last executing test programs: 7.261815971s ago: executing program 3 (id=1067): pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) splice(r0, 0x0, r2, 0x0, 0x10d00, 0xf) 7.17311339s ago: executing program 3 (id=1068): socket$can_raw(0x1d, 0x3, 0x1) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x2, 0x0, &(0x7f0000000340)="b9ff", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) close(r0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 6.222151003s ago: executing program 1 (id=1071): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x200001, 0x10100, 0x0, 0x172}, &(0x7f0000000180)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0}) io_uring_enter(r2, 0x3f80, 0x3697, 0x25, 0x0, 0x0) r5 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2) socket$nl_route(0x10, 0x3, 0x0) fcntl$setlease(r5, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x1000000) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xbf, 0x9, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8910, 0x0, 0x0) r6 = syz_open_dev$vbi(0x0, 0x0, 0x2) dup2(0xffffffffffffffff, r6) openat$sysfs(0xffffffffffffff9c, 0x0, 0x1a1081, 0x18) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0) capset(0x0, 0x0) r7 = socket(0x11, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, 0x0) syz_io_uring_submit(r10, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) bind$packet(r7, &(0x7f0000000080)={0x11, 0xf7, r9, 0x1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x14) 6.119147964s ago: executing program 0 (id=1073): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000008"], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60a80, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4) ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f00000003c0)={0xc, @raw_data="ce2f59c479aff5abf2deeb9a2e1e3be3e67f28c9161bffb3c30bda70460b4df2bf9738d39d28209f4fac1aa9d700fd788004072e3e9092d7accc98ee527b203a4bd11064f07b2c6e0ba344759bad9a3ffeeb95dde5cbae8e1822f7d78e63f336a29f980c8800b43c732c1c6d3549922240e1e4b1e461260d2e8bc7d990ca407541fb22b64ab3ca7af3116ba30cb3dbd017a88f95113b1aacd84bb9f78a9f8346be1788d56f3448eca18d4fcc438a84f1a2894c96d9e7a13293eba8f2e33f032358ab5643108703db"}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) writev(r2, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 5.878146994s ago: executing program 2 (id=1075): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x1, 0x0) close(r1) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0xa002a008}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) capset(&(0x7f0000000180)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x9, 0xffffffff}) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001100010000002700000000000000000a"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24008010) sendmsg$NFT_MSG_GETTABLE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000010a030000400000020000000900010073797ab000000000fad0e3cb8465f10969911e61f900000000"], 0x20}, 0x1, 0x0, 0x0, 0x4008000}, 0x20040) r4 = openat$cuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r4, &(0x7f0000002300)={0x2020}, 0x2020) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f0000555000/0x2000)=nil, 0x2000, 0x200000a) openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x482000) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x42, 0x1ff) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x100) openat$cgroup_procs(r5, 0x0, 0x2, 0x0) syz_open_dev$usbfs(0x0, 0x9, 0x305800) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000200)='./file0/file0\x00', 0x4c001, 0x10) sendmsg$NFULNL_MSG_CONFIG(r6, 0x0, 0x0) 5.848111753s ago: executing program 0 (id=1076): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x1d, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xb8}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000001040168b800000000000000000004000500010001"], 0x1c}}, 0x10) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r6, r4, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r9, 0x107, 0x1, &(0x7f0000000100)={r7, 0x1, 0x6, @remote}, 0x10) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r7, {0x7}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 5.790594465s ago: executing program 3 (id=1077): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000240)="15", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0xfffffffd, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0xff, 0x5, 0x9, 0xf, 0x0, 0x16, 0x20, 0x7e, 0x3d, 0x3, 0x7f, 0x7, 0xa0, 0x57}, 0xe) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50) read$FUSE(r1, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r4, r1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) sendfile(r5, r6, 0x0, 0xff7e82) recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)=""/25, 0x19}], 0x1}, 0xfffffffb}], 0x1, 0x121, 0x0) 5.52568124s ago: executing program 2 (id=1078): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, &(0x7f0000000080)=0x2, 0x4) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec309d59191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) lsm_get_self_attr(0x64, &(0x7f0000000480)={0x0, 0x0, 0xdf, 0xbf, ""/191}, &(0x7f00000000c0)=0xdf, 0x1) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x1c8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/218, 0xda}], 0x1, &(0x7f0000000580)=""/193, 0xc1}, 0x3}, {{&(0x7f00000006c0)=@generic, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000740)=""/210, 0xd2}, {&(0x7f0000000840)=""/88, 0x58}, {&(0x7f00000008c0)=""/152, 0x98}, {&(0x7f0000000980)=""/41, 0x29}, {&(0x7f00000009c0)=""/108, 0x6c}, {&(0x7f0000000a40)=""/42, 0x2a}], 0x6, &(0x7f0000000ac0)=""/252, 0xfc}, 0xfffff468}, {{&(0x7f0000003a80)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000c40)=""/127, 0x7f}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f0000000cc0)=""/39, 0x27}, {&(0x7f0000000d00)=""/194, 0xc2}], 0x4, &(0x7f0000000e40)=""/40, 0x28}, 0xec}, {{&(0x7f0000000e80)=@rc={0x1f, @none}, 0x80, &(0x7f0000001000)=[{&(0x7f0000000f00)=""/158, 0x9e}, {&(0x7f0000000fc0)=""/23, 0x17}, {&(0x7f0000001080)=""/205, 0xcd}], 0x3, &(0x7f0000001180)=""/106, 0x6a}, 0xfff}, {{&(0x7f0000003600)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000001280)=""/145, 0x91}, {&(0x7f0000001340)=""/240, 0xf0}, {&(0x7f00000034c0)=""/248, 0xf8}], 0x3, &(0x7f00000035c0)=""/38, 0x26}, 0xfffffffa}, {{&(0x7f0000000bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000003880)=[{&(0x7f0000003680)=""/156, 0x9c}, {&(0x7f0000003740)=""/198, 0xc6}, {&(0x7f0000003840)=""/12, 0xc}], 0x3, &(0x7f00000038c0)=""/206, 0xce}, 0x5}], 0x6, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) ioctl$SOUND_PCM_READ_CHANNELS(0xffffffffffffffff, 0x80045006, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0) write$6lowpan_control(r4, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r5, 0xc08, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x10) 5.052843854s ago: executing program 3 (id=1080): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000100)={0x2}) pipe2(&(0x7f00000000c0), 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000180)=0x88) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_dev$media(&(0x7f0000000000), 0x1, 0x2) pwrite64(r5, 0x0, 0x0, 0x14f) connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f0000001ac0)=[{{&(0x7f0000000380)=@vsock, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000400)=""/137}, {&(0x7f00000004c0)=""/133}, {&(0x7f00000005c0)=""/172}, {&(0x7f0000000680)=""/106}, {&(0x7f0000000700)=""/4096}, {&(0x7f0000001700)=""/206}, {&(0x7f0000001800)=""/72}, {&(0x7f0000001880)=""/139}, {&(0x7f0000001940)=""/148}], 0x0, &(0x7f0000001a80)=""/31}, 0x9}], 0xa7c4, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x200080, 0x0) r6 = socket$inet6(0xa, 0x1, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r8, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet6_tcp_int(r6, 0x6, 0x22, &(0x7f00000002c0)=0x6, 0x4) 5.00595939s ago: executing program 1 (id=1081): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x8050) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000180)={0x0, 0x5, 0x1, [0x7]}, 0xa) 4.967534441s ago: executing program 0 (id=1082): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, 0xe, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x844}, 0x4) (fail_nth: 9) 4.686030046s ago: executing program 1 (id=1084): mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8cffff66) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0x4, 0x0, 0x0, 0x8, 0xb, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x1000, 0x4, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x10000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xf7, 0xdd, 0x8, 0x0, 0x4}, {0x0, 0xdddd0000, 0x8, 0x6, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c, 0x7d}, {0x0, 0xeeef0000, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80, 0x40}, {0x8080000, 0x0, 0x10, 0x6, 0x5, 0x0, 0xe8}, {0x0, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc, 0x26, 0x3, 0x10}, {0xf000}, {0xeeef0000, 0xfffc}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0x6, 0xf801, 0x0, [0x0, 0x0, 0x1]}) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000004380), 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80, 0x23456}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000011c0)=0x0) waitid(0x0, r6, &(0x7f0000001240), 0x4, &(0x7f00000012c0)) syz_io_uring_setup(0x4616, &(0x7f0000001000)={0x0, 0xbce1, 0x80, 0x3, 0x13f}, &(0x7f0000001080), &(0x7f00000010c0)=0x0) clock_gettime(0x0, &(0x7f0000001100)={0x0, 0x0}) syz_io_uring_submit(r4, r7, &(0x7f0000001180)=@IORING_OP_TIMEOUT={0xb, 0x24, 0x0, 0x0, 0xa, &(0x7f0000001140)={r8, r9+10000000}, 0x1, 0x9bf1cc367c6a2fad, 0x1}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r3, 0x5502, 0x0) r10 = openat$uinput(0xffffff9c, &(0x7f0000001200), 0x802, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000001340)={0x2, 0x2, 0x2, 0x401}) ioctl$FS_IOC_FSGETXATTR(r10, 0x801c581f, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r11 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r11, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000002000)=[{0x200000000006, 0x1, 0x1, 0x7ffc1ff8}]}) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r13, &(0x7f00000bd000), 0x318, 0x0) 4.47572373s ago: executing program 0 (id=1085): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x80000006}]}, 0x8) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) fspick(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x20001, 0x0) write$vga_arbiter(r5, &(0x7f0000000280)=@other={'trylock', ' ', 'io'}, 0x9) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c00008fb5041b0100000000000000000a0000000600074000030000"], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x5000) ioctl$BTRFS_IOC_SEND(r4, 0x40449426, &(0x7f0000000140)={{r6}, 0x7, &(0x7f00000000c0)=[0xfab, 0x9, 0x101, 0x4, 0x0, 0xfffffffffffffffd, 0x4], 0x9, 0x2, 0x1}) socket$netlink(0x10, 0x3, 0xa) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioprio_get$pid(0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000006d9000085"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0) write$cgroup_int(r7, 0x0, 0x0) 4.413842735s ago: executing program 4 (id=1086): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000008"], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x60a80, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4) ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f00000003c0)={0xc, @raw_data="ce2f59c479aff5abf2deeb9a2e1e3be3e67f28c9161bffb3c30bda70460b4df2bf9738d39d28209f4fac1aa9d700fd788004072e3e9092d7accc98ee527b203a4bd11064f07b2c6e0ba344759bad9a3ffeeb95dde5cbae8e1822f7d78e63f336a29f980c8800b43c732c1c6d3549922240e1e4b1e461260d2e8bc7d990ca407541fb22b64ab3ca7af3116ba30cb3dbd017a88f95113b1aacd84bb9f78a9f8346be1788d56f3448eca18d4fcc438a84f1a2894c96d9e7a13293eba8f2e33f032358ab5643108703db"}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) writev(r2, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1) 4.107015949s ago: executing program 4 (id=1087): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x1, 0x0) close(r1) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x7c, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0xa002a008}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000010a030000400000020000000900010073797ab000000000fad0e3cb8465f10969911e61f900000000"], 0x20}, 0x1, 0x0, 0x0, 0x85}, 0x20040) r3 = openat$cuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r3, &(0x7f0000002300)={0x2020, 0x0, 0x0}, 0x2020) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x482000) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x42, 0x1ff) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x100) openat$cgroup_procs(r5, 0x0, 0x2, 0x0) syz_open_dev$usbfs(0x0, 0x9, 0x305800) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000200)='./file0/file0\x00', 0x4c001, 0x10) sendmsg$NFULNL_MSG_CONFIG(r6, 0x0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x1800) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0xfffffffffffffffe, r4, {0x7, 0x2b, 0x9, 0x60000004, 0x3, 0x1f, 0xecf, 0x2956155b, 0x0, 0x0, 0x100, 0x1}}, 0x50) 3.72758809s ago: executing program 4 (id=1088): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x2, 0x0, &(0x7f0000000340)="b9ff", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) close(r0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 3.24640358s ago: executing program 1 (id=1089): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6949c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c3522fff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041afc61529260e6c4046d55927c96dcce1", 0x7e}, {&(0x7f00000007c0)="02999344565d9c61d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e432bcb0330483c", 0x41}, {&(0x7f0000000f00)="ec75d081fcb70000000000000000bb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d5761910df91e34b3b98e2f71054226c3b00b9ee6ae29f0b07bc6fe7981126ca8e32b991faed3b0293e4004c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d401feffffffffffff", 0x9f}, {0x0}], 0x4}}], 0x1, 0x20008000) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) 3.222924642s ago: executing program 3 (id=1090): creat(&(0x7f0000002440)='./file0\x00', 0x185) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0) setxattr$incfs_metadata(&(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, 0x0, 0x1) lgetxattr(&(0x7f00000026c0)='./file0\x00', &(0x7f0000002700)=@random={'user.', 'veth1_to_batadv\x00'}, 0x0, 0x0) 3.010115383s ago: executing program 3 (id=1091): move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, 0x0, 0x0) mprotect(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000004) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x800, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x4, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0xfffe, 0x7, @mcast2}, {0xa, 0x0, 0xb, @mcast1}}}, 0x48) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x20000000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$netlink(0x10, 0x3, 0x0) mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0xc0c0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="0100ffffffff000000001c0000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x703d33dc4b18a98e}, 0x4000855) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) 2.888934793s ago: executing program 4 (id=1092): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x1d, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xb8}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000001040168b800000000000000000004000500010001"], 0x1c}}, 0x10) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r6, r4, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r9, 0x107, 0x1, &(0x7f0000000100)={r7, 0x1, 0x6, @remote}, 0x10) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r7, {0x7}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 2.201292907s ago: executing program 1 (id=1093): unshare(0x62040200) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0}, &(0x7f00000000c0)=0x839352b8218490eb) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) chown(&(0x7f0000000200)='./file0\x00', r3, 0x0) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x480) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00') syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x3, 0x14}, @l2cap_cid_le_signaling={{0x10}, @l2cap_ecred_reconf_req={{0x19, 0x6, 0xc}, {0x200, 0x43, [0x7, 0x5, 0xff00, 0x101]}}}}, 0x19) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000180)={0x3, 'netpci0\x00', {0x1}, 0x4}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYRESDEC=r5], 0x20}, 0x1, 0x0, 0x0, 0x20040085}, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="1400000006d2c3a056b44ad588bcc2e79f7682", @ANYRES16=r7, @ANYBLOB="030327d57c00020000002a000000fcdd80825e5eeb44f4fcb879e970ea3fb4732476997760d8d7af85839086f981a6aa7e5430d0e0141052219f1fe6764cfd6ffadc325ce9d37e34b8e7d420374d031ad8476a0a9bf097cf0d1fbd995042cd0a82ec38b216b769b26a149aafed772a449de4ae1c7ab07e91e1885a133fe658e9a7f6cbe193169fa23d2333543c91fda5e0cb4dfb25ec522f6d358c2b0e45ae462eaadb33183f75d1be493f5a0c5341a394ff7c07d42a725a85721b32f1f4f8cf1a1b0b8ae83768dd6d5a154537c64a4e04fe9eb21d1fa0cf62039273e73535984f1c3d69d782142da3a9fa5b2f7590719a484f618233019b2c1183ac5f2fdb5244623c4b5c02216ddaa0c3f9ef4dcf4c1b00543bd970750981a7f9d1ec06786b02cf88957233534c10fc70"], 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x24000090) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12002}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x4100, 0x11230}}}}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r5}]}, 0x50}}, 0x0) 2.177805992s ago: executing program 2 (id=1094): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, 0x0, 0x0, 0x8050) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000180)={0x0, 0x5, 0x1, [0x7]}, 0xa) 2.030151263s ago: executing program 2 (id=1095): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @dev}, @in={0x2, 0x0, @local}, @in={0x2, 0x0, @multicast1}], 0x40) sendto$inet(r0, &(0x7f0000000300)="faab32b9", 0x4, 0x44054, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) 1.793706608s ago: executing program 2 (id=1096): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3, 0x5012, 0xffffffffffffffff, 0x3ab6e000) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ppoll(&(0x7f0000000480)=[{r0, 0x100}], 0x1, 0x0, 0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="e706f2ff011f391e7dd7a2d786dd609907a600302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102009078"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) r1 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x6, &(0x7f0000000140)={0x11, {{0x29, 0x0, 0x5000000, @local}}}, 0x88) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000000)={0x7, @win={{0x8001, 0x8, 0xdf, 0x8}, 0x7, 0x7f, 0x0, 0xffffffff, 0x0, 0xc2}}) r3 = eventfd(0xfffffffe) r4 = syz_io_uring_setup(0x6315, &(0x7f0000000280)={0x0, 0x7a50, 0x80, 0x3, 0x17a}, &(0x7f0000000100), &(0x7f0000001b00)) r5 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x7d4b, 0x10100, 0x3, 0x0, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) io_uring_enter(r5, 0x2def, 0x1, 0x46, 0x0, 0x0) read$eventfd(r3, &(0x7f00000000c0), 0x8) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="e706f2ffff1f391e7dd7a2d786dd609907a600302c03cb697a653e336f000000500000000000ff020000000000000000000000000001020090"], 0x0) 1.612807637s ago: executing program 0 (id=1097): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x200001, 0x10100, 0x0, 0x172}, &(0x7f0000000180)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0}) io_uring_enter(r2, 0x3f80, 0x3697, 0x25, 0x0, 0x0) r5 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2) socket$nl_route(0x10, 0x3, 0x0) fcntl$setlease(r5, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x1000000) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xbf, 0x9, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8910, 0x0, 0x0) r6 = syz_open_dev$vbi(0x0, 0x0, 0x2) dup2(0xffffffffffffffff, r6) openat$sysfs(0xffffffffffffff9c, 0x0, 0x1a1081, 0x18) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0) capset(0x0, 0x0) socket(0x11, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)) r8 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, 0x0) syz_io_uring_submit(r9, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r8, 0x48e9, 0x0, 0x2, 0x0, 0x0) 1.241869424s ago: executing program 2 (id=1098): r0 = openat$hwrng(0xffffff9c, &(0x7f0000000040), 0x9c002, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000140), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc25c4110, &(0x7f0000000180)={0x0, [[], [0x8000e2c, 0x0, 0x0, 0xfffffffc], [0x9]], '\x00', [{0x0, 0x8000000}, {0x200, 0x11}, {0x0, 0x7}, {0x0, 0x20000}, {}, {}, {}, {}, {}, {0x0, 0x2}, {0x0, 0xfffffffc}], '\x00', 0x2}) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r4, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) chown(&(0x7f0000002540)='./file0\x00', r5, r6) statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x7ff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ENTRY(r0, &(0x7f0000000200)={0x90, 0x0, r3, {0x6, 0x0, 0x0, 0x9, 0x4, 0xb2, {0x3, 0x99d7, 0x6, 0x6b, 0x6, 0xac9, 0xffff, 0x3, 0x1, 0x1000, 0x57e, r5, r7, 0x218f, 0x7}}}, 0x90) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e010203010902"], 0x0) r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r9 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4b4, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x340, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0x98, 0xe0, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x510) syz_usb_disconnect(r8) socket$igmp(0x2, 0x3, 0x2) syz_usb_connect(0x2, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0xbd, 0x27, 0xd, 0x40, 0x413c, 0x8217, 0xb259, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x6a, 0xa, 0x0, 0xef, 0x31, 0xdf, 0x1}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r8, 0x83c0550b, 0x0) 808.951732ms ago: executing program 4 (id=1099): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000000)=',', 0x1}], 0x1}, 0x400081c4) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000480)='h', 0x1a000}], 0x1) 362.1506ms ago: executing program 4 (id=1100): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, &(0x7f0000000040)=0x10) shutdown(r1, 0x2) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000200)={r2, 0x7}, 0x8) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000006c0)={&(0x7f00000007c0)={0x124, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x47}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfffffffa}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x58, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x88}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1b, 0x24}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xc}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x33}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfc8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x67}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xe63b}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}]}, 0x124}, 0x1, 0x0, 0x0, 0x8000}, 0x41) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r4 = memfd_create(&(0x7f0000000380)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xa9\x1fg\xf1\x85z{\x1d<\xe2\x1c7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xedn\x8c<5\xcf\x92;\x85)\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\x05\x831\xd3\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xf6\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xc6(\x19\xf8\xb4?Fv\xac\xc7m\xe1\xf68W\x19\x0f\x87\x84\xafK\x91v\xb5\xe7Cf\xe0L\b9\xe2\x15d~R4\xdf\xbb\xfeiH', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000080)={r4, 0x2000000, 0x0, 0x8000}) r6 = epoll_create1(0x0) r7 = epoll_create1(0x80000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x3, &(0x7f0000001700)) r8 = syz_open_procfs(0x0, &(0x7f0000002200)='net/ip_mr_vif\x00') lseek(r8, 0xffff, 0x1) setsockopt$inet_mreqsrc(r8, 0x0, 0x25, &(0x7f0000000180)={@local, @multicast2, @local}, 0xc) syz_pidfd_open(0x0, 0x0) creat(0x0, 0xd931d3864d39dcdb) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000780)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000000)={0xa0000001}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)=""/74, 0x0, 0xdddd1000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) ioctl$I2C_FUNCS(0xffffffffffffffff, 0x705, &(0x7f0000000480)=0x2) r9 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r9, 0x707, &(0x7f0000000040)={&(0x7f0000001800)=[{0x63, 0x2800, 0x0, 0x0}, {0x63, 0x1011, 0x0, 0x0}], 0x2}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x200001) 18.083514ms ago: executing program 1 (id=1101): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) (async, rerun: 32) r1 = socket$tipc(0x1e, 0x5, 0x0) (rerun: 32) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) (async) r3 = memfd_create(&(0x7f0000000500)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa2\xff\xff\xff\xff\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sF\x1b\xb7\xb3\xa2\xc9<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\x10\xf5\xe5\xbas\xf6\xee\xaa\xa8\x9eo\xebF(\x9dL!vRk\xaacB\x04\xa7I\v\x9bEZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xfa\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16+<\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x9afC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03}\x9c\xee\xb3>0\xed~\xd0\xbe\xf5\x05\xda\xab\xb9f;\x1a\xb4\xb7Lu\x9fb0^\f\xb25\xed^s\x9c\xd3\x8b\x97\xc8\xbc&\xfb\x8a\x1f3I\xe0\xa6|I\xffi\x9c\x18\xe6t\xd6e\x1d\x05L_\x817\x85\x95\x13\xc8_\x7f;\x06=\x0e$D\v\xf9a\xe7[\x8c\xa1W\xa2R\x18\x92\xbc\tl\"\xeb\xad\xd8&\x10\xc4\x03\xd8\x7fmY\xb5>8\x98ekr\x1e\x0eU\xcf\x83\x10\x13\x0f\xa0\x9cE-s\x8b', 0x6) fcntl$addseals(r3, 0x409, 0x7) (async) ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000100)={r3, 0x0, 0x0, 0x1000}) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0xb3}], 0x1, 0x10003, 0x0) (async) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) (async, rerun: 32) dup3(r1, r5, 0x0) (async, rerun: 32) syz_usb_connect(0x0, 0x24, &(0x7f0000002340)={{0x12, 0x1, 0x0, 0xd4, 0x26, 0x7a, 0x10, 0x1004, 0x61aa, 0x4f75, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) 0s ago: executing program 0 (id=1102): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="121b9fec216b54bec461301e502d000000000001090224000126cd044d5d6373680503000246000921000033012205000905810300000c0007"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x20001, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000c7ce360863078120abd001e402010902120001000000000904000000ff"], 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x8}, 0x9) writev(r1, &(0x7f00000008c0)=[{&(0x7f0000000840)="c327a9505e9ab615f8397cd3fb29559c13d6102d92f5792667131688a93fdde0a75a756866dea4740316a94de469685fb561634622f7b0254189c7a7e73728fa5239d2777f0535cea3", 0x49}], 0x1) write(r2, &(0x7f00000000c0)="240000001e005f0214f6fffffffffff8070000000000000000000200080009000d000000", 0x24) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) syz_usb_control_io(r0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffff2e}}, 0x0) r3 = syz_clone(0x40000100, &(0x7f0000000200)="e32790c47cd81979f1f641a00cb7d2b0ac56c888585d0054e808fe4792595d4cb7f5774ef9f0182b6404863fe4ac9e7b5d412b33980e7b85f96d1b3e41c1ea032f0bbe21bcb9bbd7fe619e690481323fafa89c2701757b1e3ad15863f400a153b17ad7febcdc1146a56cbc347d1bd7e729259638c201857b4898255794e82033540e469c22e05d007fd2ad9a76c70b0897cb2d7e76dc5aafe793e123a8c318894fa41c778fff45d5a4ef84d18c0ec63c5c804ffa3c60ecbe554596f092db71e08f2f59047270", 0xc6, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000400)="d791971b2da539574ba81319388c0c7e922f89f6713f48c1d0f7973cd857e590d64e9b01ebffb1aacbc45bb70c2c8a449258b6dac21ebbef7e0b986d013dbf5cacdaccdd3f04ecb384d8ea4b821c92e5326a25f054849accd97d5432a63d6ea24f295f6fe3") sendmsg$nl_generic(r2, &(0x7f0000000800)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)={0x2f4, 0x1b, 0x300, 0x70bd26, 0x25dfdbff, {0xd}, [@nested={0xc, 0x83, 0x0, 0x1, [@nested={0x4, 0x78}, @nested={0x4, 0xd2}]}, @generic="8dc07d9e72cb01cb676c94f84ec781040904168826db4bd27363e725139781ade3e10b33ff624a8774328db041985b6545369a2cbba5c6156f45c1cd060c64f139ddd87d314a94135a2f23b2cf3adcde1f241662819c1e05954c4cab9ae0699fae62a59ec7eca4ff5fbf4127c832ed6e02b5d2fdded9136e1d4486e0106e74d8ad3300b8bd557c7fbfa5", @nested={0x13c, 0x6b, 0x0, 0x1, [@nested={0x4, 0x1b}, @generic="f1c386cc8b1648d58105847593fbdcb4c20ac4e97385131399c650a03e0040bdf5c3babd9fb9ccb9792eaeb478e2fa29d0fe6a1de411a2fb4057709b5db82aa88b5832a50e4da485817736", @generic="5002ae3b486a2cfe5fa7a95fdb66ca952d439d4ec1d9a7bda20bf0573bffee42eb0bdaa6fb10ea62baf395c09a1b6303837f419e1d807777f21d6471bed658e481a4b83a94c88b0036bf1539efcf957ac987b09d13be8eca7f3ff8cf2aa8b2ee2afeb53674afb7cd3d60142d7f9d4aad644fd7e0903ed241859621e59929034719633960b7fe06160b7516fb8dbaee1d7419e17c1948913911e0936a6319cfb9f2af4d2b484754b76f2e546de73a692b8db9f6f2e0404057a3d937aca5278df9dbb13250bcec5f95036e285fed02deda5d5b26995dde48930bb70bbf31", @typed={0x8, 0xcf, 0x0, 0x0, @ipv4=@private=0xa010100}, @nested={0x4, 0xc6}]}, @typed={0x8, 0x18, 0x0, 0x0, @pid=r3}, @nested={0x91, 0x7f, 0x0, 0x1, [@generic="ee7e0c7d739ec40dda2ca2ccf6a40b571847cd597ffb63765ee2efb8d969f3c41e4b894f9838ebd83612cf92f37e580425d3f319f57e3453046309de7a0bd500598be15f2a014e01bc3a5dd114262a63eabb04ab5a5ab1abdd3f77a2d84328b635074c01a12e2ea9970ffbc060c1f2717cd82785acb66141ca6cc5d41efa9056e09f95e107f84376f8", @nested={0x4, 0x26}]}, @typed={0x63, 0x126, 0x0, 0x0, @binary="2b0798d45b608c447cade79d7130db6ad57bc7ea787d18ae89690dfa412879f88c5bfd1517a46bc18db3bbb8a4dda0f8194aa4a4f54b49d0ca13b799fd3ee91c940ee0bafad84209f7cf91907ad819573b15b24d66e303969e174f09a306b4"}, @nested={0xc, 0x89, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @uid=0xffffffffffffffff}]}]}, 0x2f4}, 0x1, 0x0, 0x0, 0x40}, 0x4091) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="020200030c00000000000000000000000100090000000000030006000000000002000000000000000000200000000200020001000000ff010000000b00000000030005"], 0x60}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmmsg(r4, &(0x7f0000000180), 0x1c15e33101f29d, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x18, &(0x7f0000000100)=ANY=[@ANYBLOB="00f3040000000507a7ea31"], 0x0, 0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): x21f/0x2a0 [ 317.188957][ T8619] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.189023][ T8619] ? __fget_files+0x2a/0x420 [ 317.189042][ T8619] ? __fget_files+0x3a0/0x420 [ 317.189074][ T8619] __sys_sendmsg+0x164/0x220 [ 317.189099][ T8619] ? __pfx___sys_sendmsg+0x10/0x10 [ 317.189138][ T8619] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 317.189165][ T8619] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.189193][ T8619] __do_fast_syscall_32+0xb6/0x2b0 [ 317.189220][ T8619] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.189250][ T8619] do_fast_syscall_32+0x34/0x80 [ 317.189277][ T8619] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 317.189298][ T8619] RIP: 0023:0xf7f86539 [ 317.189315][ T8619] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 317.189331][ T8619] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 317.189351][ T8619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 317.189364][ T8619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 317.189374][ T8619] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 317.189384][ T8619] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 317.189395][ T8619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 317.189424][ T8619] [ 317.500831][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.507184][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.125527][ T8640] netlink: 168 bytes leftover after parsing attributes in process `syz.2.755'. [ 318.150678][ T8640] netlink: 168 bytes leftover after parsing attributes in process `syz.2.755'. [ 318.167078][ T8629] trusted_key: syz.0.751 sent an empty control message without MSG_MORE. [ 318.321254][ T8650] macvlan1: entered promiscuous mode [ 318.335880][ T8650] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 318.344014][ T8650] Cannot create hsr debugfs directory [ 318.358075][ T6855] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 318.397170][ T8650] hsr1: entered promiscuous mode [ 318.406973][ T8652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.755'. [ 318.538191][ T6855] usb 4-1: Using ep0 maxpacket: 8 [ 318.551083][ T6855] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 318.571824][ T6855] usb 4-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00 [ 318.598120][ T6866] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 318.605950][ T6855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.642357][ T6855] usb 4-1: config 0 descriptor?? [ 318.664735][ T8656] netlink: 1347 bytes leftover after parsing attributes in process `syz.2.759'. [ 318.678888][ T6855] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input24 [ 318.781456][ T6866] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.809895][ T6866] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.841603][ T6866] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 318.862995][ T6866] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.901757][ T6866] usb 5-1: config 0 descriptor?? [ 318.902151][ T8632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.930214][ T8632] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.965134][ T5924] usb 4-1: USB disconnect, device number 20 [ 318.966742][ T5189] bcm5974 4-1:0.0: could not read from device [ 318.986485][ T5189] bcm5974 4-1:0.0: could not read from device [ 319.010065][ T7429] bcm5974 4-1:0.0: could not read from device [ 319.028463][ T5925] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 319.061075][ T7429] udevd[7429]: Error opening device "/dev/input/event4": No such file or directory [ 319.072355][ T7429] udevd[7429]: Unable to EVIOCGABS device "/dev/input/event4" [ 319.080754][ T7429] udevd[7429]: Unable to EVIOCGABS device "/dev/input/event4" [ 319.089815][ T7429] udevd[7429]: Unable to EVIOCGABS device "/dev/input/event4" [ 319.097461][ T7429] udevd[7429]: Unable to EVIOCGABS device "/dev/input/event4" [ 319.202276][ T5925] usb 2-1: config 0 has no interfaces? [ 319.209388][ T5925] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 319.221602][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 319.235028][ T5925] usb 2-1: SerialNumber: syz [ 319.254913][ T5925] usb 2-1: config 0 descriptor?? [ 319.339977][ T6866] cp2112 0003:10C4:EA90.000D: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 319.494569][ T5924] usb 2-1: USB disconnect, device number 25 [ 319.537747][ T6866] cp2112 0003:10C4:EA90.000D: Part Number: 0x82 Device Version: 0xFE [ 319.614761][ T8663] FAULT_INJECTION: forcing a failure. [ 319.614761][ T8663] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 319.634459][ T8663] CPU: 0 UID: 0 PID: 8663 Comm: syz.0.762 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 319.634488][ T8663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.634499][ T8663] Call Trace: [ 319.634507][ T8663] [ 319.634515][ T8663] dump_stack_lvl+0x189/0x250 [ 319.634545][ T8663] ? __pfx____ratelimit+0x10/0x10 [ 319.634570][ T8663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.634596][ T8663] ? __pfx__printk+0x10/0x10 [ 319.634619][ T8663] ? fs_reclaim_acquire+0x7d/0x100 [ 319.634651][ T8663] should_fail_ex+0x414/0x560 [ 319.634677][ T8663] prepare_alloc_pages+0x213/0x610 [ 319.634705][ T8663] __alloc_frozen_pages_noprof+0x123/0x370 [ 319.634731][ T8663] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 319.634754][ T8663] ? is_bpf_text_address+0x292/0x2b0 [ 319.634779][ T8663] ? is_bpf_text_address+0x26/0x2b0 [ 319.634805][ T8663] ? policy_nodemask+0x27c/0x720 [ 319.634821][ T8663] ? kernel_text_address+0xa5/0xe0 [ 319.634850][ T8663] alloc_pages_mpol+0x232/0x4a0 [ 319.634875][ T8663] vma_alloc_folio_noprof+0xe4/0x200 [ 319.634899][ T8663] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 319.634931][ T8663] folio_prealloc+0x30/0x180 [ 319.634953][ T8663] do_wp_page+0x1231/0x5800 [ 319.635002][ T8663] ? __pfx_do_wp_page+0x10/0x10 [ 319.635024][ T8663] ? do_raw_spin_lock+0x121/0x290 [ 319.635049][ T8663] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 319.635083][ T8663] __handle_mm_fault+0x1144/0x5620 [ 319.635129][ T8663] ? __pfx___handle_mm_fault+0x10/0x10 [ 319.635169][ T8663] ? follow_page_pte+0xe7e/0x14b0 [ 319.635206][ T8663] handle_mm_fault+0x40a/0x8e0 [ 319.635245][ T8663] __get_user_pages+0x1af4/0x30b0 [ 319.635307][ T8663] ? __pfx___get_user_pages+0x10/0x10 [ 319.635342][ T8663] __gup_longterm_locked+0xd66/0x15b0 [ 319.635395][ T8663] pin_user_pages_remote+0xd4/0x120 [ 319.635425][ T8663] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 319.635464][ T8663] ? down_read+0x1ad/0x2e0 [ 319.635486][ T8663] process_vm_rw+0x59e/0xb40 [ 319.635512][ T8663] ? get_pid_task+0x20/0x1f0 [ 319.635548][ T8663] ? __pfx_process_vm_rw+0x10/0x10 [ 319.635571][ T8663] ? rcu_read_lock_any_held+0xb3/0x120 [ 319.635619][ T8663] ? __pfx_vfs_write+0x10/0x10 [ 319.635673][ T8663] ? ksys_write+0x22a/0x250 [ 319.635700][ T8663] __ia32_sys_process_vm_writev+0xdf/0x100 [ 319.635731][ T8663] __do_fast_syscall_32+0xb6/0x2b0 [ 319.635757][ T8663] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.635787][ T8663] do_fast_syscall_32+0x34/0x80 [ 319.635812][ T8663] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 319.635834][ T8663] RIP: 0023:0xf7ff2539 [ 319.635851][ T8663] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 319.635867][ T8663] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 000000000000015c [ 319.635887][ T8663] RAX: ffffffffffffffda RBX: 00000000000000a0 RCX: 0000000080001c80 [ 319.635900][ T8663] RDX: 0000000000000001 RSI: 0000000080001d80 RDI: 0000000000000001 [ 319.635911][ T8663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 319.635921][ T8663] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 319.635930][ T8663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 319.635959][ T8663] [ 320.283474][ T8676] syzkaller1: entered promiscuous mode [ 320.296905][ T8676] syzkaller1: entered allmulticast mode [ 320.359933][ T8651] cp2112 0003:10C4:EA90.000D: Multi-message I2C transactions not supported [ 320.389183][ T8680] __nla_validate_parse: 1 callbacks suppressed [ 320.389203][ T8680] netlink: 168 bytes leftover after parsing attributes in process `syz.1.769'. [ 320.391821][ T8674] netlink: 12 bytes leftover after parsing attributes in process `syz.2.768'. [ 320.395543][ T8680] netlink: 168 bytes leftover after parsing attributes in process `syz.1.769'. [ 320.441500][ T6866] cp2112 0003:10C4:EA90.000D: error reading lock byte: -71 [ 320.478613][ T5924] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 320.499627][ T6866] usb 5-1: USB disconnect, device number 24 [ 320.501970][ T8674] netlink: 'syz.2.768': attribute type 10 has an invalid length. [ 320.528238][ T8680] netlink: 4 bytes leftover after parsing attributes in process `syz.1.769'. [ 320.658110][ T5924] usb 1-1: Using ep0 maxpacket: 8 [ 320.669639][ T5924] usb 1-1: config 0 interface 0 has no altsetting 0 [ 320.676590][ T5924] usb 1-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 320.697496][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.699494][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.771'. [ 320.718541][ T5924] usb 1-1: config 0 descriptor?? [ 320.729374][ T8684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.771'. [ 320.744887][ T8687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.770'. [ 320.755279][ T8687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.770'. [ 320.788259][ T8684] netlink: 'syz.1.771': attribute type 19 has an invalid length. [ 321.154911][ T5924] hid-u2fzero 0003:20A0:4287.000E: item fetching failed at offset 3/5 [ 321.184797][ T5924] hid-u2fzero 0003:20A0:4287.000E: probe with driver hid-u2fzero failed with error -22 [ 321.346753][ T8672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 321.358193][ T8672] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 321.445908][ T5924] usb 1-1: USB disconnect, device number 28 [ 321.998077][ T6888] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 322.168381][ T6888] usb 3-1: Using ep0 maxpacket: 16 [ 322.193857][ T6888] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 322.214851][ T6888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.252060][ T8698] FAULT_INJECTION: forcing a failure. [ 322.252060][ T8698] name failslab, interval 1, probability 0, space 0, times 0 [ 322.255226][ T6888] usb 3-1: Product: syz [ 322.312124][ T8698] CPU: 1 UID: 0 PID: 8698 Comm: syz.1.772 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 322.312153][ T8698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.312164][ T8698] Call Trace: [ 322.312171][ T8698] [ 322.312180][ T8698] dump_stack_lvl+0x189/0x250 [ 322.312235][ T8698] ? __pfx____ratelimit+0x10/0x10 [ 322.312264][ T8698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.312292][ T8698] ? __pfx__printk+0x10/0x10 [ 322.312320][ T8698] ? __pfx___might_resched+0x10/0x10 [ 322.312347][ T8698] ? fs_reclaim_acquire+0x7d/0x100 [ 322.312375][ T8698] should_fail_ex+0x414/0x560 [ 322.312404][ T8698] should_failslab+0xa8/0x100 [ 322.312435][ T8698] __kmalloc_cache_noprof+0x70/0x3d0 [ 322.312453][ T8698] ? madvise_collapse+0x154/0xa80 [ 322.312481][ T8698] madvise_collapse+0x154/0xa80 [ 322.312523][ T8698] madvise_do_behavior+0xd35/0x2e70 [ 322.312544][ T8698] ? rcu_is_watching+0x15/0xb0 [ 322.312587][ T8698] ? __pfx_madvise_do_behavior+0x10/0x10 [ 322.312617][ T8698] ? schedule+0x165/0x360 [ 322.312648][ T8698] ? __pfx___schedule+0x10/0x10 [ 322.312690][ T8698] ? schedule+0x91/0x360 [ 322.312717][ T8698] ? rcu_is_watching+0x15/0xb0 [ 322.312744][ T8698] ? trace_contention_end+0x3b/0x140 [ 322.312767][ T8698] ? rwsem_down_read_slowpath+0x769/0x880 [ 322.312794][ T8698] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 322.312819][ T8698] ? madvise_lock+0xda/0x200 [ 322.312864][ T8698] do_madvise+0x174/0x220 [ 322.312882][ T8698] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 322.312914][ T8698] ? __pfx_do_madvise+0x10/0x10 [ 322.312962][ T8698] __ia32_sys_madvise+0xa7/0xc0 [ 322.312984][ T8698] __do_fast_syscall_32+0xb6/0x2b0 [ 322.313012][ T8698] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.313042][ T8698] do_fast_syscall_32+0x34/0x80 [ 322.313069][ T8698] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 322.313090][ T8698] RIP: 0023:0xf7f86539 [ 322.313108][ T8698] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 322.313124][ T8698] RSP: 002b:00000000f508555c EFLAGS: 00000206 ORIG_RAX: 00000000000000db [ 322.313146][ T8698] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000600003 [ 322.313159][ T8698] RDX: 0000000000000019 RSI: 0000000000000000 RDI: 0000000000000000 [ 322.313170][ T8698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 322.313181][ T8698] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 322.313192][ T8698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 322.313223][ T8698] [ 322.322129][ T6888] usb 3-1: Manufacturer: syz [ 322.770033][ T6888] usb 3-1: SerialNumber: syz [ 322.794418][ T6888] usb 3-1: config 0 descriptor?? [ 322.814067][ T6888] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 322.824054][ T6888] usb 3-1: Detected FT232H [ 323.182795][ T6888] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 323.192501][ T6888] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 323.209736][ T6888] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 323.230125][ T6888] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 323.296104][ T6888] usb 3-1: USB disconnect, device number 27 [ 323.345120][ T6888] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 323.384046][ T6888] ftdi_sio 3-1:0.0: device disconnected [ 323.552912][ T8721] syzkaller1: entered promiscuous mode [ 323.568265][ T8721] syzkaller1: entered allmulticast mode [ 323.606490][ T8723] netlink: 168 bytes leftover after parsing attributes in process `syz.1.781'. [ 323.615862][ T8723] netlink: 168 bytes leftover after parsing attributes in process `syz.1.781'. [ 323.739557][ T5924] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 323.913903][ T5924] usb 5-1: config 0 has no interfaces? [ 323.925743][ T5924] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 323.941293][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 323.969489][ T5924] usb 5-1: SerialNumber: syz [ 323.989101][ T5924] usb 5-1: config 0 descriptor?? [ 324.210704][ T6896] usb 5-1: USB disconnect, device number 25 [ 324.217402][ T8728] netlink: 'syz.2.783': attribute type 10 has an invalid length. [ 324.258941][ T8739] tipc: Can't bind to reserved service type 2 [ 324.280367][ T8741] syzkaller0: entered promiscuous mode [ 324.285925][ T8741] syzkaller0: entered allmulticast mode [ 324.520808][ T8742] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 324.663132][ T8745] FAULT_INJECTION: forcing a failure. [ 324.663132][ T8745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 325.002420][ T8745] CPU: 1 UID: 0 PID: 8745 Comm: syz.0.789 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 325.002444][ T8745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 325.002452][ T8745] Call Trace: [ 325.002458][ T8745] [ 325.002463][ T8745] dump_stack_lvl+0x189/0x250 [ 325.002486][ T8745] ? __pfx____ratelimit+0x10/0x10 [ 325.002502][ T8745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.002518][ T8745] ? __pfx__printk+0x10/0x10 [ 325.002538][ T8745] should_fail_ex+0x414/0x560 [ 325.002555][ T8745] _copy_to_user+0x31/0xb0 [ 325.002566][ T8745] sw_sync_ioctl+0xc29/0xd00 [ 325.002586][ T8745] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 325.002601][ T8745] ? __fget_files+0x2a/0x420 [ 325.002616][ T8745] ? __fget_files+0x3a0/0x420 [ 325.002627][ T8745] ? __fget_files+0x2a/0x420 [ 325.002640][ T8745] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 325.002658][ T8745] __ia32_compat_sys_ioctl+0x543/0x840 [ 325.002677][ T8745] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 325.002693][ T8745] ? __fget_files+0x3a0/0x420 [ 325.002708][ T8745] ? fput+0xa0/0xd0 [ 325.002721][ T8745] ? ksys_write+0x22a/0x250 [ 325.002736][ T8745] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 325.002753][ T8745] ? lockdep_hardirqs_on+0x9c/0x150 [ 325.002769][ T8745] __do_fast_syscall_32+0xb6/0x2b0 [ 325.002785][ T8745] ? lockdep_hardirqs_on+0x9c/0x150 [ 325.002802][ T8745] do_fast_syscall_32+0x34/0x80 [ 325.002818][ T8745] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 325.002830][ T8745] RIP: 0023:0xf7ff2539 [ 325.002841][ T8745] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 325.002851][ T8745] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 325.002864][ T8745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0285700 [ 325.002872][ T8745] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 325.002879][ T8745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 325.002886][ T8745] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 325.002892][ T8745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 325.002909][ T8745] [ 325.224438][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.341827][ T8748] ip6gretap0: entered promiscuous mode [ 325.386953][ T8748] ip6gretap0: left promiscuous mode [ 325.529137][ T30] kauditd_printk_skb: 69 callbacks suppressed [ 325.529157][ T30] audit: type=1326 audit(1751339724.991:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 325.576524][ T8752] FAULT_INJECTION: forcing a failure. [ 325.576524][ T8752] name failslab, interval 1, probability 0, space 0, times 0 [ 325.594635][ T30] audit: type=1326 audit(1751339725.011:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 325.618389][ T8752] CPU: 0 UID: 0 PID: 8752 Comm: syz.0.792 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 325.618416][ T8752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 325.618427][ T8752] Call Trace: [ 325.618434][ T8752] [ 325.618442][ T8752] dump_stack_lvl+0x189/0x250 [ 325.618477][ T8752] ? __pfx____ratelimit+0x10/0x10 [ 325.618501][ T8752] ? __pfx_dump_stack_lvl+0x10/0x10 [ 325.618527][ T8752] ? __pfx__printk+0x10/0x10 [ 325.618554][ T8752] ? __pfx___might_resched+0x10/0x10 [ 325.618604][ T8752] should_fail_ex+0x414/0x560 [ 325.618630][ T8752] should_failslab+0xa8/0x100 [ 325.618652][ T8752] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 325.618669][ T8752] ? __alloc_skb+0x112/0x2d0 [ 325.618693][ T8752] __alloc_skb+0x112/0x2d0 [ 325.618715][ T8752] audit_log_start+0x152/0x870 [ 325.618740][ T8752] ? __pfx_audit_log_start+0x10/0x10 [ 325.618761][ T8752] ? migrate_enable+0x29c/0x3c0 [ 325.618782][ T8752] ? __pfx_migrate_enable+0x10/0x10 [ 325.618806][ T8752] audit_seccomp+0x64/0x190 [ 325.618821][ T8752] ? clear_bhb_loop+0x60/0xb0 [ 325.618837][ T8752] ? clear_bhb_loop+0xe/0xb0 [ 325.618857][ T8752] __seccomp_filter+0x9aa/0x1a40 [ 325.618895][ T8752] ? __pfx___seccomp_filter+0x10/0x10 [ 325.618921][ T8752] ? lockdep_hardirqs_on+0x9c/0x150 [ 325.618946][ T8752] ? __pfx_vfs_write+0x10/0x10 [ 325.618972][ T8752] ? do_sys_openat2+0x154/0x1c0 [ 325.618990][ T8752] ? kmem_cache_free+0x18f/0x400 [ 325.619012][ T8752] ? do_sys_openat2+0x154/0x1c0 [ 325.619046][ T8752] ? ksys_write+0x1e1/0x250 [ 325.619067][ T8752] ? __secure_computing+0xe2/0x2a0 [ 325.619096][ T8752] syscall_trace_enter+0xaa/0x160 [ 325.619123][ T8752] __do_fast_syscall_32+0x99/0x2b0 [ 325.619149][ T8752] ? lockdep_hardirqs_on+0x9c/0x150 [ 325.619175][ T8752] do_fast_syscall_32+0x34/0x80 [ 325.619199][ T8752] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 325.619219][ T8752] RIP: 0023:0xf7ff2539 [ 325.619235][ T8752] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 325.619250][ T8752] RSP: 002b:00000000f5116520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 325.619271][ T8752] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000680 [ 325.619283][ T8752] RDX: 00000000000000d0 RSI: 00000000f7483ff4 RDI: 0000000000000000 [ 325.619294][ T8752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 325.619304][ T8752] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 325.619314][ T8752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 325.619360][ T8752] [ 325.619842][ T8752] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 325.700879][ T30] audit: type=1326 audit(1751339725.031:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 325.744666][ T8752] audit: out of memory in audit_log_start [ 325.807942][ T6866] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 325.817960][ T30] audit: type=1326 audit(1751339725.031:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=279 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 325.946290][ T5925] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 325.960577][ T30] audit: type=1326 audit(1751339725.031:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 325.984112][ T30] audit: type=1326 audit(1751339725.031:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=280 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 326.006772][ T30] audit: type=1326 audit(1751339725.031:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 326.032031][ T30] audit: type=1326 audit(1751339725.031:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8750 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7ff2539 code=0x7ffc0000 [ 326.108188][ T5925] usb 3-1: device descriptor read/64, error -71 [ 326.124364][ T8761] __nla_validate_parse: 9 callbacks suppressed [ 326.124384][ T8761] netlink: 168 bytes leftover after parsing attributes in process `syz.0.795'. [ 326.135864][ T6866] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 326.141003][ T8761] netlink: 168 bytes leftover after parsing attributes in process `syz.0.795'. [ 326.151761][ T6866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.166914][ T6866] usb 4-1: Product: syz [ 326.174782][ T6866] usb 4-1: Manufacturer: syz [ 326.182043][ T6866] usb 4-1: SerialNumber: syz [ 326.193620][ T8761] netlink: 4 bytes leftover after parsing attributes in process `syz.0.795'. [ 326.242204][ T6866] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 326.273250][ T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 326.282543][ T5924] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 326.369585][ T5925] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 326.438409][ T5924] usb 5-1: Using ep0 maxpacket: 32 [ 326.458805][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.480733][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.492002][ T5924] usb 5-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 326.501775][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.518264][ T5925] usb 3-1: device descriptor read/64, error -71 [ 326.519457][ T5924] usb 5-1: config 0 descriptor?? [ 326.568788][ T8768] loop5: detected capacity change from 0 to 1903 [ 326.638664][ T5925] usb usb3-port1: attempt power cycle [ 326.674912][ T8769] netlink: 56 bytes leftover after parsing attributes in process `syz.1.797'. [ 326.837951][ T6888] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 326.951836][ T8753] netlink: 'syz.3.793': attribute type 5 has an invalid length. [ 326.978257][ T5925] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 326.991539][ T6888] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.001784][ T6888] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 327.017401][ T5925] usb 3-1: device descriptor read/8, error -71 [ 327.027946][ T6888] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 327.037021][ T6888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.058607][ T6888] usb 1-1: config 0 descriptor?? [ 327.234839][ T5924] usbhid 5-1:0.0: can't add hid device: -71 [ 327.259839][ T5924] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 327.287973][ T5925] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 327.309527][ T5925] usb 3-1: device descriptor read/8, error -71 [ 327.319895][ T5924] usb 5-1: USB disconnect, device number 26 [ 327.340459][ T8753] Cannot find add_set index 0 as target [ 327.420614][ T5925] usb usb3-port1: unable to enumerate USB device [ 327.532817][ T8774] netlink: 'syz.1.799': attribute type 9 has an invalid length. [ 327.574648][ T5924] usb 4-1: USB disconnect, device number 21 [ 327.731421][ T8776] FAULT_INJECTION: forcing a failure. [ 327.731421][ T8776] name failslab, interval 1, probability 0, space 0, times 0 [ 327.733029][ T24] usb 4-1: Service connection timeout for: 256 [ 327.744304][ T8776] CPU: 0 UID: 0 PID: 8776 Comm: syz.1.800 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 327.744330][ T8776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.744340][ T8776] Call Trace: [ 327.744347][ T8776] [ 327.744355][ T8776] dump_stack_lvl+0x189/0x250 [ 327.744384][ T8776] ? __pfx____ratelimit+0x10/0x10 [ 327.744408][ T8776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.744431][ T8776] ? __pfx__printk+0x10/0x10 [ 327.744452][ T8776] ? __pfx___might_resched+0x10/0x10 [ 327.744475][ T8776] ? fs_reclaim_acquire+0x7d/0x100 [ 327.744499][ T8776] should_fail_ex+0x414/0x560 [ 327.744524][ T8776] should_failslab+0xa8/0x100 [ 327.744543][ T8776] __kmalloc_noprof+0xcb/0x4f0 [ 327.744558][ T8776] ? alloc_pipe_info+0x1fd/0x4d0 [ 327.744579][ T8776] alloc_pipe_info+0x1fd/0x4d0 [ 327.744597][ T8776] splice_direct_to_actor+0xa5d/0xcc0 [ 327.744627][ T8776] ? aa_file_perm+0x11f/0xed0 [ 327.744647][ T8776] ? aa_file_perm+0x3e7/0xed0 [ 327.744666][ T8776] ? get_pid_task+0x20/0x1f0 [ 327.744691][ T8776] ? __lock_acquire+0xab9/0xd20 [ 327.744712][ T8776] ? __pfx_direct_splice_actor+0x10/0x10 [ 327.744729][ T8776] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 327.744746][ T8776] ? __pfx_aa_file_perm+0x10/0x10 [ 327.744773][ T8776] do_splice_direct+0x181/0x270 [ 327.744792][ T8776] ? __pfx_do_splice_direct+0x10/0x10 [ 327.744810][ T8776] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 327.744834][ T8776] ? rw_verify_area+0x258/0x650 [ 327.744861][ T8776] do_sendfile+0x4da/0x7e0 [ 327.744889][ T8776] ? __pfx_do_sendfile+0x10/0x10 [ 327.744916][ T8776] ? __might_fault+0xb0/0x130 [ 327.744935][ T8776] __ia32_compat_sys_sendfile+0x120/0x1d0 [ 327.744960][ T8776] __do_fast_syscall_32+0xb6/0x2b0 [ 327.744984][ T8776] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.745010][ T8776] do_fast_syscall_32+0x34/0x80 [ 327.745032][ T8776] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 327.745051][ T8776] RIP: 0023:0xf7f86539 [ 327.745065][ T8776] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 327.745079][ T8776] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 00000000000000bb [ 327.745097][ T8776] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 327.745107][ T8776] RDX: 0000000080002080 RSI: 0000000000000012 RDI: 0000000000000000 [ 327.745117][ T8776] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 327.745126][ T8776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 327.745135][ T8776] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 327.745161][ T8776] [ 328.046058][ T24] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 328.055290][ T24] ath9k_htc: Failed to initialize the device [ 328.062286][ T5924] usb 4-1: ath9k_htc: USB layer deinitialized [ 328.266823][ T8783] FAULT_INJECTION: forcing a failure. [ 328.266823][ T8783] name failslab, interval 1, probability 0, space 0, times 0 [ 328.279997][ T8783] CPU: 1 UID: 0 PID: 8783 Comm: syz.3.803 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 328.280022][ T8783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.280033][ T8783] Call Trace: [ 328.280041][ T8783] [ 328.280048][ T8783] dump_stack_lvl+0x189/0x250 [ 328.280082][ T8783] ? __pfx____ratelimit+0x10/0x10 [ 328.280108][ T8783] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.280133][ T8783] ? __pfx__printk+0x10/0x10 [ 328.280156][ T8783] ? __lock_acquire+0xab9/0xd20 [ 328.280192][ T8783] should_fail_ex+0x414/0x560 [ 328.280221][ T8783] should_failslab+0xa8/0x100 [ 328.280243][ T8783] kmem_cache_alloc_noprof+0x73/0x3c0 [ 328.280270][ T8783] ? __inet_hash_connect+0xdcc/0x2310 [ 328.280297][ T8783] __inet_hash_connect+0xdcc/0x2310 [ 328.280322][ T8783] ? __pfx___inet_check_established+0x10/0x10 [ 328.280363][ T8783] ? __inet_hash_connect+0x4fa/0x2310 [ 328.280395][ T8783] ? __pfx___inet_hash_connect+0x10/0x10 [ 328.280423][ T8783] ? inet_hash_connect+0x12f/0x240 [ 328.280448][ T8783] tcp_v4_connect+0xd42/0x19d0 [ 328.280489][ T8783] ? __pfx_tcp_v4_connect+0x10/0x10 [ 328.280504][ T8783] ? __local_bh_enable_ip+0x12d/0x1c0 [ 328.280531][ T8783] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 328.280557][ T8783] ? do_raw_spin_unlock+0x122/0x240 [ 328.280584][ T8783] mptcp_connect+0x742/0xc10 [ 328.280615][ T8783] __inet_stream_connect+0x295/0xf10 [ 328.280652][ T8783] ? __local_bh_enable_ip+0x12d/0x1c0 [ 328.280675][ T8783] ? __pfx___inet_stream_connect+0x10/0x10 [ 328.280699][ T8783] ? __local_bh_enable_ip+0x12d/0x1c0 [ 328.280721][ T8783] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 328.280758][ T8783] inet_stream_connect+0x66/0xa0 [ 328.280787][ T8783] __sys_connect+0x313/0x440 [ 328.280805][ T8783] ? __fget_files+0x3a0/0x420 [ 328.280819][ T8783] ? __pfx___sys_connect+0x10/0x10 [ 328.280842][ T8783] __ia32_sys_connect+0x7a/0x90 [ 328.280853][ T8783] __do_fast_syscall_32+0xb6/0x2b0 [ 328.280875][ T8783] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.280904][ T8783] do_fast_syscall_32+0x34/0x80 [ 328.280929][ T8783] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 328.280948][ T8783] RIP: 0023:0xf710e539 [ 328.280964][ T8783] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 328.280973][ T8783] RSP: 002b:00000000f50fe55c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 328.280987][ T8783] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000000 [ 328.280994][ T8783] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 328.281000][ T8783] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 328.281006][ T8783] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 328.281013][ T8783] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 328.281041][ T8783] [ 328.564925][ C1] vkms_vblank_simulate: vblank timer overrun [ 328.616280][ T6866] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 328.682228][ T6855] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 328.711421][ T8791] FAULT_INJECTION: forcing a failure. [ 328.711421][ T8791] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.727101][ T8791] CPU: 1 UID: 0 PID: 8791 Comm: syz.3.804 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 328.727128][ T8791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.727138][ T8791] Call Trace: [ 328.727146][ T8791] [ 328.727154][ T8791] dump_stack_lvl+0x189/0x250 [ 328.727186][ T8791] ? __pfx____ratelimit+0x10/0x10 [ 328.727213][ T8791] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.727240][ T8791] ? __pfx__printk+0x10/0x10 [ 328.727274][ T8791] should_fail_ex+0x414/0x560 [ 328.727302][ T8791] _copy_to_user+0x31/0xb0 [ 328.727322][ T8791] simple_read_from_buffer+0xe1/0x170 [ 328.727348][ T8791] proc_fail_nth_read+0x1df/0x250 [ 328.727375][ T8791] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 328.727400][ T8791] ? rw_verify_area+0x258/0x650 [ 328.727428][ T8791] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 328.727452][ T8791] vfs_read+0x200/0x980 [ 328.727485][ T8791] ? __pfx___mutex_lock+0x10/0x10 [ 328.727513][ T8791] ? __pfx_vfs_read+0x10/0x10 [ 328.727542][ T8791] ? __fget_files+0x2a/0x420 [ 328.727567][ T8791] ? __fget_files+0x3a0/0x420 [ 328.727587][ T8791] ? __fget_files+0x2a/0x420 [ 328.727625][ T8791] ksys_read+0x145/0x250 [ 328.727655][ T8791] ? __pfx_ksys_read+0x10/0x10 [ 328.727684][ T8791] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 328.727711][ T8791] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.727739][ T8791] __do_fast_syscall_32+0xb6/0x2b0 [ 328.727767][ T8791] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.727797][ T8791] do_fast_syscall_32+0x34/0x80 [ 328.727824][ T8791] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 328.727850][ T8791] RIP: 0023:0xf710e539 [ 328.727869][ T8791] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 328.727885][ T8791] RSP: 002b:00000000f50fe590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 328.727907][ T8791] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50fe620 [ 328.727920][ T8791] RDX: 000000000000000f RSI: 00000000f7473ff4 RDI: 0000000000000000 [ 328.727932][ T8791] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 328.727944][ T8791] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 328.727956][ T8791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 328.727987][ T8791] [ 328.867503][ T8793] netlink: 168 bytes leftover after parsing attributes in process `syz.2.806'. [ 328.868426][ C1] vkms_vblank_simulate: vblank timer overrun [ 328.931024][ T6866] usb 2-1: config 0 has no interfaces? [ 328.971414][ T8793] netlink: 168 bytes leftover after parsing attributes in process `syz.2.806'. [ 328.996613][ T6866] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 328.999571][ T8796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.806'. [ 329.007440][ T6866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 329.023180][ T6866] usb 2-1: SerialNumber: syz [ 329.034343][ T6855] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 329.043489][ T6855] usb 5-1: config 0 has no interface number 0 [ 329.051900][ T6866] usb 2-1: config 0 descriptor?? [ 329.057115][ T6855] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.068360][ T6855] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.080444][ T6855] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 329.090967][ T6855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.109037][ T6855] usb 5-1: config 0 descriptor?? [ 329.337645][ T24] usb 2-1: USB disconnect, device number 26 [ 329.396583][ T8805] FAULT_INJECTION: forcing a failure. [ 329.396583][ T8805] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 329.417539][ T8805] CPU: 0 UID: 0 PID: 8805 Comm: syz.3.810 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 329.417571][ T8805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 329.417582][ T8805] Call Trace: [ 329.417589][ T8805] [ 329.417597][ T8805] dump_stack_lvl+0x189/0x250 [ 329.417630][ T8805] ? __pfx____ratelimit+0x10/0x10 [ 329.417656][ T8805] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.417682][ T8805] ? __pfx__printk+0x10/0x10 [ 329.417702][ T8805] ? __might_fault+0xb0/0x130 [ 329.417733][ T8805] should_fail_ex+0x414/0x560 [ 329.417760][ T8805] _copy_from_user+0x2d/0xb0 [ 329.417778][ T8805] get_compat_msghdr+0xad/0x4a0 [ 329.417808][ T8805] ? __pfx_get_compat_msghdr+0x10/0x10 [ 329.417826][ T8805] ? count_memcg_event_mm+0x21/0x260 [ 329.417864][ T8805] ___sys_sendmsg+0x193/0x2a0 [ 329.417889][ T8805] ? __pfx____sys_sendmsg+0x10/0x10 [ 329.417910][ T8805] ? do_user_addr_fault+0xbc1/0x1390 [ 329.417982][ T8805] __sys_sendmmsg+0x28e/0x430 [ 329.418009][ T8805] ? __pfx___sys_sendmmsg+0x10/0x10 [ 329.418039][ T8805] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 329.418086][ T8805] ? ksys_write+0x22a/0x250 [ 329.418113][ T8805] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 329.418139][ T8805] __do_fast_syscall_32+0xb6/0x2b0 [ 329.418166][ T8805] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.418195][ T8805] do_fast_syscall_32+0x34/0x80 [ 329.418223][ T8805] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 329.418245][ T8805] RIP: 0023:0xf710e539 [ 329.418261][ T8805] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 329.418276][ T8805] RSP: 002b:00000000f50fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 329.418296][ T8805] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080005240 [ 329.418309][ T8805] RDX: 0000000004000095 RSI: 0000000000000000 RDI: 0000000000000000 [ 329.418320][ T8805] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 329.418403][ T8805] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 329.418413][ T8805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 329.418441][ T8805] [ 329.604940][ T8809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.812'. [ 329.740333][ T6855] uclogic 0003:256C:006D.000F: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input1 [ 329.751772][ T6888] usb 1-1: string descriptor 0 read error: -71 [ 329.753608][ T6888] usb 1-1: USB disconnect, device number 29 [ 329.855177][ T8815] program syz.2.813 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 330.778141][ T6855] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 330.937187][ T8831] netlink: 168 bytes leftover after parsing attributes in process `syz.2.818'. [ 330.955293][ T8831] netlink: 168 bytes leftover after parsing attributes in process `syz.2.818'. [ 330.958425][ T6855] usb 4-1: Using ep0 maxpacket: 16 [ 331.024251][ T6855] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.035385][ T6855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 331.062180][ T24] usb 5-1: USB disconnect, device number 27 [ 331.096149][ T6855] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 331.109640][ T6855] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 331.161328][ T6855] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 331.170658][ T6855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.187222][ T6855] usb 4-1: Product: syz [ 331.195059][ T6855] usb 4-1: Manufacturer: syz [ 331.222062][ T6855] usb 4-1: SerialNumber: syz [ 331.284897][ T6855] usb 4-1: config 0 descriptor?? [ 331.317643][ T6855] port100 4-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 331.586066][ T8847] __nla_validate_parse: 1 callbacks suppressed [ 331.586086][ T8847] netlink: 4 bytes leftover after parsing attributes in process `syz.4.823'. [ 331.649732][ T8847] netlink: 4 bytes leftover after parsing attributes in process `syz.4.823'. [ 331.989808][ T8854] loop8: detected capacity change from 0 to 8 [ 332.012150][ T8854] Dev loop8: unable to read RDB block 8 [ 332.023987][ T8854] loop8: unable to read partition table [ 332.043951][ T8854] loop8: partition table beyond EOD, truncated [ 332.078513][ T8854] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 332.543765][ T8868] netlink: 168 bytes leftover after parsing attributes in process `syz.4.832'. [ 332.567507][ T8868] netlink: 168 bytes leftover after parsing attributes in process `syz.4.832'. [ 332.690073][ T8868] netlink: 4 bytes leftover after parsing attributes in process `syz.4.832'. [ 332.691451][ T8871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.831'. [ 333.982776][ T6888] usb 4-1: USB disconnect, device number 22 [ 334.203661][ T8884] ip6gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 334.656940][ T8872] syz.0.831 (8872): drop_caches: 2 [ 334.747384][ T5925] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 334.917998][ T5925] usb 3-1: Using ep0 maxpacket: 16 [ 334.927731][ T5925] usb 3-1: unable to get BOS descriptor or descriptor too short [ 334.937168][ T5925] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 334.947470][ T5925] usb 3-1: config 0 has no interfaces? [ 334.980562][ T5925] usb 3-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 335.006713][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.018341][ T5925] usb 3-1: Product: syz [ 335.022780][ T5925] usb 3-1: Manufacturer: syz [ 335.027587][ T5925] usb 3-1: SerialNumber: syz [ 335.037993][ T5924] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 335.080188][ T5925] usb 3-1: config 0 descriptor?? [ 335.118873][ T8898] FAULT_INJECTION: forcing a failure. [ 335.118873][ T8898] name failslab, interval 1, probability 0, space 0, times 0 [ 335.131765][ T8898] CPU: 0 UID: 0 PID: 8898 Comm: syz.0.842 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 335.131790][ T8898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.131801][ T8898] Call Trace: [ 335.131809][ T8898] [ 335.131817][ T8898] dump_stack_lvl+0x189/0x250 [ 335.131850][ T8898] ? __pfx____ratelimit+0x10/0x10 [ 335.131876][ T8898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.131903][ T8898] ? __pfx__printk+0x10/0x10 [ 335.131942][ T8898] should_fail_ex+0x414/0x560 [ 335.131972][ T8898] should_failslab+0xa8/0x100 [ 335.131995][ T8898] kmem_cache_alloc_noprof+0x73/0x3c0 [ 335.132024][ T8898] ? skb_clone+0x212/0x3a0 [ 335.132053][ T8898] skb_clone+0x212/0x3a0 [ 335.132080][ T8898] __netlink_deliver_tap+0x404/0x850 [ 335.132137][ T8898] ? netlink_deliver_tap+0x2e/0x1b0 [ 335.132160][ T8898] netlink_deliver_tap+0x19c/0x1b0 [ 335.132182][ T8898] netlink_sendskb+0x68/0x140 [ 335.132214][ T8898] netlink_rcv_skb+0x28c/0x470 [ 335.132236][ T8898] ? __pfx_genl_rcv_msg+0x10/0x10 [ 335.132264][ T8898] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 335.132305][ T8898] ? down_read+0x1ad/0x2e0 [ 335.132327][ T8898] genl_rcv+0x28/0x40 [ 335.132369][ T8898] netlink_unicast+0x758/0x8d0 [ 335.132401][ T8898] netlink_sendmsg+0x805/0xb30 [ 335.132434][ T8898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.132458][ T8898] ? __import_iovec+0x5d4/0x7f0 [ 335.132474][ T8898] ? aa_sock_msg_perm+0x94/0x160 [ 335.132500][ T8898] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 335.132524][ T8898] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.132555][ T8898] __sock_sendmsg+0x219/0x270 [ 335.132586][ T8898] ____sys_sendmsg+0x505/0x830 [ 335.132615][ T8898] ? __pfx_____sys_sendmsg+0x10/0x10 [ 335.132658][ T8898] ___sys_sendmsg+0x21f/0x2a0 [ 335.132684][ T8898] ? __pfx____sys_sendmsg+0x10/0x10 [ 335.132751][ T8898] ? __fget_files+0x2a/0x420 [ 335.132770][ T8898] ? __fget_files+0x3a0/0x420 [ 335.132803][ T8898] __sys_sendmsg+0x164/0x220 [ 335.132828][ T8898] ? __pfx___sys_sendmsg+0x10/0x10 [ 335.132867][ T8898] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 335.132893][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.132921][ T8898] __do_fast_syscall_32+0xb6/0x2b0 [ 335.132950][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.132980][ T8898] do_fast_syscall_32+0x34/0x80 [ 335.133007][ T8898] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 335.133029][ T8898] RIP: 0023:0xf7ff2539 [ 335.133046][ T8898] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 335.133062][ T8898] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 335.133082][ T8898] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800006c0 [ 335.133095][ T8898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.133106][ T8898] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.133117][ T8898] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 335.133128][ T8898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.133160][ T8898] [ 335.268099][ T5924] usb 5-1: device descriptor read/64, error -71 [ 335.665892][ T8904] netlink: 168 bytes leftover after parsing attributes in process `syz.3.844'. [ 335.675199][ T8904] netlink: 168 bytes leftover after parsing attributes in process `syz.3.844'. [ 335.691858][ T8904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.844'. [ 335.798134][ T5924] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 335.816983][ T8906] netlink: 168 bytes leftover after parsing attributes in process `syz.0.846'. [ 335.938014][ T5924] usb 5-1: device descriptor read/64, error -71 [ 336.050649][ T5924] usb usb5-port1: attempt power cycle [ 336.306416][ T8924] IPVS: set_ctl: invalid protocol: 59 0.0.0.0:20000 [ 336.349023][ T8926] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 336.398827][ T5924] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 336.449187][ T5924] usb 5-1: device descriptor read/8, error -71 [ 336.678005][ T5925] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 336.698151][ T5924] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 336.743401][ T5924] usb 5-1: device descriptor read/8, error -71 [ 336.849199][ T5925] usb 2-1: Using ep0 maxpacket: 32 [ 336.866387][ T5925] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 336.868664][ T5924] usb usb5-port1: unable to enumerate USB device [ 336.886951][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.910228][ T5925] usb 2-1: Product: syz [ 336.926032][ T5925] usb 2-1: Manufacturer: syz [ 336.933704][ T5925] usb 2-1: SerialNumber: syz [ 336.944642][ T5925] usb 2-1: config 0 descriptor?? [ 336.963744][ T5925] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 337.006047][ T8947] __nla_validate_parse: 5 callbacks suppressed [ 337.006069][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.3.863'. [ 337.349516][ T8958] netlink: 168 bytes leftover after parsing attributes in process `syz.0.868'. [ 337.361732][ T8958] netlink: 168 bytes leftover after parsing attributes in process `syz.0.868'. [ 337.389348][ T8929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 337.393983][ T5924] usb 3-1: USB disconnect, device number 32 [ 337.432432][ T8929] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 337.443357][ T8958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.868'. [ 337.525549][ T5925] gspca_ov534_9: reg_w failed -71 [ 337.978224][ T5925] gspca_ov534_9: Unknown sensor 0000 [ 337.978336][ T5925] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 338.021059][ T5925] usb 2-1: USB disconnect, device number 27 [ 338.034962][ T8968] FAULT_INJECTION: forcing a failure. [ 338.034962][ T8968] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.098444][ T8968] CPU: 0 UID: 0 PID: 8968 Comm: syz.2.871 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 338.098475][ T8968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.098486][ T8968] Call Trace: [ 338.098494][ T8968] [ 338.098503][ T8968] dump_stack_lvl+0x189/0x250 [ 338.098537][ T8968] ? __pfx____ratelimit+0x10/0x10 [ 338.098565][ T8968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.098593][ T8968] ? __pfx__printk+0x10/0x10 [ 338.098615][ T8968] ? __might_fault+0xb0/0x130 [ 338.098646][ T8968] should_fail_ex+0x414/0x560 [ 338.098674][ T8968] _copy_from_user+0x2d/0xb0 [ 338.098693][ T8968] __sys_bind+0x199/0x3e0 [ 338.098715][ T8968] ? __pfx___sys_bind+0x10/0x10 [ 338.098768][ T8968] __ia32_sys_bind+0x7a/0x90 [ 338.098789][ T8968] __do_fast_syscall_32+0xb6/0x2b0 [ 338.098818][ T8968] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.098849][ T8968] do_fast_syscall_32+0x34/0x80 [ 338.098876][ T8968] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 338.098897][ T8968] RIP: 0023:0xf7f34539 [ 338.098915][ T8968] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 338.098931][ T8968] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000169 [ 338.098952][ T8968] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 338.098965][ T8968] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 338.098976][ T8968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 338.098986][ T8968] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 338.098997][ T8968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 338.099027][ T8968] [ 338.518064][ T5924] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 338.568189][ T6866] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 338.707950][ T5924] usb 5-1: Using ep0 maxpacket: 32 [ 338.727990][ T5924] usb 5-1: config 102 has an invalid interface number: 95 but max is 2 [ 338.777489][ T5924] usb 5-1: config 102 has an invalid descriptor of length 1, skipping remainder of the config [ 338.788735][ T6866] usb 3-1: Using ep0 maxpacket: 32 [ 338.828685][ T6866] usb 3-1: config 102 has an invalid interface number: 95 but max is 2 [ 338.847365][ T5924] usb 5-1: config 102 has 1 interface, different from the descriptor's value: 3 [ 338.874843][ T6866] usb 3-1: config 102 has an invalid descriptor of length 1, skipping remainder of the config [ 338.908150][ T5924] usb 5-1: config 102 has no interface number 0 [ 338.917943][ T6866] usb 3-1: config 102 has 1 interface, different from the descriptor's value: 3 [ 338.947663][ T5924] usb 5-1: config 102 interface 95 has no altsetting 0 [ 338.986568][ T6866] usb 3-1: config 102 has no interface number 0 [ 339.013806][ T6866] usb 3-1: config 102 interface 95 has no altsetting 0 [ 339.046069][ T6866] usb 3-1: New USB device found, idVendor=12d1, idProduct=d7d3, bcdDevice=fe.bd [ 339.066291][ T6866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.076428][ T5924] usb 5-1: New USB device found, idVendor=12d1, idProduct=d7d3, bcdDevice=fe.bd [ 339.109836][ T6866] usb 3-1: Product: syz [ 339.116664][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.125583][ T8999] netlink: 168 bytes leftover after parsing attributes in process `syz.1.882'. [ 339.127709][ T6866] usb 3-1: Manufacturer: syz [ 339.139589][ T5924] usb 5-1: Product: syz [ 339.143748][ T5924] usb 5-1: Manufacturer: syz [ 339.160316][ T8999] netlink: 168 bytes leftover after parsing attributes in process `syz.1.882'. [ 339.161623][ T6866] usb 3-1: SerialNumber: syz [ 339.178274][ T5924] usb 5-1: SerialNumber: syz [ 339.190507][ T8999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.882'. [ 339.297965][ T5925] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 339.441214][ T6866] option 3-1:102.95: GSM modem (1-port) converter detected [ 339.458131][ T5925] usb 4-1: Using ep0 maxpacket: 32 [ 339.463728][ T5924] option 5-1:102.95: GSM modem (1-port) converter detected [ 339.473466][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.486191][ T5924] usb 5-1: USB disconnect, device number 32 [ 339.513357][ T5924] option 5-1:102.95: device disconnected [ 339.516387][ T5925] usb 4-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 339.522766][ T6866] usb 3-1: USB disconnect, device number 33 [ 339.540104][ T9004] FAULT_INJECTION: forcing a failure. [ 339.540104][ T9004] name failslab, interval 1, probability 0, space 0, times 0 [ 339.577945][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.587735][ T9004] CPU: 0 UID: 0 PID: 9004 Comm: syz.1.886 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 339.587762][ T9004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 339.587773][ T9004] Call Trace: [ 339.587781][ T9004] [ 339.587789][ T9004] dump_stack_lvl+0x189/0x250 [ 339.587828][ T9004] ? __pfx____ratelimit+0x10/0x10 [ 339.587853][ T9004] ? __pfx_dump_stack_lvl+0x10/0x10 [ 339.587879][ T9004] ? __pfx__printk+0x10/0x10 [ 339.587907][ T9004] ? __pfx___might_resched+0x10/0x10 [ 339.587931][ T9004] ? fs_reclaim_acquire+0x7d/0x100 [ 339.587959][ T9004] should_fail_ex+0x414/0x560 [ 339.587986][ T9004] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 339.588010][ T9004] should_failslab+0xa8/0x100 [ 339.588032][ T9004] __kvmalloc_node_noprof+0x161/0x5f0 [ 339.588052][ T9004] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 339.588082][ T9004] rhashtable_init_noprof+0x4ee/0xbb0 [ 339.588113][ T9004] rhltable_init_noprof+0x1e/0x60 [ 339.588139][ T9004] nf_tables_newtable+0x68f/0x1890 [ 339.588185][ T9004] nfnetlink_rcv+0x112f/0x2520 [ 339.588256][ T9004] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 339.588301][ T9004] ? ref_tracker_free+0x63a/0x7d0 [ 339.588359][ T9004] ? __netlink_deliver_tap+0x807/0x850 [ 339.588392][ T6866] option 3-1:102.95: device disconnected [ 339.588390][ T9004] ? netlink_deliver_tap+0x2e/0x1b0 [ 339.588410][ T9004] ? netlink_deliver_tap+0x2e/0x1b0 [ 339.588435][ T9004] netlink_unicast+0x758/0x8d0 [ 339.588460][ T9004] netlink_sendmsg+0x805/0xb30 [ 339.588488][ T9004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 339.588509][ T9004] ? __import_iovec+0x5d4/0x7f0 [ 339.588521][ T9004] ? aa_sock_msg_perm+0x94/0x160 [ 339.588542][ T9004] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 339.588562][ T9004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 339.588580][ T9004] __sock_sendmsg+0x219/0x270 [ 339.588607][ T9004] ____sys_sendmsg+0x505/0x830 [ 339.588632][ T9004] ? __pfx_____sys_sendmsg+0x10/0x10 [ 339.588668][ T9004] ___sys_sendmsg+0x21f/0x2a0 [ 339.588690][ T9004] ? __pfx____sys_sendmsg+0x10/0x10 [ 339.588747][ T9004] ? __fget_files+0x2a/0x420 [ 339.588764][ T9004] ? __fget_files+0x3a0/0x420 [ 339.588792][ T9004] __sys_sendmsg+0x164/0x220 [ 339.588814][ T9004] ? __pfx___sys_sendmsg+0x10/0x10 [ 339.588848][ T9004] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 339.588871][ T9004] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.588895][ T9004] __do_fast_syscall_32+0xb6/0x2b0 [ 339.588919][ T9004] ? lockdep_hardirqs_on+0x9c/0x150 [ 339.588944][ T9004] do_fast_syscall_32+0x34/0x80 [ 339.588967][ T9004] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 339.588986][ T9004] RIP: 0023:0xf7f86539 [ 339.589003][ T9004] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 339.589017][ T9004] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 339.589036][ T9004] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008000c2c0 [ 339.589048][ T9004] RDX: 0000000000060800 RSI: 0000000000000000 RDI: 0000000000000000 [ 339.589058][ T9004] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 339.589067][ T9004] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 339.589076][ T9004] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 339.589103][ T9004] [ 339.720552][ T9008] netlink: 32 bytes leftover after parsing attributes in process `syz.0.888'. [ 339.936203][ T5925] usb 4-1: config 0 descriptor?? [ 340.539207][ T9025] netlink: 168 bytes leftover after parsing attributes in process `syz.2.895'. [ 340.548472][ T6866] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 340.549300][ T9025] netlink: 168 bytes leftover after parsing attributes in process `syz.2.895'. [ 340.575247][ T5925] usb 4-1: language id specifier not provided by device, defaulting to English [ 340.711715][ T6866] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 340.725110][ T6866] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 340.743054][ T6866] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.779836][ T6866] usb 5-1: config 0 descriptor?? [ 341.191692][ T5925] uclogic 0003:5543:004D.0010: failed retrieving Huion firmware version: -71 [ 341.202749][ T5925] uclogic 0003:5543:004D.0010: failed probing parameters: -71 [ 341.212945][ T5925] uclogic 0003:5543:004D.0010: probe with driver uclogic failed with error -71 [ 341.368083][ T5925] usb 4-1: USB disconnect, device number 23 [ 341.434702][ T6866] itetech 0003:258A:6A88.0011: item fetching failed at offset 3/7 [ 341.463744][ T6866] itetech 0003:258A:6A88.0011: probe with driver itetech failed with error -22 [ 341.507069][ T9035] syzkaller1: tun_chr_ioctl cmd 2148553947 [ 341.961732][ T5925] usb 5-1: USB disconnect, device number 33 [ 341.983270][ T9052] FAULT_INJECTION: forcing a failure. [ 341.983270][ T9052] name failslab, interval 1, probability 0, space 0, times 0 [ 342.023473][ T9054] __nla_validate_parse: 3 callbacks suppressed [ 342.023495][ T9054] netlink: 168 bytes leftover after parsing attributes in process `syz.2.907'. [ 342.023514][ T9054] netlink: 168 bytes leftover after parsing attributes in process `syz.2.907'. [ 342.023666][ T9052] CPU: 1 UID: 0 PID: 9052 Comm: syz.3.906 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 342.023689][ T9052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.023700][ T9052] Call Trace: [ 342.023708][ T9052] [ 342.023716][ T9052] dump_stack_lvl+0x189/0x250 [ 342.023749][ T9052] ? __pfx____ratelimit+0x10/0x10 [ 342.023775][ T9052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.023801][ T9052] ? __pfx__printk+0x10/0x10 [ 342.023828][ T9052] ? __pfx___might_resched+0x10/0x10 [ 342.023854][ T9052] ? fs_reclaim_acquire+0x7d/0x100 [ 342.023881][ T9052] should_fail_ex+0x414/0x560 [ 342.023909][ T9052] should_failslab+0xa8/0x100 [ 342.023932][ T9052] __kmalloc_cache_noprof+0x70/0x3d0 [ 342.023950][ T9052] ? vkms_plane_duplicate_state+0x51/0x110 [ 342.023980][ T9052] vkms_plane_duplicate_state+0x51/0x110 [ 342.024006][ T9052] drm_atomic_get_plane_state+0x25d/0x5a0 [ 342.024043][ T9052] page_flip_common+0xcf/0x2a0 [ 342.024071][ T9052] drm_atomic_helper_page_flip+0xa5/0x160 [ 342.024100][ T9052] drm_mode_page_flip_ioctl+0xc6a/0x11d0 [ 342.024153][ T9052] ? __pfx_drm_mode_page_flip_ioctl+0x10/0x10 [ 342.024202][ T9052] ? do_raw_spin_unlock+0x122/0x240 [ 342.024227][ T9052] ? _raw_spin_unlock+0x28/0x50 [ 342.024248][ T9052] ? drm_is_current_master+0x19f/0x200 [ 342.024272][ T9052] drm_ioctl_kernel+0x2cc/0x390 [ 342.024305][ T9052] ? __pfx_drm_mode_page_flip_ioctl+0x10/0x10 [ 342.024329][ T9052] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 342.024364][ T9052] drm_ioctl+0x67f/0xb10 [ 342.024383][ T9052] ? __lock_acquire+0xab9/0xd20 [ 342.024412][ T9052] ? __pfx_drm_mode_page_flip_ioctl+0x10/0x10 [ 342.024441][ T9052] ? __pfx_drm_ioctl+0x10/0x10 [ 342.024479][ T9052] ? __fget_files+0x3a0/0x420 [ 342.024499][ T9052] ? __fget_files+0x2a/0x420 [ 342.024515][ T9052] ? drm_compat_ioctl+0x112/0x330 [ 342.024541][ T9052] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 342.024572][ T9052] __ia32_compat_sys_ioctl+0x543/0x840 [ 342.024604][ T9052] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 342.024631][ T9052] ? __fget_files+0x3a0/0x420 [ 342.024659][ T9052] ? fput+0xa0/0xd0 [ 342.024683][ T9052] ? ksys_write+0x22a/0x250 [ 342.024710][ T9052] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 342.024736][ T9052] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.024763][ T9052] __do_fast_syscall_32+0xb6/0x2b0 [ 342.024791][ T9052] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.024819][ T9052] do_fast_syscall_32+0x34/0x80 [ 342.024846][ T9052] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.024867][ T9052] RIP: 0023:0xf710e539 [ 342.024883][ T9052] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 342.024899][ T9052] RSP: 002b:00000000f50fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 342.024921][ T9052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c01864b0 [ 342.024933][ T9052] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 342.024944][ T9052] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 342.024954][ T9052] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 342.024964][ T9052] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.024994][ T9052] [ 342.085276][ T9054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.907'. [ 342.252516][ T9059] FAULT_INJECTION: forcing a failure. [ 342.252516][ T9059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 342.252569][ T9059] CPU: 1 UID: 0 PID: 9059 Comm: syz.1.910 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 342.252590][ T9059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.252600][ T9059] Call Trace: [ 342.252608][ T9059] [ 342.252616][ T9059] dump_stack_lvl+0x189/0x250 [ 342.252648][ T9059] ? __pfx____ratelimit+0x10/0x10 [ 342.252675][ T9059] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.252702][ T9059] ? __pfx__printk+0x10/0x10 [ 342.252722][ T9059] ? __might_fault+0xb0/0x130 [ 342.252753][ T9059] should_fail_ex+0x414/0x560 [ 342.252782][ T9059] _copy_from_user+0x2d/0xb0 [ 342.252801][ T9059] kstrtouint_from_user+0xc4/0x170 [ 342.252828][ T9059] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 342.252871][ T9059] proc_fail_nth_write+0x88/0x240 [ 342.252894][ T9059] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 342.252922][ T9059] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 342.252946][ T9059] vfs_write+0x27e/0xa90 [ 342.252984][ T9059] ? __pfx_vfs_write+0x10/0x10 [ 342.253014][ T9059] ? __fget_files+0x2a/0x420 [ 342.253040][ T9059] ? __fget_files+0x3a0/0x420 [ 342.253056][ T9059] ? __fget_files+0x2a/0x420 [ 342.253085][ T9059] ksys_write+0x145/0x250 [ 342.253106][ T9059] ? __pfx_ksys_write+0x10/0x10 [ 342.253126][ T9059] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 342.253152][ T9059] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.253180][ T9059] __do_fast_syscall_32+0xb6/0x2b0 [ 342.253207][ T9059] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.253237][ T9059] do_fast_syscall_32+0x34/0x80 [ 342.253262][ T9059] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.253283][ T9059] RIP: 0023:0xf7f86539 [ 342.253299][ T9059] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 342.253315][ T9059] RSP: 002b:00000000f50a6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 342.253335][ T9059] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50a6620 [ 342.253347][ T9059] RDX: 0000000000000001 RSI: 00000000f7413ff4 RDI: 0000000000000000 [ 342.253358][ T9059] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 342.253369][ T9059] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 342.253379][ T9059] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.253411][ T9059] [ 342.299526][ T9062] FAULT_INJECTION: forcing a failure. [ 342.299526][ T9062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 342.854654][ T6890] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 342.959792][ T9062] CPU: 0 UID: 0 PID: 9062 Comm: syz.2.911 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 342.959825][ T9062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.959837][ T9062] Call Trace: [ 342.959844][ T9062] [ 342.959853][ T9062] dump_stack_lvl+0x189/0x250 [ 342.959887][ T9062] ? __pfx____ratelimit+0x10/0x10 [ 342.959914][ T9062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.959942][ T9062] ? __pfx__printk+0x10/0x10 [ 342.959978][ T9062] should_fail_ex+0x414/0x560 [ 342.960007][ T9062] _copy_to_iter+0x575/0x16f0 [ 342.960046][ T9062] ? __pfx__copy_to_iter+0x10/0x10 [ 342.960069][ T9062] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 342.960100][ T9062] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 342.960131][ T9062] __skb_datagram_iter+0xf8/0x990 [ 342.960157][ T9062] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 342.960191][ T9062] skb_copy_datagram_iter+0xc5/0x230 [ 342.960228][ T9062] netlink_recvmsg+0x2ab/0xa30 [ 342.960261][ T9062] ? __pfx_netlink_recvmsg+0x10/0x10 [ 342.960279][ T9062] ? trace_kmalloc+0x1f/0xd0 [ 342.960294][ T9062] ? __kmalloc_noprof+0x29b/0x4f0 [ 342.960314][ T9062] ? aa_sock_msg_perm+0x94/0x160 [ 342.960339][ T9062] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 342.960360][ T9062] ? security_socket_recvmsg+0x7e/0x2e0 [ 342.960387][ T9062] ? __pfx_netlink_recvmsg+0x10/0x10 [ 342.960406][ T9062] sock_recvmsg+0x229/0x270 [ 342.960436][ T9062] ____sys_recvmsg+0x1c9/0x460 [ 342.960467][ T9062] ? __pfx_____sys_recvmsg+0x10/0x10 [ 342.960484][ T9062] ? get_compat_msghdr+0x37e/0x4a0 [ 342.960519][ T9062] ? ktime_get_ts64+0xa2/0x3d0 [ 342.960548][ T9062] ___sys_recvmsg+0x1b5/0x510 [ 342.960576][ T9062] ? __pfx____sys_recvmsg+0x10/0x10 [ 342.960625][ T9062] ? __fget_files+0x3a0/0x420 [ 342.960658][ T9062] do_recvmmsg+0x36a/0x770 [ 342.960690][ T9062] ? __pfx_do_recvmmsg+0x10/0x10 [ 342.960722][ T9062] ? _copy_from_user+0x94/0xb0 [ 342.960756][ T9062] __sys_recvmmsg+0x127/0x280 [ 342.960782][ T9062] ? __pfx___sys_recvmmsg+0x10/0x10 [ 342.960799][ T9062] ? ksys_write+0x22a/0x250 [ 342.960823][ T9062] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 342.960850][ T9062] __do_fast_syscall_32+0xb6/0x2b0 [ 342.960877][ T9062] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.960906][ T9062] do_fast_syscall_32+0x34/0x80 [ 342.960933][ T9062] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.960955][ T9062] RIP: 0023:0xf7f34539 [ 342.960972][ T9062] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 342.960988][ T9062] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 342.961007][ T9062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0 [ 342.961020][ T9062] RDX: 00000000000003b4 RSI: 0000000002040000 RDI: 0000000080003700 [ 342.961032][ T9062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 342.961043][ T9062] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 342.961054][ T9062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.961083][ T9062] [ 343.093894][ T6890] usb 1-1: config index 0 descriptor too short (expected 1051, got 27) [ 343.093928][ T6890] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 343.093947][ T6890] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 343.093993][ T6890] usb 1-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 149 [ 343.094018][ T6890] usb 1-1: config 0 interface 0 has no altsetting 0 [ 343.209408][ T9079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.917'. [ 343.269436][ T6890] usb 1-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=d9.c3 [ 343.269459][ T6890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.269471][ T6890] usb 1-1: Product: syz [ 343.269480][ T6890] usb 1-1: Manufacturer: syz [ 343.269488][ T6890] usb 1-1: SerialNumber: syz [ 343.272059][ T6890] usb 1-1: config 0 descriptor?? [ 343.283837][ T9049] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 343.449801][ T5925] usb 3-1: new low-speed USB device number 34 using dummy_hcd [ 343.598293][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 343.728084][ T5925] usb 3-1: new low-speed USB device number 35 using dummy_hcd [ 343.889019][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 344.277313][ T9070] tty tty2: ldisc open failed (-12), clearing slot 1 [ 344.285104][ T5925] usb usb3-port1: attempt power cycle [ 344.437242][ T9092] netlink: 168 bytes leftover after parsing attributes in process `syz.1.921'. [ 344.437271][ T9092] netlink: 168 bytes leftover after parsing attributes in process `syz.1.921'. [ 344.469373][ T9092] netlink: 4 bytes leftover after parsing attributes in process `syz.1.921'. [ 344.618066][ T5925] usb 3-1: new low-speed USB device number 36 using dummy_hcd [ 344.644303][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 344.769520][ T6890] keyspan 1-1:0.0: Keyspan 4 port adapter converter detected [ 344.777162][ T5925] usb 3-1: new low-speed USB device number 37 using dummy_hcd [ 344.803099][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 7 [ 344.827027][ T5925] usb 3-1: Invalid ep0 maxpacket: 64 [ 344.833982][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 81 [ 344.844278][ T5925] usb usb3-port1: unable to enumerate USB device [ 344.865554][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 1 [ 344.881416][ T6890] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 344.896191][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 82 [ 344.925119][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 2 [ 344.967414][ T6890] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 345.004113][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 83 [ 345.027979][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 3 [ 345.068442][ T6890] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 345.125134][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 84 [ 345.166555][ T6890] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 4 [ 345.211548][ T6890] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 345.279341][ T6890] usb 1-1: USB disconnect, device number 30 [ 345.320451][ T6890] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 345.395628][ T6890] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 345.462808][ T6890] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 345.501275][ T6890] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 345.551846][ T6890] keyspan 1-1:0.0: device disconnected [ 346.278063][ T5924] usb 5-1: new full-speed USB device number 34 using dummy_hcd [ 346.431281][ T5924] usb 5-1: config 0 has an invalid interface number: 109 but max is 0 [ 346.445305][ T5924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 346.472594][ T5924] usb 5-1: config 0 has no interface number 0 [ 346.487615][ T5924] usb 5-1: config 0 interface 109 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 346.504384][ T5924] usb 5-1: config 0 interface 109 altsetting 0 endpoint 0x1 has invalid maxpacket 495, setting to 64 [ 346.515958][ T5924] usb 5-1: config 0 interface 109 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 12 [ 346.533216][ T5924] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=fd.2e [ 346.544290][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.564203][ T5924] usb 5-1: Product: syz [ 346.571952][ T5924] usb 5-1: Manufacturer: syz [ 346.576637][ T5924] usb 5-1: SerialNumber: syz [ 346.598652][ T6890] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 346.607078][ T5924] usb 5-1: config 0 descriptor?? [ 346.624516][ T9117] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 346.634864][ T9117] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 346.771148][ T6890] usb 3-1: config 0 has an invalid interface number: 93 but max is 0 [ 346.785763][ T6890] usb 3-1: config 0 has no interface number 0 [ 346.796562][ T6890] usb 3-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 346.809546][ T6890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.828322][ T6890] usb 3-1: Product: syz [ 346.832861][ T6890] usb 3-1: Manufacturer: syz [ 346.839014][ T6890] usb 3-1: SerialNumber: syz [ 346.862136][ T5924] ath6kl: Failed to submit usb control message: -71 [ 346.864200][ T6890] usb 3-1: config 0 descriptor?? [ 346.888257][ T6866] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 346.897663][ T5924] ath6kl: unable to send the bmi data to the device: -71 [ 346.915459][ T5924] ath6kl: Unable to send get target info: -71 [ 346.934325][ T5924] ath6kl: Failed to init ath6kl core: -71 [ 346.955763][ T5924] ath6kl_usb 5-1:0.109: probe with driver ath6kl_usb failed with error -71 [ 346.967389][ T9130] netlink: 168 bytes leftover after parsing attributes in process `syz.0.934'. [ 346.977024][ T9130] netlink: 168 bytes leftover after parsing attributes in process `syz.0.934'. [ 347.000251][ T5924] usb 5-1: USB disconnect, device number 34 [ 347.022015][ T9130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.934'. [ 347.062988][ T6866] usb 4-1: config 0 has an invalid interface number: 93 but max is 0 [ 347.071832][ T6866] usb 4-1: config 0 has no interface number 0 [ 347.088960][ T6866] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 347.097969][ T6890] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 347.107743][ T6866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.116026][ T6866] usb 4-1: Product: syz [ 347.120689][ T6866] usb 4-1: Manufacturer: syz [ 347.125674][ T6866] usb 4-1: SerialNumber: syz [ 347.131015][ T6890] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 347.133819][ T6866] usb 4-1: config 0 descriptor?? [ 347.171822][ T6890] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 347.197095][ T6890] usb 3-1: media controller created [ 347.218431][ T6890] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 347.286747][ T6890] DVB: Unable to find symbol dib7000p_attach() [ 347.305016][ T6890] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 347.337583][ T6890] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 347.361653][ T6890] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 347.368914][ T6866] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 347.379413][ T6890] usb 3-1: media controller created [ 347.398631][ T6866] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 347.412745][ T6890] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 347.445236][ T6890] dib0700: the master dib7090 has to be initialized first [ 347.445248][ T6866] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 347.464697][ T6890] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 347.490715][ T6866] usb 4-1: media controller created [ 347.537721][ T6866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 347.580362][ T9125] FAULT_INJECTION: forcing a failure. [ 347.580362][ T9125] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 347.608100][ T9125] CPU: 0 UID: 0 PID: 9125 Comm: syz.3.933 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 347.608140][ T9125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 347.608151][ T9125] Call Trace: [ 347.608159][ T9125] [ 347.608168][ T9125] dump_stack_lvl+0x189/0x250 [ 347.608206][ T9125] ? __pfx____ratelimit+0x10/0x10 [ 347.608233][ T9125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.608260][ T9125] ? __pfx__printk+0x10/0x10 [ 347.608296][ T9125] should_fail_ex+0x414/0x560 [ 347.608325][ T9125] _copy_to_user+0x31/0xb0 [ 347.608346][ T9125] simple_read_from_buffer+0xe1/0x170 [ 347.608372][ T9125] proc_fail_nth_read+0x1df/0x250 [ 347.608398][ T9125] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 347.608424][ T9125] ? rw_verify_area+0x258/0x650 [ 347.608451][ T9125] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 347.608475][ T9125] vfs_read+0x200/0x980 [ 347.608509][ T9125] ? __pfx___mutex_lock+0x10/0x10 [ 347.608538][ T9125] ? __pfx_vfs_read+0x10/0x10 [ 347.608568][ T9125] ? __fget_files+0x2a/0x420 [ 347.608594][ T9125] ? __fget_files+0x3a0/0x420 [ 347.608613][ T9125] ? __fget_files+0x2a/0x420 [ 347.608644][ T9125] ksys_read+0x145/0x250 [ 347.608675][ T9125] ? __pfx_ksys_read+0x10/0x10 [ 347.608705][ T9125] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 347.608733][ T9125] ? lockdep_hardirqs_on+0x9c/0x150 [ 347.608762][ T9125] __do_fast_syscall_32+0xb6/0x2b0 [ 347.608790][ T9125] ? lockdep_hardirqs_on+0x9c/0x150 [ 347.608821][ T9125] do_fast_syscall_32+0x34/0x80 [ 347.608848][ T9125] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.608870][ T9125] RIP: 0023:0xf710e539 [ 347.608889][ T9125] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 347.608904][ T9125] RSP: 002b:00000000f50fe590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 347.608925][ T9125] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50fe620 [ 347.608937][ T9125] RDX: 000000000000000f RSI: 00000000f7473ff4 RDI: 0000000000000000 [ 347.608948][ T9125] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 347.608958][ T9125] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 347.608968][ T9125] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.608997][ T9125] [ 347.844733][ C0] vkms_vblank_simulate: vblank timer overrun [ 347.927980][ T6890] rc_core: IR keymap rc-dib0700-rc5 not found [ 347.934123][ T6890] Registered IR keymap rc-empty [ 347.939550][ T6890] dvb-usb: could not initialize remote control. [ 347.945856][ T6890] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 348.045411][ T6866] DVB: Unable to find symbol dib7000p_attach() [ 348.192938][ T6866] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 348.193116][ T6866] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 348.205583][ T6866] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 348.205818][ T6866] usb 4-1: media controller created [ 348.292263][ T6866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 348.315659][ T6866] dib0700: the master dib7090 has to be initialized first [ 348.398102][ T6866] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 348.448803][ T6888] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 348.588038][ T6866] rc_core: IR keymap rc-dib0700-rc5 not found [ 348.594334][ T6866] Registered IR keymap rc-empty [ 348.599851][ T6866] dvb-usb: could not initialize remote control. [ 348.608080][ T6866] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 348.628748][ T6866] usb 4-1: USB disconnect, device number 24 [ 348.659246][ T6888] usb 1-1: too many endpoints for config 0 interface 0 altsetting 185: 33, using maximum allowed: 30 [ 348.715905][ T6888] usb 1-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.750553][ T6888] usb 1-1: config 0 interface 0 altsetting 185 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 348.765759][ T6888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 348.778061][ T6888] usb 1-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 348.787358][ T6888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.801952][ T6888] usb 1-1: config 0 descriptor?? [ 348.842560][ T6866] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 349.078405][ T6896] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 349.258407][ T6866] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 349.272647][ T6888] pantherlord 0003:0810:0001.0012: hidraw0: USB HID v8.00 Device [HID 0810:0001] on usb-dummy_hcd.0-1/input0 [ 349.285688][ T6888] pantherlord 0003:0810:0001.0012: Force feedback for PantherLord/GreenAsia devices by Anssi Hannula [ 349.302150][ T6896] usb 2-1: not running at top speed; connect to a high speed hub [ 349.313283][ T6896] usb 2-1: config 9 has an invalid interface number: 184 but max is 2 [ 349.322113][ T6896] usb 2-1: config 9 has an invalid interface number: 161 but max is 2 [ 349.331309][ T6896] usb 2-1: config 9 contains an unexpected descriptor of type 0x2, skipping [ 349.344579][ T6896] usb 2-1: config 9 contains an unexpected descriptor of type 0x2, skipping [ 349.359925][ T6896] usb 2-1: config 9 has an invalid interface number: 97 but max is 2 [ 349.371648][ T6896] usb 2-1: config 9 has no interface number 0 [ 349.377998][ T6896] usb 2-1: config 9 has no interface number 1 [ 349.388078][ T6896] usb 2-1: config 9 has no interface number 2 [ 349.395423][ T6896] usb 2-1: config 9 interface 184 altsetting 15 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 349.418037][ T6866] usb 4-1: Using ep0 maxpacket: 8 [ 349.425667][ T6866] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.428010][ T6896] usb 2-1: config 9 interface 161 altsetting 4 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 349.482234][ T6896] usb 2-1: config 9 interface 161 altsetting 4 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 349.514059][ T6896] usb 2-1: config 9 interface 161 altsetting 4 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 349.534767][ T6896] usb 2-1: config 9 interface 161 altsetting 4 has a duplicate endpoint with address 0xE, skipping [ 349.541191][ T6866] usb 4-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=be.68 [ 349.546158][ T6896] usb 2-1: config 9 interface 161 altsetting 4 has a duplicate endpoint with address 0x7, skipping [ 349.577155][ T9169] netlink: 'syz.2.946': attribute type 3 has an invalid length. [ 349.600480][ T6866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.616967][ T6896] usb 2-1: config 9 interface 161 altsetting 4 has a duplicate endpoint with address 0x5, skipping [ 349.625162][ T6866] usb 4-1: Product: syz [ 349.661219][ T6896] usb 2-1: config 9 interface 97 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 349.671375][ T6866] usb 4-1: Manufacturer: syz [ 349.681887][ T6866] usb 4-1: SerialNumber: syz [ 349.686930][ T6896] usb 2-1: config 9 interface 97 altsetting 1 has a duplicate endpoint with address 0xE, skipping [ 349.719321][ T6866] usb 4-1: config 0 descriptor?? [ 349.741350][ T6888] usb 1-1: USB disconnect, device number 31 [ 349.742170][ T6866] redrat3 4-1:0.0: Couldn't find all endpoints [ 349.840964][ T6896] usb 2-1: config 9 interface 97 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 349.896469][ T6896] usb 2-1: config 9 interface 97 altsetting 1 has a duplicate endpoint with address 0x5, skipping [ 349.921386][ T6896] usb 2-1: config 9 interface 184 has no altsetting 0 [ 349.956674][ T6896] usb 2-1: config 9 interface 161 has no altsetting 0 [ 349.967094][ T6896] usb 2-1: config 9 interface 97 has no altsetting 0 [ 349.985816][ T6896] usb 2-1: Dual-Role OTG device on HNP port [ 349.993658][ T6896] usb 2-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=60.85 [ 350.003725][ T6896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.012077][ T6896] usb 2-1: Product: syz [ 350.033986][ T6896] usb 2-1: Manufacturer: syz [ 350.068921][ T6896] usb 2-1: SerialNumber: syz [ 350.498720][ T9187] netlink: 168 bytes leftover after parsing attributes in process `syz.0.952'. [ 350.513536][ T9187] netlink: 168 bytes leftover after parsing attributes in process `syz.0.952'. [ 350.537772][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.952'. [ 351.077980][ T6866] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 351.232532][ T6866] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 351.243768][ T6866] usb 1-1: config 0 has no interface number 0 [ 351.270542][ T6866] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 351.287272][ T6866] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 351.321434][ T6866] usb 1-1: config 0 interface 255 has no altsetting 0 [ 351.333600][ T6866] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 351.343911][ T6866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.374441][ T6866] usb 1-1: config 0 descriptor?? [ 351.397244][ T6866] ums-realtek 1-1:0.255: USB Mass Storage device detected [ 351.606819][ T6866] usb 1-1: USB disconnect, device number 32 [ 351.787344][ T6888] usb 4-1: USB disconnect, device number 25 [ 351.885782][ T6896] ati_remote 2-1:9.184: ati_remote_probe: Unexpected endpoint_in [ 352.001609][ T6896] ati_remote 2-1:9.161: ati_remote_probe: Unexpected desc.bNumEndpoints [ 352.010382][ T10] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 352.072793][ T6896] ati_remote 2-1:9.97: ati_remote_probe: Unexpected desc.bNumEndpoints [ 352.108430][ T6896] usb 2-1: USB disconnect, device number 28 [ 352.257631][ T10] usb 5-1: config 0 has no interfaces? [ 352.278054][ T10] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 352.287181][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 352.346357][ T10] usb 5-1: SerialNumber: syz [ 352.371725][ T10] usb 5-1: config 0 descriptor?? [ 352.564197][ T9204] netlink: 12 bytes leftover after parsing attributes in process `syz.3.957'. [ 352.614320][ T10] usb 5-1: USB disconnect, device number 35 [ 352.727439][ T9204] netlink: 'syz.3.957': attribute type 10 has an invalid length. [ 352.898370][ T9219] netlink: 168 bytes leftover after parsing attributes in process `syz.1.963'. [ 352.925116][ T9219] netlink: 168 bytes leftover after parsing attributes in process `syz.1.963'. [ 352.945961][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 352.946008][ T30] audit: type=1326 audit(1751339752.401:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9216 comm="syz.0.962" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2539 code=0x0 [ 352.996140][ T9219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.963'. [ 353.018982][ T9222] FAULT_INJECTION: forcing a failure. [ 353.018982][ T9222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.067184][ T9222] CPU: 1 UID: 0 PID: 9222 Comm: syz.2.964 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 353.067212][ T9222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.067223][ T9222] Call Trace: [ 353.067231][ T9222] [ 353.067240][ T9222] dump_stack_lvl+0x189/0x250 [ 353.067280][ T9222] ? __pfx____ratelimit+0x10/0x10 [ 353.067307][ T9222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.067334][ T9222] ? __pfx__printk+0x10/0x10 [ 353.067356][ T9222] ? __might_fault+0xb0/0x130 [ 353.067387][ T9222] should_fail_ex+0x414/0x560 [ 353.067415][ T9222] _copy_to_iter+0x575/0x16f0 [ 353.067463][ T9222] ? __pfx__copy_to_iter+0x10/0x10 [ 353.067486][ T9222] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 353.067518][ T9222] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 353.067549][ T9222] __skb_datagram_iter+0xf8/0x990 [ 353.067575][ T9222] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 353.067610][ T9222] skb_copy_datagram_iter+0xc5/0x230 [ 353.067638][ T9222] netlink_recvmsg+0x2ab/0xa30 [ 353.067668][ T9222] ? __pfx_netlink_recvmsg+0x10/0x10 [ 353.067687][ T9222] ? trace_kmalloc+0x1f/0xd0 [ 353.067700][ T9222] ? __kmalloc_noprof+0x29b/0x4f0 [ 353.067720][ T9222] ? aa_sock_msg_perm+0x94/0x160 [ 353.067744][ T9222] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 353.067766][ T9222] ? security_socket_recvmsg+0x7e/0x2e0 [ 353.067792][ T9222] ? __pfx_netlink_recvmsg+0x10/0x10 [ 353.067813][ T9222] sock_recvmsg+0x229/0x270 [ 353.067842][ T9222] ____sys_recvmsg+0x1c9/0x460 [ 353.067873][ T9222] ? __pfx_____sys_recvmsg+0x10/0x10 [ 353.067891][ T9222] ? get_compat_msghdr+0x37e/0x4a0 [ 353.067926][ T9222] ? ktime_get_ts64+0xa2/0x3d0 [ 353.067954][ T9222] ___sys_recvmsg+0x1b5/0x510 [ 353.067983][ T9222] ? __pfx____sys_recvmsg+0x10/0x10 [ 353.068033][ T9222] ? __fget_files+0x3a0/0x420 [ 353.068066][ T9222] do_recvmmsg+0x36a/0x770 [ 353.068097][ T9222] ? __pfx_do_recvmmsg+0x10/0x10 [ 353.068143][ T9222] ? _copy_from_user+0x94/0xb0 [ 353.068186][ T9222] __sys_recvmmsg+0x127/0x280 [ 353.068212][ T9222] ? __pfx___sys_recvmmsg+0x10/0x10 [ 353.068232][ T9222] ? ksys_write+0x22a/0x250 [ 353.068260][ T9222] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 353.068288][ T9222] __do_fast_syscall_32+0xb6/0x2b0 [ 353.068317][ T9222] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.068355][ T9222] do_fast_syscall_32+0x34/0x80 [ 353.068383][ T9222] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 353.068405][ T9222] RIP: 0023:0xf7f34539 [ 353.068422][ T9222] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 353.068438][ T9222] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 353.068460][ T9222] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0 [ 353.068473][ T9222] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000080003700 [ 353.068485][ T9222] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 353.068496][ T9222] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 353.068506][ T9222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 353.068535][ T9222] [ 353.372408][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.004022][ T9240] FAULT_INJECTION: forcing a failure. [ 354.004022][ T9240] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 354.055951][ T9240] CPU: 1 UID: 0 PID: 9240 Comm: syz.2.969 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 354.055979][ T9240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.055990][ T9240] Call Trace: [ 354.055998][ T9240] [ 354.056007][ T9240] dump_stack_lvl+0x189/0x250 [ 354.056040][ T9240] ? __pfx____ratelimit+0x10/0x10 [ 354.056067][ T9240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.056094][ T9240] ? __pfx__printk+0x10/0x10 [ 354.056117][ T9240] ? fs_reclaim_acquire+0x7d/0x100 [ 354.056148][ T9240] should_fail_ex+0x414/0x560 [ 354.056177][ T9240] prepare_alloc_pages+0x213/0x610 [ 354.056209][ T9240] __alloc_frozen_pages_noprof+0x123/0x370 [ 354.056236][ T9240] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 354.056264][ T9240] ? __pfx__copy_from_iter+0x10/0x10 [ 354.056290][ T9240] ? policy_nodemask+0x27c/0x720 [ 354.056309][ T9240] ? aa_file_perm+0x11f/0xed0 [ 354.056337][ T9240] alloc_pages_mpol+0x232/0x4a0 [ 354.056363][ T9240] alloc_pages_noprof+0xa9/0x190 [ 354.056393][ T9240] anon_pipe_write+0xb85/0x1360 [ 354.056441][ T9240] ? __pfx_anon_pipe_write+0x10/0x10 [ 354.056460][ T9240] ? common_file_perm+0x199/0x200 [ 354.056486][ T9240] ? bpf_lsm_file_permission+0x9/0x20 [ 354.056511][ T9240] ? security_file_permission+0x75/0x290 [ 354.056540][ T9240] vfs_write+0x54b/0xa90 [ 354.056573][ T9240] ? __pfx_anon_pipe_write+0x10/0x10 [ 354.056595][ T9240] ? __pfx_vfs_write+0x10/0x10 [ 354.056635][ T9240] ? __fget_files+0x2a/0x420 [ 354.056666][ T9240] ksys_write+0x145/0x250 [ 354.056687][ T9240] ? __pfx_ksys_write+0x10/0x10 [ 354.056707][ T9240] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 354.056734][ T9240] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.056762][ T9240] __do_fast_syscall_32+0xb6/0x2b0 [ 354.056790][ T9240] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.056820][ T9240] do_fast_syscall_32+0x34/0x80 [ 354.056847][ T9240] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 354.056869][ T9240] RIP: 0023:0xf7f34539 [ 354.056886][ T9240] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 354.056903][ T9240] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 354.056928][ T9240] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000340 [ 354.056941][ T9240] RDX: 0000000000011000 RSI: 0000000000000000 RDI: 0000000000000000 [ 354.056952][ T9240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 354.056963][ T9240] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 354.056973][ T9240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 354.057004][ T9240] [ 354.097549][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.099455][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.331143][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.337156][ C1] hrtimer: interrupt took 279311818 ns [ 354.343905][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.351453][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.359550][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.366987][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.377908][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.385349][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.393074][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.400557][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.408025][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.415448][ T10] hid-generic 00A0:0006:0003.0013: unknown main item tag 0x0 [ 354.437167][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.478478][ T10] hid-generic 00A0:0006:0003.0013: hidraw0: HID v0.05 Device [syz1] on syz0 [ 354.705747][ T9246] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 354.725194][ T9249] fido_id[9249]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 354.778414][ T6890] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 354.934258][ T6890] usb 2-1: config 1 has an invalid interface number: 3 but max is 2 [ 354.945313][ T6890] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 354.975898][ T6890] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 354.993577][ T6890] usb 2-1: config 1 has no interface number 1 [ 355.000208][ T6890] usb 2-1: too many endpoints for config 1 interface 3 altsetting 10: 32, using maximum allowed: 30 [ 355.018195][ T6890] usb 2-1: config 1 interface 3 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 355.067889][ T6890] usb 2-1: config 1 interface 3 has no altsetting 0 [ 355.096054][ T6890] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 355.108747][ T6890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.116896][ T6890] usb 2-1: Product: ఄ [ 355.168120][ T6890] usb 2-1: Manufacturer: ъ [ 355.171420][ T9261] netlink: 168 bytes leftover after parsing attributes in process `syz.2.976'. [ 355.182714][ T6890] usb 2-1: SerialNumber: ᕹौ烚馐刕覌╽褫䬁態剽霽튭鼞洺颒㇌婩폓ӵ콁ኞ묀漉䆞篆㉤ᴫ䑍䤳묋鰟ዣ뜳䞋웢嬾衝핧䓇躂姼᡻㜴灾댁㇤⑳䖡㓡慽酿뗓㶜ᥞ㆝⤘妴퐌፬쥊౵㵗㘒 [ 355.191728][ T9261] netlink: 168 bytes leftover after parsing attributes in process `syz.2.976'. [ 355.287625][ T9261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.976'. [ 355.375236][ T24] hid (null): unknown global tag 0xe [ 355.381119][ T24] hid (null): report_id 58602 is invalid [ 355.386885][ T24] hid (null): unknown global tag 0xc [ 355.394116][ T24] hid (null): report_id 2730283570 is invalid [ 355.401631][ T9267] lo: left promiscuous mode [ 355.406375][ T9267] lo: left allmulticast mode [ 355.411703][ T24] hid (null): unknown global tag 0xc [ 355.418359][ T9267] tunl0: left promiscuous mode [ 355.426331][ T9267] tunl0: left allmulticast mode [ 355.436156][ T24] hid-generic 0000:0100:0200.0014: unknown main item tag 0x1 [ 355.445036][ T9267] gre0: left promiscuous mode [ 355.450209][ T9267] gre0: left allmulticast mode [ 355.455165][ T24] hid-generic 0000:0100:0200.0014: unknown global tag 0xe [ 355.464995][ T9267] gretap0: left promiscuous mode [ 355.471104][ T24] hid-generic 0000:0100:0200.0014: item 0 0 1 14 parsing failed [ 355.479559][ T9267] gretap0: left allmulticast mode [ 355.485450][ T24] hid-generic 0000:0100:0200.0014: probe with driver hid-generic failed with error -22 [ 355.496549][ T9267] erspan0: left promiscuous mode [ 355.502717][ T9267] erspan0: left allmulticast mode [ 355.509499][ T9267] ip_vti0: left promiscuous mode [ 355.518444][ T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 355.548413][ T9267] ip_vti0: left allmulticast mode [ 355.554473][ T9267] ip6_vti0: left promiscuous mode [ 355.571820][ T9267] ip6_vti0: left allmulticast mode [ 355.577725][ T9267] sit0: left promiscuous mode [ 355.589690][ T9267] sit0: left allmulticast mode [ 355.602059][ T9267] ip6tnl0: left promiscuous mode [ 355.613888][ T9267] ip6tnl0: left allmulticast mode [ 355.616045][ T9254] syz.4.974 (9254): /proc/9253/oom_adj is deprecated, please use /proc/9253/oom_score_adj instead. [ 355.621336][ T9267] ip6gre0: left promiscuous mode [ 355.639965][ T9267] ip6gre0: left allmulticast mode [ 355.653197][ T9267] ip6gretap0: left promiscuous mode [ 355.661488][ T9267] ip6gretap0: left allmulticast mode [ 355.674757][ T9267] bridge0: left promiscuous mode [ 355.683954][ T9267] bridge0: left allmulticast mode [ 355.691743][ T9267] vcan0: left promiscuous mode [ 355.704568][ T10] usb 4-1: config 0 has no interfaces? [ 355.704949][ T9267] vcan0: left allmulticast mode [ 355.715972][ T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 355.733625][ T9267] bond0: left promiscuous mode [ 355.735488][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 355.750890][ T9267] bond_slave_0: left promiscuous mode [ 355.764670][ T9267] bond_slave_1: left promiscuous mode [ 355.774226][ T9267] syz_tun: left promiscuous mode [ 355.774259][ T10] usb 4-1: SerialNumber: syz [ 355.792697][ T9267] bond0: left allmulticast mode [ 355.798874][ T10] usb 4-1: config 0 descriptor?? [ 355.807657][ T9267] bond_slave_0: left allmulticast mode [ 355.829704][ T9267] bond_slave_1: left allmulticast mode [ 355.837459][ T9267] syz_tun: left allmulticast mode [ 355.848372][ T9267] team0: left promiscuous mode [ 355.853309][ T9267] team_slave_0: left promiscuous mode [ 355.868993][ T9267] team_slave_1: left promiscuous mode [ 355.874953][ T9267] team0: left allmulticast mode [ 355.894828][ T9267] team_slave_0: left allmulticast mode [ 355.900751][ T9267] team_slave_1: left allmulticast mode [ 355.907296][ T9267] dummy0: left promiscuous mode [ 355.918069][ T9267] dummy0: left allmulticast mode [ 355.926003][ T9267] nlmon0: left promiscuous mode [ 355.933065][ T9267] nlmon0: left allmulticast mode [ 355.941252][ T9267] caif0: left promiscuous mode [ 355.946150][ T9267] caif0: left allmulticast mode [ 355.953142][ T9267] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 355.993973][ T6890] usb 2-1: 0:2 : does not exist [ 356.059132][ T10] usb 4-1: USB disconnect, device number 26 [ 356.120189][ T6890] usb 2-1: USB disconnect, device number 29 [ 356.271110][ T7427] udevd[7427]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 356.314417][ T9279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.418581][ T9279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 356.507446][ T9279] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.516834][ T9279] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.525681][ T9279] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.535298][ T9279] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.551086][ T9279] bond0: (slave vxlan0): Enslaving as an active interface with an up link [ 356.994968][ T9297] __nla_validate_parse: 1 callbacks suppressed [ 356.994990][ T9297] netlink: 168 bytes leftover after parsing attributes in process `syz.1.988'. [ 357.021308][ T9297] netlink: 168 bytes leftover after parsing attributes in process `syz.1.988'. [ 357.071160][ T9297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.988'. [ 357.132074][ T9298] Invalid option length (57448) for dns_resolver key [ 358.271763][ T9331] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1000'. [ 358.288070][ T9331] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1000'. [ 358.388218][ T9333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1000'. [ 358.389100][ T9335] FAULT_INJECTION: forcing a failure. [ 358.389100][ T9335] name failslab, interval 1, probability 0, space 0, times 0 [ 358.468680][ T9335] CPU: 1 UID: 0 PID: 9335 Comm: syz.0.1001 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 358.468710][ T9335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 358.468720][ T9335] Call Trace: [ 358.468729][ T9335] [ 358.468737][ T9335] dump_stack_lvl+0x189/0x250 [ 358.468770][ T9335] ? __pfx____ratelimit+0x10/0x10 [ 358.468797][ T9335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 358.468824][ T9335] ? __pfx__printk+0x10/0x10 [ 358.468848][ T9335] ? __pfx___might_resched+0x10/0x10 [ 358.468874][ T9335] ? fs_reclaim_acquire+0x7d/0x100 [ 358.468900][ T9335] should_fail_ex+0x414/0x560 [ 358.468927][ T9335] should_failslab+0xa8/0x100 [ 358.468949][ T9335] __kmalloc_noprof+0xcb/0x4f0 [ 358.468965][ T9335] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 358.468989][ T9335] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 358.469021][ T9335] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 358.469056][ T9335] genl_family_rcv_msg_doit+0xb8/0x300 [ 358.469087][ T9335] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 358.469132][ T9335] ? rcu_is_watching+0x15/0xb0 [ 358.469163][ T9335] ? apparmor_capable+0x137/0x1b0 [ 358.469193][ T9335] ? bpf_lsm_capable+0x9/0x20 [ 358.469209][ T9335] ? security_capable+0x7e/0x2e0 [ 358.469239][ T9335] genl_rcv_msg+0x60e/0x790 [ 358.469270][ T9335] ? __pfx_genl_rcv_msg+0x10/0x10 [ 358.469292][ T9335] ? ref_tracker_free+0x63a/0x7d0 [ 358.469312][ T9335] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 358.469333][ T9335] ? __pfx_nl80211_new_key+0x10/0x10 [ 358.469354][ T9335] ? __pfx_nl80211_post_doit+0x10/0x10 [ 358.469378][ T9335] ? __pfx_ref_tracker_free+0x10/0x10 [ 358.469413][ T9335] netlink_rcv_skb+0x205/0x470 [ 358.469434][ T9335] ? __pfx_genl_rcv_msg+0x10/0x10 [ 358.469460][ T9335] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 358.469498][ T9335] ? down_read+0x1ad/0x2e0 [ 358.469519][ T9335] genl_rcv+0x28/0x40 [ 358.469541][ T9335] netlink_unicast+0x758/0x8d0 [ 358.469572][ T9335] netlink_sendmsg+0x805/0xb30 [ 358.469603][ T9335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 358.469626][ T9335] ? __import_iovec+0x5d4/0x7f0 [ 358.469640][ T9335] ? aa_sock_msg_perm+0x94/0x160 [ 358.469663][ T9335] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 358.469685][ T9335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 358.469706][ T9335] __sock_sendmsg+0x219/0x270 [ 358.469737][ T9335] ____sys_sendmsg+0x505/0x830 [ 358.469771][ T9335] ? __pfx_____sys_sendmsg+0x10/0x10 [ 358.469812][ T9335] ___sys_sendmsg+0x21f/0x2a0 [ 358.469836][ T9335] ? __pfx____sys_sendmsg+0x10/0x10 [ 358.469898][ T9335] ? __fget_files+0x2a/0x420 [ 358.469918][ T9335] ? __fget_files+0x3a0/0x420 [ 358.469950][ T9335] __sys_sendmsg+0x164/0x220 [ 358.469974][ T9335] ? __pfx___sys_sendmsg+0x10/0x10 [ 358.470012][ T9335] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 358.470038][ T9335] ? lockdep_hardirqs_on+0x9c/0x150 [ 358.470065][ T9335] __do_fast_syscall_32+0xb6/0x2b0 [ 358.470092][ T9335] ? lockdep_hardirqs_on+0x9c/0x150 [ 358.470130][ T9335] do_fast_syscall_32+0x34/0x80 [ 358.470156][ T9335] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 358.470176][ T9335] RIP: 0023:0xf7ff2539 [ 358.470194][ T9335] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 358.470210][ T9335] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 358.470230][ T9335] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 358.470243][ T9335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 358.470253][ T9335] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 358.470263][ T9335] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 358.470273][ T9335] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 358.470304][ T9335] [ 358.865108][ T6855] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 359.027945][ T6855] usb 5-1: Using ep0 maxpacket: 8 [ 359.038318][ T6855] usb 5-1: config 0 has an invalid interface number: 176 but max is 2 [ 359.045587][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1003'. [ 359.046555][ T6855] usb 5-1: config 0 has an invalid interface number: 49 but max is 2 [ 359.063934][ T6855] usb 5-1: config 0 has no interface number 1 [ 359.070112][ T6855] usb 5-1: config 0 has no interface number 2 [ 359.076287][ T6855] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 359.085445][ T6855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.106436][ T6855] usb 5-1: config 0 descriptor?? [ 359.119503][ T6855] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22 [ 359.206811][ T9340] tipc: Enabling of bearer rejected, failed to enable media [ 359.375921][ T9351] FAULT_INJECTION: forcing a failure. [ 359.375921][ T9351] name failslab, interval 1, probability 0, space 0, times 0 [ 359.390059][ T9351] CPU: 1 UID: 0 PID: 9351 Comm: syz.3.1007 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 359.390086][ T9351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 359.390097][ T9351] Call Trace: [ 359.390105][ T9351] [ 359.390112][ T9351] dump_stack_lvl+0x189/0x250 [ 359.390146][ T9351] ? __pfx____ratelimit+0x10/0x10 [ 359.390172][ T9351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.390199][ T9351] ? __pfx__printk+0x10/0x10 [ 359.390227][ T9351] ? __pfx___might_resched+0x10/0x10 [ 359.390252][ T9351] ? fs_reclaim_acquire+0x7d/0x100 [ 359.390279][ T9351] should_fail_ex+0x414/0x560 [ 359.390317][ T9351] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 359.390341][ T9351] should_failslab+0xa8/0x100 [ 359.390362][ T9351] __kvmalloc_node_noprof+0x161/0x5f0 [ 359.390381][ T9351] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 359.390412][ T9351] rhashtable_init_noprof+0x4ee/0xbb0 [ 359.390451][ T9351] rhltable_init_noprof+0x1e/0x60 [ 359.390478][ T9351] nf_tables_newtable+0x68f/0x1890 [ 359.390525][ T9351] nfnetlink_rcv+0x112f/0x2520 [ 359.390590][ T9351] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 359.390635][ T9351] ? ref_tracker_free+0x63a/0x7d0 [ 359.390695][ T9351] ? __netlink_deliver_tap+0x807/0x850 [ 359.390727][ T9351] ? netlink_deliver_tap+0x2e/0x1b0 [ 359.390746][ T9351] ? netlink_deliver_tap+0x2e/0x1b0 [ 359.390773][ T9351] netlink_unicast+0x758/0x8d0 [ 359.390803][ T9351] netlink_sendmsg+0x805/0xb30 [ 359.390832][ T9351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 359.390854][ T9351] ? __import_iovec+0x5d4/0x7f0 [ 359.390867][ T9351] ? aa_sock_msg_perm+0x94/0x160 [ 359.390891][ T9351] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 359.390913][ T9351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 359.390935][ T9351] __sock_sendmsg+0x219/0x270 [ 359.390966][ T9351] ____sys_sendmsg+0x505/0x830 [ 359.390994][ T9351] ? __pfx_____sys_sendmsg+0x10/0x10 [ 359.391035][ T9351] ___sys_sendmsg+0x21f/0x2a0 [ 359.391058][ T9351] ? __pfx____sys_sendmsg+0x10/0x10 [ 359.391122][ T9351] ? __fget_files+0x2a/0x420 [ 359.391141][ T9351] ? __fget_files+0x3a0/0x420 [ 359.391174][ T9351] __sys_sendmsg+0x164/0x220 [ 359.391198][ T9351] ? __pfx___sys_sendmsg+0x10/0x10 [ 359.391238][ T9351] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 359.391265][ T9351] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.391301][ T9351] __do_fast_syscall_32+0xb6/0x2b0 [ 359.391328][ T9351] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.391357][ T9351] do_fast_syscall_32+0x34/0x80 [ 359.391385][ T9351] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 359.391406][ T9351] RIP: 0023:0xf710e539 [ 359.391424][ T9351] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 359.391440][ T9351] RSP: 002b:00000000f50fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 359.391461][ T9351] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 359.391474][ T9351] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 359.391485][ T9351] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 359.391495][ T9351] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 359.391506][ T9351] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 359.391536][ T9351] [ 359.393222][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1007'. [ 360.455607][ T9369] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1013'. [ 360.562670][ T9376] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1015'. [ 360.625040][ T9369] tipc: Enabled bearer , priority 0 [ 360.654660][ T9369] syzkaller0: entered promiscuous mode [ 360.665072][ T9369] syzkaller0: entered allmulticast mode [ 360.784117][ T9372] netlink: 'syz.3.1016': attribute type 10 has an invalid length. [ 360.787195][ T9369] tipc: Resetting bearer [ 360.843050][ T9384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 360.873353][ T9368] tipc: Resetting bearer [ 360.891446][ T9384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 360.913585][ T9368] tipc: Disabling bearer [ 360.921797][ T9384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.193060][ T6855] IPVS: starting estimator thread 0... [ 361.201111][ T6890] usb 5-1: USB disconnect, device number 36 [ 361.288047][ T9390] IPVS: using max 26 ests per chain, 62400 per kthread [ 361.368552][ T24] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 361.547918][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 361.579337][ T24] usb 2-1: config index 0 descriptor too short (expected 46642, got 72) [ 361.637924][ T24] usb 2-1: config 173 has too many interfaces: 131, using maximum allowed: 32 [ 361.684814][ T24] usb 2-1: config 173 contains an unexpected descriptor of type 0x1, skipping [ 361.724074][ T24] usb 2-1: config 173 has an invalid descriptor of length 0, skipping remainder of the config [ 361.777354][ T24] usb 2-1: config 173 has 0 interfaces, different from the descriptor's value: 131 [ 361.791039][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 361.800551][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.808958][ T24] usb 2-1: Product: syz [ 361.815111][ T24] usb 2-1: Manufacturer: syz [ 361.821575][ T24] usb 2-1: SerialNumber: syz [ 363.133841][ T9421] __nla_validate_parse: 4 callbacks suppressed [ 363.133863][ T9421] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1029'. [ 363.172857][ T9421] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1029'. [ 363.226128][ T9421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1029'. [ 363.493772][ T9427] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1031'. [ 365.414552][ T9451] ebtables: wrong size: *len 264, entries_size 144, replsz 144 [ 365.426384][ T9451] veth0: entered promiscuous mode [ 365.464278][ T24] usb 2-1: USB disconnect, device number 30 [ 365.688759][ T6890] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 365.869886][ T6890] usb 1-1: Using ep0 maxpacket: 8 [ 365.965595][ T6890] usb 1-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=11.85 [ 365.985085][ T6890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.010906][ T6890] usb 1-1: Product: syz [ 366.015146][ T6890] usb 1-1: Manufacturer: syz [ 366.026391][ T9462] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1042'. [ 366.055931][ T6890] usb 1-1: SerialNumber: syz [ 366.065266][ T9462] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1042'. [ 366.103903][ T6890] usb 1-1: config 0 descriptor?? [ 366.184156][ T6890] ipw 1-1:0.0: IPWireless converter converter detected [ 366.192263][ T9464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1042'. [ 366.617618][ T9471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1046'. [ 366.727500][ T9476] netlink: 'syz.1.1046': attribute type 16 has an invalid length. [ 366.736848][ T9476] netlink: 'syz.1.1046': attribute type 17 has an invalid length. [ 366.783790][ T9471] hsr0: left promiscuous mode [ 367.182548][ T9476] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.190115][ T9476] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.607660][ T9476] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.634366][ T9476] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.886905][ T9490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1050'. [ 368.016757][ T9476] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.029649][ T9476] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.039702][ T9476] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.049824][ T9476] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.135877][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880311e0800: rx timeout, send abort [ 368.233228][ T9481] bridge0: entered promiscuous mode [ 368.239684][ T9481] bond0: entered promiscuous mode [ 368.245307][ T9481] bond_slave_0: entered promiscuous mode [ 368.251430][ T9481] bond_slave_1: entered promiscuous mode [ 368.257646][ T9481] syz_tun: entered promiscuous mode [ 368.264852][ T9481] vxlan0: entered promiscuous mode [ 368.272626][ T9481] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 368.282075][ T9481] Cannot create hsr debugfs directory [ 368.287652][ T9481] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network [ 368.302208][ T9481] hsr1: entered allmulticast mode [ 368.307255][ T9481] bridge0: entered allmulticast mode [ 368.317526][ T9481] bond0: entered allmulticast mode [ 368.323470][ T9481] bond_slave_0: entered allmulticast mode [ 368.331496][ T9481] bond_slave_1: entered allmulticast mode [ 368.340654][ T9481] syz_tun: entered allmulticast mode [ 368.346180][ T9481] vxlan0: entered allmulticast mode [ 368.725701][ T6866] usb 1-1: USB disconnect, device number 33 [ 368.732844][ T6866] ipw 1-1:0.0: device disconnected [ 368.739381][ T9450] veth0: left promiscuous mode [ 369.168106][ T24] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 369.361953][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 369.387174][ T24] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 369.438133][ T24] usb 1-1: can't read configurations, error -22 [ 369.587975][ T24] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 369.621731][ T9518] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1061'. [ 369.758452][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 369.776248][ T24] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 369.790303][ T24] usb 1-1: can't read configurations, error -22 [ 369.804896][ T24] usb usb1-port1: attempt power cycle [ 370.158138][ T24] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 370.180013][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 370.191404][ T24] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 370.207285][ T24] usb 1-1: can't read configurations, error -22 [ 370.348131][ T24] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 370.368812][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 370.385684][ T24] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 370.395664][ T24] usb 1-1: can't read configurations, error -22 [ 370.409531][ T24] usb usb1-port1: unable to enumerate USB device [ 372.888351][ T9569] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1076'. [ 372.897449][ T9569] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1076'. [ 372.993520][ T9569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1076'. [ 373.013194][ T30] audit: type=1804 audit(1751339772.471:120): pid=9568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1077" name="/newroot/246/file1" dev="fuse" ino=1 res=1 errno=0 [ 373.295657][ T9588] FAULT_INJECTION: forcing a failure. [ 373.295657][ T9588] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 373.383098][ T9588] CPU: 1 UID: 0 PID: 9588 Comm: syz.0.1082 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 373.383127][ T9588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 373.383138][ T9588] Call Trace: [ 373.383146][ T9588] [ 373.383154][ T9588] dump_stack_lvl+0x189/0x250 [ 373.383187][ T9588] ? __pfx____ratelimit+0x10/0x10 [ 373.383215][ T9588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.383250][ T9588] ? __pfx__printk+0x10/0x10 [ 373.383282][ T9588] should_fail_ex+0x414/0x560 [ 373.383310][ T9588] _copy_to_user+0x31/0xb0 [ 373.383330][ T9588] simple_read_from_buffer+0xe1/0x170 [ 373.383353][ T9588] proc_fail_nth_read+0x1df/0x250 [ 373.383376][ T9588] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 373.383399][ T9588] ? rw_verify_area+0x258/0x650 [ 373.383424][ T9588] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 373.383446][ T9588] vfs_read+0x200/0x980 [ 373.383476][ T9588] ? __pfx___mutex_lock+0x10/0x10 [ 373.383502][ T9588] ? __pfx_vfs_read+0x10/0x10 [ 373.383530][ T9588] ? __fget_files+0x2a/0x420 [ 373.383553][ T9588] ? __fget_files+0x3a0/0x420 [ 373.383568][ T9588] ? __fget_files+0x2a/0x420 [ 373.383595][ T9588] ksys_read+0x145/0x250 [ 373.383625][ T9588] ? __pfx_ksys_read+0x10/0x10 [ 373.383654][ T9588] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 373.383681][ T9588] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.383709][ T9588] __do_fast_syscall_32+0xb6/0x2b0 [ 373.383737][ T9588] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.383767][ T9588] do_fast_syscall_32+0x34/0x80 [ 373.383793][ T9588] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 373.383814][ T9588] RIP: 0023:0xf7ff2539 [ 373.383831][ T9588] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 373.383847][ T9588] RSP: 002b:00000000f5116590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 373.383867][ T9588] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5116620 [ 373.383879][ T9588] RDX: 000000000000000f RSI: 00000000f7483ff4 RDI: 0000000000000000 [ 373.383891][ T9588] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 373.383901][ T9588] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 373.383912][ T9588] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 373.383940][ T9588] [ 373.631067][ T9592] netlink: 4956 bytes leftover after parsing attributes in process `syz.4.1083'. [ 373.640444][ T9592] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1083'. [ 373.894834][ T30] audit: type=1326 audit(1751339773.351:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 373.956922][ T30] audit: type=1326 audit(1751339773.381:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 373.984465][ T30] audit: type=1326 audit(1751339773.381:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 374.006373][ C0] vkms_vblank_simulate: vblank timer overrun [ 374.088903][ T30] audit: type=1326 audit(1751339773.381:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 374.113725][ T30] audit: type=1326 audit(1751339773.381:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 374.135776][ C0] vkms_vblank_simulate: vblank timer overrun [ 374.166763][ T30] audit: type=1326 audit(1751339773.381:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 374.188728][ C0] vkms_vblank_simulate: vblank timer overrun [ 374.215159][ T30] audit: type=1326 audit(1751339773.381:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 374.237120][ C0] vkms_vblank_simulate: vblank timer overrun [ 374.246726][ T30] audit: type=1326 audit(1751339773.381:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 374.284277][ T9602] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1087'. [ 374.286686][ T30] audit: type=1326 audit(1751339773.391:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9591 comm="syz.1.1084" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f86539 code=0x7ffc0000 [ 375.386932][ T9619] netlink: 'syz.3.1091': attribute type 58 has an invalid length. [ 375.395241][ T9619] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1091'. [ 375.705961][ T9622] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1092'. [ 375.717769][ T9622] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1092'. [ 375.836051][ T9624] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1092'. [ 377.311045][ T9642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.337164][ T9642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 377.741277][ T9642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.772595][ T9642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.073482][ T9650] ------------[ cut here ]------------ [ 378.079507][ T9650] usb 3-1: BOGUS control dir, pipe 80002680 doesn't match bRequestType c0 [ 378.127210][ T9650] WARNING: CPU: 0 PID: 9650 at drivers/usb/core/urb.c:413 usb_submit_urb+0x115d/0x1890 [ 378.137498][ T9650] Modules linked in: [ 378.141845][ T9650] CPU: 0 UID: 0 PID: 9650 Comm: syz.4.1100 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 378.152250][ T9650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 378.162480][ T9650] RIP: 0010:usb_submit_urb+0x115d/0x1890 [ 378.168641][ T9650] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 c0 29 34 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 94 d7 62 fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80 [ 378.188564][ T9650] RSP: 0018:ffffc90003127690 EFLAGS: 00010246 [ 378.194940][ T9650] RAX: 9f31e42c10ca2800 RBX: ffff888077b37a00 RCX: 0000000000080000 [ 378.203027][ T9650] RDX: ffffc9000cc5c000 RSI: 00000000000039c6 RDI: 00000000000039c7 [ 378.211396][ T9650] RBP: 1ffff1100aec944c R08: 0000000000000003 R09: 0000000000000004 [ 378.219521][ T9650] R10: dffffc0000000000 R11: fffffbfff1bfa9fc R12: ffff88805764a260 [ 378.227542][ T9650] R13: dffffc0000000000 R14: 0000000080002680 R15: ffff8880206e8700 [ 378.235592][ T9650] FS: 0000000000000000(0000) GS:ffff888125c50000(0063) knlGS:00000000f50deb40 [ 378.244835][ T9650] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 378.251496][ T9650] CR2: 00000000f4424cac CR3: 0000000024cb4000 CR4: 00000000003526f0 [ 378.259513][ T9650] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 378.267493][ T9650] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 378.275501][ T9650] Call Trace: [ 378.278896][ T9650] [ 378.281872][ T9650] usb_start_wait_urb+0x114/0x4c0 [ 378.286953][ T9650] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 378.292927][ T9650] usb_control_msg+0x232/0x3e0 [ 378.297748][ T9650] dib0700_i2c_xfer+0xba7/0xf70 [ 378.302816][ T9650] __i2c_transfer+0x874/0x2170 [ 378.307634][ T9650] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.313003][ T9650] ? __pfx___i2c_transfer+0x10/0x10 [ 378.318257][ T9650] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 378.323649][ T9650] ? i2c_transfer+0x11d/0x3a0 [ 378.328467][ T9650] i2c_transfer+0x25b/0x3a0 [ 378.332982][ T9650] ? __pfx_i2c_transfer+0x10/0x10 [ 378.338104][ T9650] ? _copy_from_user+0x94/0xb0 [ 378.342870][ T9650] i2cdev_ioctl_rdwr+0x460/0x740 [ 378.347868][ T9650] compat_i2cdev_ioctl+0x5a8/0x5c0 [ 378.353031][ T9650] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 378.358739][ T9650] ? __fget_files+0x3a0/0x420 [ 378.363458][ T9650] ? __fget_files+0x2a/0x420 [ 378.368305][ T9650] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 378.373885][ T9650] __ia32_compat_sys_ioctl+0x543/0x840 [ 378.379377][ T9650] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 378.385414][ T9650] ? __se_sys_futex_time32+0x360/0x3e0 [ 378.390947][ T9650] ? rcu_is_watching+0x15/0xb0 [ 378.395731][ T9650] ? arch_syscall_is_vdso_sigreturn+0x175/0x1a0 [ 378.402145][ T9650] ? syscall_user_dispatch+0x4f/0x90 [ 378.407457][ T9650] __do_fast_syscall_32+0xb6/0x2b0 [ 378.412616][ T9650] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.417868][ T9650] do_fast_syscall_32+0x34/0x80 [ 378.422793][ T9650] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 378.429287][ T9650] RIP: 0023:0xf70ee539 [ 378.433378][ T9650] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 378.452994][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.459093][ T9650] RSP: 002b:00000000f50de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 378.467515][ T9650] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000707 [ 378.475523][ T9650] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 378.483520][ T9650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 378.491571][ T9650] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 378.499573][ T9650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 378.507600][ T9650] [ 378.510665][ T9650] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 378.517960][ T9650] CPU: 0 UID: 0 PID: 9650 Comm: syz.4.1100 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 378.528222][ T9650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 378.538278][ T9650] Call Trace: [ 378.541563][ T9650] [ 378.544498][ T9650] dump_stack_lvl+0x99/0x250 [ 378.549118][ T9650] ? __asan_memcpy+0x40/0x70 [ 378.553718][ T9650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.558934][ T9650] ? __pfx__printk+0x10/0x10 [ 378.563553][ T9650] panic+0x2db/0x790 [ 378.567472][ T9650] ? __pfx_panic+0x10/0x10 [ 378.571955][ T9650] __warn+0x31b/0x4b0 [ 378.575956][ T9650] ? usb_submit_urb+0x115d/0x1890 [ 378.581015][ T9650] ? usb_submit_urb+0x115d/0x1890 [ 378.586064][ T9650] report_bug+0x2be/0x4f0 [ 378.590400][ T9650] ? usb_submit_urb+0x115d/0x1890 [ 378.595428][ T9650] ? usb_submit_urb+0x115d/0x1890 [ 378.600473][ T9650] ? usb_submit_urb+0x115f/0x1890 [ 378.605500][ T9650] handle_bug+0x84/0x160 [ 378.609743][ T9650] exc_invalid_op+0x1a/0x50 [ 378.614266][ T9650] asm_exc_invalid_op+0x1a/0x20 [ 378.619145][ T9650] RIP: 0010:usb_submit_urb+0x115d/0x1890 [ 378.624791][ T9650] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 c0 29 34 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 94 d7 62 fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80 [ 378.644503][ T9650] RSP: 0018:ffffc90003127690 EFLAGS: 00010246 [ 378.650586][ T9650] RAX: 9f31e42c10ca2800 RBX: ffff888077b37a00 RCX: 0000000000080000 [ 378.658572][ T9650] RDX: ffffc9000cc5c000 RSI: 00000000000039c6 RDI: 00000000000039c7 [ 378.666557][ T9650] RBP: 1ffff1100aec944c R08: 0000000000000003 R09: 0000000000000004 [ 378.674556][ T9650] R10: dffffc0000000000 R11: fffffbfff1bfa9fc R12: ffff88805764a260 [ 378.682534][ T9650] R13: dffffc0000000000 R14: 0000000080002680 R15: ffff8880206e8700 [ 378.690527][ T9650] usb_start_wait_urb+0x114/0x4c0 [ 378.695563][ T9650] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 378.701122][ T9650] usb_control_msg+0x232/0x3e0 [ 378.705902][ T9650] dib0700_i2c_xfer+0xba7/0xf70 [ 378.710784][ T9650] __i2c_transfer+0x874/0x2170 [ 378.715651][ T9650] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.720865][ T9650] ? __pfx___i2c_transfer+0x10/0x10 [ 378.726071][ T9650] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 378.731467][ T9650] ? i2c_transfer+0x11d/0x3a0 [ 378.736162][ T9650] i2c_transfer+0x25b/0x3a0 [ 378.740675][ T9650] ? __pfx_i2c_transfer+0x10/0x10 [ 378.745805][ T9650] ? _copy_from_user+0x94/0xb0 [ 378.750608][ T9650] i2cdev_ioctl_rdwr+0x460/0x740 [ 378.755566][ T9650] compat_i2cdev_ioctl+0x5a8/0x5c0 [ 378.760689][ T9650] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 378.766330][ T9650] ? __fget_files+0x3a0/0x420 [ 378.771009][ T9650] ? __fget_files+0x2a/0x420 [ 378.775602][ T9650] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 378.781154][ T9650] __ia32_compat_sys_ioctl+0x543/0x840 [ 378.786618][ T9650] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 378.792620][ T9650] ? __se_sys_futex_time32+0x360/0x3e0 [ 378.798100][ T9650] ? rcu_is_watching+0x15/0xb0 [ 378.802864][ T9650] ? arch_syscall_is_vdso_sigreturn+0x175/0x1a0 [ 378.809108][ T9650] ? syscall_user_dispatch+0x4f/0x90 [ 378.814396][ T9650] __do_fast_syscall_32+0xb6/0x2b0 [ 378.819517][ T9650] ? lockdep_hardirqs_on+0x9c/0x150 [ 378.824719][ T9650] do_fast_syscall_32+0x34/0x80 [ 378.829585][ T9650] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 378.835915][ T9650] RIP: 0023:0xf70ee539 [ 378.839990][ T9650] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 378.859607][ T9650] RSP: 002b:00000000f50de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 378.868026][ T9650] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000000707 [ 378.876022][ T9650] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 378.883991][ T9650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 378.891970][ T9650] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 378.899961][ T9650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 378.907975][ T9650] [ 378.911326][ T9650] Kernel Offset: disabled [ 378.915658][ T9650] Rebooting in 86400 seconds..