10, 0x250, 0x2a8, 0x2a8, 0x250, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @remote, 0xffffff00, 0xffffff00, 'nicvf0\x00', 'bridge_slave_1\x00', {0xff}, {}, 0x84, 0x3, 0x18}, 0x10, 0xe8, 0x150, 0x1c, {}, [@inet=@rpfilter={{0x28}, {0x7}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x8, 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xa, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@ip={@loopback, @rand_addr=0x10, 0x0, 0x0, 'syzkaller0\x00', 'dvmrp0\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0xa, "602c4e1da4b651d69f61fd40e9985933ad459f3d59ccf16f0d0ef758ba42"}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x2f8) r7 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}}, 0x24}}, 0x44080) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x4000) bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRES16=r2], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r10, 0x18000000000002a0, 0x1e, 0x0, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x3c1, 0x7fffffe, 0x2f0, 0x128, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x220, 0x20a, 0x278, 0x220, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @empty, [], [], 'veth1\x00', 'team_slave_0\x00', {}, {}, 0x6, 0x0, 0x0, 0x22}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x82, 0x5}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350) 6.361288394s ago: executing program 3 (id=1045): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000019100)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d0000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f00000190c0)='net/ip_tables_targets\x00') pread64(r5, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) syz_emit_ethernet(0x4c, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$random(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) pwritev2(r6, &(0x7f0000000340)=[{&(0x7f00000000c0)="89", 0x1}], 0x1, 0xe, 0x0, 0x49) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r7, 0x0, 0x17) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000019080)={'vcan0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000019180)=ANY=[@ANYBLOB="1b000000000000000000f61464f2eceb3fb5987b96470d5641b757babb", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket(0x840000000002, 0x3, 0xff) r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) sendmsg$kcm(r8, &(0x7f0000000680)={&(0x7f0000000000)=@ax25={{0x3, @default, 0x6}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default]}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000080)="df4dbd63c108a7ee45d8a6be3b5610a1394c2f5249bc5d178a540585288446f5c0bfe51fd7677b71", 0x28}, {&(0x7f0000000140)}, {&(0x7f0000000180)="059cc0b110dd81db777d1510405fd0d05de46eeb49e3f2225d3b41c858e269651d84eed3b679cbc9c7079547bc02dbdcc795792f59f1a0531c19a5c4ba9d47b3bf0d766a0c34ef6cd8c603aebadf860aa4a96a04a63c48747b821fd7c1a1ba9bd52754ad0772885be1575e82872560b6287bb68045f8d4347248e619ef", 0x7d}, {&(0x7f0000019200)="2059037373169fcb0c950782a8217156fc1429e813972fe9d081e1de02001bd24d6591d46bae7d0eb2", 0x29}, {&(0x7f00000002c0)="ed75a0c81fcf2dddbf7ff90f380fa8eb26", 0x11}], 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="f0000000000000003700000001800000ecaa1ffb9b36850ea8e377ea171f6606d8d05d7957243b6eed028884315038c073e567d16b253584d515bc299e819af292861459da941cef62dfa3f52dae242520f7b72f251a36bae70198ca39d333a20b86370599b0b8a9e157599841a305d244f1113420321ee2e8f3e8d040287475d7b1cc74bd2e982bed474d1740d0029b05f21e9afd598884bdb051c3c733eb2ed0ddb39b1b2dbc0de9b5d749e90dfbd4dd6c6715672d9fdaa18f8ca8666ddd24b3972ae0f14b534c6436968502b0edfec021f3c9e63c3df3eb2f0d32c9a79198186bedc5857d6fa44cce000000000000e0000000000000000d010000060000003d686cbf62673bc5acf69e47b2a7c16b09f0af25f9234b44a5806b8d70cb41a6396b6cb33762b5874c4b024bb80750444743df9246ddd834f341a7aeb5aae9c2744290bb1e9388005e96a50b35ec7afbb21968005e33c8359abdbdf07202d971d007b8bba89da393aa59681559bfa8d01c4efa84774bc2a17128190c48c9c18e153ae905d934a016f6592d59d8c919967b16f3ddc808ca4f4bb20971dca898497a5aee493ccbc9288fbde512dc64c3eef7e1c873cea0a373210274b387b24719b9a01b8fc36381a11100000000000000f0000000000000000b01000004000000c47f12a1df50dfdd9fffc1bd599926025dc9b49cb99fa8fe6e8fa6419a277782ad4cc66959ba25899badd21cacbf575ba18998c0fc97d945f2b91fed045a3b6f38f4ddb836735cea8c63f4229910c316513b87ed35923d98a24d9455c7cf919f58cd44e14db9232392acd5b4fef45be6e69e1bb99b2b4ab1e243706e7b9e8d98396d3e91315864b747a28a4d098c4dbb072ba375a230e2a048a702f9ba0b5cebcd2f3455c086ba4407a25da268ef36d9c0d82ef2dca54318b351a8d60861b8d2662e19a03e409b85bcb09ac8f2843169d1e5a49bf7f10273de964a5129dfc000"], 0x2c0}, 0x81) 6.298027229s ago: executing program 2 (id=1046): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2c}}, @time_exceeded={0x5, 0xa0f44d58d4418788, 0x0, 0x12, 0xfa, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0xd, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0xba}, @remote}, "001863714ab99043"}}}}}, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f00000000c0), 0x9) 5.620444657s ago: executing program 4 (id=1047): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r2, &(0x7f0000000200)='m', 0x1) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000100)) r4 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0xb) write$snddsp(r4, &(0x7f0000000200)="a3", 0x1) ioctl$SNDRV_PCM_IOCTL_DRAIN(r4, 0x4144, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000850000000700000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xa1}], 0x1) tkill(r1, 0xb) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) setpgid(r1, 0x0) 5.053872158s ago: executing program 0 (id=1048): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xfb8d, 0x1000, 0x10000001, 0xffdffffd}, &(0x7f00000000c0)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x81}}) io_uring_enter(r1, 0x47f6, 0xffffffff, 0x4a, 0x0, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, &(0x7f0000000000), 0x0) listen(r0, 0x0) sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="58000000080601010000000000000000000000010900020073797a32000000000900020073797a"], 0x58}, 0x1, 0x0, 0x0, 0x8010}, 0x10) mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0) 5.051797644s ago: executing program 2 (id=1049): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, 0x0, 0x0}, 0x20) syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da20"], 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x80800) syz_usbip_server_init(0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) r2 = socket$qrtr(0x2a, 0x2, 0x0) syz_usbip_server_init(0x2) connect$qrtr(r2, &(0x7f0000000040), 0xc) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r2, &(0x7f0000000180)=[{&(0x7f0000002680)="1e", 0xfdef}], 0x1) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'netdevsim0\x00', @local}) ioctl$TUNGETVNETLE(r0, 0x40107447, &(0x7f0000000180)) 5.051285036s ago: executing program 1 (id=1050): r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000180), 0x0, 0x632000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x80801) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x10001, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$netlink(r5, 0x10e, 0x5, 0x0, &(0x7f0000000100)) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f00000000c0)) r6 = openat$mixer(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r6, 0x40806685, &(0x7f0000000300)={0x1, 0x7, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r7, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd}]}}) 3.252895035s ago: executing program 1 (id=1051): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x700, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x2, {0x0, 0x0, 0x12, r1, {0x0, 0x11}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}]}}]}, 0xa4}}, 0x0) 3.230040269s ago: executing program 2 (id=1052): r0 = socket(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4420115d26675f27598841965fa91088252"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="9dbab8d729dfccd866eb9dee3932aa4bc395925c48d71aa1134bcf3ecea0035a333b4d2bb7af97ef1d42f7ea47c5856130e4dc6568c2a2c851383ab2f02f1ffe62f88e0ceae24b73f5b21b2ca8ea2b4ffc257aa1d9200e167e963648b64769b900a563518b2c0fc1c6fe0d7d0db7e270275a3444cd4fc8bc37d2dc2ee7ed4bf72ef7f943d21088823d51c1531990de", @ANYRES16=r2, @ANYRES32=r1], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080)=0xf, 0x4) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = syz_io_uring_setup(0x2de1, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000340), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x5c2, &(0x7f0000000200), &(0x7f0000000300)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r5, 0x381b, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(r4, 0x407, 0x4) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) 2.856022994s ago: executing program 4 (id=1053): pread64(0xffffffffffffffff, &(0x7f0000019800)=""/102380, 0x18fec, 0x48) r0 = openat$adsp1(0xffffff9c, &(0x7f0000000040), 0x101a00, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0x80044dfe, &(0x7f0000000080)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x18) setgid(0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000280)=0x0) r3 = syz_open_procfs(r2, &(0x7f0000000240)='net/igmp\x00') fsopen(0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'macvtap0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x4c, 0x30, 0xcac229faa96ee7df, 0x0, 0x0, {}, [{0x38, 0x1, [@m_ife={0x34, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x1}]}, {0x4}, {0xc, 0x4, {0x1}}, {0xc}}}]}]}, 0x4c}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r5, @ANYBLOB="800202000a0002"], 0x48}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$x25(r6, &(0x7f0000000080)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}}, 0x12) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r8, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000040)="eae4", 0x2}], 0x1}}], 0x1, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r8, 0xc038943b, &(0x7f0000000140)={0x7, 0x10, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0]}) ioctl$sock_SIOCINQ(r7, 0x541b, &(0x7f0000003dc0)) r9 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r9, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10) setsockopt$MRT_DEL_VIF(r9, 0x0, 0xcb, &(0x7f0000000000)={0x0, 0x1, 0x86, 0x1, @vifc_lcl_addr=@loopback, @local}, 0x10) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000001240)=@req={0x8000, 0x549c, 0x10001, 0x8}, 0x10) sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000000000000000000100fffc0900010073797a30000000002c000000030a01010000000000000000010000000900030073797a31000000000900010073797a300000000048000000060a0104000000000000000001000000200004801c0001800b00010072656a65637400000c000280080001400000000008000b40000000000900010073797a3000000000140000001100010000000000000000000000000a752fb8b45e0895647d2303924772ef5deea41bbca327217d79bedc44bebb1d99f6e10465ff8b1bea3e831a0b27b788f6ebc30133c0a2e78698a5f976e131db8813391621c02b29182645590751c039974d68c8baed5971fe21d005959dc74bfa12d42f916bc0b2"], 0xbc}}, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r3, 0x6, 0x2, &(0x7f0000000000)={0xa0f8, "407ad6"}, 0x6) r11 = getpid() sched_setscheduler(r11, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r11, 0x1, &(0x7f0000000180)) 2.841561787s ago: executing program 0 (id=1054): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/3\x00') statx(r1, 0x0, 0x1000, 0x6000, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f00000000c0)=r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) waitid(0x2, 0x0, 0x0, 0x41000004, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000000)={0x0, 0x40000, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000002010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) 2.325988511s ago: executing program 0 (id=1055): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x3c, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae01, 0x29) 2.246091355s ago: executing program 3 (id=1056): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=@ipv6_delroute={0x30, 0x18, 0x1, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x14, 0x0, 0x0, 0x2, 0x1, 0x4, 0x600}, [@RTA_PRIORITY={0x8, 0x1e, 0xa}, @RTA_MULTIPATH={0xc, 0x9, {0x7, 0x976fcf97e101ad0b, 0x6}}]}, 0x30}, 0x1, 0x0, 0x0, 0x41}, 0x44000) 2.169203635s ago: executing program 2 (id=1057): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, r2, 0x1}, 0x14}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r7, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r7, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)="f400000000002c00fe800000000000000000000000002a000100"/40, 0x2a}], 0x1}, 0x0) dup2(r7, r5) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000003040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER(r6, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x1c, r8, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') r10 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r10, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) socket$inet(0x2, 0x4000000000000001, 0x0) brk(0x689d80000000) 2.104815636s ago: executing program 0 (id=1058): r0 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_emit_ethernet(0xa2, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd60ee527a006c3c0020010000000000000000200000000001ff0200000000000000000000000000017304000400000000c910fef3"], 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0xffffefffffffffff}, @NFTA_LIMIT_RATE={0xc}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x1, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="f400000013002f0a29bd7200fcdbdf2507006800", @ANYRES32=r2, @ANYBLOB="000000001020060024001a8009000100766c616e000000001400048010000480"], 0xf4}}, 0x4050) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'llr\xf0'}, {0x20, 'ax\xe8\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x111) 2.06508333s ago: executing program 3 (id=1059): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18020000070000000000000000800000850000007500000095000000000000000586528c471ff83078"], 0x0}, 0x94) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESDEC=r1, @ANYRES32=0x1], 0x50) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0182101, &(0x7f00000004c0)) r2 = syz_open_dev$ndb(&(0x7f0000001900), 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0xb8}}, 0x4004) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={r4, 0x58, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000640)={'syztnl1\x00', &(0x7f00000007c0)={'ip6gre0\x00', r6, 0x4, 0x50, 0x2, 0x7ff, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x40, 0x10, 0xd0a, 0x9}}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f0000000680)={0x0, 0x989680}, 0x0) mkdir(&(0x7f0000002740)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='devpts\x00', 0x1, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x20, 0x0) ioctl$BLKPBSZGET(r2, 0x127b, &(0x7f0000000000)) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r8, 0x84, 0x79, &(0x7f0000000080)={0x0, 0xfff}, 0x8) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="bc010000190001000000000003000000ac141425000000000000000000000000fe8000000000000000000000000000aa00000000fffd00060a00008000000000", @ANYRES32=r9, @ANYRES32=0x0, @ANYBLOB="0200000000000000000000000000000000000080000000000000000000000000000000080000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000004010500fe880000000000000000000000000101000004d62b00000002"], 0x1bc}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.111731689s ago: executing program 4 (id=1060): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x800, 0x1a0) fanotify_mark(r1, 0x99855e7dd74a3783, 0x32, r2, &(0x7f0000000200)='./file0\x00') r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ASSERT(r3, 0x0, 0xcf, &(0x7f0000000480), 0x4) 1.11071663s ago: executing program 1 (id=1061): mount(&(0x7f0000000440)=@nullb, &(0x7f0000000300)='./cgroup\x00', &(0x7f00000001c0)='hfs\x00', 0x200480, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000500)=0x5) 1.04743287s ago: executing program 2 (id=1062): getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e24, 0x1, @private0, 0xb0}}, 0x1}, 0x0) socket$inet6(0xa, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmctl$SHM_INFO(0x0, 0xe, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$packet(0x11, 0x1, 0x300) setsockopt$packet_int(r5, 0x107, 0xe, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000980)={'wg2\x00'}) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000040), 0x0) r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_AUDIO(r7, 0x40345622, &(0x7f00000001c0)={0x0, "9800003de8f644ad6c8a55930700", 0x3}) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000823292e4b74cb6c5c7d4a4a45805287ce528089f3a77156e46af5278919f5198e8969faa638d68ce85dff162e75d44f989c4af1895c8b91cae4abd2e41d9724daa46f2a37e916b5e6b58458153e531c1b809c1db2eee0f16fb3711bb18f6d9d781e79a1aa6dc3c42ee3680504125e5cf8d7a18bfda19c46c86fbb637ba7ef8d67900000000076c562df17f5bb5c128a38e1bcfb929f127a69c1653464e3ff37bb445d66e04ad3f8748117bbf0f4c3e99be9a4a83ea1f"], &(0x7f00000003c0)='GPL\x00'}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) 773.672442ms ago: executing program 4 (id=1063): fcntl$setstatus(0xffffffffffffffff, 0x4, 0x43400) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x4044845) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="05000000710500"/23, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="000000000100000000000000000000003acf1ec7ae70bb24"], 0x48}}, 0x0) ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) getpid() setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0xc00, 0xa, 0x0, 0x20, 0x62}, {0x0, 0x0, 0x2, 0xaed, 0x0, 0x5, 0x2000000000000004, 0xffffffff}, {0x9, 0x0, 0x0, 0xa}, 0x58ba, 0x6e6bb9, 0x1, 0x0, 0x2}, {{@in6=@local, 0xfffffffc, 0x32}, 0x0, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x3, 0x7, 0x1ff}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) ftruncate(r4, 0x81ff) r5 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(r4, 0x4048aec9, &(0x7f0000000080)={[{0xfffffffc, 0x0, 0x0, 0x8, 0x0, 0x81, 0x0, 0x0, 0x0, 0x4}, {0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0x61, 0xfd, 0x0, 0x0, 0x0, 0x3, 0x3}, {0x200003, 0xa, 0x20, 0x8, 0x40, 0x0, 0x5f, 0x1, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd}], 0x1ffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) sendmmsg(r6, &(0x7f0000000180), 0x3ef, 0x0) 772.842468ms ago: executing program 1 (id=1064): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x700, 0x700, 0x2c}, 0x48) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r1, &(0x7f00000002c0)='THAWED\x00', 0x7) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000002100), 0x82001, 0x0) preadv2(r2, 0x0, 0x0, 0x80400, 0xfffffffe, 0x0) mkdirat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x1ff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r3, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2c, &(0x7f00000001c0)=0x8, 0x4) 549.844056ms ago: executing program 3 (id=1065): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000380)='./file1\x00', r0, &(0x7f00000003c0)='./bus\x00', 0x400) rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe) 0s ago: executing program 2 (id=1066): openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0) syz_usb_connect(0x3, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0xbf, 0xa3, 0x15, 0x8, 0x77d, 0x627a, 0x1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x32, 0x12, 0x10, 0x6, [{{0x9, 0x4, 0x4b, 0x2a, 0x3, 0x3, 0xd0, 0xb4, 0xa, [], [{{0x9, 0x5, 0x3, 0x0, 0x250, 0xf8, 0x7c, 0x3}}, {{0x9, 0x5, 0x2, 0x2, 0x20, 0x80, 0x41, 0x80}}, {{0x9, 0x5, 0xd, 0x1, 0x8, 0x2, 0x9, 0x68}}]}}]}}]}}, &(0x7f0000001d40)={0xfffffffffffffeb9, 0x0, 0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000000)={0x8, 0x0, 0xfffffffffffffffb}, 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x4a000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000300)={{0x0, 0xff}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0xba21}) kernel console output (not intermixed with test programs): up link [ 127.185411][ C0] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 127.193024][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.200247][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.207439][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.214727][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.224338][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.232243][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.239648][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.246908][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.254238][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.261435][ C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 127.273817][ T5893] usb 1-1: USB disconnect, device number 4 [ 127.273857][ C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 127.318793][ T5893] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 128.883346][ T6641] Illegal XDP return value 796884992 on prog (id 78) dev syz_tun, expect packet loss! [ 128.966590][ T6645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.977273][ T6645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.231070][ T5923] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 129.377354][ T6651] netlink: set zone limit has 8 unknown bytes [ 129.411565][ T5923] usb 2-1: Using ep0 maxpacket: 16 [ 129.425827][ T5923] usb 2-1: config 0 has an invalid interface number: 79 but max is 0 [ 129.441968][ T5923] usb 2-1: config 0 has no interface number 0 [ 129.690558][ T6658] netlink: 68 bytes leftover after parsing attributes in process `syz.2.201'. [ 130.424501][ T5923] usb 2-1: New USB device found, idVendor=10fd, idProduct=0513, bcdDevice=b6.d6 [ 130.441170][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.933280][ T5923] usb 2-1: Product: syz [ 130.937872][ T5923] usb 2-1: Manufacturer: syz [ 130.943829][ T5923] usb 2-1: SerialNumber: syz [ 130.956426][ T5923] usb 2-1: config 0 descriptor?? [ 131.166461][ T5923] usb 2-1: USB disconnect, device number 7 [ 131.199354][ T6667] syz_tun: entered promiscuous mode [ 131.204981][ T6667] syz_tun: entered allmulticast mode [ 132.924306][ T30] audit: type=1326 audit(1752255088.090:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 132.971717][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.978556][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.992945][ T30] audit: type=1326 audit(1752255088.090:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.087719][ T30] audit: type=1326 audit(1752255088.090:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.165510][ T30] audit: type=1326 audit(1752255088.090:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.191585][ T5923] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 133.211026][ T30] audit: type=1326 audit(1752255088.090:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.255891][ T30] audit: type=1326 audit(1752255088.090:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.280016][ T30] audit: type=1326 audit(1752255088.090:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.324862][ T30] audit: type=1326 audit(1752255088.090:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.360504][ T30] audit: type=1326 audit(1752255088.090:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.435140][ T5923] usb 2-1: Using ep0 maxpacket: 8 [ 133.456115][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 133.479783][ T30] audit: type=1326 audit(1752255088.090:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6682 comm="syz.4.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f8f9f38e929 code=0x7ffc0000 [ 133.519209][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 133.535337][ T5923] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 133.546581][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83 [ 133.563598][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 133.593056][ T5923] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f [ 133.607782][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.624350][ T5923] usb 2-1: Product: syz [ 133.629045][ T5923] usb 2-1: Manufacturer: syz [ 133.635321][ T5923] usb 2-1: SerialNumber: syz [ 133.661465][ T5923] usb 2-1: config 0 descriptor?? [ 133.735528][ T6697] netlink: 68 bytes leftover after parsing attributes in process `syz.2.212'. [ 134.145172][ T6679] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 134.153589][ T6695] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 134.186005][ T6698] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 134.823876][ T5923] kvaser_usb 2-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 134.869887][ T6705] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 134.879426][ T5923] usb 2-1: USB disconnect, device number 8 [ 135.018287][ T6710] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 135.026247][ T6710] IPv6: NLM_F_CREATE should be set when creating new route [ 135.033790][ T6710] IPv6: NLM_F_CREATE should be set when creating new route [ 135.806711][ T6725] 9pnet_fd: Insufficient options for proto=fd [ 136.581862][ T6783] netlink: 68 bytes leftover after parsing attributes in process `syz.2.226'. [ 137.731437][ T6792] netlink: 32 bytes leftover after parsing attributes in process `syz.4.230'. [ 137.750100][ T6791] netlink: 16 bytes leftover after parsing attributes in process `syz.2.229'. [ 137.788806][ T6792] netem: unknown loss type 13 [ 137.826043][ T6792] netem: change failed [ 138.653827][ T6804] process 'syz.1.233' launched '/dev/fd/3' with NULL argv: empty string added [ 138.659556][ T6808] 9pnet_fd: Insufficient options for proto=fd [ 140.711489][ T5893] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 141.791062][ T5893] usb 4-1: Using ep0 maxpacket: 16 [ 141.820683][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.871822][ T5893] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.928068][ T5893] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 142.022403][ T5893] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 142.181015][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.198915][ T5893] usb 4-1: config 0 descriptor?? [ 142.263101][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 142.263117][ T30] audit: type=1326 audit(1752255097.430:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 142.391087][ T30] audit: type=1326 audit(1752255097.430:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 142.911101][ T30] audit: type=1326 audit(1752255097.430:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 143.025245][ T30] audit: type=1326 audit(1752255097.430:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 143.033095][ T6849] netlink: 44 bytes leftover after parsing attributes in process `syz.0.246'. [ 143.183388][ T30] audit: type=1326 audit(1752255097.430:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 143.369477][ T30] audit: type=1326 audit(1752255097.430:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 143.538196][ T30] audit: type=1326 audit(1752255097.430:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 143.721191][ T30] audit: type=1326 audit(1752255097.460:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 143.853512][ T30] audit: type=1326 audit(1752255097.460:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff59778e929 code=0x7ffc0000 [ 144.001141][ T30] audit: type=1326 audit(1752255097.470:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff597790847 code=0x7ffc0000 [ 144.498566][ T5893] usbhid 4-1:0.0: can't add hid device: -71 [ 144.532400][ T5893] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 144.588155][ T5893] usb 4-1: USB disconnect, device number 6 [ 146.733696][ T6889] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[6889] [ 147.029768][ T6896] netlink: 60 bytes leftover after parsing attributes in process `syz.2.266'. [ 147.321295][ T5923] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 147.501303][ T5923] usb 5-1: device descriptor read/64, error -71 [ 147.862928][ T5923] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 148.003474][ T5923] usb 5-1: device descriptor read/64, error -71 [ 148.116751][ T5923] usb usb5-port1: attempt power cycle [ 148.191146][ T5893] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 148.272850][ T5842] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 148.400380][ T5893] usb 4-1: Using ep0 maxpacket: 16 [ 148.441450][ T5893] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 148.457857][ T5893] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 148.468254][ T5893] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 148.478616][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 148.486656][ T5893] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 148.501090][ T5923] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 148.510853][ T5893] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 148.581259][ T5842] usb 1-1: unable to get BOS descriptor or descriptor too short [ 148.597220][ T5893] usb 4-1: config 1 interface 0 has no altsetting 0 [ 148.667678][ T5842] usb 1-1: config 0 has no interfaces? [ 148.680268][ T5923] usb 5-1: device descriptor read/8, error -71 [ 148.802303][ T5893] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 148.818192][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.901504][ T5842] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 148.912501][ T5893] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 148.919904][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.928308][ T5842] usb 1-1: Product: syz [ 148.943697][ T5842] usb 1-1: Manufacturer: syz [ 148.952075][ T5842] usb 1-1: SerialNumber: syz [ 148.961651][ T5842] usb 1-1: config 0 descriptor?? [ 149.031084][ T5923] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 149.071952][ T5923] usb 5-1: device descriptor read/8, error -71 [ 149.265447][ T5923] usb usb5-port1: unable to enumerate USB device [ 150.430562][ T5893] scsi host1: usb-storage 4-1:1.0 [ 150.613650][ T5893] usb 4-1: USB disconnect, device number 7 [ 151.041446][ T5842] usb 1-1: USB disconnect, device number 5 [ 151.050190][ T6943] netlink: 'syz.4.280': attribute type 5 has an invalid length. [ 153.091238][ T6971] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0 [ 153.685538][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 153.685554][ T30] audit: type=1326 audit(1752255108.850:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 153.759223][ T30] audit: type=1326 audit(1752255108.850:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 153.821009][ T30] audit: type=1326 audit(1752255108.850:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 153.855154][ T30] audit: type=1326 audit(1752255108.850:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 154.206908][ T6995] input: syz1 as /devices/virtual/input/input9 [ 154.272073][ T30] audit: type=1326 audit(1752255108.850:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 154.301165][ T30] audit: type=1326 audit(1752255108.850:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 154.709359][ T30] audit: type=1326 audit(1752255108.850:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 154.788888][ T30] audit: type=1326 audit(1752255108.850:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 154.944754][ T30] audit: type=1326 audit(1752255108.850:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 155.011213][ T30] audit: type=1326 audit(1752255108.850:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6986 comm="syz.1.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe6d772ab19 code=0x7ffc0000 [ 156.022696][ T7018] netlink: 'syz.3.304': attribute type 3 has an invalid length. [ 156.030720][ T7018] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.304'. [ 156.045001][ T7018] netlink: 116 bytes leftover after parsing attributes in process `syz.3.304'. [ 156.271742][ T5901] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 156.784408][ T5901] usb 1-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00 [ 156.796498][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.875492][ T5901] usb 1-1: config 0 descriptor?? [ 158.639326][ T7045] 9pnet_fd: Insufficient options for proto=fd [ 158.952076][ T7049] capability: warning: `syz.4.315' uses 32-bit capabilities (legacy support in use) [ 158.998060][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'. [ 159.023014][ T7053] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 159.034392][ T7053] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 160.340493][ T7072] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 162.387090][ T55] usb 1-1: USB disconnect, device number 6 [ 163.254513][ T55] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 163.971402][ T55] usb 1-1: device descriptor read/64, error -71 [ 164.241563][ T55] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 164.506343][ T55] usb 1-1: device descriptor read/64, error -71 [ 164.665775][ T55] usb usb1-port1: attempt power cycle [ 165.032358][ T55] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 165.173177][ T55] usb 1-1: device descriptor read/8, error -71 [ 165.524086][ T55] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 165.896745][ T55] usb 1-1: device descriptor read/8, error -71 [ 166.012454][ T7127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 166.041367][ T55] usb usb1-port1: unable to enumerate USB device [ 167.408597][ T7147] netlink: 'syz.2.350': attribute type 11 has an invalid length. [ 169.165347][ T7178] Invalid source name [ 169.169553][ T7178] UBIFS error (pid: 7178): cannot open "ubifs", error -22 [ 169.529120][ T7169] netlink: 23 bytes leftover after parsing attributes in process `syz.1.356'. [ 173.153966][ T7221] netlink: 12 bytes leftover after parsing attributes in process `syz.0.374'. [ 173.281004][ T5842] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 173.472831][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.514403][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.546587][ T5842] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 173.570221][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.708913][ T5842] usb 5-1: config 0 descriptor?? [ 173.765185][ T7236] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 173.790107][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.380'. [ 173.885201][ T7238] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 174.453000][ T7246] bridge_slave_0: default FDB implementation only supports local addresses [ 175.341065][ T55] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 175.501027][ T55] usb 2-1: device descriptor read/64, error -71 [ 175.741128][ T55] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 175.940995][ T55] usb 2-1: device descriptor read/64, error -71 [ 176.081070][ T55] usb usb2-port1: attempt power cycle [ 176.166977][ T5842] usbhid 5-1:0.0: can't add hid device: -71 [ 176.201251][ T5842] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 176.230272][ T5842] usb 5-1: USB disconnect, device number 9 [ 176.291730][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880570f1400: rx timeout, send abort [ 176.311089][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880570f1400: 0x00100: (3) A timeout occurred and this is the connection abort to close the session. [ 176.438276][ T55] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 176.486929][ T55] usb 2-1: device descriptor read/8, error -71 [ 176.497379][ T7291] FAULT_INJECTION: forcing a failure. [ 176.497379][ T7291] name failslab, interval 1, probability 0, space 0, times 0 [ 176.510900][ T7291] CPU: 1 UID: 0 PID: 7291 Comm: syz.4.397 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 176.510921][ T7291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.510937][ T7291] Call Trace: [ 176.510949][ T7291] [ 176.510957][ T7291] dump_stack_lvl+0x189/0x250 [ 176.510982][ T7291] ? irqentry_exit+0x74/0x90 [ 176.511007][ T7291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.511051][ T7291] should_fail_ex+0x414/0x560 [ 176.511079][ T7291] should_failslab+0xa8/0x100 [ 176.511103][ T7291] __kmalloc_cache_noprof+0x70/0x3d0 [ 176.511122][ T7291] ? reuseport_alloc+0x121/0x4d0 [ 176.511142][ T7291] reuseport_alloc+0x121/0x4d0 [ 176.511163][ T7291] __inet_hash+0x636/0xbe0 [ 176.511196][ T7291] inet_csk_listen_start+0x229/0x320 [ 176.511231][ T7291] __inet_listen_sk+0x2ac/0x780 [ 176.511264][ T7291] ? __local_bh_enable_ip+0x12d/0x1c0 [ 176.511282][ T7291] ? __pfx___inet_listen_sk+0x10/0x10 [ 176.511306][ T7291] ? __local_bh_enable_ip+0x12d/0x1c0 [ 176.511324][ T7291] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 176.511346][ T7291] ? do_raw_spin_unlock+0x122/0x240 [ 176.511373][ T7291] inet_listen+0xa5/0x110 [ 176.511398][ T7291] __x64_sys_listen+0x1c7/0x240 [ 176.511420][ T7291] do_syscall_64+0xfa/0x3b0 [ 176.511435][ T7291] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.511457][ T7291] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.511474][ T7291] ? clear_bhb_loop+0x60/0xb0 [ 176.511493][ T7291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.511509][ T7291] RIP: 0033:0x7f8f9f38e929 [ 176.511529][ T7291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.511543][ T7291] RSP: 002b:00007f8fa02a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 176.511562][ T7291] RAX: ffffffffffffffda RBX: 00007f8f9f5b5fa0 RCX: 00007f8f9f38e929 [ 176.511574][ T7291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 176.511584][ T7291] RBP: 00007f8fa02a5090 R08: 0000000000000000 R09: 0000000000000000 [ 176.511595][ T7291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.511604][ T7291] R13: 0000000000000000 R14: 00007f8f9f5b5fa0 R15: 00007ffe1b1e7478 [ 176.511633][ T7291] [ 177.141371][ T55] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 177.161938][ T55] usb 2-1: device descriptor read/8, error -71 [ 177.397725][ T55] usb usb2-port1: unable to enumerate USB device [ 177.410924][ T7309] netlink: 8 bytes leftover after parsing attributes in process `syz.3.403'. [ 177.428441][ T7309] vlan2: entered allmulticast mode [ 177.539742][ T7314] netlink: 152 bytes leftover after parsing attributes in process `syz.0.405'. [ 177.569681][ T7314] XFS (nullb0): Invalid superblock magic number [ 177.873868][ T5842] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 177.888295][ T7325] 9p: Unknown Cache mode or invalid value fs [ 177.901324][ T5893] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 178.043979][ T5842] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 178.058205][ T5842] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 178.074073][ T5842] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 178.083873][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.108220][ T5893] usb 4-1: Using ep0 maxpacket: 8 [ 178.124800][ T5893] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 178.138037][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.150714][ T5893] usb 4-1: config 0 descriptor?? [ 178.315728][ T7314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.326845][ T7314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.346800][ T7314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.359493][ T7314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.364740][ T5893] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 178.378232][ T5842] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 178.397582][ T5842] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input15 [ 178.419546][ T5842] input: failed to attach handler kbd to device input15, error: -5 [ 178.468463][ T5842] usb 1-1: USB disconnect, device number 11 [ 178.636248][ T7342] erofs (device nbd4): cannot find valid erofs superblock [ 178.683787][ T7342] netlink: 'syz.4.413': attribute type 1 has an invalid length. [ 178.693124][ T7342] netlink: 12 bytes leftover after parsing attributes in process `syz.4.413'. [ 178.767926][ T5893] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 178.782238][ T5893] asix 4-1:0.0: probe with driver asix failed with error -32 [ 178.966466][ T7349] netlink: 8 bytes leftover after parsing attributes in process `syz.4.416'. [ 179.346468][ T7356] netlink: 'syz.1.418': attribute type 11 has an invalid length. [ 179.511115][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 179.681018][ T24] usb 5-1: config 0 has an invalid interface number: 109 but max is 0 [ 179.700194][ T24] usb 5-1: config 0 has no interface number 0 [ 179.710360][ T24] usb 5-1: config 0 interface 109 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 179.730281][ T24] usb 5-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=84.d1 [ 179.730974][ T5893] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 179.739928][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.766945][ T24] usb 5-1: config 0 descriptor?? [ 179.779323][ T24] cxacru 5-1:0.109: cxacru_bind: interface has incorrect endpoints [ 179.790341][ T24] cxacru 5-1:0.109: usbatm_usb_probe: bind failed: -19! [ 179.906563][ T5893] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 179.925814][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 179.937147][ T5893] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 179.966650][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 179.984600][ T7348] netlink: 12 bytes leftover after parsing attributes in process `syz.4.416'. [ 179.997591][ T24] usb 5-1: USB disconnect, device number 10 [ 180.011487][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 180.036498][ T5893] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 180.063280][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.078939][ T5893] usb 2-1: Product: syz [ 180.085285][ T5893] usb 2-1: Manufacturer: syz [ 180.090120][ T5893] usb 2-1: SerialNumber: syz [ 180.101051][ T5893] usb 2-1: config 0 descriptor?? [ 180.111829][ T5893] iguanair 2-1:0.0: probe with driver iguanair failed with error -12 [ 180.325331][ T7379] tipc: Enabled bearer , priority 10 [ 181.062413][ T9] usb 4-1: USB disconnect, device number 8 [ 182.385000][ T24] usb 2-1: USB disconnect, device number 13 [ 183.474609][ T7413] pim6reg: entered allmulticast mode [ 183.820992][ T5842] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 184.228343][ T5842] usb 4-1: Using ep0 maxpacket: 32 [ 184.291718][ T5842] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 184.318031][ T5842] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 184.506481][ T5842] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 184.664495][ T5842] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 184.761254][ T5842] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 184.917549][ T5842] usb 4-1: config 0 interface 0 has no altsetting 0 [ 185.267601][ T5842] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 185.295725][ T5842] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 185.325175][ T5842] usb 4-1: Product: syz [ 185.473031][ T5842] usb 4-1: Manufacturer: syz [ 185.521193][ T5842] usb 4-1: SerialNumber: syz [ 185.858439][ T5842] usb 4-1: config 0 descriptor?? [ 186.422871][ T5842] usb 4-1: can't set config #0, error -71 [ 186.441925][ T5842] usb 4-1: USB disconnect, device number 9 [ 187.935747][ T7475] ======================================================= [ 187.935747][ T7475] WARNING: The mand mount option has been deprecated and [ 187.935747][ T7475] and is ignored by this kernel. Remove the mand [ 187.935747][ T7475] option from the mount to silence this warning. [ 187.935747][ T7475] ======================================================= [ 188.429395][ T7489] netlink: 20 bytes leftover after parsing attributes in process `syz.2.457'. [ 188.452398][ T7489] netlink: 17 bytes leftover after parsing attributes in process `syz.2.457'. [ 188.555487][ T7489] netlink: zone id is out of range [ 188.568028][ T7489] netlink: zone id is out of range [ 188.573403][ T7489] netlink: zone id is out of range [ 188.578956][ T7489] netlink: zone id is out of range [ 188.586313][ T7489] netlink: zone id is out of range [ 188.591836][ T7489] netlink: zone id is out of range [ 188.597091][ T7489] netlink: zone id is out of range [ 188.602968][ T7489] netlink: zone id is out of range [ 188.608261][ T7489] netlink: zone id is out of range [ 188.613570][ T7489] netlink: zone id is out of range [ 189.665861][ T7504] netlink: 12 bytes leftover after parsing attributes in process `syz.2.461'. [ 189.845841][ T30] kauditd_printk_skb: 432 callbacks suppressed [ 189.845857][ T30] audit: type=1326 audit(1752255598.010:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 189.908496][ T30] audit: type=1326 audit(1752255598.010:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 189.936472][ T30] audit: type=1326 audit(1752255598.010:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 189.999378][ T30] audit: type=1326 audit(1752255598.010:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.074141][ T7514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.104811][ T7514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.110050][ T30] audit: type=1326 audit(1752255598.010:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.302414][ T30] audit: type=1326 audit(1752255598.040:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.337124][ T30] audit: type=1326 audit(1752255598.040:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.342895][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 190.396485][ T30] audit: type=1326 audit(1752255598.050:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.487598][ T30] audit: type=1326 audit(1752255598.050:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.527261][ T7522] netlink: 20 bytes leftover after parsing attributes in process `syz.2.466'. [ 190.549515][ T30] audit: type=1326 audit(1752255598.050:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7509 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 190.581492][ T9] usb 1-1: device descriptor read/64, error -71 [ 190.838472][ T7528] loop7: detected capacity change from 0 to 524287999 [ 190.848596][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 190.911120][ T5893] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 190.992038][ T9] usb 1-1: device descriptor read/64, error -71 [ 191.023447][ T7538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.473'. [ 191.078782][ T5893] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 191.098757][ T5893] usb 4-1: config 0 has no interfaces? [ 191.105242][ T9] usb usb1-port1: attempt power cycle [ 191.127704][ T5893] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 191.146544][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.161294][ T5893] usb 4-1: config 0 descriptor?? [ 192.169782][ T5909] usb 4-1: USB disconnect, device number 10 [ 192.380969][ T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 192.412424][ T9] usb 1-1: device descriptor read/8, error -71 [ 192.681077][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 192.721245][ T5968] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 192.729331][ T5893] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 192.747172][ T7559] delete_channel: no stack [ 192.749663][ T9] usb 1-1: device descriptor read/8, error -71 [ 192.871411][ T9] usb usb1-port1: unable to enumerate USB device [ 192.911150][ T5893] usb 5-1: Using ep0 maxpacket: 8 [ 192.919225][ T5968] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.933503][ T5968] usb 2-1: config 0 has no interfaces? [ 192.939494][ T5968] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 192.949012][ T5968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.957267][ T5893] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 192.975973][ T5968] usb 2-1: config 0 descriptor?? [ 192.981278][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.989381][ T5893] usb 5-1: Product: syz [ 192.998958][ T5893] usb 5-1: Manufacturer: syz [ 193.003811][ T5893] usb 5-1: SerialNumber: syz [ 193.015733][ T5893] usb 5-1: config 0 descriptor?? [ 193.206804][ T7556] FAULT_INJECTION: forcing a failure. [ 193.206804][ T7556] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 193.233349][ T5893] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 193.250952][ T7556] CPU: 0 UID: 0 PID: 7556 Comm: syz.1.480 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 193.250978][ T7556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.250987][ T7556] Call Trace: [ 193.250995][ T7556] [ 193.251002][ T7556] dump_stack_lvl+0x189/0x250 [ 193.251026][ T7556] ? __pfx____ratelimit+0x10/0x10 [ 193.251050][ T7556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.251068][ T7556] ? __pfx__printk+0x10/0x10 [ 193.251088][ T7556] ? __might_fault+0xb0/0x130 [ 193.251120][ T7556] should_fail_ex+0x414/0x560 [ 193.251144][ T7556] _copy_from_user+0x2d/0xb0 [ 193.251170][ T7556] ucma_query+0xe0/0x1280 [ 193.251189][ T7556] ? __lock_acquire+0xab9/0xd20 [ 193.251211][ T7556] ? __lock_acquire+0xab9/0xd20 [ 193.251227][ T7556] ? __pfx_ucma_query+0x10/0x10 [ 193.251253][ T7556] ? __lock_acquire+0xab9/0xd20 [ 193.251289][ T7556] ? is_bpf_text_address+0x26/0x2b0 [ 193.251327][ T7556] ? __lock_acquire+0xab9/0xd20 [ 193.251353][ T7556] ? __might_fault+0xb0/0x130 [ 193.251395][ T7556] ucma_write+0x246/0x2e0 [ 193.251413][ T7556] ? __pfx_ucma_write+0x10/0x10 [ 193.251427][ T7556] ? security_file_permission+0x75/0x290 [ 193.251450][ T7556] ? rw_verify_area+0x258/0x650 [ 193.251472][ T7556] vfs_writev+0x4b3/0x960 [ 193.251489][ T7556] ? __pfx_ucma_write+0x10/0x10 [ 193.251510][ T7556] ? __pfx_vfs_writev+0x10/0x10 [ 193.251542][ T7556] ? __fget_files+0x2a/0x420 [ 193.251562][ T7556] ? __fget_files+0x3a0/0x420 [ 193.251576][ T7556] ? __fget_files+0x2a/0x420 [ 193.251601][ T7556] do_writev+0x14d/0x2d0 [ 193.251620][ T7556] ? __pfx_do_writev+0x10/0x10 [ 193.251634][ T7556] ? rcu_is_watching+0x15/0xb0 [ 193.251658][ T7556] ? do_syscall_64+0xbe/0x3b0 [ 193.251678][ T7556] do_syscall_64+0xfa/0x3b0 [ 193.251692][ T7556] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.251714][ T7556] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.251730][ T7556] ? clear_bhb_loop+0x60/0xb0 [ 193.251750][ T7556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.251766][ T7556] RIP: 0033:0x7fe6d778e929 [ 193.251787][ T7556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.251800][ T7556] RSP: 002b:00007fe6d8640038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 193.251822][ T7556] RAX: ffffffffffffffda RBX: 00007fe6d79b5fa0 RCX: 00007fe6d778e929 [ 193.251834][ T7556] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000013 [ 193.251845][ T7556] RBP: 00007fe6d8640090 R08: 0000000000000000 R09: 0000000000000000 [ 193.251855][ T7556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.251864][ T7556] R13: 0000000000000000 R14: 00007fe6d79b5fa0 R15: 00007ffc09e854b8 [ 193.251889][ T7556] [ 193.255981][ T5968] usb 2-1: USB disconnect, device number 14 [ 194.377599][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.386327][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.485355][ T5893] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 195.526082][ T5893] usb 5-1: USB disconnect, device number 11 [ 195.707798][ T5909] IPVS: starting estimator thread 0... [ 195.801143][ T7590] IPVS: using max 32 ests per chain, 76800 per kthread [ 195.821852][ T55] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 196.021244][ T5893] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 196.070959][ T55] usb 1-1: Using ep0 maxpacket: 32 [ 196.103603][ T55] usb 1-1: unable to get BOS descriptor or descriptor too short [ 196.113082][ T55] usb 1-1: config 0 has an invalid interface number: 82 but max is 1 [ 196.123710][ T55] usb 1-1: config 0 has an invalid interface number: 159 but max is 1 [ 196.147339][ T55] usb 1-1: config 0 has no interface number 0 [ 196.161106][ T55] usb 1-1: config 0 has no interface number 1 [ 196.180073][ T55] usb 1-1: config 0 interface 82 has no altsetting 0 [ 196.190932][ T55] usb 1-1: config 0 interface 159 has no altsetting 0 [ 196.208248][ T55] usb 1-1: New USB device found, idVendor=1604, idProduct=8005, bcdDevice=b2.1d [ 196.224968][ T5893] usb 4-1: config 0 has an invalid interface number: 220 but max is 0 [ 196.233396][ T5893] usb 4-1: config 0 has no interface number 0 [ 196.234530][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.253741][ T55] usb 1-1: Product: syz [ 196.356270][ T5893] usb 4-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice=20.73 [ 196.406241][ T55] usb 1-1: Manufacturer: syz [ 196.411116][ T55] usb 1-1: SerialNumber: syz [ 196.420148][ T55] usb 1-1: config 0 descriptor?? [ 196.449283][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.460310][ T5893] usb 4-1: Product: syz [ 196.470343][ T5893] usb 4-1: Manufacturer: syz [ 196.477381][ T5893] usb 4-1: SerialNumber: syz [ 196.494396][ T5893] usb 4-1: config 0 descriptor?? [ 196.543508][ T5893] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.220/input/input17 [ 196.704410][ T7607] netlink: 452 bytes leftover after parsing attributes in process `syz.4.493'. [ 196.922600][ T5190] bcm5974 4-1:0.220: could not read from device [ 196.944200][ T55] usb 1-1: USB disconnect, device number 16 [ 196.952188][ T5190] bcm5974 4-1:0.220: could not read from device [ 196.957982][ T5893] usb 4-1: USB disconnect, device number 11 [ 196.977053][ T5190] bcm5974 4-1:0.220: could not read from device [ 197.005162][ T5190] bcm5974 4-1:0.220: could not read from device [ 197.277256][ T7611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.497'. [ 197.413082][ T7612] netlink: 4 bytes leftover after parsing attributes in process `syz.1.497'. [ 197.571260][ T7616] xt_connbytes: Forcing CT accounting to be enabled [ 197.580731][ T7616] Cannot find set identified by id 0 to match [ 201.058085][ T5909] IPVS: starting estimator thread 0... [ 201.161254][ T7668] IPVS: using max 50 ests per chain, 120000 per kthread [ 201.571251][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 201.601304][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 201.608758][ T5845] Bluetooth: hci4: command 0x0406 tx timeout [ 202.114556][ T7685] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 202.255743][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 202.263024][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 203.602878][ T7702] netlink: 104 bytes leftover after parsing attributes in process `syz.2.526'. [ 203.897993][ T7713] xt_ecn: cannot match TCP bits for non-tcp packets [ 204.036060][ T5909] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 204.179321][ T5909] usb 5-1: device descriptor read/64, error -71 [ 204.232048][ T5842] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 204.256373][ T7727] bridge0: port 3(netdevsim0) entered disabled state [ 204.431031][ T5909] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 204.737876][ T5909] usb 5-1: device descriptor read/64, error -71 [ 204.952324][ T5909] usb usb5-port1: attempt power cycle [ 205.003704][ T7720] team_slave_0: entered promiscuous mode [ 205.009727][ T7720] team_slave_1: entered promiscuous mode [ 205.088986][ T7720] vlan2: entered promiscuous mode [ 205.191414][ T7720] team0: entered promiscuous mode [ 205.300969][ T5909] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 205.391751][ T5909] usb 5-1: device descriptor read/8, error -71 [ 205.450467][ T7727] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.498245][ T5842] usb 1-1: unable to get BOS descriptor or descriptor too short [ 205.512635][ T5842] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 205.528618][ T5842] usb 1-1: can't read configurations, error -71 [ 205.651008][ T5909] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 205.691719][ T5909] usb 5-1: device descriptor read/8, error -71 [ 205.811466][ T5909] usb usb5-port1: unable to enumerate USB device [ 206.315579][ T5893] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 206.391184][ T5842] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 206.414767][ T7755] 9p: Unknown access argument 18446744073709551615: -34 [ 206.473758][ T5893] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 206.483316][ T5893] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 206.492398][ T5893] usb 2-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config [ 206.504161][ T5893] usb 2-1: config 220 has no interface number 2 [ 206.510583][ T5893] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 206.524117][ T5893] usb 2-1: config 220 interface 0 has no altsetting 0 [ 206.531901][ T5893] usb 2-1: config 220 interface 76 has no altsetting 0 [ 206.539123][ T5893] usb 2-1: config 220 interface 1 has no altsetting 0 [ 206.550128][ T5893] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 206.559463][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 206.565153][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.573621][ T5893] usb 2-1: Product: syz [ 206.578109][ T5842] usb 1-1: too many configurations: 37, using maximum allowed: 8 [ 206.591487][ T5893] usb 2-1: Manufacturer: syz [ 206.596453][ T5893] usb 2-1: SerialNumber: syz [ 206.602519][ T5842] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 206.610327][ T5842] usb 1-1: can't read configurations, error -61 [ 206.622258][ T5842] usb usb1-port1: attempt power cycle [ 207.057588][ T5842] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 207.205229][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 207.247898][ T5842] usb 1-1: too many configurations: 37, using maximum allowed: 8 [ 207.271602][ T5842] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 207.279256][ T5842] usb 1-1: can't read configurations, error -61 [ 207.367762][ T7765] input: syz1 as /devices/virtual/input/input18 [ 207.461002][ T5842] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 207.493456][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 207.509429][ T5842] usb 1-1: too many configurations: 37, using maximum allowed: 8 [ 207.530762][ T5842] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 207.539344][ T5842] usb 1-1: can't read configurations, error -61 [ 207.547365][ T5842] usb usb1-port1: unable to enumerate USB device [ 208.962641][ T5893] usb 2-1: selecting invalid altsetting 0 [ 209.419272][ T5893] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 209.454095][ T5893] usb 2-1: No valid video chain found. [ 209.480678][ T5893] usb 2-1: selecting invalid altsetting 0 [ 209.492006][ T5893] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 209.544156][ T5893] usb 2-1: USB disconnect, device number 15 [ 212.270020][ T7825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.563'. [ 215.014936][ T7857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 215.535647][ T7868] xt_CT: You must specify a L4 protocol and not use inversions on it [ 218.294953][ T7899] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 218.523552][ T7905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 218.577096][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 218.590645][ T7905] erspan0: entered promiscuous mode [ 218.618532][ T7905] macvtap1: entered promiscuous mode [ 218.630972][ T6003] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 218.631381][ T7905] macvtap1: entered allmulticast mode [ 218.655622][ T7905] erspan0: entered allmulticast mode [ 218.669490][ T7906] erspan0: left allmulticast mode [ 218.682238][ T7906] erspan0: left promiscuous mode [ 218.801035][ T6003] usb 1-1: Using ep0 maxpacket: 8 [ 218.818091][ T6003] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.831124][ T6003] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 218.831437][ T7914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.589'. [ 218.854134][ T6003] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.068046][ T6003] usb 1-1: config 0 descriptor?? [ 219.111896][ T5842] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 219.191308][ T5909] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 219.857622][ T7902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.890998][ T5842] usb 5-1: Using ep0 maxpacket: 32 [ 219.898090][ T7902] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.919854][ T5842] usb 5-1: too many endpoints for config 0 interface 0 altsetting 1: 119, using maximum allowed: 30 [ 219.968605][ T5842] usb 5-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 119 [ 220.004407][ T5842] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.019974][ T5842] usb 5-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 220.020989][ T5909] usb 2-1: Using ep0 maxpacket: 16 [ 220.030536][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.082428][ T5909] usb 2-1: too many configurations: 29, using maximum allowed: 8 [ 220.086077][ T5842] usb 5-1: config 0 descriptor?? [ 220.104814][ T5909] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 220.118415][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.126703][ T5909] usb 2-1: Product: syz [ 220.131717][ T5909] usb 2-1: Manufacturer: syz [ 220.136382][ T5909] usb 2-1: SerialNumber: syz [ 220.161420][ T5909] r8152-cfgselector 2-1: Unknown version 0x0000 [ 220.172967][ T5909] r8152-cfgselector 2-1: config 0 descriptor?? [ 220.191997][ T6003] lenovo 0003:17EF:6062.0001: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.0-1/input0 [ 220.300206][ T7929] netlink: 20 bytes leftover after parsing attributes in process `syz.3.596'. [ 220.310588][ T7929] netlink: 20 bytes leftover after parsing attributes in process `syz.3.596'. [ 220.318587][ T7932] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 220.318587][ T7932] The task syz.2.595 (7932) triggered the difference, watch for misbehavior. [ 220.441244][ T5893] usb 1-1: USB disconnect, device number 21 [ 220.455672][ T5842] usb 5-1: string descriptor 0 read error: -71 [ 220.487998][ T5842] usb 5-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 220.546427][ T5842] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 220.575969][ T5842] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 220.586754][ T5842] usb 5-1: media controller created [ 220.622712][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 220.660484][ T5842] set interface failed [ 220.664298][ T5842] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 220.721210][ T5842] error writing reg: 0xff, val: 0x00 [ 220.764055][ T5842] dvb_usb_mxl111sf 5-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 220.807027][ T5842] usb 5-1: USB disconnect, device number 16 [ 222.061612][ T5968] r8152-cfgselector 2-1: USB disconnect, device number 16 [ 222.698560][ T7956] vlan2: entered allmulticast mode [ 223.045676][ T7962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.604'. [ 223.097193][ T7968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.604'. [ 223.116368][ T7962] bond_slave_0: entered promiscuous mode [ 223.122455][ T7962] bond_slave_1: entered promiscuous mode [ 223.130250][ T7962] macvtap1: entered promiscuous mode [ 223.135989][ T7962] bond0: entered promiscuous mode [ 223.141973][ T7962] macvtap1: entered allmulticast mode [ 223.147501][ T7962] bond0: entered allmulticast mode [ 223.154323][ T7962] bond_slave_0: entered allmulticast mode [ 223.160107][ T7962] bond_slave_1: entered allmulticast mode [ 223.292821][ T7975] netlink: 'syz.4.606': attribute type 12 has an invalid length. [ 223.625997][ T7962] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 223.664141][ T7968] bond0: left allmulticast mode [ 223.669091][ T7968] bond_slave_0: left allmulticast mode [ 223.678144][ T7968] bond_slave_1: left allmulticast mode [ 223.678811][ T5909] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 223.689602][ T7968] bond0: left promiscuous mode [ 223.706534][ T7968] bond_slave_0: left promiscuous mode [ 223.712443][ T7968] bond_slave_1: left promiscuous mode [ 223.853548][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 223.881108][ T5909] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 223.899852][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.927293][ T5909] usb 2-1: config 0 descriptor?? [ 224.994550][ T7998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.956243][ T7998] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.067594][ T8001] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[8001] [ 226.577811][ T5909] ath6kl: Failed to read usb control message: -71 [ 226.591338][ T5909] ath6kl: Unable to read the bmi data from the device: -71 [ 226.640653][ T5909] ath6kl: Unable to recv target info: -71 [ 226.663700][ T5909] ath6kl: Failed to init ath6kl core: -71 [ 226.685632][ T5909] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 226.761058][ T5909] usb 2-1: USB disconnect, device number 17 [ 227.294951][ T9] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 227.471633][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 227.471667][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 227.471704][ T9] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 227.471739][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.489594][ T9] usb 5-1: config 0 descriptor?? [ 227.695473][ T8014] netlink: 20 bytes leftover after parsing attributes in process `syz.4.618'. [ 227.708148][ T8041] netlink: 'syz.2.627': attribute type 6 has an invalid length. [ 227.938658][ T8014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.954073][ T8014] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.964548][ T8014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.973601][ T8014] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 227.998966][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 228.005459][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 228.015438][ T9] usb 5-1: USB disconnect, device number 17 [ 228.201161][ T5842] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 228.369561][ T5842] usb 1-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 228.379348][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.393755][ T5842] usb 1-1: Product: syz [ 228.399216][ T5842] usb 1-1: Manufacturer: syz [ 228.406624][ T5842] usb 1-1: SerialNumber: syz [ 228.441775][ T5842] usb 1-1: config 0 descriptor?? [ 228.764866][ T5842] int51x1 1-1:0.0: probe with driver int51x1 failed with error -22 [ 229.159442][ T5842] usb 1-1: USB disconnect, device number 22 [ 229.413899][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 229.573139][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.594227][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 229.608064][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.626814][ T9] usb 5-1: Product: syz [ 229.635625][ T9] usb 5-1: Manufacturer: syz [ 229.644961][ T9] usb 5-1: SerialNumber: syz [ 230.579998][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 230.580016][ T30] audit: type=1326 audit(1752255638.740:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.657852][ T30] audit: type=1326 audit(1752255638.780:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.696465][ T30] audit: type=1326 audit(1752255638.780:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.722882][ T30] audit: type=1326 audit(1752255638.780:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.790605][ T30] audit: type=1326 audit(1752255638.780:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.812381][ T30] audit: type=1326 audit(1752255638.780:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.887224][ T8094] netlink: 'syz.3.645': attribute type 16 has an invalid length. [ 230.899571][ T30] audit: type=1326 audit(1752255638.780:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 230.922351][ T8094] netlink: 'syz.3.645': attribute type 3 has an invalid length. [ 230.930137][ T8094] netlink: 64066 bytes leftover after parsing attributes in process `syz.3.645'. [ 234.219612][ T9] cdc_ncm 5-1:1.0: bind() failure [ 234.513065][ T9] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 234.519912][ T9] cdc_ncm 5-1:1.1: bind() failure [ 234.529307][ T9] usb 5-1: USB disconnect, device number 18 [ 234.548057][ T30] audit: type=1326 audit(1752255638.780:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 234.569570][ T30] audit: type=1326 audit(1752255638.780:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 234.592380][ T30] audit: type=1326 audit(1752255638.780:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8087 comm="syz.3.643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0c3bf8e929 code=0x7ffc0000 [ 234.737657][ T8102] netlink: 8 bytes leftover after parsing attributes in process `syz.2.647'. [ 235.231042][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 235.372980][ T5909] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 235.822573][ T5909] usb 4-1: Using ep0 maxpacket: 8 [ 235.882650][ T5909] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 235.908685][ T5909] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.919425][ T5909] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 235.935606][ T5909] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.955086][ T5909] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.982535][ T5909] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 235.993199][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.018760][ T9] usb 2-1: device descriptor read/64, error -71 [ 236.238856][ T5909] usb 4-1: usb_control_msg returned -32 [ 236.245591][ T5909] usbtmc 4-1:16.0: can't read capabilities [ 236.261038][ T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 236.390987][ T9] usb 2-1: device descriptor read/64, error -71 [ 236.441156][ T5842] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 236.501355][ T9] usb usb2-port1: attempt power cycle [ 236.612465][ T5842] usb 5-1: device descriptor read/64, error -71 [ 236.851615][ T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 236.891985][ T5842] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 236.900625][ T9] usb 2-1: device descriptor read/8, error -71 [ 237.030980][ T5842] usb 5-1: device descriptor read/64, error -71 [ 237.141347][ T5842] usb usb5-port1: attempt power cycle [ 237.148969][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 237.186010][ T9] usb 2-1: device descriptor read/8, error -71 [ 237.615593][ T9] usb usb2-port1: unable to enumerate USB device [ 237.830368][ T5842] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 238.163991][ T5842] usb 5-1: device descriptor read/8, error -71 [ 238.209714][ T5909] usb 4-1: USB disconnect, device number 12 [ 238.318584][ T8148] netlink: 'syz.0.662': attribute type 11 has an invalid length. [ 238.465053][ T5842] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 238.651437][ T5842] usb 5-1: device descriptor read/8, error -71 [ 238.881247][ T5842] usb usb5-port1: unable to enumerate USB device [ 240.366620][ T8183] netlink: 16 bytes leftover after parsing attributes in process `syz.3.671'. [ 243.843722][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805778d000: rx timeout, send abort [ 244.248145][ T8232] netlink: 4 bytes leftover after parsing attributes in process `syz.3.684'. [ 244.278525][ T8243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.688'. [ 244.350342][ T8245] netlink: 68 bytes leftover after parsing attributes in process `syz.1.687'. [ 245.311031][ T5909] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 245.561282][ T5909] usb 4-1: Using ep0 maxpacket: 8 [ 245.605233][ T5909] usb 4-1: too many configurations: 65, using maximum allowed: 8 [ 245.755562][ T5909] usb 4-1: New USB device found, idVendor=1044, idProduct=800d, bcdDevice=57.5c [ 245.775049][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.795516][ T5909] usb 4-1: Product: syz [ 245.801144][ T5909] usb 4-1: Manufacturer: syz [ 245.811748][ T5909] usb 4-1: SerialNumber: syz [ 245.830062][ T5909] usb 4-1: config 0 descriptor?? [ 245.862499][ T5909] usb 4-1: bad CDC descriptors [ 246.077273][ T5842] usb 4-1: USB disconnect, device number 13 [ 246.989010][ T8296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.707'. [ 247.041591][ T8296] netlink: 104 bytes leftover after parsing attributes in process `syz.1.707'. [ 247.146629][ T8310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'. [ 247.160729][ T8310] netlink: 16 bytes leftover after parsing attributes in process `syz.0.714'. [ 247.179669][ T8311] FAULT_INJECTION: forcing a failure. [ 247.179669][ T8311] name failslab, interval 1, probability 0, space 0, times 0 [ 247.193510][ T8311] CPU: 0 UID: 0 PID: 8311 Comm: syz.3.711 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 247.193534][ T8311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.193559][ T8311] Call Trace: [ 247.193566][ T8311] [ 247.193574][ T8311] dump_stack_lvl+0x189/0x250 [ 247.193599][ T8311] ? __pfx____ratelimit+0x10/0x10 [ 247.193624][ T8311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.193643][ T8311] ? __pfx__printk+0x10/0x10 [ 247.193670][ T8311] ? __pfx___might_resched+0x10/0x10 [ 247.193691][ T8311] should_fail_ex+0x414/0x560 [ 247.193720][ T8311] should_failslab+0xa8/0x100 [ 247.193746][ T8311] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 247.193770][ T8311] ? __alloc_skb+0x112/0x2d0 [ 247.193794][ T8311] __alloc_skb+0x112/0x2d0 [ 247.193817][ T8311] netlink_dump+0x1ab/0xe90 [ 247.193835][ T8311] ? __pfx_ethnl_parse_header_dev_get+0x10/0x10 [ 247.193862][ T8311] ? rcu_is_watching+0x15/0xb0 [ 247.193883][ T8311] ? __pfx_netlink_dump+0x10/0x10 [ 247.193899][ T8311] ? ethnl_default_start+0x173/0x570 [ 247.193955][ T8311] ? genl_start+0x581/0x6c0 [ 247.193982][ T8311] __netlink_dump_start+0x5cb/0x7e0 [ 247.194010][ T8311] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 247.194037][ T8311] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 247.194058][ T8311] ? genl_get_cmd+0x67f/0x910 [ 247.194086][ T8311] ? __pfx_genl_start+0x10/0x10 [ 247.194106][ T8311] ? __pfx_genl_dumpit+0x10/0x10 [ 247.194124][ T8311] ? __pfx_genl_done+0x10/0x10 [ 247.194161][ T8311] genl_rcv_msg+0x5da/0x790 [ 247.194191][ T8311] ? __pfx_genl_rcv_msg+0x10/0x10 [ 247.194211][ T8311] ? ref_tracker_free+0x63a/0x7d0 [ 247.194231][ T8311] ? __pfx_ethnl_default_start+0x10/0x10 [ 247.194248][ T8311] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 247.194266][ T8311] ? __pfx_ethnl_default_done+0x10/0x10 [ 247.194286][ T8311] ? __pfx_ref_tracker_free+0x10/0x10 [ 247.194320][ T8311] netlink_rcv_skb+0x208/0x470 [ 247.194341][ T8311] ? __pfx_genl_rcv_msg+0x10/0x10 [ 247.194365][ T8311] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 247.194403][ T8311] ? down_read+0x1ad/0x2e0 [ 247.194425][ T8311] genl_rcv+0x28/0x40 [ 247.194445][ T8311] netlink_unicast+0x75c/0x8e0 [ 247.194474][ T8311] netlink_sendmsg+0x805/0xb30 [ 247.194504][ T8311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.194532][ T8311] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 247.194554][ T8311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.194575][ T8311] __sock_sendmsg+0x219/0x270 [ 247.194604][ T8311] ____sys_sendmsg+0x505/0x830 [ 247.194630][ T8311] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.194661][ T8311] ? import_iovec+0x74/0xa0 [ 247.194682][ T8311] ___sys_sendmsg+0x21f/0x2a0 [ 247.194705][ T8311] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.194765][ T8311] ? __fget_files+0x2a/0x420 [ 247.194780][ T8311] ? __fget_files+0x3a0/0x420 [ 247.194808][ T8311] __x64_sys_sendmsg+0x19b/0x260 [ 247.194832][ T8311] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 247.194863][ T8311] ? __pfx_ksys_write+0x10/0x10 [ 247.194882][ T8311] ? rcu_is_watching+0x15/0xb0 [ 247.194905][ T8311] ? do_syscall_64+0xbe/0x3b0 [ 247.194933][ T8311] do_syscall_64+0xfa/0x3b0 [ 247.194948][ T8311] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.194971][ T8311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.194987][ T8311] ? clear_bhb_loop+0x60/0xb0 [ 247.195009][ T8311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.195024][ T8311] RIP: 0033:0x7f0c3bf8e929 [ 247.195041][ T8311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.195054][ T8311] RSP: 002b:00007f0c3cd55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.195072][ T8311] RAX: ffffffffffffffda RBX: 00007f0c3c1b6160 RCX: 00007f0c3bf8e929 [ 247.195084][ T8311] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 247.195095][ T8311] RBP: 00007f0c3cd55090 R08: 0000000000000000 R09: 0000000000000000 [ 247.195105][ T8311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 247.195115][ T8311] R13: 0000000000000000 R14: 00007f0c3c1b6160 R15: 00007ffe63916908 [ 247.195145][ T8311] [ 247.613869][ T8310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'. [ 248.127287][ T8318] syz.1.715 (8318) used obsolete PPPIOCDETACH ioctl [ 248.801830][ T8330] overlayfs: failed to resolve './file0': -2 [ 248.912699][ T8336] netlink: 68 bytes leftover after parsing attributes in process `syz.0.718'. [ 251.971091][ T8356] netlink: 16 bytes leftover after parsing attributes in process `syz.1.727'. [ 252.851997][ T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 253.184408][ T8367] netlink: 24 bytes leftover after parsing attributes in process `syz.4.731'. [ 253.205167][ T8370] trusted_key: syz.1.732 sent an empty control message without MSG_MORE. [ 253.214088][ T8367] netlink: 24 bytes leftover after parsing attributes in process `syz.4.731'. [ 253.214154][ T8367] FAULT_INJECTION: forcing a failure. [ 253.214154][ T8367] name failslab, interval 1, probability 0, space 0, times 0 [ 253.214180][ T8367] CPU: 1 UID: 0 PID: 8367 Comm: syz.4.731 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 253.214198][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.214207][ T8367] Call Trace: [ 253.214213][ T8367] [ 253.214220][ T8367] dump_stack_lvl+0x189/0x250 [ 253.214244][ T8367] ? __pfx____ratelimit+0x10/0x10 [ 253.214268][ T8367] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.214285][ T8367] ? __pfx__printk+0x10/0x10 [ 253.214311][ T8367] ? __pfx___might_resched+0x10/0x10 [ 253.214328][ T8367] ? fs_reclaim_acquire+0x7d/0x100 [ 253.214349][ T8367] should_fail_ex+0x414/0x560 [ 253.214376][ T8367] should_failslab+0xa8/0x100 [ 253.214410][ T8367] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 253.214432][ T8367] ? __alloc_skb+0x112/0x2d0 [ 253.214455][ T8367] __alloc_skb+0x112/0x2d0 [ 253.214476][ T8367] netlink_ack+0x146/0xa50 [ 253.214493][ T8367] ? __pfx_genl_rcv_msg+0x10/0x10 [ 253.214512][ T8367] ? ref_tracker_free+0x63a/0x7d0 [ 253.214538][ T8367] ? __pfx_ref_tracker_free+0x10/0x10 [ 253.214571][ T8367] netlink_rcv_skb+0x28c/0x470 [ 253.214590][ T8367] ? __pfx_genl_rcv_msg+0x10/0x10 [ 253.214613][ T8367] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 253.214649][ T8367] ? down_read+0x1ad/0x2e0 [ 253.214669][ T8367] genl_rcv+0x28/0x40 [ 253.214688][ T8367] netlink_unicast+0x75c/0x8e0 [ 253.214716][ T8367] netlink_sendmsg+0x805/0xb30 [ 253.214744][ T8367] ? __pfx_netlink_sendmsg+0x10/0x10 [ 253.214771][ T8367] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 253.214792][ T8367] ? __pfx_netlink_sendmsg+0x10/0x10 [ 253.214812][ T8367] __sock_sendmsg+0x219/0x270 [ 253.214839][ T8367] ____sys_sendmsg+0x505/0x830 [ 253.214864][ T8367] ? __pfx_____sys_sendmsg+0x10/0x10 [ 253.214893][ T8367] ? import_iovec+0x74/0xa0 [ 253.214915][ T8367] ___sys_sendmsg+0x21f/0x2a0 [ 253.214938][ T8367] ? __pfx____sys_sendmsg+0x10/0x10 [ 253.214993][ T8367] ? __fget_files+0x2a/0x420 [ 253.215008][ T8367] ? __fget_files+0x3a0/0x420 [ 253.215033][ T8367] __x64_sys_sendmsg+0x19b/0x260 [ 253.215055][ T8367] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 253.215084][ T8367] ? __pfx_ksys_write+0x10/0x10 [ 253.215102][ T8367] ? rcu_is_watching+0x15/0xb0 [ 253.215125][ T8367] ? do_syscall_64+0xbe/0x3b0 [ 253.215144][ T8367] do_syscall_64+0xfa/0x3b0 [ 253.215158][ T8367] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.215180][ T8367] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.215196][ T8367] ? clear_bhb_loop+0x60/0xb0 [ 253.215215][ T8367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.215231][ T8367] RIP: 0033:0x7f8f9f38e929 [ 253.215247][ T8367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.215260][ T8367] RSP: 002b:00007f8fa02a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 253.215278][ T8367] RAX: ffffffffffffffda RBX: 00007f8f9f5b5fa0 RCX: 00007f8f9f38e929 [ 253.215289][ T8367] RDX: 0000000000044084 RSI: 0000200000004bc0 RDI: 0000000000000003 [ 253.215300][ T8367] RBP: 00007f8fa02a5090 R08: 0000000000000000 R09: 0000000000000000 [ 253.215309][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.215319][ T8367] R13: 0000000000000000 R14: 00007f8f9f5b5fa0 R15: 00007ffe1b1e7478 [ 253.215347][ T8367] [ 253.321972][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.476405][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 253.586253][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 253.648663][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.726658][ T24] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 253.796895][ T8379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.733'. [ 253.800505][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 253.805995][ T8379] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.079246][ T8378] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 254.128219][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.144340][ T8378] infiniband @: RDMA CMA: cma_listen_on_dev, error -98 [ 254.175323][ T8379] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.182921][ T5842] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 254.192193][ T24] usb 1-1: config 0 descriptor?? [ 254.284266][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 254.294284][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 254.306237][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 254.324816][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 254.355384][ T8378] virt_wifi0 speed is unknown, defaulting to 1000 [ 254.371674][ T5842] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 254.383081][ T5842] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 254.428330][ T5842] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 254.465345][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.619660][ T24] cp2112 0003:10C4:EA90.0002: item fetching failed at offset 5/7 [ 254.628772][ T24] cp2112 0003:10C4:EA90.0002: parse failed [ 254.638961][ T8386] syz_tun: entered allmulticast mode [ 254.657006][ T8386] dvmrp8: entered allmulticast mode [ 254.663877][ T8375] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 254.831953][ T24] cp2112 0003:10C4:EA90.0002: probe with driver cp2112 failed with error -22 [ 255.151926][ T24] usb 1-1: USB disconnect, device number 23 [ 255.533241][ T5842] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 255.631787][ T8397] netlink: 68 bytes leftover after parsing attributes in process `syz.1.740'. [ 255.833653][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.845990][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.016874][ T8421] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 257.205003][ T5923] usb 5-1: USB disconnect, device number 23 [ 257.671422][ T24] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 258.021627][ T24] usb 1-1: device descriptor read/64, error -71 [ 258.193220][ T8435] syz.4.755: attempt to access beyond end of device [ 258.193220][ T8435] loop9: rw=0, sector=0, nr_sectors = 1 limit=0 [ 258.208226][ T8435] FAT-fs (loop9): unable to read boot sector [ 258.261778][ T24] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 258.391415][ T5901] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 258.402754][ T8440] netlink: 40 bytes leftover after parsing attributes in process `syz.2.757'. [ 258.415096][ T24] usb 1-1: device descriptor read/64, error -71 [ 258.470996][ T6003] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 258.531648][ T24] usb usb1-port1: attempt power cycle [ 258.571019][ T5901] usb 2-1: Using ep0 maxpacket: 32 [ 258.579446][ T5901] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 258.592280][ T5901] usb 2-1: can't read configurations, error -22 [ 258.602629][ T6003] usb 5-1: device descriptor read/64, error -71 [ 258.740977][ T5901] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 258.861040][ T6003] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 258.881324][ T24] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 258.891902][ T5901] usb 2-1: Using ep0 maxpacket: 32 [ 258.914815][ T5901] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 258.946079][ T5901] usb 2-1: can't read configurations, error -22 [ 258.955916][ T24] usb 1-1: device descriptor read/8, error -71 [ 258.976690][ T5901] usb usb2-port1: attempt power cycle [ 259.031032][ T6003] usb 5-1: device descriptor read/64, error -71 [ 259.151578][ T6003] usb usb5-port1: attempt power cycle [ 259.221017][ T24] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 259.272186][ T24] usb 1-1: device descriptor read/8, error -71 [ 259.341078][ T5901] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 259.374713][ T5901] usb 2-1: Using ep0 maxpacket: 32 [ 259.384111][ T5901] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 259.402194][ T24] usb usb1-port1: unable to enumerate USB device [ 259.408945][ T5901] usb 2-1: can't read configurations, error -22 [ 259.532855][ T6003] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 259.571056][ T5901] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 259.585230][ T8457] netlink: 68 bytes leftover after parsing attributes in process `syz.2.764'. [ 259.598216][ T6003] usb 5-1: device descriptor read/8, error -71 [ 259.653342][ T5901] usb 2-1: Using ep0 maxpacket: 32 [ 259.698485][ T5901] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 259.761353][ T5901] usb 2-1: can't read configurations, error -22 [ 259.815906][ T5901] usb usb2-port1: unable to enumerate USB device [ 259.876883][ T6003] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 259.956212][ T6003] usb 5-1: device descriptor read/8, error -71 [ 260.121496][ T6003] usb usb5-port1: unable to enumerate USB device [ 260.771165][ T5923] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 261.023479][ T5923] usb 4-1: Using ep0 maxpacket: 8 [ 261.042143][ T5923] usb 4-1: unable to get BOS descriptor or descriptor too short [ 261.059555][ T5923] usb 4-1: config 50 has an invalid interface number: 75 but max is 0 [ 261.072443][ T5923] usb 4-1: config 50 has no interface number 0 [ 261.637589][ T5923] usb 4-1: config 50 interface 75 altsetting 42 endpoint 0x3 has invalid maxpacket 592, setting to 64 [ 261.714209][ T5923] usb 4-1: config 50 interface 75 has no altsetting 0 [ 261.812588][ T8483] net_ratelimit: 76 callbacks suppressed [ 261.812608][ T8483] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 261.940062][ T8488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.773'. [ 262.781372][ T5923] usb 4-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 262.790556][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.821122][ T5923] usb 4-1: Product: syz [ 262.825442][ T5923] usb 4-1: Manufacturer: syz [ 262.831351][ T5923] usb 4-1: SerialNumber: syz [ 262.974758][ T8490] netlink: 180 bytes leftover after parsing attributes in process `syz.0.773'. [ 263.020797][ T8490] netlink: 'syz.0.773': attribute type 10 has an invalid length. [ 263.101572][ T8490] netlink: 40 bytes leftover after parsing attributes in process `syz.0.773'. [ 263.128264][ T5923] radioshark 4-1:50.75: Invalid radioSHARK device [ 263.140682][ T5923] radioshark 4-1:50.75: probe with driver radioshark failed with error -22 [ 263.159302][ T5923] usbhid 4-1:50.75: couldn't find an input interrupt endpoint [ 263.174539][ T5923] usb 4-1: USB disconnect, device number 14 [ 263.855346][ T8490] geneve0: entered promiscuous mode [ 263.867945][ T8490] team0: Port device geneve0 added [ 264.082074][ T8498] fuse: Bad value for 'rootmode' [ 265.192849][ T8512] netlink: 68 bytes leftover after parsing attributes in process `syz.0.779'. [ 265.517953][ T8516] netlink: 16 bytes leftover after parsing attributes in process `syz.4.782'. [ 265.567513][ T8516] netlink: 1053 bytes leftover after parsing attributes in process `syz.4.782'. [ 265.730465][ T8521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'. [ 266.897726][ T8536] hub 8-0:1.0: USB hub found [ 266.903932][ T8536] hub 8-0:1.0: 1 port detected [ 267.221028][ T6003] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 267.383832][ T6003] usb 1-1: Using ep0 maxpacket: 8 [ 267.404481][ T6003] usb 1-1: unable to get BOS descriptor or descriptor too short [ 267.427897][ T6003] usb 1-1: config 50 has an invalid interface number: 75 but max is 0 [ 267.443252][ T6003] usb 1-1: config 50 has no interface number 0 [ 267.471020][ T6003] usb 1-1: config 50 interface 75 altsetting 42 endpoint 0x3 has invalid maxpacket 592, setting to 64 [ 267.552064][ T6003] usb 1-1: config 50 interface 75 has no altsetting 0 [ 267.581006][ T6003] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 267.764234][ T6003] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.051287][ T6003] usb 1-1: Product: syz [ 268.055521][ T6003] usb 1-1: Manufacturer: syz [ 268.060138][ T6003] usb 1-1: SerialNumber: syz [ 269.173035][ T8584] netlink: 68 bytes leftover after parsing attributes in process `syz.2.800'. [ 269.924690][ T6003] radioshark 1-1:50.75: Invalid radioSHARK device [ 269.949665][ T6003] radioshark 1-1:50.75: probe with driver radioshark failed with error -22 [ 269.982501][ T6003] usbhid 1-1:50.75: couldn't find an input interrupt endpoint [ 270.027627][ T6003] usb 1-1: USB disconnect, device number 28 [ 270.155747][ T8600] veth0_to_bond: entered allmulticast mode [ 270.176673][ T8600] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 270.291530][ T8602] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 270.733936][ T8600] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 271.095056][ T8612] netlink: 4 bytes leftover after parsing attributes in process `syz.1.812'. [ 271.767291][ T8616] binder: 8615:8616 ioctl 400c620e 200000000000 returned -22 [ 271.964423][ T8619] tmpfs: Bad value for 'grpquota_inode_hardlimit' [ 271.996859][ T8619] netlink: 36 bytes leftover after parsing attributes in process `syz.3.815'. [ 272.568817][ T24] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 272.740989][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 272.769704][ T8637] netlink: 68 bytes leftover after parsing attributes in process `syz.0.818'. [ 273.075661][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 273.097427][ T24] usb 4-1: config 50 has an invalid interface number: 75 but max is 0 [ 273.115634][ T24] usb 4-1: config 50 has no interface number 0 [ 273.127846][ T24] usb 4-1: config 50 interface 75 altsetting 42 bulk endpoint 0x2 has invalid maxpacket 32 [ 273.166201][ T24] usb 4-1: config 50 interface 75 has no altsetting 0 [ 273.194789][ T24] usb 4-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 273.250528][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.277915][ T24] usb 4-1: Product: syz [ 273.290479][ T24] usb 4-1: Manufacturer: syz [ 273.363412][ T24] usb 4-1: SerialNumber: syz [ 273.396868][ T8633] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 273.649545][ T24] radioshark 4-1:50.75: Invalid radioSHARK device [ 273.666637][ T24] radioshark 4-1:50.75: probe with driver radioshark failed with error -22 [ 273.679783][ T24] usbhid 4-1:50.75: couldn't find an input interrupt endpoint [ 273.739570][ T24] usb 4-1: USB disconnect, device number 15 [ 276.018750][ T8667] netlink: 'syz.0.827': attribute type 1 has an invalid length. [ 276.027254][ T8667] netlink: 172 bytes leftover after parsing attributes in process `syz.0.827'. [ 277.259964][ T8681] netlink: 68 bytes leftover after parsing attributes in process `syz.1.830'. [ 278.423264][ T8671] bridge0: port 3(netdevsim0) entered blocking state [ 278.430264][ T8671] bridge0: port 3(netdevsim0) entered disabled state [ 278.437484][ T8671] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 278.447077][ T8671] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 278.455053][ T8671] bridge0: port 3(netdevsim0) entered blocking state [ 278.461892][ T8671] bridge0: port 3(netdevsim0) entered forwarding state [ 278.599746][ T8696] netlink: 48 bytes leftover after parsing attributes in process `syz.2.835'. [ 278.907188][ T8710] netlink: 68 bytes leftover after parsing attributes in process `syz.0.841'. [ 279.193829][ T8716] netlink: 244 bytes leftover after parsing attributes in process `syz.3.838'. [ 281.047272][ T8755] bridge0: entered promiscuous mode [ 281.066580][ T8755] macsec1: entered allmulticast mode [ 281.076678][ T8755] bridge0: entered allmulticast mode [ 281.096870][ T8758] loop6: detected capacity change from 0 to 524287999 [ 281.232935][ T8755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.852'. [ 281.871218][ T8759] delete_channel: no stack [ 283.206948][ T8755] tipc: Resetting bearer [ 283.769301][ T8788] netlink: 68 bytes leftover after parsing attributes in process `syz.1.863'. [ 283.780484][ T8755] tipc: Disabling bearer [ 284.219585][ T8774] unknown channel width for channel at 909000KHz? [ 284.241026][ T8774] unknown channel width for channel at 909000KHz? [ 284.247509][ T8774] unknown channel width for channel at 909000KHz? [ 285.441000][ T6003] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 285.862674][ T6003] usb 5-1: Using ep0 maxpacket: 16 [ 285.892662][ T6003] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 286.115569][ T6003] usb 5-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=8b.57 [ 286.278885][ T6003] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.300913][ T6003] usb 5-1: Product: syz [ 286.305160][ T6003] usb 5-1: Manufacturer: syz [ 286.309758][ T6003] usb 5-1: SerialNumber: syz [ 286.317286][ T6003] usb 5-1: config 0 descriptor?? [ 286.732191][ T6003] port100 5-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 287.086808][ T6003] usb 5-1: USB disconnect, device number 28 [ 291.105384][ T8877] netlink: 72 bytes leftover after parsing attributes in process `syz.0.888'. [ 291.318229][ T8888] netlink: 'syz.3.891': attribute type 3 has an invalid length. [ 291.348991][ T8888] netlink: 236 bytes leftover after parsing attributes in process `syz.3.891'. [ 291.672128][ T24] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 291.961185][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 291.968946][ T24] usb 1-1: config 0 has an invalid interface number: 126 but max is 0 [ 291.980613][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.996588][ T24] usb 1-1: config 0 has no interface number 0 [ 292.004288][ T24] usb 1-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 292.019611][ T24] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024 [ 292.034644][ T24] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 292.069331][ T24] usb 1-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 292.086096][ T24] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 292.096477][ T6003] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 292.112649][ T24] usb 1-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 292.130614][ T24] usb 1-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 292.140638][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.156908][ T24] usb 1-1: config 0 descriptor?? [ 292.165844][ T8897] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 292.227849][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 292.271377][ T6003] usb 5-1: Using ep0 maxpacket: 8 [ 292.300260][ T6003] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 292.449097][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 292.563024][ T6003] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 293.087740][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 293.116399][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 293.216128][ T6003] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 293.226406][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 293.252596][ T6003] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 293.270932][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 293.283056][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 293.304441][ T6003] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 293.314271][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 293.327331][ T6003] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 293.350436][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 293.363809][ T6003] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 293.418101][ T8892] Bluetooth: hci0: Opcode 0x080f failed: -110 [ 293.431409][ T5155] Bluetooth: hci0: command 0x0406 tx timeout [ 293.506738][ T24] usb 1-1: USB disconnect, device number 29 [ 293.528598][ T6003] usb 5-1: string descriptor 0 read error: -22 [ 293.567268][ T6003] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 293.587865][ T6003] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.640393][ T6003] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 294.291881][ T5968] usb 5-1: USB disconnect, device number 29 [ 295.410696][ T8927] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[8927] [ 296.969102][ T24] kernel write not supported for file /snd/seq (pid: 24 comm: kworker/1:0) [ 300.279332][ T8977] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 301.642966][ T9012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.929'. [ 302.977469][ T9026] bridge: RTM_NEWNEIGH with invalid ether address [ 304.620924][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 304.620942][ T30] audit: type=1326 audit(1752255712.170:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 304.689870][ T30] audit: type=1326 audit(1752255712.180:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 304.856362][ T30] audit: type=1326 audit(1752255712.180:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3ab698d3df code=0x7ffc0000 [ 304.897730][ T30] audit: type=1326 audit(1752255712.180:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 304.949769][ T30] audit: type=1326 audit(1752255712.180:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 305.716650][ T30] audit: type=1326 audit(1752255712.190:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 305.738604][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.926993][ T30] audit: type=1326 audit(1752255712.190:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 305.975219][ T9054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.941'. [ 306.173189][ T9054] netlink: 764 bytes leftover after parsing attributes in process `syz.3.941'. [ 306.209751][ T30] audit: type=1326 audit(1752255712.190:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 306.312513][ T30] audit: type=1326 audit(1752255712.190:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 306.436032][ T30] audit: type=1326 audit(1752255712.190:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ab698e929 code=0x7ffc0000 [ 306.530927][ T6003] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 306.701872][ T9067] bridge: RTM_NEWNEIGH with invalid ether address [ 306.702913][ T6003] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.751336][ T6003] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 307.111576][ T6003] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 307.945427][ T6003] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 307.958029][ T6003] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.969235][ T6003] usb 4-1: config 0 descriptor?? [ 308.407791][ T6003] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 308.456636][ T6003] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 308.635274][ T9096] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 308.695487][ T9] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 310.221151][ T9] usb 1-1: config 8 has an invalid interface number: 177 but max is 0 [ 311.063128][ T9] usb 1-1: config 8 has no interface number 0 [ 311.069409][ T9] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 311.118356][ T9] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0 [ 311.184883][ T9] usb 1-1: config 8 interface 177 has no altsetting 0 [ 311.239002][ T6003] usb 4-1: reset high-speed USB device number 16 using dummy_hcd [ 311.843858][ T9] usb 1-1: string descriptor 0 read error: -71 [ 311.867847][ T9] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 311.908512][ T9] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 311.978025][ T9] usb 1-1: can't set config #8, error -71 [ 312.017914][ T9] usb 1-1: USB disconnect, device number 30 [ 313.011997][ T5901] usb 4-1: USB disconnect, device number 16 [ 313.269878][ T9126] netlink: 'syz.1.963': attribute type 1 has an invalid length. [ 313.349048][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 313.349063][ T30] audit: type=1800 audit(1752255721.510:603): pid=9123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.962" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 313.854830][ T9115] netlink: 24 bytes leftover after parsing attributes in process `syz.0.959'. [ 315.091337][ T5901] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 315.251312][ T5901] usb 1-1: Using ep0 maxpacket: 16 [ 315.348596][ T5901] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 315.461550][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 315.530035][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 315.659897][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 315.713836][ T5901] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 315.888815][ T5901] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 315.931675][ T5901] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 315.961419][ T5901] usb 1-1: Manufacturer: syz [ 315.978013][ T5901] usb 1-1: config 0 descriptor?? [ 316.744837][ T5901] rc_core: IR keymap rc-hauppauge not found [ 316.795616][ T9185] netlink: 124 bytes leftover after parsing attributes in process `syz.0.972'. [ 317.154374][ T5901] Registered IR keymap rc-empty [ 317.159750][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.241107][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.257056][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.263834][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.276834][ T5901] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 317.307646][ T9183] virt_wifi0 speed is unknown, defaulting to 1000 [ 317.341224][ T5901] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input31 [ 317.451033][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.480956][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.508651][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.541156][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.591134][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.630837][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.671979][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.675554][ T9192] vlan2: entered promiscuous mode [ 317.691588][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.699603][ T9192] vlan2: entered allmulticast mode [ 317.717480][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.720656][ T9193] FAULT_INJECTION: forcing a failure. [ 317.720656][ T9193] name failslab, interval 1, probability 0, space 0, times 0 [ 317.739341][ T9193] CPU: 0 UID: 0 PID: 9193 Comm: syz.1.983 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 317.739366][ T9193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.739376][ T9193] Call Trace: [ 317.739384][ T9193] [ 317.739392][ T9193] dump_stack_lvl+0x189/0x250 [ 317.739416][ T9193] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.739443][ T9193] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.739469][ T9193] ? dump_stack+0x9/0x20 [ 317.739493][ T9193] should_fail_ex+0x414/0x560 [ 317.739523][ T9193] should_failslab+0xa8/0x100 [ 317.739549][ T9193] kmem_cache_alloc_noprof+0x73/0x3c0 [ 317.739571][ T9193] ? skb_clone+0x212/0x3a0 [ 317.739598][ T9193] skb_clone+0x212/0x3a0 [ 317.739623][ T9193] __netlink_deliver_tap+0x404/0x850 [ 317.739656][ T9193] ? netlink_deliver_tap+0x2e/0x1b0 [ 317.739676][ T9193] netlink_deliver_tap+0x19c/0x1b0 [ 317.739697][ T9193] netlink_unicast+0x730/0x8e0 [ 317.739726][ T9193] netlink_sendmsg+0x805/0xb30 [ 317.739755][ T9193] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.739784][ T9193] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 317.739806][ T9193] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.739827][ T9193] __sock_sendmsg+0x219/0x270 [ 317.739856][ T9193] ____sys_sendmsg+0x505/0x830 [ 317.739882][ T9193] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.739913][ T9193] ? import_iovec+0x74/0xa0 [ 317.739943][ T9193] ___sys_sendmsg+0x21f/0x2a0 [ 317.739966][ T9193] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.740025][ T9193] ? __fget_files+0x2a/0x420 [ 317.740040][ T9193] ? __fget_files+0x3a0/0x420 [ 317.740067][ T9193] __x64_sys_sendmsg+0x19b/0x260 [ 317.740091][ T9193] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 317.740123][ T9193] ? __pfx_ksys_write+0x10/0x10 [ 317.740142][ T9193] ? rcu_is_watching+0x15/0xb0 [ 317.740166][ T9193] ? do_syscall_64+0xbe/0x3b0 [ 317.740187][ T9193] do_syscall_64+0xfa/0x3b0 [ 317.740202][ T9193] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.740224][ T9193] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.740242][ T9193] ? clear_bhb_loop+0x60/0xb0 [ 317.740263][ T9193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.740279][ T9193] RIP: 0033:0x7fe6d778e929 [ 317.740295][ T9193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.740309][ T9193] RSP: 002b:00007fe6d85fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 317.740328][ T9193] RAX: ffffffffffffffda RBX: 00007fe6d79b6160 RCX: 00007fe6d778e929 [ 317.740340][ T9193] RDX: 0000000000000000 RSI: 0000200000001540 RDI: 0000000000000004 [ 317.740351][ T9193] RBP: 00007fe6d85fe090 R08: 0000000000000000 R09: 0000000000000000 [ 317.740362][ T9193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.740372][ T9193] R13: 0000000000000000 R14: 00007fe6d79b6160 R15: 00007ffc09e854b8 [ 317.740401][ T9193] [ 317.741682][ T5901] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 317.755050][ T9192] netlink: 260 bytes leftover after parsing attributes in process `syz.1.983'. [ 318.372564][ T5901] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 318.381894][ T5901] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 318.417627][ T5901] usb 1-1: USB disconnect, device number 31 [ 318.757187][ T9203] netlink: 'syz.3.987': attribute type 1 has an invalid length. [ 319.743420][ T9220] netlink: 48 bytes leftover after parsing attributes in process `syz.2.992'. [ 319.752910][ T9220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.992'. [ 319.764221][ T9220] overlayfs: failed to clone upperpath [ 319.844294][ T5923] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 319.993138][ T9229] netlink: 68 bytes leftover after parsing attributes in process `syz.3.993'. [ 320.047019][ T5923] usb 5-1: Using ep0 maxpacket: 32 [ 320.057784][ T9230] FAULT_INJECTION: forcing a failure. [ 320.057784][ T9230] name failslab, interval 1, probability 0, space 0, times 0 [ 320.136020][ T9230] CPU: 1 UID: 0 PID: 9230 Comm: syz.1.995 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 320.136047][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.136058][ T9230] Call Trace: [ 320.136065][ T9230] [ 320.136073][ T9230] dump_stack_lvl+0x189/0x250 [ 320.136096][ T9230] ? __pfx____ratelimit+0x10/0x10 [ 320.136118][ T9230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.136134][ T9230] ? __pfx__printk+0x10/0x10 [ 320.136161][ T9230] ? __pfx___might_resched+0x10/0x10 [ 320.136177][ T9230] ? fs_reclaim_acquire+0x7d/0x100 [ 320.136200][ T9230] should_fail_ex+0x414/0x560 [ 320.136230][ T9230] should_failslab+0xa8/0x100 [ 320.136255][ T9230] __kmalloc_noprof+0xcb/0x4f0 [ 320.136276][ T9230] ? kfree+0x4d/0x440 [ 320.136294][ T9230] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.136318][ T9230] tomoyo_realpath_from_path+0xe3/0x5d0 [ 320.136336][ T9230] ? tomoyo_domain+0xda/0x130 [ 320.136361][ T9230] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 320.136384][ T9230] tomoyo_path_number_perm+0x1e8/0x5a0 [ 320.136407][ T9230] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 320.136475][ T9230] ? d_alloc_parallel+0x2e0/0x14e0 [ 320.136496][ T9230] ? __pfx_current_check_access_path+0x10/0x10 [ 320.136527][ T9230] tomoyo_path_mknod+0x142/0x190 [ 320.136552][ T9230] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 320.136584][ T9230] security_path_mknod+0x17e/0x3a0 [ 320.136609][ T9230] path_openat+0xd56/0x3830 [ 320.136627][ T9230] ? arch_stack_walk+0xfc/0x150 [ 320.136693][ T9230] ? __pfx_path_openat+0x10/0x10 [ 320.136711][ T9230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.136751][ T9230] do_filp_open+0x1fa/0x410 [ 320.136770][ T9230] ? __lock_acquire+0xab9/0xd20 [ 320.136789][ T9230] ? __pfx_do_filp_open+0x10/0x10 [ 320.136835][ T9230] ? _raw_spin_unlock+0x28/0x50 [ 320.136857][ T9230] ? alloc_fd+0x64c/0x6c0 [ 320.136894][ T9230] do_sys_openat2+0x121/0x1c0 [ 320.136917][ T9230] ? __pfx_do_sys_openat2+0x10/0x10 [ 320.136937][ T9230] ? ksys_write+0x22a/0x250 [ 320.136961][ T9230] ? __pfx_ksys_write+0x10/0x10 [ 320.136980][ T9230] ? rcu_is_watching+0x15/0xb0 [ 320.137007][ T9230] __x64_sys_open+0x11e/0x150 [ 320.137030][ T9230] do_syscall_64+0xfa/0x3b0 [ 320.137045][ T9230] ? lockdep_hardirqs_on+0x9c/0x150 [ 320.137069][ T9230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.137085][ T9230] ? clear_bhb_loop+0x60/0xb0 [ 320.137106][ T9230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.137123][ T9230] RIP: 0033:0x7fe6d778e929 [ 320.137139][ T9230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.137154][ T9230] RSP: 002b:00007fe6d861f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 320.137173][ T9230] RAX: ffffffffffffffda RBX: 00007fe6d79b6080 RCX: 00007fe6d778e929 [ 320.137186][ T9230] RDX: 0000000000000000 RSI: 0000000000066842 RDI: 00002000000005c0 [ 320.137198][ T9230] RBP: 00007fe6d861f090 R08: 0000000000000000 R09: 0000000000000000 [ 320.137208][ T9230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.137217][ T9230] R13: 0000000000000000 R14: 00007fe6d79b6080 R15: 00007ffc09e854b8 [ 320.137245][ T9230] [ 320.138939][ T5923] usb 5-1: config 0 has an invalid interface number: 54 but max is 0 [ 320.141220][ T9230] ERROR: Out of memory at tomoyo_realpath_from_path. [ 320.162232][ T5923] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 320.162259][ T5923] usb 5-1: config 0 has no interface number 1 [ 320.162314][ T5923] usb 5-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 320.162334][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.221738][ T5923] usb 5-1: config 0 descriptor?? [ 320.906004][ T5923] usb 5-1: bad CDC descriptors [ 322.350156][ T9] usb 5-1: USB disconnect, device number 30 [ 322.358938][ T9254] FAULT_INJECTION: forcing a failure. [ 322.358938][ T9254] name failslab, interval 1, probability 0, space 0, times 0 [ 322.380914][ T9254] CPU: 0 UID: 0 PID: 9254 Comm: syz.3.1003 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 322.380942][ T9254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.380953][ T9254] Call Trace: [ 322.380961][ T9254] [ 322.380969][ T9254] dump_stack_lvl+0x189/0x250 [ 322.380993][ T9254] ? __pfx____ratelimit+0x10/0x10 [ 322.381045][ T9254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.381064][ T9254] ? __pfx__printk+0x10/0x10 [ 322.381098][ T9254] should_fail_ex+0x414/0x560 [ 322.381127][ T9254] should_failslab+0xa8/0x100 [ 322.381153][ T9254] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 322.381178][ T9254] ? __alloc_skb+0x112/0x2d0 [ 322.381202][ T9254] __alloc_skb+0x112/0x2d0 [ 322.381224][ T9254] _sctp_make_chunk+0x5e/0x430 [ 322.381249][ T9254] sctp_make_init+0x58b/0xd30 [ 322.381280][ T9254] ? __pfx_sctp_make_init+0x10/0x10 [ 322.381299][ T9254] ? arch_stack_walk+0xfc/0x150 [ 322.381332][ T9254] ? stack_trace_save+0x9c/0xe0 [ 322.381356][ T9254] sctp_sf_do_prm_asoc+0xd2/0x3f0 [ 322.381383][ T9254] sctp_do_sm+0x1e7/0x5a20 [ 322.381404][ T9254] ? __pfx_sctp_pname+0x10/0x10 [ 322.381429][ T9254] ? kasan_save_track+0x3e/0x80 [ 322.381449][ T9254] ? sctp_stream_init_ext+0x57/0x180 [ 322.381477][ T9254] ? sctp_sendmsg_to_asoc+0x12fd/0x1810 [ 322.381495][ T9254] ? sctp_sendmsg+0x1941/0x2810 [ 322.381513][ T9254] ? __sock_sendmsg+0x19c/0x270 [ 322.381534][ T9254] ? __sys_sendto+0x3bd/0x520 [ 322.381550][ T9254] ? do_syscall_64+0xfa/0x3b0 [ 322.381565][ T9254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.381585][ T9254] ? __pfx_sctp_do_sm+0x10/0x10 [ 322.381649][ T9254] ? __sk_mem_raise_allocated+0xaa9/0x1240 [ 322.381682][ T9254] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 322.381713][ T9254] sctp_sendmsg_to_asoc+0x102d/0x1810 [ 322.381732][ T9254] ? __asan_memcpy+0x40/0x70 [ 322.381759][ T9254] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 322.381797][ T9254] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 322.381818][ T9254] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 322.381841][ T9254] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 322.381861][ T9254] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 322.381880][ T9254] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 322.381902][ T9254] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 322.381918][ T9254] ? security_sctp_bind_connect+0x7e/0x2e0 [ 322.381945][ T9254] sctp_sendmsg+0x1941/0x2810 [ 322.381979][ T9254] ? __pfx_sctp_sendmsg+0x10/0x10 [ 322.381998][ T9254] ? __lock_acquire+0xab9/0xd20 [ 322.382034][ T9254] ? sock_rps_record_flow+0x19/0x410 [ 322.382059][ T9254] ? inet_sendmsg+0x2f4/0x370 [ 322.382073][ T9254] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 322.382099][ T9254] __sock_sendmsg+0x19c/0x270 [ 322.382126][ T9254] __sys_sendto+0x3bd/0x520 [ 322.382147][ T9254] ? __pfx___sys_sendto+0x10/0x10 [ 322.382164][ T9254] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 322.382194][ T9254] ? __fget_files+0x3a0/0x420 [ 322.382221][ T9254] ? ksys_write+0x22a/0x250 [ 322.382245][ T9254] ? __pfx_ksys_write+0x10/0x10 [ 322.382264][ T9254] ? rcu_is_watching+0x15/0xb0 [ 322.382288][ T9254] __x64_sys_sendto+0xde/0x100 [ 322.382311][ T9254] do_syscall_64+0xfa/0x3b0 [ 322.382326][ T9254] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.382354][ T9254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.382371][ T9254] ? clear_bhb_loop+0x60/0xb0 [ 322.382393][ T9254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.382410][ T9254] RIP: 0033:0x7f0c3bf8e929 [ 322.382425][ T9254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.382440][ T9254] RSP: 002b:00007f0c3cd97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 322.382466][ T9254] RAX: ffffffffffffffda RBX: 00007f0c3c1b5fa0 RCX: 00007f0c3bf8e929 [ 322.382479][ T9254] RDX: 000000000000fee4 RSI: 0000200000847fff RDI: 0000000000000003 [ 322.382491][ T9254] RBP: 00007f0c3cd97090 R08: 000020000005ffe4 R09: 000000000000001c [ 322.382503][ T9254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.382514][ T9254] R13: 0000000000000000 R14: 00007f0c3c1b5fa0 R15: 00007ffe63916908 [ 322.382544][ T9254] [ 323.970173][ T9270] virt_wifi0 speed is unknown, defaulting to 1000 [ 324.047995][ T9270] mmap: syz.4.1006 (9270): VmData 45985792 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 324.099718][ T9270] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 324.325532][ T9284] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0 [ 324.354207][ T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 324.386846][ T9286] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1007'. [ 324.568963][ T9] usb 4-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 324.605502][ T9] usb 4-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3 [ 324.627864][ T9] usb 4-1: Product: syz [ 324.641110][ T24] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 324.643870][ T9] usb 4-1: Manufacturer: syz [ 324.907664][ T9] usb 4-1: SerialNumber: syz [ 324.915598][ T9] usb 4-1: config 0 descriptor?? [ 325.630946][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 325.644703][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.681993][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.692759][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 325.705906][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.872478][ T24] usb 5-1: config 0 descriptor?? [ 325.884780][ T24] hub 5-1:0.0: USB hub found [ 326.438586][ T24] hub 5-1:0.0: 1 port detected [ 327.081403][ T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 327.123788][ T9] asix 4-1:0.0: probe with driver asix failed with error -71 [ 327.150617][ T9] usb 4-1: USB disconnect, device number 17 [ 327.302616][ T9315] hfs: can't find a HFS filesystem on dev nullb0 [ 327.584821][ T9320] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1021'. [ 327.601842][ T9320] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1021'. [ 328.456371][ T24] hub 5-1:0.0: hub_ext_port_status failed (err = -32) [ 328.841537][ T24] usb 5-1: USB disconnect, device number 31 [ 329.547501][ T9338] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 330.315961][ T9356] FAULT_INJECTION: forcing a failure. [ 330.315961][ T9356] name failslab, interval 1, probability 0, space 0, times 0 [ 330.333618][ T9356] CPU: 0 UID: 0 PID: 9356 Comm: syz.0.1033 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 330.333648][ T9356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 330.333658][ T9356] Call Trace: [ 330.333669][ T9356] [ 330.333678][ T9356] dump_stack_lvl+0x189/0x250 [ 330.333702][ T9356] ? __pfx____ratelimit+0x10/0x10 [ 330.333731][ T9356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.333749][ T9356] ? __pfx__printk+0x10/0x10 [ 330.333776][ T9356] ? ref_tracker_alloc+0x318/0x460 [ 330.333802][ T9356] should_fail_ex+0x414/0x560 [ 330.333828][ T9356] should_failslab+0xa8/0x100 [ 330.333854][ T9356] kmem_cache_alloc_noprof+0x73/0x3c0 [ 330.333875][ T9356] ? skb_clone+0x212/0x3a0 [ 330.333900][ T9356] skb_clone+0x212/0x3a0 [ 330.333925][ T9356] __netlink_deliver_tap+0x404/0x850 [ 330.333957][ T9356] ? netlink_deliver_tap+0x2e/0x1b0 [ 330.333975][ T9356] netlink_deliver_tap+0x19c/0x1b0 [ 330.333995][ T9356] netlink_unicast+0x730/0x8e0 [ 330.334023][ T9356] netlink_sendmsg+0x805/0xb30 [ 330.334051][ T9356] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.334078][ T9356] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 330.334100][ T9356] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.334119][ T9356] __sock_sendmsg+0x219/0x270 [ 330.334147][ T9356] ____sys_sendmsg+0x505/0x830 [ 330.334172][ T9356] ? __pfx_____sys_sendmsg+0x10/0x10 [ 330.334201][ T9356] ? import_iovec+0x74/0xa0 [ 330.334223][ T9356] ___sys_sendmsg+0x21f/0x2a0 [ 330.334245][ T9356] ? __pfx____sys_sendmsg+0x10/0x10 [ 330.334302][ T9356] ? __fget_files+0x2a/0x420 [ 330.334316][ T9356] ? __fget_files+0x3a0/0x420 [ 330.334358][ T9356] __x64_sys_sendmsg+0x19b/0x260 [ 330.334381][ T9356] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 330.334410][ T9356] ? __pfx_ksys_write+0x10/0x10 [ 330.334437][ T9356] ? do_syscall_64+0xbe/0x3b0 [ 330.334457][ T9356] do_syscall_64+0xfa/0x3b0 [ 330.334471][ T9356] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.334493][ T9356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.334510][ T9356] ? clear_bhb_loop+0x60/0xb0 [ 330.334530][ T9356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.334547][ T9356] RIP: 0033:0x7ff59778e929 [ 330.334563][ T9356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.334577][ T9356] RSP: 002b:00007ff598551038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 330.334595][ T9356] RAX: ffffffffffffffda RBX: 00007ff5979b5fa0 RCX: 00007ff59778e929 [ 330.334607][ T9356] RDX: 0000000000044000 RSI: 0000200000000000 RDI: 0000000000000003 [ 330.334618][ T9356] RBP: 00007ff598551090 R08: 0000000000000000 R09: 0000000000000000 [ 330.334629][ T9356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.334638][ T9356] R13: 0000000000000000 R14: 00007ff5979b5fa0 R15: 00007fffe3745a78 [ 330.334667][ T9356] [ 330.994838][ T9360] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1032'. [ 331.853156][ T9371] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1038'. [ 331.914873][ T9371] program syz.0.1038 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 332.181025][ T24] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 332.332989][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 127, changing to 10 [ 332.361310][ T24] usb 1-1: New USB device found, idVendor=06a3, idProduct=0cd7, bcdDevice= 0.00 [ 332.383645][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.424873][ T24] usb 1-1: config 0 descriptor?? [ 332.860130][ T24] saitek 0003:06A3:0CD7.0004: item fetching failed at offset 0/3 [ 332.879667][ T24] saitek 0003:06A3:0CD7.0004: parse failed [ 332.896685][ T24] saitek 0003:06A3:0CD7.0004: probe with driver saitek failed with error -22 [ 333.020979][ T9384] overlayfs: failed to resolve './file1/file0': -2 [ 333.066675][ T9384] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 334.344766][ T9371] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 334.422621][ T5842] usb 1-1: USB disconnect, device number 32 [ 335.529321][ T9389] syz.1.1043: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 335.547461][ T9389] CPU: 1 UID: 0 PID: 9389 Comm: syz.1.1043 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 335.547486][ T9389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.547497][ T9389] Call Trace: [ 335.547505][ T9389] [ 335.547513][ T9389] dump_stack_lvl+0x189/0x250 [ 335.547542][ T9389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.547563][ T9389] ? __pfx__printk+0x10/0x10 [ 335.547586][ T9389] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 335.547609][ T9389] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 335.547633][ T9389] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 335.547656][ T9389] warn_alloc+0x214/0x310 [ 335.547680][ T9389] ? __pfx_warn_alloc+0x10/0x10 [ 335.547706][ T9389] ? __get_vm_area_node+0x28f/0x300 [ 335.547732][ T9389] ? translate_table+0x19b/0x2040 [ 335.547758][ T9389] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 335.547813][ T9389] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 335.547844][ T9389] ? rcu_is_watching+0x15/0xb0 [ 335.547865][ T9389] ? translate_table+0x19b/0x2040 [ 335.547892][ T9389] ? translate_table+0x19b/0x2040 [ 335.547912][ T9389] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 335.547939][ T9389] ? translate_table+0x19b/0x2040 [ 335.547958][ T9389] ? xt_alloc_table_info+0x3b/0xa0 [ 335.547988][ T9389] translate_table+0x19b/0x2040 [ 335.548026][ T9389] ? __lock_acquire+0xab9/0xd20 [ 335.548049][ T9389] ? __pfx_translate_table+0x10/0x10 [ 335.548073][ T9389] ? __might_fault+0xb0/0x130 [ 335.548118][ T9389] ? _copy_from_user+0x94/0xb0 [ 335.548143][ T9389] do_ip6t_set_ctl+0x970/0xce0 [ 335.548174][ T9389] ? rcu_is_watching+0x15/0xb0 [ 335.548193][ T9389] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 335.548233][ T9389] ? __pfx___mutex_lock+0x10/0x10 [ 335.548251][ T9389] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 335.548273][ T9389] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.548310][ T9389] nf_setsockopt+0x26f/0x290 [ 335.548336][ T9389] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 335.548353][ T9389] do_sock_setsockopt+0x25a/0x3e0 [ 335.548375][ T9389] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 335.548402][ T9389] ? __fget_files+0x2a/0x420 [ 335.548428][ T9389] __x64_sys_setsockopt+0x18b/0x220 [ 335.548454][ T9389] do_syscall_64+0xfa/0x3b0 [ 335.548472][ T9389] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.548486][ T9389] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 335.548502][ T9389] ? clear_bhb_loop+0x60/0xb0 [ 335.548520][ T9389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.548535][ T9389] RIP: 0033:0x7fe6d778e929 [ 335.548551][ T9389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.548564][ T9389] RSP: 002b:00007fe6d85fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 335.548582][ T9389] RAX: ffffffffffffffda RBX: 00007fe6d79b6160 RCX: 00007fe6d778e929 [ 335.548593][ T9389] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 335.548603][ T9389] RBP: 00007fe6d7810b39 R08: 0000000000000350 R09: 0000000000000000 [ 335.548614][ T9389] R10: 0000200000000d40 R11: 0000000000000246 R12: 0000000000000000 [ 335.548624][ T9389] R13: 0000000000000000 R14: 00007fe6d79b6160 R15: 00007ffc09e854b8 [ 335.548647][ T9389] [ 335.548668][ T9389] Mem-Info: [ 335.878077][ T9389] active_anon:2191 inactive_anon:10231 isolated_anon:0 [ 335.878077][ T9389] active_file:6118 inactive_file:45300 isolated_file:0 [ 335.878077][ T9389] unevictable:768 dirty:280 writeback:0 [ 335.878077][ T9389] slab_reclaimable:10556 slab_unreclaimable:98988 [ 335.878077][ T9389] mapped:37451 shmem:9033 pagetables:1383 [ 335.878077][ T9389] sec_pagetables:0 bounce:0 [ 335.878077][ T9389] kernel_misc_reclaimable:0 [ 335.878077][ T9389] free:1293029 free_pcp:14654 free_cma:0 [ 335.924990][ T9389] Node 0 active_anon:8764kB inactive_anon:40924kB active_file:24232kB inactive_file:181196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:149800kB dirty:1116kB writeback:0kB shmem:34596kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12484kB pagetables:5416kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 335.959679][ T9389] Node 1 active_anon:0kB inactive_anon:0kB active_file:240kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 335.991295][ T9389] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 336.021490][ T9389] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 336.027773][ T9389] Node 0 DMA32 free:1257596kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8792kB inactive_anon:40788kB active_file:22464kB inactive_file:181128kB unevictable:1536kB writepending:1124kB present:3129332kB managed:2560904kB mlocked:0kB bounce:0kB free_pcp:39808kB local_pcp:16548kB free_cma:0kB [ 336.061059][ T9389] lowmem_reserve[]: 0 0 1 1 1 [ 336.065869][ T9389] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:48kB active_file:1768kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 336.095172][ T9389] lowmem_reserve[]: 0 0 0 0 0 [ 336.099885][ T9389] Node 1 Normal free:3899116kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:240kB inactive_file:4kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18816kB local_pcp:11136kB free_cma:0kB [ 336.132538][ T9389] lowmem_reserve[]: 0 0 0 0 0 [ 336.137253][ T9389] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 336.149903][ T9389] Node 0 DMA32: 732*4kB (M) 295*8kB (M) 75*16kB (UME) 7*32kB (UME) 203*64kB (ME) 31*128kB (ME) 12*256kB (UME) 6*512kB (M) 5*1024kB (M) 3*2048kB (M) 297*4096kB (M) = 1257592kB [ 336.167444][ T9389] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 336.179298][ T9389] Node 1 Normal: 211*4kB (UME) 56*8kB (UE) 42*16kB (UME) 78*32kB (UE) 20*64kB (UME) 7*128kB (UME) 3*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3899116kB [ 336.197467][ T9389] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 336.207060][ T9389] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 336.216494][ T9389] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 336.253843][ T9389] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 336.291308][ T9389] 60467 total pagecache pages [ 336.296051][ T9389] 0 pages in swap cache [ 336.300200][ T9389] Free swap = 124996kB [ 336.306894][ T9389] Total swap = 124996kB [ 336.311205][ T9389] 2097051 pages RAM [ 336.315194][ T9389] 0 pages HighMem/MovableOnly [ 336.319873][ T9389] 424718 pages reserved [ 336.325328][ T9389] 0 pages cma reserved [ 336.968893][ T5842] libceph: connect (1)[c::]:6789 error -22 [ 336.982830][ T5842] libceph: mon0 (1)[c::]:6789 connect error [ 337.143173][ T9408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1050'. [ 337.187293][ T9408] bond_slave_0: entered promiscuous mode [ 337.193083][ T9408] bond_slave_1: entered promiscuous mode [ 337.224296][ T9408] macvlan2: entered promiscuous mode [ 337.229677][ T9408] bond0: entered promiscuous mode [ 337.240690][ T9408] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 337.688875][ T5842] libceph: connect (1)[c::]:6789 error -22 [ 337.787055][ T5842] libceph: mon0 (1)[c::]:6789 connect error [ 337.864154][ T9399] ceph: No mds server is up or the cluster is laggy [ 338.956384][ T9422] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 4294967272. macoff=96 [ 340.161229][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1053'. [ 340.866748][ T9447] hfs: can't find a HFS filesystem on dev nullb0 [ 341.887867][ T9458] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 341.926029][ T9441] netlink: 452 bytes leftover after parsing attributes in process `syz.0.1058'. [ 447.150786][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 447.157803][ C1] rcu: 0-...!: (1 GPs behind) idle=9dd4/1/0x4000000000000000 softirq=40935/40936 fqs=0 [ 447.168590][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P48/1:b..l [ 447.176353][ C1] rcu: (detected by 1, t=10505 jiffies, g=32317, q=5378 ncpus=2) [ 447.184197][ C1] Sending NMI from CPU 1 to CPUs 0: [ 447.184233][ C0] NMI backtrace for cpu 0 [ 447.184256][ C0] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 447.184276][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 447.184289][ C0] RIP: 0010:advance_sched+0x3e9/0xc90 [ 447.184314][ C0] Code: 4c 8b 3c 24 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 e7 e8 0e e9 99 f8 49 8b 87 10 01 00 00 <48> 89 44 24 28 4d 8d b7 28 01 00 00 4c 89 f0 48 c1 e8 03 49 bc 00 [ 447.184328][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00000046 [ 447.184342][ C0] RAX: ffff888056713540 RBX: 0000000000000000 RCX: dffffc0000000000 [ 447.184353][ C0] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 185ab44718000000 [ 447.184364][ C0] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004 [ 447.184373][ C0] R10: dffffc0000000000 R11: fffff52000000f7c R12: ffff888056712d10 [ 447.184385][ C0] R13: ffff8880288f2000 R14: 185ab44718000000 R15: ffff888056712c00 [ 447.184397][ C0] FS: 000055557cb6c500(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000 [ 447.184410][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 447.184421][ C0] CR2: 000000110c2b7b62 CR3: 00000000738b0000 CR4: 00000000003526f0 [ 447.184436][ C0] Call Trace: [ 447.184448][ C0] [ 447.184464][ C0] ? __pfx_advance_sched+0x10/0x10 [ 447.184483][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 447.184511][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 447.184526][ C0] ? read_tsc+0x9/0x20 [ 447.184551][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 447.184580][ C0] __sysvec_apic_timer_interrupt+0x108/0x410 [ 447.184599][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 447.184622][ C0] [ 447.184627][ C0] [ 447.184634][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 447.184650][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 447.184665][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 ab d1 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 447.184677][ C0] RSP: 0018:ffffc9000418f2e8 EFLAGS: 00000206 [ 447.184690][ C0] RAX: caf8784c1cf07a00 RBX: 0000000000000000 RCX: caf8784c1cf07a00 [ 447.184701][ C0] RDX: 0000000000000000 RSI: ffffffff8db71d8d RDI: ffffffff8be1ca40 [ 447.184712][ C0] RBP: ffffffff822cb2cd R08: 0000000000000000 R09: ffffffff822cb2cd [ 447.184723][ C0] R10: dffffc0000000000 R11: fffff94000350121 R12: 0000000000000002 [ 447.184734][ C0] R13: ffffffff8e13f160 R14: 0000000000000000 R15: 0000000000000246 [ 447.184746][ C0] ? page_table_check_set+0x18d/0x730 [ 447.184768][ C0] ? page_table_check_set+0x18d/0x730 [ 447.184794][ C0] ? pfn_valid+0xba/0x490 [ 447.184815][ C0] ? pfn_valid+0xba/0x490 [ 447.184834][ C0] ? page_table_check_set+0x18d/0x730 [ 447.184855][ C0] page_table_check_set+0x1aa/0x730 [ 447.184875][ C0] ? page_table_check_set+0x18d/0x730 [ 447.184898][ C0] copy_pmd_range+0x4262/0x7000 [ 447.184927][ C0] ? stack_depot_save_flags+0x40/0x900 [ 447.184965][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 447.184989][ C0] ? copy_page_range+0x28f/0x1270 [ 447.185011][ C0] copy_page_range+0xc46/0x1270 [ 447.185027][ C0] ? __lock_acquire+0xab9/0xd20 [ 447.185052][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 447.185072][ C0] ? up_write+0x1c4/0x420 [ 447.185088][ C0] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 447.185107][ C0] dup_mmap+0xf57/0x1ac0 [ 447.185137][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 447.185162][ C0] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 447.185179][ C0] ? mm_init+0xc68/0xec0 [ 447.185199][ C0] copy_mm+0x13c/0x4b0 [ 447.185216][ C0] ? copy_process+0x978/0x3b80 [ 447.185232][ C0] copy_process+0x16d3/0x3b80 [ 447.185253][ C0] ? copy_process+0x978/0x3b80 [ 447.185278][ C0] ? __pfx_copy_process+0x10/0x10 [ 447.185296][ C0] ? __handle_mm_fault+0x1144/0x5620 [ 447.185318][ C0] kernel_clone+0x224/0x7f0 [ 447.185338][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 447.185365][ C0] __x64_sys_clone+0x18b/0x1e0 [ 447.185383][ C0] ? count_memcg_event_mm+0x21/0x260 [ 447.185402][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 447.185429][ C0] ? do_user_addr_fault+0xc8a/0x1390 [ 447.185453][ C0] ? do_syscall_64+0xbe/0x3b0 [ 447.185469][ C0] do_syscall_64+0xfa/0x3b0 [ 447.185483][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 447.185503][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.185518][ C0] ? clear_bhb_loop+0x60/0xb0 [ 447.185535][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.185550][ C0] RIP: 0033:0x7f3ab6985193 [ 447.185566][ C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 447.185578][ C0] RSP: 002b:00007ffe09a3cb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 447.185593][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3ab6985193 [ 447.185604][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 447.185614][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 447.185623][ C0] R10: 000055557cb6c7d0 R11: 0000000000000246 R12: 0000000000000000 [ 447.185633][ C0] R13: 00000000000927c0 R14: 00000000000536b9 R15: 00007ffe09a3cca0 [ 447.185652][ C0] [ 447.186222][ C1] task:kworker/u8:3 state:R running task stack:21992 pid:48 tgid:48 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 447.719640][ C1] Workqueue: iou_exit io_ring_exit_work [ 447.725204][ C1] Call Trace: [ 447.728511][ C1] [ 447.731461][ C1] __schedule+0x16a2/0x4cb0 [ 447.736004][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 447.741305][ C1] ? __pfx___schedule+0x10/0x10 [ 447.746169][ C1] ? __lock_acquire+0xab9/0xd20 [ 447.751033][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 447.756331][ C1] preempt_schedule_irq+0xb5/0x150 [ 447.761451][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 447.767217][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 447.773050][ C1] irqentry_exit+0x6f/0x90 [ 447.777570][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 447.783552][ C1] RIP: 0010:lock_acquire+0xb9/0x360 [ 447.788753][ C1] Code: 9c bd 02 0e 00 0f 84 fa 00 00 00 65 8b 05 9f 12 ff 10 85 c0 0f 85 eb 00 00 00 65 48 8b 04 25 08 10 9d 92 83 b8 ec 0a 00 00 00 <0f> 85 d5 00 00 00 48 c7 44 24 30 00 00 00 00 9c 8f 44 24 30 4c 89 [ 447.808386][ C1] RSP: 0018:ffffc90000b87338 EFLAGS: 00000246 [ 447.814489][ C1] RAX: ffff88801be99e00 RBX: 0000000000000000 RCX: 885d34bbe7e95900 [ 447.822464][ C1] RDX: 0000000000000000 RSI: ffffffff8172ab02 RDI: 1ffffffff1c27e2c [ 447.830440][ C1] RBP: ffffffff8172aae5 R08: 0000000000000000 R09: 0000000000000000 [ 447.838412][ C1] R10: ffffc90000b874f8 R11: ffffffff81ad0290 R12: 0000000000000002 [ 447.846389][ C1] R13: ffffffff8e13f160 R14: 0000000000000000 R15: 0000000000000000 [ 447.854373][ C1] ? unwind_next_frame+0xa5/0x2390 [ 447.859498][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 447.865664][ C1] ? unwind_next_frame+0xc2/0x2390 [ 447.870789][ C1] ? lock_acquire+0x8d/0x360 [ 447.875389][ C1] ? unwind_next_frame+0xa5/0x2390 [ 447.880503][ C1] ? kasan_save_stack+0x3e/0x60 [ 447.885364][ C1] ? unwind_next_frame+0xa5/0x2390 [ 447.890479][ C1] unwind_next_frame+0xc2/0x2390 [ 447.895428][ C1] ? unwind_next_frame+0xa5/0x2390 [ 447.900556][ C1] ? unwind_next_frame+0xa5/0x2390 [ 447.905669][ C1] ? stack_trace_save+0x9c/0xe0 [ 447.910542][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 447.916792][ C1] arch_stack_walk+0x11c/0x150 [ 447.921571][ C1] ? kasan_save_stack+0x3e/0x60 [ 447.926431][ C1] stack_trace_save+0x9c/0xe0 [ 447.931236][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 447.936749][ C1] ? kasan_save_track+0x4f/0x80 [ 447.941622][ C1] ? kasan_save_track+0x3e/0x80 [ 447.946664][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 447.951491][ C1] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 447.957045][ C1] ? kmem_cache_free+0x166/0x400 [ 447.961994][ C1] ? __io_req_caches_free+0x8f/0x140 [ 447.967374][ C1] ? io_req_caches_free+0x21/0x30 [ 447.972402][ C1] ? io_ring_exit_work+0x415/0x930 [ 447.977520][ C1] kasan_save_stack+0x3e/0x60 [ 447.982202][ C1] ? kasan_save_stack+0x3e/0x60 [ 447.987113][ C1] ? __phys_addr+0xd3/0x180 [ 447.991626][ C1] ? __io_req_caches_free+0x8f/0x140 [ 447.996914][ C1] kasan_record_aux_stack+0xbd/0xd0 [ 448.002122][ C1] kmem_cache_free+0x2f6/0x400 [ 448.006911][ C1] __io_req_caches_free+0x8f/0x140 [ 448.012063][ C1] io_req_caches_free+0x21/0x30 [ 448.016954][ C1] io_ring_exit_work+0x415/0x930 [ 448.021937][ C1] ? __pfx_io_ring_exit_work+0x10/0x10 [ 448.027521][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 448.032756][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 448.038494][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 448.044247][ C1] process_scheduled_works+0xade/0x17b0 [ 448.049872][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 448.055917][ C1] worker_thread+0x8a0/0xda0 [ 448.060564][ C1] kthread+0x711/0x8a0 [ 448.064652][ C1] ? __pfx_worker_thread+0x10/0x10 [ 448.069767][ C1] ? __pfx_kthread+0x10/0x10 [ 448.074367][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 448.079571][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.084776][ C1] ? __pfx_kthread+0x10/0x10 [ 448.089385][ C1] ret_from_fork+0x3fc/0x770 [ 448.093981][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 448.099106][ C1] ? __switch_to_asm+0x39/0x70 [ 448.103879][ C1] ? __switch_to_asm+0x33/0x70 [ 448.108655][ C1] ? __pfx_kthread+0x10/0x10 [ 448.113257][ C1] ret_from_fork_asm+0x1a/0x30 [ 448.118040][ C1] [ 448.121062][ C1] rcu: rcu_preempt kthread starved for 10505 jiffies! g32317 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 448.132256][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 448.142232][ C1] rcu: RCU grace-period kthread stack dump: [ 448.148141][ C1] task:rcu_preempt state:R running task stack:27320 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 448.161755][ C1] Call Trace: [ 448.165063][ C1] [ 448.168020][ C1] __schedule+0x16a2/0x4cb0 [ 448.172576][ C1] ? schedule+0x165/0x360 [ 448.176946][ C1] ? __pfx___schedule+0x10/0x10 [ 448.181840][ C1] ? schedule+0x91/0x360 [ 448.186123][ C1] schedule+0x165/0x360 [ 448.190323][ C1] schedule_timeout+0x12b/0x270 [ 448.195190][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 448.200570][ C1] ? __pfx_process_timeout+0x10/0x10 [ 448.205868][ C1] ? prepare_to_swait_event+0x341/0x380 [ 448.211429][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 448.216304][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 448.221280][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.226504][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 448.231813][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 448.237033][ C1] rcu_gp_kthread+0x99/0x390 [ 448.241745][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 448.246945][ C1] ? __kthread_parkme+0x7b/0x200 [ 448.251887][ C1] ? __kthread_parkme+0x1a1/0x200 [ 448.256928][ C1] kthread+0x711/0x8a0 [ 448.261006][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 448.266225][ C1] ? __pfx_kthread+0x10/0x10 [ 448.270864][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 448.276099][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.281879][ C1] ? __pfx_kthread+0x10/0x10 [ 448.286684][ C1] ret_from_fork+0x3fc/0x770 [ 448.291283][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 448.296408][ C1] ? __switch_to_asm+0x39/0x70 [ 448.301183][ C1] ? __switch_to_asm+0x33/0x70 [ 448.306611][ C1] ? __pfx_kthread+0x10/0x10 [ 448.311237][ C1] ret_from_fork_asm+0x1a/0x30 [ 448.316042][ C1] [ 448.319085][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 448.325426][ C1] CPU: 1 UID: 0 PID: 9457 Comm: syz.4.1063 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 448.337441][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 448.347510][ C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 448.354192][ C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 c0 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 6b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 50 74 0b [ 448.373809][ C1] RSP: 0018:ffffc9001ab974a0 EFLAGS: 00000293 [ 448.379885][ C1] RAX: ffffffff81b4c100 RBX: ffff8880b873b040 RCX: ffff888027b41e00 [ 448.387857][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 448.395828][ C1] RBP: ffffc9001ab97600 R08: ffffffff8fa0c9f7 R09: 1ffffffff1f4193e [ 448.403804][ C1] R10: dffffc0000000000 R11: ffffffff81704100 R12: 1ffff110170c835d [ 448.411778][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8641ae8 [ 448.419753][ C1] FS: 0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000 [ 448.428685][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 448.435267][ C1] CR2: 00007ff59850ef98 CR3: 0000000073802000 CR4: 00000000003526f0 [ 448.443242][ C1] Call Trace: [ 448.446587][ C1] [ 448.449535][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 448.455873][ C1] ? free_pgd_range+0x144b/0x14c0 [ 448.461348][ C1] ? rcu_is_watching+0x15/0xb0 [ 448.466125][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 448.471331][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 448.476454][ C1] flush_tlb_mm_range+0x6b1/0x12c0 [ 448.481594][ C1] ? free_pgtables+0xa12/0xaf0 [ 448.486362][ C1] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 448.491916][ C1] ? __pfx_free_pgtables+0x10/0x10 [ 448.497035][ C1] tlb_flush_mmu+0x1a7/0x680 [ 448.501633][ C1] ? __pfx_down_write+0x10/0x10 [ 448.506492][ C1] tlb_finish_mmu+0xc3/0x1d0 [ 448.511090][ C1] exit_mmap+0x44c/0xb50 [ 448.515340][ C1] ? uprobe_clear_state+0x20f/0x290 [ 448.520550][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 448.525326][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 448.530976][ C1] ? __pfx_exit_aio+0x10/0x10 [ 448.535676][ C1] ? uprobe_clear_state+0x274/0x290 [ 448.540916][ C1] ? mm_update_next_owner+0xa7/0x870 [ 448.546211][ C1] __mmput+0x118/0x410 [ 448.550287][ C1] exit_mm+0x1da/0x2c0 [ 448.554367][ C1] ? __pfx_exit_mm+0x10/0x10 [ 448.558964][ C1] ? rcu_is_watching+0x15/0xb0 [ 448.563734][ C1] do_exit+0x648/0x22e0 [ 448.567905][ C1] ? do_raw_spin_lock+0x121/0x290 [ 448.572937][ C1] ? __pfx_do_exit+0x10/0x10 [ 448.577556][ C1] do_group_exit+0x21c/0x2d0 [ 448.582152][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.587363][ C1] get_signal+0x125e/0x1310 [ 448.591893][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 448.597457][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 448.603645][ C1] ? exit_to_user_mode_loop+0x40/0x110 [ 448.609629][ C1] exit_to_user_mode_loop+0x75/0x110 [ 448.614916][ C1] do_syscall_64+0x2bd/0x3b0 [ 448.619505][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.624722][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.630791][ C1] ? clear_bhb_loop+0x60/0xb0 [ 448.635554][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.641535][ C1] RIP: 0033:0x7f8f9f38e929 [ 448.645958][ C1] Code: Unable to access opcode bytes at 0x7f8f9f38e8ff. [ 448.652997][ C1] RSP: 002b:00007f8fa02a50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 448.661454][ C1] RAX: fffffffffffffe00 RBX: 00007f8f9f5b5fa8 RCX: 00007f8f9f38e929 [ 448.669441][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8f9f5b5fa8 [ 448.677419][ C1] RBP: 00007f8f9f5b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 448.685415][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f9f5b5fac [ 448.693505][ C1] R13: 0000000000000000 R14: 00007ffe1b1e7390 R15: 00007ffe1b1e7478 [ 448.701506][ C1]