last executing test programs: 4m26.318387929s ago: executing program 3 (id=1189): socket$nl_xfrm(0x10, 0x3, 0x6) timer_create(0x9, 0x0, &(0x7f0000000400)) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) creat(0x0, 0x81) listen(0xffffffffffffffff, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4) sendmsg$NLBL_MGMT_C_ADDDEF(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000400000014000500fc0100000000000000000000ad000001080002000500000014000600ff020000000000a30885621a982b3c0106000b0002"], 0x4c}}, 0x0) 4m25.358506844s ago: executing program 3 (id=1192): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000100)={0x20, 0x24, 0x40, {0x40, 0x31, "1064801ede27faa0a67fde52d09ed49e6ad10ae7359e8aca9c0c0d054ecf6bd133dcc0b5b18b39407b808ee474fe5d6f4dbd4d27fd1d105e60435ec3d149"}}, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000004c0)={0x44, &(0x7f0000000200)={0x0, 0x9, 0x3, "ca4a3a"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0x81, 0x7ff, 0xff, 0xa, 0x1000, 0x2, 0xfbff, 0xfffffffa, 0x0, 0x7f, 0xbcf, 0x2}}, &(0x7f0000000340)={0x20, 0x85, 0x4, 0xff00}, &(0x7f0000000380)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000440)={0x20, 0x87, 0x2, 0x9f9}, &(0x7f0000000480)={0x20, 0x89, 0x2, 0x1}}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x10, &(0x7f0000000180)={0x0, 0xe, 0x1, "8a"}, 0x0, 0x0}) 4m24.241718724s ago: executing program 3 (id=1196): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) getrlimit(0xe, &(0x7f00000000c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r4) r5 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) writev(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f00000000c0)='k', 0x1}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4000003, 0x13, 0xffffffffffffffff, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="fe"]) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, {0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}}) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r8, 0x4b3a, 0x1) ioctl$TCXONC(r8, 0x4b3a, 0x2) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x8421, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 4m23.082415051s ago: executing program 3 (id=1200): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r2, 0x3ba0, &(0x7f0000000280)={0x48, 0xa, r4, 0x0, r3}) (async) r6 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2) (async, rerun: 64) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRESDEC=r5], &(0x7f00000000c0)='syzkaller\x00', 0x100003, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r7}, 0x10) (async) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x14, r1, 0x331}, 0x14}}, 0x0) 4m22.254303091s ago: executing program 3 (id=1204): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xa, 0x2, 0x1, 0x0, 'wlan1\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) sendmsg$nl_route_sched(r1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd7000000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r5], 0x40}}, 0x8080) setsockopt$inet_udp_encap(r5, 0x11, 0x64, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r7, 0x7, &(0x7f00000006c0)={0x1, 0x1}) close_range(r6, 0xffffffffffffffff, 0x0) munlock(&(0x7f000088e000/0x2000)=nil, 0x2000) keyctl$search(0x18, 0x0, &(0x7f00000001c0)='cifs.idmap\x00', 0x0, 0x0) 4m22.135860872s ago: executing program 3 (id=1207): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000000001010400000000000000000a000000300001802c00018014000300000000000000009f674d08a2c5a6955c9cbd000000000000ff000014000400ff01000000"], 0x44}}, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (async) r2 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYRESDEC], 0x52) (async) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_9p2000}]}}) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="68010000", @ANYRES16=r4, @ANYBLOB="000829bd7000fcdbdf2509000000600007800c000400040000000000000008000100435d0000080002009f0000000c00030005000000000000000c0003001a0c00000000000088000100050000000c000400090000000000000008000200030000000c00040008000000000000000c00098008000100150000003800048014000780080003006400000008000300040000001300010062726f6164636173742d6c696e6b00000900010073797a3000000000140001800f00010069623a70696d367265670000880005801c00028008000300be7c000008000100180000000800030094060000080001006574680007000100696200000c00028008000400060000003c000280080004000600000008000300171a000008000300f1ca000008000200020000000800010014000000080003000800000008000300ff070000080001007564700008000100756470001400038008000100008000000800020000000000"], 0x168}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$GIO_UNISCRNMAP(r6, 0x5437, 0x0) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="5c00000c0000090c00078008001240000600000500010006000000050005000a000000000900020073797a310000000015000300686173683a69702c706f72742c6e657400"/79], 0x5c}}, 0x0) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x33, 0x301, 0x270bd26, 0x25dfdbfc, {0x3, 0x0, 0x4000}}, 0x14}, 0x1, 0x8000000000000, 0x0, 0x8040}, 0x8004) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) (async) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) (async) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x800) (async) sendmmsg$unix(r10, &(0x7f0000000000), 0x0, 0x8841) (async) recvmmsg(r9, &(0x7f0000001f00)=[{{&(0x7f00000016c0)=@nl, 0x1d, &(0x7f0000001400)=[{&(0x7f0000001240)=""/100, 0xb5}, {&(0x7f00000012c0)=""/96, 0x60}, {&(0x7f0000001340)=""/146, 0x92}], 0x3, &(0x7f0000001440)=""/22, 0x16}, 0x2}, {{&(0x7f0000000740)=@nfc_llcp, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000640)=""/30, 0x1e}], 0x1, &(0x7f0000000800)=""/231, 0xe7}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001480)=""/51, 0x33}], 0x1, &(0x7f0000001500)=""/58, 0x3a}, 0x4}, {{&(0x7f0000000580)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000480)=""/64, 0x40}], 0x1}}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000900)=""/89, 0x59}, {&(0x7f0000000980)=""/110, 0x72}, {&(0x7f0000000a00)=""/183, 0xb7}, {&(0x7f0000000ac0)=""/95, 0x5f}, {&(0x7f0000001b40)=""/220, 0xd4}, {&(0x7f0000000c40)=""/167, 0xa7}, {&(0x7f0000000d00)=""/218, 0xda}, {&(0x7f0000000e00)=""/233, 0xe9}, {&(0x7f0000000f00)=""/189, 0xbd}, {&(0x7f0000001000)=""/152, 0x98}, {&(0x7f00000019c0)=""/169, 0x8b}], 0xb, &(0x7f0000000b40)=""/31, 0x1f}, 0x10000}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000015c0)=""/195, 0xc3}, {&(0x7f00000010c0)=""/104, 0x68}, {&(0x7f0000001740)=""/45, 0x2d}, {&(0x7f0000001780)=""/47, 0x2f}], 0x4, &(0x7f0000001800)=""/47, 0x2f}}, {{&(0x7f0000000b80)=@phonet, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000c00)=""/3}, {&(0x7f0000000fc0)=""/39}, {&(0x7f0000001140)=""/196}, {&(0x7f0000001c40)=""/151}], 0x0, &(0x7f0000001e00)=""/238}, 0x800}], 0x6, 0x2, 0x0) (async) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000210e26ca00"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r12}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 4m6.748898611s ago: executing program 32 (id=1207): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000000001010400000000000000000a000000300001802c00018014000300000000000000009f674d08a2c5a6955c9cbd000000000000ff000014000400ff01000000"], 0x44}}, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (async) r2 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYRESDEC], 0x52) (async) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_9p2000}]}}) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="68010000", @ANYRES16=r4, @ANYBLOB="000829bd7000fcdbdf2509000000600007800c000400040000000000000008000100435d0000080002009f0000000c00030005000000000000000c0003001a0c00000000000088000100050000000c000400090000000000000008000200030000000c00040008000000000000000c00098008000100150000003800048014000780080003006400000008000300040000001300010062726f6164636173742d6c696e6b00000900010073797a3000000000140001800f00010069623a70696d367265670000880005801c00028008000300be7c000008000100180000000800030094060000080001006574680007000100696200000c00028008000400060000003c000280080004000600000008000300171a000008000300f1ca000008000200020000000800010014000000080003000800000008000300ff070000080001007564700008000100756470001400038008000100008000000800020000000000"], 0x168}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$GIO_UNISCRNMAP(r6, 0x5437, 0x0) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="5c00000c0000090c00078008001240000600000500010006000000050005000a000000000900020073797a310000000015000300686173683a69702c706f72742c6e657400"/79], 0x5c}}, 0x0) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x33, 0x301, 0x270bd26, 0x25dfdbfc, {0x3, 0x0, 0x4000}}, 0x14}, 0x1, 0x8000000000000, 0x0, 0x8040}, 0x8004) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) (async) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) (async) newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x800) (async) sendmmsg$unix(r10, &(0x7f0000000000), 0x0, 0x8841) (async) recvmmsg(r9, &(0x7f0000001f00)=[{{&(0x7f00000016c0)=@nl, 0x1d, &(0x7f0000001400)=[{&(0x7f0000001240)=""/100, 0xb5}, {&(0x7f00000012c0)=""/96, 0x60}, {&(0x7f0000001340)=""/146, 0x92}], 0x3, &(0x7f0000001440)=""/22, 0x16}, 0x2}, {{&(0x7f0000000740)=@nfc_llcp, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000640)=""/30, 0x1e}], 0x1, &(0x7f0000000800)=""/231, 0xe7}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000001480)=""/51, 0x33}], 0x1, &(0x7f0000001500)=""/58, 0x3a}, 0x4}, {{&(0x7f0000000580)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000480)=""/64, 0x40}], 0x1}}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000900)=""/89, 0x59}, {&(0x7f0000000980)=""/110, 0x72}, {&(0x7f0000000a00)=""/183, 0xb7}, {&(0x7f0000000ac0)=""/95, 0x5f}, {&(0x7f0000001b40)=""/220, 0xd4}, {&(0x7f0000000c40)=""/167, 0xa7}, {&(0x7f0000000d00)=""/218, 0xda}, {&(0x7f0000000e00)=""/233, 0xe9}, {&(0x7f0000000f00)=""/189, 0xbd}, {&(0x7f0000001000)=""/152, 0x98}, {&(0x7f00000019c0)=""/169, 0x8b}], 0xb, &(0x7f0000000b40)=""/31, 0x1f}, 0x10000}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000015c0)=""/195, 0xc3}, {&(0x7f00000010c0)=""/104, 0x68}, {&(0x7f0000001740)=""/45, 0x2d}, {&(0x7f0000001780)=""/47, 0x2f}], 0x4, &(0x7f0000001800)=""/47, 0x2f}}, {{&(0x7f0000000b80)=@phonet, 0x0, &(0x7f0000001d00)=[{&(0x7f0000000c00)=""/3}, {&(0x7f0000000fc0)=""/39}, {&(0x7f0000001140)=""/196}, {&(0x7f0000001c40)=""/151}], 0x0, &(0x7f0000001e00)=""/238}, 0x800}], 0x6, 0x2, 0x0) (async) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000210e26ca00"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r12}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 5.973668364s ago: executing program 4 (id=2155): socket$inet6_tcp(0xa, 0x1, 0x0) fchdir(0xffffffffffffffff) syz_open_procfs(0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e20, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x2, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x200000, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff}}, 0xe8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) chdir(&(0x7f0000000040)='.\x00') sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x10000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffe0) 5.670195443s ago: executing program 1 (id=2160): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448c9, &(0x7f0000000a00)) 5.08220248s ago: executing program 1 (id=2162): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000000221001c0"]) 4.919448243s ago: executing program 4 (id=2165): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000)=0x369d2c1b) 4.802384784s ago: executing program 1 (id=2166): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000001600)={0x3, 0x9}, 0x2) 4.745200076s ago: executing program 1 (id=2169): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40101) r1 = epoll_create1(0x80000) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x7f36be39) epoll_wait(r1, &(0x7f0000000100)=[{}], 0x1, 0x80000001) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x17}) 4.670398243s ago: executing program 4 (id=2171): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000a40)=ANY=[@ANYBLOB="7a0a00ff0000000071104300950000000000000045ba9a8aa2af468ce5fcd1e49b69c4c2f52014c1441ada06c7279b61cdfb30a5cab0b68e87a48d79d8ee175fda2513f52c8cf28e8811182ca63e9f709bd7be9d95611592b67948871aac32efc70a2835c26389ec8037290a868b9530d6c3797dd86d585264a88bb31e1489234e974cfd6ab815cd5d6936fdb6a6a343ec60231e46a388cecbc31a3dd04b76632422fbf8bbdd428a3c4d1a6f332997aa2e8837f8bdbf79805f67631f74b4b726a41957ada9cd70bb24978a06fafea84d9a1c99d1ec8ee4f44615bcea277221ab7ff8b77ed9eac6976b7af9bf9c44d737cb22524d434dd039dc6295cd2b0238309275f363fc6bd88a3bbb261dde0a764c13ab3b67c34118fc57c231da0001b4af5a6c071468bdf0b466d72baf8ee9f55dfc426ec98c7ed9396858d2e4cf07b1c05fbc"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 4.604724977s ago: executing program 4 (id=2173): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) inotify_init() r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20) sendmsg$inet6(r3, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="6000000000000000290000000b0000000008000000000000c910fe8000000000000000000000000000bbc9100000000000000000000000000000000107200000000006000000bb2c0000000000000000000000000000000000000000000000001800000000000000290000000400000000000000000000000801"], 0x180}, 0x0) 4.378571203s ago: executing program 1 (id=2176): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) getsockopt$inet6_int(r0, 0x11, 0x48, 0x0, &(0x7f00007d0000)) 4.328368015s ago: executing program 1 (id=2177): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4a) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0xa, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x19, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x56, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x2, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x20000005, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x4, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x409, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) readv(r0, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000240)=""/29, 0x1d}], 0x2) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x1}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x7}) 3.184941792s ago: executing program 4 (id=2180): r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00) syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.726033801s ago: executing program 2 (id=2183): ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000014000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000280)="b8050000000f19aec0c046a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f302ef30f098ed0660f38806f008ee0", 0x3b}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x7, 0x0, 0xf1, 0x0, 0x8000000000000, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.366456546s ago: executing program 2 (id=2185): openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002980)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000, 0xa68d7c519f800ff1, 0xffbc, 0x6, 0x1d45, 0x0, 0x0, 0x0, 0x40}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000280)=[{&(0x7f00000049c0)="a1", 0x1}], 0x1) close(r0) 2.110443012s ago: executing program 2 (id=2188): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0) 1.814642797s ago: executing program 0 (id=2191): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x2d, &(0x7f0000000080)=0x2, 0x4) 1.814427068s ago: executing program 2 (id=2192): open$dir(0x0, 0x80000, 0x13) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @dev={0xac, 0x14, 0x14, 0x18}, @loopback}, 0xc) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 1.758140412s ago: executing program 0 (id=2193): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000cab000)) 1.702541255s ago: executing program 2 (id=2194): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0) read$FUSE(r0, &(0x7f0000000f00)={0x2020}, 0xffffffffffffffe9) 1.559101922s ago: executing program 0 (id=2196): connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ff8000/0x6000)=nil, 0x6000, 0x1000, 0x3, &(0x7f000058d000/0x1000)=nil) 1.549043674s ago: executing program 5 (id=2197): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r2, r4, 0x1, 0x0, @val=@netkit={@void, @value=r4}}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 1.50247725s ago: executing program 2 (id=2198): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) socket$unix(0x1, 0x4, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x7, 0x40, 0xc, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x7, 0x1, 0x1, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x7, 0x8, 0x9}}}}}]}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 1.411251447s ago: executing program 5 (id=2199): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)) 1.164052792s ago: executing program 5 (id=2200): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 802.421629ms ago: executing program 5 (id=2201): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x6, 0x5}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}, 0x40000) 708.084946ms ago: executing program 5 (id=2202): capset(&(0x7f00000004c0)={0x20071026}, &(0x7f0000000100)) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820}}, {{&(0x7f0000001580)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40042}}], 0x2, 0x20000000) 528.740316ms ago: executing program 5 (id=2203): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000300)=@x86={0x0, 0x1, 0xd, 0x0, 0x7f, 0x9, 0x5, 0x8, 0x3, 0x9, 0x5, 0xff, 0x0, 0x7, 0xc, 0x4, 0xa, 0x9, 0x38, '\x00', 0xc3, 0xed1}) 512.400275ms ago: executing program 0 (id=2204): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x100f, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x9, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0xb, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0x9, 0x10000, 0x6, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x9, 0x420, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0xb, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x1, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x2, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x1, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x3b, 0x800003, 0x200, 0x80, 0x5, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x5, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0xc, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x80b, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0xf142, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x10000226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x1fd, 0xffff343e, 0xfff]}, 0x45c) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="d80000001b0001002dbd7000fddbdf2500000000000000000000000000000000ac1e00010000000000000000000000004e2200004e23000c0a00008032000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00080009000000008000000000000000f8ffffffffffffffff01000000000000010000000000000001000000000000800900000000000000000000008015010002000000000000000100000000000000fd002ceb3950466f6ff00000000000000700000000000000000002030000000029000000000000000c00150053073500040000000c0008"], 0xd8}, 0x1, 0x0, 0x0, 0xc044}, 0x8010) 350.514235ms ago: executing program 0 (id=2205): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0xff, &(0x7f0000000380)=0x0) sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000280)="6eba930b99534e96c5721de1ca24a810d1782ddbfdeb1cc120b009a49a07197abbd79a8d7666f7460d940163991a2bf6f3d168d1eac94353a5cc2789e563e39829", 0x41}], 0x1, &(0x7f0000001600)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x840}, 0x8000) io_submit(r2, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000340), 0x41}]) 161.993313ms ago: executing program 0 (id=2206): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000140), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="2b70696473206aa4af0b9c8df7bfd54c8c0cefe2ed8f367f18a6c889f9a58a6d8c3e4eec5abbc6bfc2ba92479b26dc89554c1df0e78841ffbf"], 0x6) 0s ago: executing program 4 (id=2207): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x6, 0x8, 0x2, 'syz1\x00'}, 0x1, 0x40, 0x7, 0x0, 0x0, 0x3, 'syz0\x00', 0x0}) kernel console output (not intermixed with test programs): et_register_driver returned -16 [ 530.359466][T10494] cdc_ncm 5-1:1.0: bind() failure [ 530.374969][T10494] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 530.382353][T10494] cdc_ncm 5-1:1.1: bind() failure [ 530.413131][T10494] usb 5-1: USB disconnect, device number 56 [ 530.430243][ T5874] usb 2-1: device descriptor read/64, error -71 [ 530.475281][ T5905] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 530.596406][ T5874] usb usb2-port1: attempt power cycle [ 531.752134][ T5905] usb 3-1: Using ep0 maxpacket: 16 [ 531.767861][T12052] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 531.779897][ T5905] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 531.779928][ T5905] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 531.804035][T12052] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 531.873035][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11 [ 531.938133][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024 [ 531.954124][ T5905] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 531.975550][ T5905] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 531.988567][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.000144][ T5905] usb 3-1: Product: syz [ 532.059621][ T5905] usb 3-1: Manufacturer: syz [ 532.186604][T12059] netlink: zone id is out of range [ 532.192017][T12059] netlink: zone id is out of range [ 532.197219][T12059] netlink: zone id is out of range [ 532.202648][T12059] netlink: zone id is out of range [ 532.207889][T12059] netlink: zone id is out of range [ 532.213240][T12059] netlink: zone id is out of range [ 532.218395][T12059] netlink: zone id is out of range [ 532.223770][T12059] netlink: zone id is out of range [ 532.677669][ T5905] usb 3-1: SerialNumber: syz [ 532.858145][ T5905] usb 3-1: config 0 descriptor?? [ 533.142422][T12072] 9pnet_fd: Insufficient options for proto=fd [ 533.371472][ T5905] appledisplay 3-1:0.0: Error while getting initial brightness: -110 [ 533.421910][ T5905] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -110 [ 533.470498][ T9] usb 3-1: USB disconnect, device number 47 [ 533.612585][ T5905] kernel write not supported for file [eventfd] (pid: 5905 comm: kworker/1:6) [ 533.677452][ T5905] kernel write not supported for file [eventfd] (pid: 5905 comm: kworker/1:6) [ 533.819585][T12086] netlink: 'syz.0.1691': attribute type 10 has an invalid length. [ 533.828478][T12086] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1691'. [ 533.971882][T12086] team0: Port device geneve0 added [ 536.123759][T12107] net_ratelimit: 19 callbacks suppressed [ 536.123794][T12107] netlink: zone id is out of range [ 536.136780][T12107] netlink: zone id is out of range [ 536.142186][T12107] netlink: zone id is out of range [ 536.149615][T12107] netlink: zone id is out of range [ 536.155068][T12107] netlink: zone id is out of range [ 536.160409][T12107] netlink: zone id is out of range [ 536.165565][T12107] netlink: zone id is out of range [ 536.170807][T12107] netlink: zone id is out of range [ 536.177802][T12107] netlink: del zone limit has 4 unknown bytes [ 536.326053][ T9] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 536.439485][T12100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1695'. [ 536.473286][T12109] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 536.541915][ T9] usb 2-1: device descriptor read/64, error -71 [ 536.885174][ T30] audit: type=1400 audit(1749765417.916:928): avc: denied { read } for pid=12112 comm="syz.5.1700" name="usbmon7" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 536.908519][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.920130][ T9] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 536.922436][ T30] audit: type=1400 audit(1749765417.916:929): avc: denied { open } for pid=12112 comm="syz.5.1700" path="/dev/usbmon7" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 536.952186][ T30] audit: type=1400 audit(1749765418.136:930): avc: denied { ioctl } for pid=12112 comm="syz.5.1700" path="/dev/usbmon7" dev="devtmpfs" ino=738 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 536.977392][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.140143][ T9] usb 2-1: device descriptor read/64, error -71 [ 537.263965][ T9] usb usb2-port1: attempt power cycle [ 538.127815][ T9] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 538.128315][T10494] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 538.368484][T10494] usb 6-1: Using ep0 maxpacket: 8 [ 538.368567][ T9] usb 2-1: device descriptor read/8, error -71 [ 538.512652][T10494] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 538.550050][T10494] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 538.646654][T10494] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.687502][T12135] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1706'. [ 538.693948][T10494] usb 6-1: config 0 descriptor?? [ 538.697561][ T9] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 538.761436][ T9] usb 2-1: device descriptor read/8, error -71 [ 538.872748][ T9] usb usb2-port1: unable to enumerate USB device [ 538.980795][T10494] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 539.371136][T12150] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1712'. [ 539.517385][ T974] usb 6-1: USB disconnect, device number 12 [ 542.928392][T12189] net_ratelimit: 11 callbacks suppressed [ 542.928408][T12189] netlink: zone id is out of range [ 542.939872][T12189] netlink: zone id is out of range [ 542.945257][T12189] netlink: zone id is out of range [ 542.950784][T12189] netlink: zone id is out of range [ 542.956161][T12189] netlink: zone id is out of range [ 542.961421][T12189] netlink: zone id is out of range [ 542.966669][T12189] netlink: zone id is out of range [ 542.972227][T12189] netlink: del zone limit has 4 unknown bytes [ 544.538961][T12208] FAULT_INJECTION: forcing a failure. [ 544.538961][T12208] name failslab, interval 1, probability 0, space 0, times 0 [ 544.559928][T12208] CPU: 1 UID: 0 PID: 12208 Comm: syz.1.1726 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 544.559958][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 544.559969][T12208] Call Trace: [ 544.559975][T12208] [ 544.559983][T12208] dump_stack_lvl+0x16c/0x1f0 [ 544.560014][T12208] should_fail_ex+0x512/0x640 [ 544.560038][T12208] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 544.560064][T12208] should_failslab+0xc2/0x120 [ 544.560087][T12208] __kmalloc_cache_node_noprof+0x6d/0x420 [ 544.560108][T12208] ? __get_vm_area_node+0x101/0x330 [ 544.560129][T12208] __get_vm_area_node+0x101/0x330 [ 544.560150][T12208] __vmalloc_node_range_noprof+0x271/0x14b0 [ 544.560170][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.560199][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.560219][T12208] ? look_up_lock_class+0x59/0x150 [ 544.560249][T12208] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 544.560272][T12208] ? __lock_acquire+0xb8a/0x1c90 [ 544.560303][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.560320][T12208] __vmalloc_node_noprof+0xad/0xf0 [ 544.560338][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.560359][T12208] bpf_prog_alloc_no_stats+0x54/0x630 [ 544.560377][T12208] ? do_raw_spin_lock+0x12c/0x2b0 [ 544.560397][T12208] bpf_prog_alloc+0x3b/0x230 [ 544.560418][T12208] __get_filter+0x112/0x2d0 [ 544.560448][T12208] sk_attach_filter+0x1e/0x180 [ 544.560466][T12208] tun_attach.isra.0+0xc89/0x17e0 [ 544.560493][T12208] ? __pfx_avc_has_perm+0x10/0x10 [ 544.560512][T12208] ? find_held_lock+0x2b/0x80 [ 544.560538][T12208] ? selinux_tun_dev_open+0x173/0x1c0 [ 544.560560][T12208] __tun_chr_ioctl+0x1533/0x47a0 [ 544.560584][T12208] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 544.560614][T12208] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 544.560642][T12208] ? hook_file_ioctl_common+0x145/0x410 [ 544.560677][T12208] ? selinux_file_ioctl+0x180/0x270 [ 544.560700][T12208] ? selinux_file_ioctl+0xb4/0x270 [ 544.560725][T12208] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 544.560751][T12208] __x64_sys_ioctl+0x18b/0x210 [ 544.560772][T12208] do_syscall_64+0xcd/0x4c0 [ 544.560801][T12208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.560839][T12208] RIP: 0033:0x7f2af618e929 [ 544.560856][T12208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.560871][T12208] RSP: 002b:00007f2af7048038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 544.560890][T12208] RAX: ffffffffffffffda RBX: 00007f2af63b5fa0 RCX: 00007f2af618e929 [ 544.560910][T12208] RDX: 0000200000000080 RSI: 00000000400454ca RDI: 0000000000000006 [ 544.560921][T12208] RBP: 00007f2af7048090 R08: 0000000000000000 R09: 0000000000000000 [ 544.560932][T12208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.560942][T12208] R13: 0000000000000000 R14: 00007f2af63b5fa0 R15: 00007fffd2f2d1a8 [ 544.560967][T12208] [ 544.740067][ T9] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 544.740965][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.860060][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.947075][T12208] syz.1.1726: vmalloc error: size 4096, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 544.971406][T12208] CPU: 0 UID: 0 PID: 12208 Comm: syz.1.1726 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 544.971433][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 544.971443][T12208] Call Trace: [ 544.971451][T12208] [ 544.971458][T12208] dump_stack_lvl+0x16c/0x1f0 [ 544.971490][T12208] warn_alloc+0x248/0x3a0 [ 544.971515][T12208] ? __pfx_warn_alloc+0x10/0x10 [ 544.971540][T12208] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 544.971566][T12208] ? __kasan_kmalloc+0x8a/0xb0 [ 544.971589][T12208] ? __get_vm_area_node+0x208/0x330 [ 544.971614][T12208] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 544.971641][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.971662][T12208] ? look_up_lock_class+0x59/0x150 [ 544.971692][T12208] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 544.971716][T12208] ? __lock_acquire+0xb8a/0x1c90 [ 544.971746][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.971766][T12208] __vmalloc_node_noprof+0xad/0xf0 [ 544.971784][T12208] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 544.971807][T12208] bpf_prog_alloc_no_stats+0x54/0x630 [ 544.971826][T12208] ? do_raw_spin_lock+0x12c/0x2b0 [ 544.971847][T12208] bpf_prog_alloc+0x3b/0x230 [ 544.971869][T12208] __get_filter+0x112/0x2d0 [ 544.971899][T12208] sk_attach_filter+0x1e/0x180 [ 544.971918][T12208] tun_attach.isra.0+0xc89/0x17e0 [ 544.971946][T12208] ? __pfx_avc_has_perm+0x10/0x10 [ 544.971966][T12208] ? find_held_lock+0x2b/0x80 [ 544.971992][T12208] ? selinux_tun_dev_open+0x173/0x1c0 [ 544.972014][T12208] __tun_chr_ioctl+0x1533/0x47a0 [ 544.972040][T12208] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 544.972071][T12208] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 544.972100][T12208] ? hook_file_ioctl_common+0x145/0x410 [ 544.972136][T12208] ? selinux_file_ioctl+0x180/0x270 [ 544.972166][T12208] ? selinux_file_ioctl+0xb4/0x270 [ 544.972191][T12208] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 544.972218][T12208] __x64_sys_ioctl+0x18b/0x210 [ 544.972242][T12208] do_syscall_64+0xcd/0x4c0 [ 544.972271][T12208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.972290][T12208] RIP: 0033:0x7f2af618e929 [ 544.972306][T12208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.972323][T12208] RSP: 002b:00007f2af7048038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 544.972342][T12208] RAX: ffffffffffffffda RBX: 00007f2af63b5fa0 RCX: 00007f2af618e929 [ 544.972354][T12208] RDX: 0000200000000080 RSI: 00000000400454ca RDI: 0000000000000006 [ 544.972366][T12208] RBP: 00007f2af7048090 R08: 0000000000000000 R09: 0000000000000000 [ 544.972377][T12208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.972388][T12208] R13: 0000000000000000 R14: 00007f2af63b5fa0 R15: 00007fffd2f2d1a8 [ 544.972413][T12208] [ 544.972420][T12208] Mem-Info: [ 545.207772][ T5829] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 545.263622][T12208] active_anon:9878 inactive_anon:0 isolated_anon:0 [ 545.263622][T12208] active_file:21333 inactive_file:40836 isolated_file:0 [ 545.263622][T12208] unevictable:777 dirty:575 writeback:0 [ 545.263622][T12208] slab_reclaimable:8075 slab_unreclaimable:105790 [ 545.263622][T12208] mapped:37519 shmem:1395 pagetables:1390 [ 545.263622][T12208] sec_pagetables:0 bounce:0 [ 545.263622][T12208] kernel_misc_reclaimable:0 [ 545.263622][T12208] free:1277530 free_pcp:15141 free_cma:0 [ 545.320058][ T9] usb 5-1: device descriptor read/64, error -71 [ 545.391638][T12208] Node 0 active_anon:51012kB inactive_anon:0kB active_file:85188kB inactive_file:163140kB unevictable:1572kB isolated(anon):0kB isolated(file):0kB mapped:161356kB dirty:2300kB writeback:0kB shmem:15444kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12892kB pagetables:5424kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 545.425361][T12208] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 545.457671][T12208] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 545.503809][T12214] tmpfs: Unknown parameter 'srwummit' [ 545.600219][ T9] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 545.821630][T12208] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 545.827472][T12208] Node 0 DMA32 free:1181064kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:51036kB inactive_anon:0kB active_file:85188kB inactive_file:161772kB unevictable:1572kB writepending:2308kB present:3129332kB managed:2540648kB mlocked:0kB bounce:0kB free_pcp:42132kB local_pcp:23804kB free_cma:0kB [ 545.867048][T12208] lowmem_reserve[]: 0 0 1 1 1 [ 545.872960][T12208] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:20kB free_cma:0kB [ 545.914106][T12208] lowmem_reserve[]: 0 0 0 0 0 [ 545.918924][T12208] Node 1 Normal free:3905908kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14240kB local_pcp:8864kB free_cma:0kB [ 545.951156][ T5829] usb 6-1: Using ep0 maxpacket: 8 [ 545.957087][T12208] lowmem_reserve[]: 0 0 0 0 0 [ 545.963949][ T5829] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 545.976386][T12208] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 545.989299][ T5829] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 546.005559][T12208] Node 0 DMA32: 517*4kB (UM) 1007*8kB (UME) 362*16kB (UME) 527*32kB (UME) 370*64kB (UME) 192*128kB (UME) 94*256kB (UME) 61*512kB (UME) 34*1024kB (UME) 11*2048kB (UME) 241*4096kB (UM) = 1180812kB [ 546.024998][ T5829] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.035895][ T5829] usb 6-1: config 0 descriptor?? [ 546.040911][T12208] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 546.055294][T12208] Node 1 Normal: 177*4kB (UM) 50*8kB (UME) 44*16kB (UME) 141*32kB (UME) 37*64kB (UME) 13*128kB (UME) 9*256kB (UME) 2*512kB (UM) 3*1024kB (ME) 3*2048kB (UME) 948*4096kB (M) = 3905908kB [ 546.065168][T12216] ip6t_srh: unknown srh match flags B153 [ 546.079405][T12208] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 546.089861][T12208] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 546.100500][T12208] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 546.103433][ T9] usb 5-1: device descriptor read/64, error -71 [ 546.110693][T12208] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 546.126961][T12208] 63549 total pagecache pages [ 546.132586][T12208] 0 pages in swap cache [ 546.136953][T12208] Free swap = 124996kB [ 546.141671][T12208] Total swap = 124996kB [ 546.146238][T12208] 2097051 pages RAM [ 546.150349][T12208] 0 pages HighMem/MovableOnly [ 546.156415][T12208] 429911 pages reserved [ 546.204987][T12208] 0 pages cma reserved [ 546.240945][ T9] usb usb5-port1: attempt power cycle [ 546.490039][ T5829] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 546.845637][T12231] netlink: zone id is out of range [ 546.851133][T12231] netlink: zone id is out of range [ 547.161657][ T9] usb 5-1: new full-speed USB device number 59 using dummy_hcd [ 547.213310][ T5927] usb 6-1: USB disconnect, device number 13 [ 547.249139][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 547.282958][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 547.306328][ T9] usb 5-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 547.315960][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.336912][ T9] usb 5-1: config 0 descriptor?? [ 547.540146][T12234] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1735'. [ 547.776805][ T9] nzxt-kraken2 0003:1E71:170E.000F: item fetching failed at offset 5/7 [ 547.821702][ T9] nzxt-kraken2 0003:1E71:170E.000F: hid parse failed with -22 [ 547.952263][ T9] nzxt-kraken2 0003:1E71:170E.000F: probe with driver nzxt-kraken2 failed with error -22 [ 548.734271][ T5905] usb 5-1: USB disconnect, device number 59 [ 549.007013][T12262] overlayfs: failed to resolve './file0': -2 [ 549.406095][T12263] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 550.090148][T11718] Bluetooth: hci5: command 0x0405 tx timeout [ 550.200079][ T5905] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 550.680969][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 550.681758][ T30] audit: type=1326 audit(1749765431.986:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.0.1747" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9284d8e929 code=0x0 [ 550.719176][ T5905] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 550.753267][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.888883][ T5905] usb 3-1: config 0 descriptor?? [ 550.913971][ T5905] pwc: Askey VC010 type 2 USB webcam detected. [ 551.442467][ T3496] wlan1: Trigger new scan to find an IBSS to join [ 551.477391][ T5905] pwc: recv_control_msg error -32 req 02 val 2b00 [ 551.595293][ T5905] pwc: recv_control_msg error -32 req 02 val 2700 [ 551.607472][ T5905] pwc: recv_control_msg error -32 req 02 val 2c00 [ 551.617049][ T5905] pwc: recv_control_msg error -32 req 04 val 1000 [ 551.626104][ T5905] pwc: recv_control_msg error -32 req 04 val 1300 [ 551.634006][ T5905] pwc: recv_control_msg error -32 req 04 val 1400 [ 551.644013][ T5905] pwc: recv_control_msg error -32 req 02 val 2000 [ 551.652911][ T5905] pwc: recv_control_msg error -32 req 02 val 2100 [ 551.665153][ T5905] pwc: recv_control_msg error -32 req 04 val 1500 [ 551.673394][ T5905] pwc: recv_control_msg error -32 req 02 val 2500 [ 551.892710][ T5905] pwc: recv_control_msg error -32 req 02 val 2600 [ 551.899045][ T5905] pwc: recv_control_msg error -32 req 02 val 2900 [ 551.909610][ T5905] pwc: recv_control_msg error -32 req 02 val 2800 [ 551.918970][ T5905] pwc: recv_control_msg error -32 req 04 val 1100 [ 552.373413][T12271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 552.713794][T12271] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 552.722396][ T5905] pwc: Registered as video103. [ 552.728890][ T5905] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input23 [ 553.418158][ T30] audit: type=1400 audit(1749765434.146:932): avc: denied { map } for pid=12270 comm="syz.2.1743" path="/dev/video4" dev="devtmpfs" ino=937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 553.441485][ C1] vkms_vblank_simulate: vblank timer overrun [ 553.501902][ T5905] usb 3-1: USB disconnect, device number 48 [ 554.720562][ T5874] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 555.380001][ T5874] usb 6-1: Using ep0 maxpacket: 32 [ 555.531400][ T7055] wlan1: Trigger new scan to find an IBSS to join [ 555.771199][ T5874] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 555.779239][ T5874] usb 6-1: config 0 has no interface number 0 [ 555.863323][T12323] net_ratelimit: 7 callbacks suppressed [ 555.863337][T12323] netlink: zone id is out of range [ 555.874901][T12323] netlink: zone id is out of range [ 555.880052][T12323] netlink: zone id is out of range [ 555.885151][T12323] netlink: zone id is out of range [ 555.890404][T12323] netlink: zone id is out of range [ 555.895495][T12323] netlink: zone id is out of range [ 555.900608][T12323] netlink: zone id is out of range [ 555.906422][T12323] netlink: zone id is out of range [ 555.911575][T12323] netlink: zone id is out of range [ 555.917025][T12323] netlink: del zone limit has 4 unknown bytes [ 555.931676][ T5874] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 555.943949][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.962177][ T5874] usb 6-1: Product: syz [ 555.966390][ T5874] usb 6-1: Manufacturer: syz [ 555.980422][ T5874] usb 6-1: SerialNumber: syz [ 556.123431][ T5874] usb 6-1: config 0 descriptor?? [ 556.713576][ T5874] usb 6-1: can't set config #0, error -71 [ 556.729923][T12339] netlink: 'syz.0.1757': attribute type 4 has an invalid length. [ 556.757066][ T5874] usb 6-1: USB disconnect, device number 14 [ 557.561641][ T30] audit: type=1326 audit(1749765438.896:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 557.593060][ T30] audit: type=1326 audit(1749765438.896:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 557.621233][ T30] audit: type=1326 audit(1749765438.896:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ffcb858e7 code=0x7ffc0000 [ 557.656846][ T30] audit: type=1326 audit(1749765438.896:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ffcb2ab19 code=0x7ffc0000 [ 557.681812][ T30] audit: type=1326 audit(1749765438.896:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 557.708476][ T30] audit: type=1326 audit(1749765438.926:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 557.830615][ T59] wlan1: Creating new IBSS network, BSSID 22:89:7e:42:53:67 [ 558.062365][ T30] audit: type=1326 audit(1749765438.926:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 558.086046][ T30] audit: type=1326 audit(1749765438.926:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 558.131375][ T30] audit: type=1326 audit(1749765438.926:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 558.157541][ T30] audit: type=1326 audit(1749765438.986:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.4.1761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ffcb858e7 code=0x7ffc0000 [ 559.630153][ T5927] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 559.780431][ T5927] usb 1-1: Using ep0 maxpacket: 8 [ 560.372680][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 560.383896][ T5927] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 560.405349][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.430650][T12386] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1770'. [ 560.587671][ T5927] usb 1-1: config 0 descriptor?? [ 560.680721][T12380] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1772'. [ 560.832422][T12389] FAULT_INJECTION: forcing a failure. [ 560.832422][T12389] name failslab, interval 1, probability 0, space 0, times 0 [ 560.870137][T12389] CPU: 1 UID: 0 PID: 12389 Comm: syz.4.1774 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 560.870169][T12389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 560.870179][T12389] Call Trace: [ 560.870185][T12389] [ 560.870193][T12389] dump_stack_lvl+0x16c/0x1f0 [ 560.870227][T12389] should_fail_ex+0x512/0x640 [ 560.870250][T12389] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 560.870274][T12389] should_failslab+0xc2/0x120 [ 560.870299][T12389] __kmalloc_cache_noprof+0x6a/0x3e0 [ 560.870319][T12389] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 560.870340][T12389] ? kasan_save_track+0x14/0x30 [ 560.870366][T12389] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 560.870389][T12389] ? rcu_is_watching+0x12/0xc0 [ 560.870414][T12389] ? __mutex_lock+0x1ca/0xb90 [ 560.870443][T12389] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 560.870465][T12389] ? __pfx___mutex_lock+0x10/0x10 [ 560.870489][T12389] ? do_vfs_ioctl+0x523/0x1a60 [ 560.870524][T12389] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 560.870543][T12389] snd_pcm_oss_ioctl+0x849/0x37a0 [ 560.870563][T12389] ? hook_file_ioctl_common+0x145/0x410 [ 560.870593][T12389] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 560.870616][T12389] ? selinux_file_ioctl+0x180/0x270 [ 560.870639][T12389] ? selinux_file_ioctl+0xb4/0x270 [ 560.870664][T12389] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 560.870685][T12389] __x64_sys_ioctl+0x18b/0x210 [ 560.870706][T12389] do_syscall_64+0xcd/0x4c0 [ 560.870735][T12389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.870754][T12389] RIP: 0033:0x7f1ffcb8e929 [ 560.870769][T12389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.870786][T12389] RSP: 002b:00007f1ffd9da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 560.870804][T12389] RAX: ffffffffffffffda RBX: 00007f1ffcdb5fa0 RCX: 00007f1ffcb8e929 [ 560.870815][T12389] RDX: 0000200000000000 RSI: 00000000800c5012 RDI: 0000000000000003 [ 560.870826][T12389] RBP: 00007f1ffd9da090 R08: 0000000000000000 R09: 0000000000000000 [ 560.870836][T12389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 560.870846][T12389] R13: 0000000000000000 R14: 00007f1ffcdb5fa0 R15: 00007ffec72d3128 [ 560.870871][T12389] [ 561.103437][ C1] vkms_vblank_simulate: vblank timer overrun [ 561.160520][ T5927] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 561.285312][T12393] ubi0: attaching mtd0 [ 561.290456][T12393] ubi0: scanning is finished [ 561.376119][T12393] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 561.383837][T12393] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 561.391088][T12393] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 561.398006][T12393] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 561.405373][T12393] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 561.412213][T12393] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 561.420182][T12393] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2161068836 [ 561.430559][T12393] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 561.446237][T12398] ubi0: background thread "ubi_bgt0d" started, PID 12398 [ 561.493131][T12397] ubi0: detaching mtd0 [ 561.605314][T12402] net_ratelimit: 19 callbacks suppressed [ 561.605349][T12402] netlink: zone id is out of range [ 561.616322][T12402] netlink: zone id is out of range [ 561.621551][T12402] netlink: zone id is out of range [ 561.626697][T12402] netlink: zone id is out of range [ 561.633878][T12402] netlink: zone id is out of range [ 561.639091][T12402] netlink: zone id is out of range [ 561.646580][T12402] netlink: zone id is out of range [ 561.656893][T12402] netlink: del zone limit has 4 unknown bytes [ 561.772639][ T974] usb 1-1: USB disconnect, device number 69 [ 561.851343][T12397] ubi0: mtd0 is detached [ 562.105219][T12392] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1776'. [ 562.164959][T12392] openvswitch: netlink: Flow key attr not present in new flow. [ 562.167790][T12411] FAULT_INJECTION: forcing a failure. [ 562.167790][T12411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 562.422406][T12411] CPU: 0 UID: 0 PID: 12411 Comm: syz.2.1780 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 562.422434][T12411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 562.422445][T12411] Call Trace: [ 562.422451][T12411] [ 562.422457][T12411] dump_stack_lvl+0x16c/0x1f0 [ 562.422487][T12411] should_fail_ex+0x512/0x640 [ 562.422512][T12411] _copy_from_iter+0x29f/0x16f0 [ 562.422539][T12411] ? __alloc_skb+0x200/0x380 [ 562.422564][T12411] ? __pfx__copy_from_iter+0x10/0x10 [ 562.422586][T12411] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 562.422609][T12411] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 562.422640][T12411] netlink_sendmsg+0x829/0xdd0 [ 562.422665][T12411] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.422691][T12411] ____sys_sendmsg+0xa98/0xc70 [ 562.422712][T12411] ? copy_msghdr_from_user+0x10a/0x160 [ 562.422737][T12411] ? __pfx_____sys_sendmsg+0x10/0x10 [ 562.422768][T12411] ___sys_sendmsg+0x134/0x1d0 [ 562.422794][T12411] ? __pfx____sys_sendmsg+0x10/0x10 [ 562.422818][T12411] ? __lock_acquire+0x622/0x1c90 [ 562.422877][T12411] __sys_sendmsg+0x16d/0x220 [ 562.422903][T12411] ? __pfx___sys_sendmsg+0x10/0x10 [ 562.422953][T12411] do_syscall_64+0xcd/0x4c0 [ 562.422982][T12411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.423001][T12411] RIP: 0033:0x7f81f858e929 [ 562.423017][T12411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.423035][T12411] RSP: 002b:00007f81f9438038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 562.423053][T12411] RAX: ffffffffffffffda RBX: 00007f81f87b6080 RCX: 00007f81f858e929 [ 562.423065][T12411] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 562.423075][T12411] RBP: 00007f81f9438090 R08: 0000000000000000 R09: 0000000000000000 [ 562.423086][T12411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 562.423096][T12411] R13: 0000000000000001 R14: 00007f81f87b6080 R15: 00007fffe2ed8b28 [ 562.423119][T12411] [ 562.679272][T12417] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 562.695150][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.840718][ T974] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 562.909117][ T30] kauditd_printk_skb: 82 callbacks suppressed [ 562.909135][ T30] audit: type=1400 audit(1749765444.236:1025): avc: denied { append } for pid=12426 comm="syz.2.1785" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 562.909205][T12427] random: crng reseeded on system resumption [ 563.017094][T12428] FAULT_INJECTION: forcing a failure. [ 563.017094][T12428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.030361][ T9] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 563.038376][ T974] usb 5-1: Using ep0 maxpacket: 16 [ 563.132878][ T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 563.157017][ T974] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 563.177530][ T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.257206][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 563.268094][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.297425][ T9] usb 1-1: Product: syz [ 563.305369][T12428] CPU: 0 UID: 0 PID: 12428 Comm: syz.1.1786 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 563.305397][T12428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 563.305407][T12428] Call Trace: [ 563.305414][T12428] [ 563.305422][T12428] dump_stack_lvl+0x16c/0x1f0 [ 563.305453][T12428] should_fail_ex+0x512/0x640 [ 563.305482][T12428] _copy_to_user+0x32/0xd0 [ 563.305510][T12428] simple_read_from_buffer+0xcb/0x170 [ 563.305536][T12428] proc_fail_nth_read+0x197/0x270 [ 563.305560][T12428] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 563.305584][T12428] ? rw_verify_area+0xcf/0x680 [ 563.305603][T12428] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 563.305625][T12428] vfs_read+0x1e4/0xc60 [ 563.305650][T12428] ? __pfx___mutex_lock+0x10/0x10 [ 563.305676][T12428] ? __pfx_vfs_read+0x10/0x10 [ 563.305711][T12428] ? __fget_files+0x20e/0x3c0 [ 563.305741][T12428] ksys_read+0x12a/0x250 [ 563.305762][T12428] ? __pfx_ksys_read+0x10/0x10 [ 563.305783][T12428] ? fput+0x70/0xf0 [ 563.305815][T12428] do_syscall_64+0xcd/0x4c0 [ 563.305843][T12428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.305862][T12428] RIP: 0033:0x7f2af618d33c [ 563.305877][T12428] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 563.305894][T12428] RSP: 002b:00007f2af7048030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 563.305913][T12428] RAX: ffffffffffffffda RBX: 00007f2af63b5fa0 RCX: 00007f2af618d33c [ 563.305925][T12428] RDX: 000000000000000f RSI: 00007f2af70480a0 RDI: 0000000000000006 [ 563.305935][T12428] RBP: 00007f2af7048090 R08: 0000000000000000 R09: 0000000000000000 [ 563.305946][T12428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.305956][T12428] R13: 0000000000000000 R14: 00007f2af63b5fa0 R15: 00007fffd2f2d1a8 [ 563.305981][T12428] [ 563.496954][ T974] usb 5-1: config 0 descriptor?? [ 563.559533][ T9] usb 1-1: Manufacturer: syz [ 563.564520][ T9] usb 1-1: SerialNumber: syz [ 563.591603][ T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 563.743926][ T9] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 564.590078][ T5927] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 564.622103][ T974] usbhid 5-1:0.0: can't add hid device: -71 [ 564.629189][ T974] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 564.672787][ T974] usb 5-1: USB disconnect, device number 60 [ 564.820285][ T9] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 564.827432][ T9] ath9k_htc: Failed to initialize the device [ 564.841179][T12420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 564.851752][T12420] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 565.533738][T12437] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10) [ 565.540360][T12437] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 565.547907][T12437] vhci_hcd vhci_hcd.0: Device attached [ 565.562683][ T30] audit: type=1400 audit(1749765446.886:1026): avc: denied { ioctl } for pid=12436 comm="syz.5.1788" path="/dev/ppp" dev="devtmpfs" ino=710 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 565.658464][ T9] usb 1-1: ath9k_htc: USB layer deinitialized [ 565.712517][ T974] usb 1-1: USB disconnect, device number 70 [ 565.759756][ T30] audit: type=1326 audit(1749765447.086:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 565.784477][ T30] audit: type=1326 audit(1749765447.086:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 565.817674][ T30] audit: type=1326 audit(1749765447.116:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f81f85858e7 code=0x7ffc0000 [ 565.841065][ C1] vkms_vblank_simulate: vblank timer overrun [ 565.850176][ T5887] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 565.948917][T12456] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1792'. [ 566.931460][ T30] audit: type=1326 audit(1749765447.116:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f81f852ab19 code=0x7ffc0000 [ 566.974206][T12446] vhci_hcd: connection reset by peer [ 567.005610][ T7055] vhci_hcd: stop threads [ 567.048158][ T7055] vhci_hcd: release socket [ 567.068505][ T7055] vhci_hcd: disconnect device [ 567.077148][ T30] audit: type=1326 audit(1749765447.116:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 567.103099][ T5927] usb 6-1: unable to get BOS descriptor or descriptor too short [ 567.124872][ T30] audit: type=1326 audit(1749765447.136:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 567.149273][ T5927] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 567.170538][ T5927] usb 6-1: can't read configurations, error -71 [ 567.173958][T12464] net_ratelimit: 4 callbacks suppressed [ 567.173973][T12464] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 567.230174][T10494] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 567.336565][ T30] audit: type=1326 audit(1749765447.136:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 567.364284][ T30] audit: type=1326 audit(1749765447.136:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12449 comm="syz.2.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 567.565820][T10494] usb 5-1: Using ep0 maxpacket: 8 [ 568.353445][T12475] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1799'. [ 568.375272][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 568.375290][ T30] audit: type=1400 audit(1749765449.696:1061): avc: denied { compute_member } for pid=12470 comm="syz.5.1799" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 568.386678][T10494] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 568.935380][T10494] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 568.949290][T12474] evm: overlay not supported [ 568.956896][T10494] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 568.980042][T10494] usb 5-1: SerialNumber: syz [ 569.003549][T10494] usb 5-1: config 0 descriptor?? [ 569.019734][T10494] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 569.064164][T10494] usb 5-1: No valid video chain found. [ 569.105816][T12461] infiniband syz0: set active [ 569.162643][T12461] infiniband syz0: added bond_slave_1 [ 569.215079][T12461] syz0: rxe_create_cq: returned err = -12 [ 569.285869][T12461] infiniband syz0: Couldn't create ib_mad CQ [ 569.387401][T12461] infiniband syz0: Couldn't open port 1 [ 569.479794][T12459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.498426][T12459] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 569.520255][ T5927] usb 5-1: USB disconnect, device number 61 [ 569.538878][T12461] RDS/IB: syz0: added [ 569.544921][T12461] smc: adding ib device syz0 with port count 1 [ 569.560446][T12461] smc: ib device syz0 port 1 has pnetid [ 569.631582][T12482] FAULT_INJECTION: forcing a failure. [ 569.631582][T12482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 569.660527][T12482] CPU: 0 UID: 0 PID: 12482 Comm: syz.0.1801 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 569.660556][T12482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 569.660568][T12482] Call Trace: [ 569.660575][T12482] [ 569.660582][T12482] dump_stack_lvl+0x16c/0x1f0 [ 569.660635][T12482] should_fail_ex+0x512/0x640 [ 569.660664][T12482] strncpy_from_user+0x3b/0x2e0 [ 569.660697][T12482] getname_flags.part.0+0x8f/0x550 [ 569.660721][T12482] getname_flags+0x93/0xf0 [ 569.660744][T12482] user_path_at+0x24/0x60 [ 569.660768][T12482] __x64_sys_utime+0x1c0/0x2c0 [ 569.660797][T12482] ? __pfx___x64_sys_utime+0x10/0x10 [ 569.660822][T12482] ? fput+0x70/0xf0 [ 569.660848][T12482] ? ksys_write+0x1ac/0x250 [ 569.660882][T12482] do_syscall_64+0xcd/0x4c0 [ 569.660912][T12482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.660930][T12482] RIP: 0033:0x7f9284d8e929 [ 569.660946][T12482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.660963][T12482] RSP: 002b:00007f9285bbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084 [ 569.660981][T12482] RAX: ffffffffffffffda RBX: 00007f9284fb5fa0 RCX: 00007f9284d8e929 [ 569.660993][T12482] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 569.661004][T12482] RBP: 00007f9285bbc090 R08: 0000000000000000 R09: 0000000000000000 [ 569.661014][T12482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.661025][T12482] R13: 0000000000000000 R14: 00007f9284fb5fa0 R15: 00007ffdf6b66218 [ 569.661049][T12482] [ 570.005123][T12485] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 570.178451][T12492] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1805'. [ 570.188315][T12492] netlink: zone id is out of range [ 570.193677][T12492] netlink: get zone limit has 8 unknown bytes [ 571.010064][ T5887] vhci_hcd: vhci_device speed not set [ 571.090305][T12496] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 571.090842][ T5927] usb 6-1: new full-speed USB device number 17 using dummy_hcd [ 571.275949][ T5927] usb 6-1: config 135 has an invalid interface number: 230 but max is 0 [ 571.320702][T12502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1809'. [ 571.321319][T12499] nbd4: detected capacity change from 0 to 12 [ 571.338561][ T5927] usb 6-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 571.356370][ T5927] usb 6-1: config 135 has no interface number 0 [ 571.360679][T12502] FAULT_INJECTION: forcing a failure. [ 571.360679][T12502] name failslab, interval 1, probability 0, space 0, times 0 [ 571.362991][ T5927] usb 6-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 571.380079][ T5820] block nbd4: Send control failed (result -89) [ 571.394906][ T5927] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 571.430240][T12502] CPU: 1 UID: 0 PID: 12502 Comm: syz.0.1809 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 571.430271][T12502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 571.430283][T12502] Call Trace: [ 571.430289][T12502] [ 571.430297][T12502] dump_stack_lvl+0x16c/0x1f0 [ 571.430330][T12502] should_fail_ex+0x512/0x640 [ 571.430354][T12502] ? fs_reclaim_acquire+0xae/0x150 [ 571.430377][T12502] should_failslab+0xc2/0x120 [ 571.430403][T12502] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 571.430428][T12502] ? security_inode_alloc+0x3b/0x2b0 [ 571.430455][T12502] security_inode_alloc+0x3b/0x2b0 [ 571.430478][T12502] inode_init_always_gfp+0xce4/0x1030 [ 571.430508][T12502] alloc_inode+0x86/0x240 [ 571.430527][T12502] sock_alloc+0x40/0x280 [ 571.430546][T12502] __sock_create+0xc1/0x8d0 [ 571.430572][T12502] mptcp_subflow_create_socket+0xf5/0xed0 [ 571.430598][T12502] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 571.430629][T12502] __mptcp_nmpc_sk+0x182/0x7d0 [ 571.430652][T12502] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 571.430681][T12502] ? __local_bh_enable_ip+0xa4/0x120 [ 571.430707][T12502] mptcp_sendmsg+0x163d/0x1eb0 [ 571.430735][T12502] ? sock_has_perm+0x259/0x2f0 [ 571.430755][T12502] ? __pfx_sock_has_perm+0x10/0x10 [ 571.430781][T12502] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 571.430807][T12502] ? __might_fault+0xe3/0x190 [ 571.430829][T12502] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 571.430856][T12502] ? __import_iovec+0x1dd/0x650 [ 571.430884][T12502] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 571.430911][T12502] inet_sendmsg+0x11c/0x140 [ 571.430937][T12502] ____sys_sendmsg+0x973/0xc70 [ 571.430957][T12502] ? copy_msghdr_from_user+0x10a/0x160 [ 571.430982][T12502] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.431015][T12502] ___sys_sendmsg+0x134/0x1d0 [ 571.431042][T12502] ? __pfx____sys_sendmsg+0x10/0x10 [ 571.431065][T12502] ? __lock_acquire+0x622/0x1c90 [ 571.431124][T12502] __sys_sendmsg+0x16d/0x220 [ 571.431150][T12502] ? __pfx___sys_sendmsg+0x10/0x10 [ 571.431193][T12502] do_syscall_64+0xcd/0x4c0 [ 571.431222][T12502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.431240][T12502] RIP: 0033:0x7f9284d8e929 [ 571.431255][T12502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.431272][T12502] RSP: 002b:00007f9285bbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 571.431290][T12502] RAX: ffffffffffffffda RBX: 00007f9284fb5fa0 RCX: 00007f9284d8e929 [ 571.431302][T12502] RDX: 0000000030004001 RSI: 0000200000000080 RDI: 0000000000000005 [ 571.431313][T12502] RBP: 00007f9285bbc090 R08: 0000000000000000 R09: 0000000000000000 [ 571.431324][T12502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 571.431334][T12502] R13: 0000000000000000 R14: 00007f9284fb5fa0 R15: 00007ffdf6b66218 [ 571.431359][T12502] [ 571.434523][ T5820] block nbd4: Request send failed, requeueing [ 571.645486][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.689598][T10786] block nbd4: Dead connection, failed to find a fallback [ 571.694166][ T5822] block nbd4: Receive control failed (result -32) [ 571.702989][T10786] block nbd4: shutting down sockets [ 571.720113][T12502] socket: no more sockets [ 571.724489][T10786] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.763669][ T5927] usb 6-1: Product: syz [ 571.771425][T10786] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.782850][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.792969][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.803134][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.812430][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.820962][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.830134][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.838165][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.847298][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.853715][ T5927] usb 6-1: Manufacturer: syz [ 571.855206][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.869988][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.875289][ T5927] usb 6-1: SerialNumber: syz [ 571.877903][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.892560][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.901877][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.910984][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.926974][ T5820] ldm_validate_partition_table(): Disk read failed. [ 571.934546][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.945342][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.959817][ T5820] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 571.969399][ T5820] Buffer I/O error on dev nbd4, logical block 0, async page read [ 571.983741][ T5820] Dev nbd4: unable to read RDB block 0 [ 571.997702][ T5820] nbd4: unable to read partition table [ 572.004738][ T5820] nbd4: partition table beyond EOD, truncated [ 572.121681][ T5191] ldm_validate_partition_table(): Disk read failed. [ 573.235769][ T5191] Dev nbd4: unable to read RDB block 0 [ 573.432895][ T5191] nbd4: unable to read partition table [ 573.438850][ T5191] nbd4: partition table beyond EOD, truncated [ 573.461098][T12489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.482249][ T5820] ldm_validate_partition_table(): Disk read failed. [ 573.503608][ T5820] Dev nbd4: unable to read RDB block 0 [ 573.510376][T12489] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.519374][ T5820] nbd4: unable to read partition table [ 573.535126][ T5820] nbd4: partition table beyond EOD, truncated [ 573.540142][ T974] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 573.573707][T12489] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1804'. [ 573.829789][T10494] usb 6-1: USB disconnect, device number 17 [ 573.936784][T12517] netlink: zone id is out of range [ 573.943008][T12517] netlink: zone id is out of range [ 573.950235][ T974] usb 5-1: Using ep0 maxpacket: 16 [ 573.967853][T12517] netlink: zone id is out of range [ 573.995940][ T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.010551][T12517] netlink: zone id is out of range [ 574.018458][T12517] netlink: zone id is out of range [ 574.023798][T12517] netlink: zone id is out of range [ 574.029114][T12517] netlink: zone id is out of range [ 574.049227][ T974] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 574.062370][T12517] netlink: zone id is out of range [ 574.068086][T12517] netlink: zone id is out of range [ 574.074770][ T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.137861][ T974] usb 5-1: config 0 descriptor?? [ 574.216150][T12517] netlink: del zone limit has 4 unknown bytes [ 575.447409][ T974] usbhid 5-1:0.0: can't add hid device: -71 [ 575.459262][ T974] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 575.511346][ T974] usb 5-1: USB disconnect, device number 62 [ 576.273063][T12541] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1818'. [ 578.274892][T12557] fuse: Bad value for 'fd' [ 579.920052][ T30] audit: type=1326 audit(1749765461.226:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 579.959488][T12562] net_ratelimit: 3 callbacks suppressed [ 579.959506][T12562] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 580.091498][ T30] audit: type=1326 audit(1749765461.226:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 580.582379][ T30] audit: type=1326 audit(1749765461.226:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 580.922046][ T30] audit: type=1326 audit(1749765461.226:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 581.004643][ T30] audit: type=1326 audit(1749765461.226:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 581.084213][ T30] audit: type=1326 audit(1749765461.236:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2af61858e7 code=0x7ffc0000 [ 581.381329][ T30] audit: type=1326 audit(1749765461.236:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2af612ab19 code=0x7ffc0000 [ 581.419124][ T30] audit: type=1326 audit(1749765461.236:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 582.392652][ T974] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 582.393419][ T30] audit: type=1326 audit(1749765461.236:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 582.393936][ T30] audit: type=1326 audit(1749765461.396:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12553 comm="syz.1.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2af61858e7 code=0x7ffc0000 [ 582.547146][ T974] usb 1-1: Using ep0 maxpacket: 8 [ 582.588363][ T974] usb 1-1: unable to get BOS descriptor or descriptor too short [ 582.597431][ T974] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 582.597464][ T974] usb 1-1: can't read configurations, error -71 [ 583.347396][T12598] netlink: zone id is out of range [ 583.353132][T12598] netlink: zone id is out of range [ 583.359468][T12598] netlink: zone id is out of range [ 583.365496][T12598] netlink: zone id is out of range [ 583.370890][T12598] netlink: zone id is out of range [ 583.376137][T12598] netlink: zone id is out of range [ 583.381481][T12598] netlink: zone id is out of range [ 583.386720][T12598] netlink: zone id is out of range [ 583.392597][T12598] netlink: zone id is out of range [ 584.279042][ T5888] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 584.420441][ T5888] usb 6-1: device descriptor read/64, error -71 [ 584.930278][ T5888] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 585.102763][T12623] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1841'. [ 585.128565][T12623] net_ratelimit: 2 callbacks suppressed [ 585.128583][T12623] openvswitch: netlink: Flow key attr not present in new flow. [ 585.150247][ T5888] usb 6-1: device descriptor read/64, error -71 [ 585.360550][ T5888] usb usb6-port1: attempt power cycle [ 586.100136][ T5888] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 586.130933][ T5888] usb 6-1: device descriptor read/8, error -71 [ 586.641554][T12623] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1841'. [ 586.650040][ T5888] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 586.675350][T12650] xt_CT: No such helper "netbios-ns" [ 586.760040][ T974] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 586.788586][T12656] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1847'. [ 586.860045][ T5888] usb 6-1: device not accepting address 21, error -71 [ 586.860266][ T5888] usb usb6-port1: unable to enumerate USB device [ 586.910215][ T974] usb 3-1: Using ep0 maxpacket: 16 [ 586.921978][ T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.980225][ T974] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 586.989511][ T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.008706][ T974] usb 3-1: config 0 descriptor?? [ 587.625023][ T974] usbhid 3-1:0.0: can't add hid device: -71 [ 587.647374][ T974] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 587.682179][ T974] usb 3-1: USB disconnect, device number 49 [ 587.925380][ T7055] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 590.918442][T12691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1857'. [ 591.190383][ T974] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 591.501471][ T974] usb 1-1: Using ep0 maxpacket: 16 [ 591.514158][ T974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.545751][T12695] netlink: zone id is out of range [ 591.551428][T12695] netlink: zone id is out of range [ 591.556536][T12695] netlink: zone id is out of range [ 591.561684][T12695] netlink: zone id is out of range [ 591.566786][T12695] netlink: zone id is out of range [ 591.571900][T12695] netlink: zone id is out of range [ 591.576982][T12695] netlink: zone id is out of range [ 591.582092][T12695] netlink: zone id is out of range [ 591.587211][T12695] netlink: zone id is out of range [ 591.592683][T12695] netlink: del zone limit has 4 unknown bytes [ 591.631059][ T974] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 591.649492][ T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.675253][ T974] usb 1-1: config 0 descriptor?? [ 591.827831][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 591.827848][ T30] audit: type=1400 audit(1749765473.156:1106): avc: denied { ioctl } for pid=12706 comm="syz.2.1863" path="socket:[38660]" dev="sockfs" ino=38660 ioctlcmd=0xf503 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 592.183850][ T974] usbhid 1-1:0.0: can't add hid device: -71 [ 592.210768][ T974] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 592.226784][ T974] usb 1-1: USB disconnect, device number 73 [ 592.940031][ T5905] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 593.119964][ T5905] usb 3-1: Using ep0 maxpacket: 16 [ 593.163376][ T5905] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 593.190030][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.201635][T10494] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 593.209658][ T5905] usb 3-1: config 0 descriptor?? [ 593.223288][ T5905] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 593.371944][T10494] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 593.394986][T10494] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 593.407847][T10494] usb 6-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 593.419412][T10494] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.429213][T12723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 593.456036][T10494] usb 6-1: config 0 descriptor?? [ 593.474115][T12723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 593.593111][T12741] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1873'. [ 593.749366][ T5905] gspca_sonixj: reg_w1 err -110 [ 593.815266][ T5905] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 594.298214][ T5905] usb 3-1: USB disconnect, device number 50 [ 594.548091][T10494] usbhid 6-1:0.0: can't add hid device: -71 [ 594.558591][T10494] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 594.569677][T10494] usb 6-1: USB disconnect, device number 22 [ 594.611714][ T30] audit: type=1326 audit(1749765475.936:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 594.639629][ T30] audit: type=1326 audit(1749765475.936:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 594.752596][T12750] FAULT_INJECTION: forcing a failure. [ 594.752596][T12750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 594.937746][T12752] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1874'. [ 595.042365][ T30] audit: type=1326 audit(1749765475.936:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 595.067252][T12750] CPU: 0 UID: 0 PID: 12750 Comm: syz.1.1877 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 595.067272][T12750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 595.067280][T12750] Call Trace: [ 595.067285][T12750] [ 595.067290][T12750] dump_stack_lvl+0x16c/0x1f0 [ 595.067315][T12750] should_fail_ex+0x512/0x640 [ 595.067335][T12750] _copy_to_user+0x32/0xd0 [ 595.067354][T12750] simple_read_from_buffer+0xcb/0x170 [ 595.067371][T12750] proc_fail_nth_read+0x197/0x270 [ 595.067385][T12750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 595.067400][T12750] ? rw_verify_area+0xcf/0x680 [ 595.067413][T12750] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 595.067432][T12750] vfs_read+0x1e4/0xc60 [ 595.067448][T12750] ? __pfx___mutex_lock+0x10/0x10 [ 595.067465][T12750] ? __pfx_vfs_read+0x10/0x10 [ 595.067483][T12750] ? __fget_files+0x20e/0x3c0 [ 595.067502][T12750] ksys_read+0x12a/0x250 [ 595.067515][T12750] ? __pfx_ksys_read+0x10/0x10 [ 595.067529][T12750] ? fput+0x70/0xf0 [ 595.067548][T12750] do_syscall_64+0xcd/0x4c0 [ 595.067566][T12750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.067578][T12750] RIP: 0033:0x7f2af618d33c [ 595.067589][T12750] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 595.067600][T12750] RSP: 002b:00007f2af7048030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 595.067611][T12750] RAX: ffffffffffffffda RBX: 00007f2af63b5fa0 RCX: 00007f2af618d33c [ 595.067618][T12750] RDX: 000000000000000f RSI: 00007f2af70480a0 RDI: 0000000000000005 [ 595.067624][T12750] RBP: 00007f2af7048090 R08: 0000000000000000 R09: 0000000000000000 [ 595.067631][T12750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 595.067637][T12750] R13: 0000000000000000 R14: 00007f2af63b5fa0 R15: 00007fffd2f2d1a8 [ 595.067651][T12750] [ 595.269606][ T30] audit: type=1326 audit(1749765475.936:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 595.387673][ T30] audit: type=1326 audit(1749765475.946:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 595.628681][ T30] audit: type=1326 audit(1749765475.946:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 595.628730][ T30] audit: type=1326 audit(1749765475.976:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f81f85858e7 code=0x7ffc0000 [ 595.706788][ T30] audit: type=1326 audit(1749765475.976:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f81f852ab19 code=0x7ffc0000 [ 595.737990][ T30] audit: type=1326 audit(1749765475.976:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12744 comm="syz.2.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f81f858e929 code=0x7ffc0000 [ 597.344575][ T5905] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 598.001557][T12792] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1889'. [ 598.012878][T12792] net_ratelimit: 13 callbacks suppressed [ 598.012900][T12792] netlink: zone id is out of range [ 598.024479][T12792] netlink: get zone limit has 8 unknown bytes [ 598.309965][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 598.342555][ T5905] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.532651][ T5905] usb 6-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 599.496931][T11718] Bluetooth: hci5: command 0x0405 tx timeout [ 599.499264][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.532151][ T5905] usb 6-1: config 0 descriptor?? [ 599.554043][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 599.554061][ T30] audit: type=1400 audit(1749765480.886:1150): avc: denied { map } for pid=12797 comm="syz.2.1892" path="socket:[39001]" dev="sockfs" ino=39001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 599.560254][ T5905] usb 6-1: can't set config #0, error -71 [ 600.040781][ T5905] usb 6-1: USB disconnect, device number 23 [ 600.325731][T12809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1892'. [ 601.175794][ T30] audit: type=1326 audit(1749765482.506:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 601.272448][ T30] audit: type=1326 audit(1749765482.506:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 601.364701][T12823] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1897'. [ 601.607157][ T30] audit: type=1326 audit(1749765482.556:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ffcb858e7 code=0x7ffc0000 [ 601.631444][ T30] audit: type=1326 audit(1749765482.556:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ffcb2ab19 code=0x7ffc0000 [ 601.655167][ T30] audit: type=1326 audit(1749765482.556:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 601.777050][ T30] audit: type=1326 audit(1749765482.556:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 601.813808][ T30] audit: type=1326 audit(1749765482.556:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ffcb8e929 code=0x7ffc0000 [ 601.912939][ T30] audit: type=1326 audit(1749765482.586:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1ffcb858e7 code=0x7ffc0000 [ 601.969233][ T30] audit: type=1326 audit(1749765482.586:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12813 comm="syz.4.1897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1ffcb2ab19 code=0x7ffc0000 [ 602.022127][T12832] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 602.270944][T12840] FAULT_INJECTION: forcing a failure. [ 602.270944][T12840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 602.284482][T12840] CPU: 1 UID: 0 PID: 12840 Comm: syz.0.1904 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 602.284505][T12840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 602.284515][T12840] Call Trace: [ 602.284521][T12840] [ 602.284528][T12840] dump_stack_lvl+0x16c/0x1f0 [ 602.284557][T12840] should_fail_ex+0x512/0x640 [ 602.284582][T12840] _copy_from_user+0x2e/0xd0 [ 602.284607][T12840] copy_from_sockptr_offset+0x15c/0x1b0 [ 602.284629][T12840] ? __pfx_copy_from_sockptr_offset+0x10/0x10 [ 602.284648][T12840] ? xt_alloc_table_info+0x3e/0xa0 [ 602.284675][T12840] do_ip6t_set_ctl+0x544/0xb00 [ 602.284695][T12840] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 602.284719][T12840] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 602.284742][T12840] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 602.284780][T12840] ? nf_sockopt_find.constprop.0+0x222/0x290 [ 602.284801][T12840] nf_setsockopt+0x8d/0xf0 [ 602.284821][T12840] ipv6_setsockopt+0x135/0x170 [ 602.284843][T12840] tcp_setsockopt+0xa7/0x100 [ 602.284868][T12840] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 602.284887][T12840] do_sock_setsockopt+0x224/0x470 [ 602.284904][T12840] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 602.284934][T12840] __sys_setsockopt+0x1a0/0x230 [ 602.284960][T12840] __x64_sys_setsockopt+0xbd/0x160 [ 602.284981][T12840] ? do_syscall_64+0x91/0x4c0 [ 602.285005][T12840] ? lockdep_hardirqs_on+0x7c/0x110 [ 602.285028][T12840] do_syscall_64+0xcd/0x4c0 [ 602.285052][T12840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.285070][T12840] RIP: 0033:0x7f9284d8e929 [ 602.285084][T12840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.285100][T12840] RSP: 002b:00007f9285bbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 602.285117][T12840] RAX: ffffffffffffffda RBX: 00007f9284fb5fa0 RCX: 00007f9284d8e929 [ 602.285129][T12840] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 602.285140][T12840] RBP: 00007f9285bbc090 R08: 0000000000000408 R09: 0000000000000000 [ 602.285151][T12840] R10: 00002000000007c0 R11: 0000000000000246 R12: 0000000000000001 [ 602.285160][T12840] R13: 0000000000000000 R14: 00007f9284fb5fa0 R15: 00007ffdf6b66218 [ 602.285181][T12840] [ 603.040209][T12830] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1901'. [ 603.059802][T12830] openvswitch: netlink: Flow key attr not present in new flow. [ 604.090393][ T2151] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 604.158731][T12851] serio: Serial port ptm0 [ 604.199691][T12849] netlink: 'syz.5.1907': attribute type 7 has an invalid length. [ 604.298181][T12849] ntfs3(nullb0): Primary boot signature is not NTFS. [ 604.321878][T12849] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 604.360107][ T2151] usb 5-1: Using ep0 maxpacket: 16 [ 604.378275][ T2151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.431508][ T2151] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 604.470171][ T2151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.510818][ T2151] usb 5-1: config 0 descriptor?? [ 605.215222][T12858] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 605.421026][ T2151] usbhid 5-1:0.0: can't add hid device: -71 [ 605.427060][ T2151] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 605.458627][ T2151] usb 5-1: USB disconnect, device number 63 [ 606.582652][T12884] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1915'. [ 606.597980][T12884] netlink: zone id is out of range [ 606.603591][T12884] netlink: get zone limit has 8 unknown bytes [ 607.876148][T12900] netlink: 'syz.0.1922': attribute type 1 has an invalid length. [ 607.886999][T12900] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1922'. [ 607.890134][ T5887] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 607.896511][T12900] NCSI netlink: No device for ifindex 0 [ 608.090073][ T5887] usb 3-1: Using ep0 maxpacket: 16 [ 608.098443][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.110278][ T5887] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 608.120865][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.201803][ T5887] usb 3-1: config 0 descriptor?? [ 608.340090][ T5888] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 608.609420][T12907] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1924'. [ 608.618727][T12907] openvswitch: netlink: Flow key attr not present in new flow. [ 608.720338][ T5888] usb 1-1: Using ep0 maxpacket: 16 [ 608.730349][ T5888] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 608.740711][ T5888] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 608.751943][ T5888] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 608.765766][ T5888] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 608.775378][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.783701][ T5888] usb 1-1: Product: syz [ 608.790091][ T5888] usb 1-1: Manufacturer: syz [ 608.794807][ T5888] usb 1-1: SerialNumber: syz [ 609.949880][ T5888] usb 1-1: 0:2 : does not exist [ 610.318101][T12919] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 610.630678][ T5887] usbhid 3-1:0.0: can't add hid device: -71 [ 610.636774][ T5887] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 610.678179][ T5887] usb 3-1: USB disconnect, device number 51 [ 610.754534][T12926] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1928'. [ 610.764717][T12926] netlink: zone id is out of range [ 610.770124][T12926] netlink: get zone limit has 8 unknown bytes [ 611.230681][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 611.230702][ T30] audit: type=1400 audit(1749765492.506:1200): avc: denied { listen } for pid=12899 comm="syz.0.1922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 611.576248][ T5888] usb 1-1: 1:0: failed to get current value for ch 0 (-22) [ 611.612377][ T5887] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 611.666312][ T30] audit: type=1400 audit(1749765492.986:1201): avc: denied { shutdown } for pid=12931 comm="syz.4.1930" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 611.674442][ T5888] usb 1-1: USB disconnect, device number 74 [ 611.702665][ T30] audit: type=1400 audit(1749765492.986:1202): avc: denied { read } for pid=12931 comm="syz.4.1930" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 611.723629][ T30] audit: type=1400 audit(1749765493.026:1203): avc: denied { ioctl } for pid=12936 comm="syz.1.1932" path="socket:[39385]" dev="sockfs" ino=39385 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 611.804846][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.822151][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.832743][ T5887] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 611.842129][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.853087][ T5887] usb 3-1: config 0 descriptor?? [ 612.210563][T12947] max out of range [ 612.521639][ T5887] usbhid 3-1:0.0: can't add hid device: -71 [ 612.527672][ T5887] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 612.540186][ T5887] usb 3-1: USB disconnect, device number 52 [ 613.000543][T12961] siw: device registration error -23 [ 613.009134][T12961] netlink: 'syz.5.1939': attribute type 1 has an invalid length. [ 613.485709][T12969] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1941'. [ 613.522216][T12969] netlink: zone id is out of range [ 613.527495][T12969] netlink: get zone limit has 8 unknown bytes [ 614.378151][T12965] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1942'. [ 614.403841][T12965] openvswitch: netlink: Flow key attr not present in new flow. [ 614.544864][T12984] FAULT_INJECTION: forcing a failure. [ 614.544864][T12984] name failslab, interval 1, probability 0, space 0, times 0 [ 614.585394][T12984] CPU: 1 UID: 0 PID: 12984 Comm: syz.2.1945 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 614.585425][T12984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 614.585436][T12984] Call Trace: [ 614.585444][T12984] [ 614.585451][T12984] dump_stack_lvl+0x16c/0x1f0 [ 614.585485][T12984] should_fail_ex+0x512/0x640 [ 614.585510][T12984] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 614.585536][T12984] should_failslab+0xc2/0x120 [ 614.585562][T12984] __kmalloc_cache_node_noprof+0x6d/0x420 [ 614.585585][T12984] ? __get_vm_area_node+0x101/0x330 [ 614.585606][T12984] __get_vm_area_node+0x101/0x330 [ 614.585627][T12984] __vmalloc_node_range_noprof+0x271/0x14b0 [ 614.585647][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 614.585670][T12984] ? find_held_lock+0x2b/0x80 [ 614.585693][T12984] ? avc_has_perm_noaudit+0x117/0x3b0 [ 614.585711][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 614.585737][T12984] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 614.585757][T12984] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 614.585788][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 614.585807][T12984] __vmalloc_node_noprof+0xad/0xf0 [ 614.585825][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 614.585847][T12984] bpf_prog_alloc_no_stats+0x54/0x630 [ 614.585866][T12984] ? security_capable+0x7e/0x260 [ 614.585887][T12984] bpf_prog_alloc+0x3b/0x230 [ 614.585905][T12984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 614.585926][T12984] bpf_prog_load+0x1a04/0x2490 [ 614.585956][T12984] ? __pfx_bpf_prog_load+0x10/0x10 [ 614.585978][T12984] ? avc_has_perm_noaudit+0x149/0x3b0 [ 614.586013][T12984] ? selinux_bpf+0xde/0x130 [ 614.586029][T12984] ? bpf_lsm_bpf+0x9/0x10 [ 614.586049][T12984] __sys_bpf+0x433c/0x4d80 [ 614.586076][T12984] ? __pfx___sys_bpf+0x10/0x10 [ 614.586101][T12984] ? ksys_write+0x190/0x250 [ 614.586128][T12984] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 614.586170][T12984] ? fput+0x70/0xf0 [ 614.586196][T12984] ? ksys_write+0x1ac/0x250 [ 614.586217][T12984] ? __pfx_ksys_write+0x10/0x10 [ 614.586243][T12984] __x64_sys_bpf+0x78/0xc0 [ 614.586267][T12984] ? lockdep_hardirqs_on+0x7c/0x110 [ 614.586298][T12984] do_syscall_64+0xcd/0x4c0 [ 614.586327][T12984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.586352][T12984] RIP: 0033:0x7f81f858e929 [ 614.586368][T12984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.586386][T12984] RSP: 002b:00007f81f9459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 614.586404][T12984] RAX: ffffffffffffffda RBX: 00007f81f87b5fa0 RCX: 00007f81f858e929 [ 614.586416][T12984] RDX: 0000000000000090 RSI: 0000200000000380 RDI: 0000000000000005 [ 614.586427][T12984] RBP: 00007f81f9459090 R08: 0000000000000000 R09: 0000000000000000 [ 614.586438][T12984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.586448][T12984] R13: 0000000000000000 R14: 00007f81f87b5fa0 R15: 00007fffe2ed8b28 [ 614.586473][T12984] [ 614.587558][T12984] syz.2.1945: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 615.257527][T12998] overlayfs: workdir and upperdir must be separate subtrees [ 615.267230][T12984] CPU: 0 UID: 0 PID: 12984 Comm: syz.2.1945 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 615.267259][T12984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 615.267271][T12984] Call Trace: [ 615.267278][T12984] [ 615.267286][T12984] dump_stack_lvl+0x16c/0x1f0 [ 615.267319][T12984] warn_alloc+0x248/0x3a0 [ 615.267345][T12984] ? __pfx_warn_alloc+0x10/0x10 [ 615.267369][T12984] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 615.267394][T12984] ? __kasan_kmalloc+0x8a/0xb0 [ 615.267418][T12984] ? __get_vm_area_node+0x208/0x330 [ 615.267442][T12984] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 615.267465][T12984] ? find_held_lock+0x2b/0x80 [ 615.267487][T12984] ? avc_has_perm_noaudit+0x117/0x3b0 [ 615.267506][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 615.267539][T12984] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 615.267560][T12984] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 615.267593][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 615.267613][T12984] __vmalloc_node_noprof+0xad/0xf0 [ 615.267629][T12984] ? bpf_prog_alloc_no_stats+0x54/0x630 [ 615.267646][T12984] bpf_prog_alloc_no_stats+0x54/0x630 [ 615.267658][T12984] ? security_capable+0x7e/0x260 [ 615.267672][T12984] bpf_prog_alloc+0x3b/0x230 [ 615.267682][T12984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 615.267696][T12984] bpf_prog_load+0x1a04/0x2490 [ 615.267715][T12984] ? __pfx_bpf_prog_load+0x10/0x10 [ 615.267729][T12984] ? avc_has_perm_noaudit+0x149/0x3b0 [ 615.267749][T12984] ? selinux_bpf+0xde/0x130 [ 615.267759][T12984] ? bpf_lsm_bpf+0x9/0x10 [ 615.267771][T12984] __sys_bpf+0x433c/0x4d80 [ 615.267788][T12984] ? __pfx___sys_bpf+0x10/0x10 [ 615.267804][T12984] ? ksys_write+0x190/0x250 [ 615.267820][T12984] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 615.267846][T12984] ? fput+0x70/0xf0 [ 615.267863][T12984] ? ksys_write+0x1ac/0x250 [ 615.267875][T12984] ? __pfx_ksys_write+0x10/0x10 [ 615.267892][T12984] __x64_sys_bpf+0x78/0xc0 [ 615.267907][T12984] ? lockdep_hardirqs_on+0x7c/0x110 [ 615.267923][T12984] do_syscall_64+0xcd/0x4c0 [ 615.267941][T12984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.267952][T12984] RIP: 0033:0x7f81f858e929 [ 615.267962][T12984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.267974][T12984] RSP: 002b:00007f81f9459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 615.267985][T12984] RAX: ffffffffffffffda RBX: 00007f81f87b5fa0 RCX: 00007f81f858e929 [ 615.267992][T12984] RDX: 0000000000000090 RSI: 0000200000000380 RDI: 0000000000000005 [ 615.267998][T12984] RBP: 00007f81f9459090 R08: 0000000000000000 R09: 0000000000000000 [ 615.268005][T12984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 615.268012][T12984] R13: 0000000000000000 R14: 00007f81f87b5fa0 R15: 00007fffe2ed8b28 [ 615.268026][T12984] [ 615.551785][T12984] Mem-Info: [ 615.555005][T12984] active_anon:13676 inactive_anon:4 isolated_anon:1304 [ 615.555005][T12984] active_file:21728 inactive_file:40851 isolated_file:0 [ 615.555005][T12984] unevictable:1513 dirty:616 writeback:0 [ 615.555005][T12984] slab_reclaimable:8189 slab_unreclaimable:110177 [ 615.555005][T12984] mapped:42447 shmem:4250 pagetables:1444 [ 615.555005][T12984] sec_pagetables:0 bounce:0 [ 615.555005][T12984] kernel_misc_reclaimable:0 [ 615.555005][T12984] free:1264624 free_pcp:16487 free_cma:0 [ 615.601393][T12984] Node 0 active_anon:54704kB inactive_anon:16kB active_file:86768kB inactive_file:163200kB unevictable:4516kB isolated(anon):5216kB isolated(file):0kB mapped:169716kB dirty:2464kB writeback:0kB shmem:15464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13236kB pagetables:5640kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 615.636216][T12984] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 615.668947][T12984] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 615.698243][T12984] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 615.708359][T12984] Node 0 DMA32 free:1138228kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:54660kB inactive_anon:16kB active_file:86768kB inactive_file:161876kB unevictable:5516kB writepending:2464kB present:3129332kB managed:2540648kB mlocked:8020kB bounce:0kB free_pcp:51268kB local_pcp:19536kB free_cma:0kB [ 615.741202][T12984] lowmem_reserve[]: 0 0 1 1 1 [ 615.751057][T12984] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:20kB free_cma:0kB [ 615.780277][T12984] lowmem_reserve[]: 0 0 0 0 0 [ 615.785013][T12984] Node 1 Normal free:3905908kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14240kB local_pcp:8864kB free_cma:0kB [ 615.817420][T12984] lowmem_reserve[]: 0 0 0 0 0 [ 615.819555][ T5822] Bluetooth: hci5: command 0x0405 tx timeout [ 615.822820][T12984] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 615.841683][T12984] Node 0 DMA32: 131*4kB (UME) 51*8kB (UME) 184*16kB (UME) 442*32kB (UME) 393*64kB (UME) 165*128kB (UME) 69*256kB (UME) 55*512kB (UME) 34*1024kB (UME) 7*2048kB (UME) 239*4096kB (UM) = 1138212kB [ 615.862777][T12984] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 615.894627][T12984] Node 1 Normal: 177*4kB (UM) 50*8kB (UME) 44*16kB (UME) 141*32kB (UME) 37*64kB (UME) 13*128kB (UME) 9*256kB (UME) 2*512kB (UM) 3*1024kB (ME) 3*2048kB (UME) 948*4096kB (M) = 3905908kB [ 616.033932][T12984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 616.046707][T12984] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 616.056364][T12984] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 616.065938][T12984] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 616.075314][T12984] 69665 total pagecache pages [ 616.080024][T12984] 4 pages in swap cache [ 616.084173][T12984] Free swap = 124980kB [ 616.088688][T12984] Total swap = 124996kB [ 616.093471][T12984] 2097051 pages RAM [ 616.097396][T12984] 0 pages HighMem/MovableOnly [ 616.113536][T12984] 429911 pages reserved [ 616.134482][T12984] 0 pages cma reserved [ 617.334974][ T5888] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 617.445468][ T5888] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz1] on syz0 [ 618.072162][ T5927] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 618.372119][ T5927] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 618.391268][ T5927] usb 6-1: config 0 has no interfaces? [ 618.422521][ T5927] usb 6-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=87.c0 [ 618.442538][ T5927] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.458466][ T5927] usb 6-1: Product: syz [ 618.478909][ T5927] usb 6-1: Manufacturer: syz [ 618.494837][ T5927] usb 6-1: SerialNumber: syz [ 618.530411][ T5888] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 618.591434][ T5927] usb 6-1: config 0 descriptor?? [ 619.171336][ T5888] usb 3-1: Using ep0 maxpacket: 16 [ 619.185000][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 619.210445][ T5888] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 619.223766][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.247412][ T5888] usb 3-1: config 0 descriptor?? [ 619.317455][T13046] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 619.328322][T13024] openvswitch: netlink: Tunnel attr 10875 out of range max 16 [ 619.759123][T13052] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1961'. [ 619.768803][T13052] netlink: 'syz.1.1961': attribute type 7 has an invalid length. [ 619.789611][T13052] netlink: 'syz.1.1961': attribute type 8 has an invalid length. [ 619.810313][T13055] max out of range [ 620.107964][T13052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1961'. [ 620.183274][T13052] bridge0: entered promiscuous mode [ 620.194129][T13052] ip6gretap0: entered promiscuous mode [ 620.202797][T13052] erspan0: entered promiscuous mode [ 620.650662][ T5888] usbhid 3-1:0.0: can't add hid device: -71 [ 620.650754][ T5888] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 620.653110][ T5888] usb 3-1: USB disconnect, device number 53 [ 620.718173][ T5887] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 620.725497][ T5927] usb 6-1: USB disconnect, device number 24 [ 620.974667][ T3496] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 622.932933][ T5927] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 623.070024][ T5887] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 623.639978][ T5927] usb 3-1: Using ep0 maxpacket: 16 [ 623.647169][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.672467][ T5927] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 623.689427][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.700014][ T5887] usb 6-1: Using ep0 maxpacket: 16 [ 623.753264][ T5927] usb 3-1: config 0 descriptor?? [ 623.844653][ T5887] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.868149][ T5887] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 623.926737][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.450956][ T5887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.515765][ T5887] usb 6-1: config 0 descriptor?? [ 625.270628][ T5887] usbhid 6-1:0.0: can't add hid device: -71 [ 625.282108][ T5887] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 625.294039][ T5887] usb 6-1: USB disconnect, device number 25 [ 625.363682][ T5927] usbhid 3-1:0.0: can't add hid device: -71 [ 625.382102][ T5927] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 625.394703][ T5927] usb 3-1: USB disconnect, device number 54 [ 625.469176][ T30] audit: type=1400 audit(1749765506.796:1204): avc: denied { map } for pid=13109 comm="syz.0.1975" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 625.503040][ T30] audit: type=1400 audit(1749765506.796:1205): avc: denied { execute } for pid=13109 comm="syz.0.1975" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 625.643986][ T30] audit: type=1326 audit(1749765506.976:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 625.644419][ T30] audit: type=1326 audit(1749765506.976:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 625.645009][ T30] audit: type=1326 audit(1749765506.976:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 625.645440][ T30] audit: type=1326 audit(1749765506.976:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 625.645757][ T30] audit: type=1326 audit(1749765506.976:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 625.646109][ T30] audit: type=1326 audit(1749765506.976:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f2af618e929 code=0x7ffc0000 [ 625.665002][ T30] audit: type=1326 audit(1749765506.986:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2af61858e7 code=0x7ffc0000 [ 625.679377][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.839098][T13121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1976'. [ 625.839729][ T30] audit: type=1326 audit(1749765506.986:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13115 comm="syz.1.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2af612ab19 code=0x7ffc0000 [ 626.074230][T13126] kAFS: unable to lookup cell '' [ 626.109816][T13128] max out of range [ 626.230921][T13129] loop4: detected capacity change from 0 to 524255232 [ 626.542751][T13131] Invalid logical block size (5) [ 626.856458][ T5874] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 627.550007][ T5874] usb 1-1: Using ep0 maxpacket: 16 [ 628.602649][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.623098][ T5874] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 628.653269][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.776667][ T5874] usb 1-1: config 0 descriptor?? [ 629.066372][T13162] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 629.977489][ T5874] mcp2221 0003:04D8:00DD.0011: unbalanced delimiter at end of report description [ 630.028930][ T5874] mcp2221 0003:04D8:00DD.0011: can't parse reports [ 630.040056][ T5874] mcp2221 0003:04D8:00DD.0011: probe with driver mcp2221 failed with error -22 [ 631.160067][ T5874] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 631.274536][ T5887] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 631.349466][ T5874] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 631.349790][ T974] usb 1-1: USB disconnect, device number 75 [ 631.474219][ T5874] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 631.560017][ T5887] usb 3-1: device descriptor read/64, error -71 [ 631.563029][ T5874] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 631.607191][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.627053][ T5874] usb 2-1: Product: syz [ 631.633604][ T5874] usb 2-1: Manufacturer: syz [ 631.646988][ T5874] usb 2-1: SerialNumber: syz [ 631.660261][ T5927] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 631.922549][ T5887] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 631.941440][ T5874] usb 2-1: USB disconnect, device number 71 [ 632.011904][ T5927] usb 6-1: Using ep0 maxpacket: 16 [ 632.374045][ T5887] usb 3-1: device descriptor read/64, error -71 [ 632.487702][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.500268][ T5887] usb usb3-port1: attempt power cycle [ 632.508585][ T5927] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 632.517985][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.541477][ T5927] usb 6-1: config 0 descriptor?? [ 632.865308][ T5887] usb 3-1: new full-speed USB device number 57 using dummy_hcd [ 632.872617][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 632.872633][ T30] audit: type=1400 audit(1749765514.206:1256): avc: denied { write } for pid=13201 comm="syz.0.2000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 632.904003][ T5887] usb 3-1: device descriptor read/8, error -71 [ 632.942798][ T30] audit: type=1400 audit(1749765514.266:1257): avc: denied { ioctl } for pid=13203 comm="syz.0.2001" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 632.967937][ C1] vkms_vblank_simulate: vblank timer overrun [ 633.160619][ T5887] usb 3-1: new full-speed USB device number 58 using dummy_hcd [ 633.189073][ T5927] usbhid 6-1:0.0: can't add hid device: -71 [ 633.213105][ T5887] usb 3-1: device descriptor read/8, error -71 [ 633.229522][ T5927] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 633.229995][ T5874] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 633.247955][ T5927] usb 6-1: USB disconnect, device number 26 [ 633.263946][T13206] XFS (nullb0): Invalid superblock magic number [ 633.390565][ T5887] usb usb3-port1: unable to enumerate USB device [ 633.450970][ T5874] usb 1-1: Using ep0 maxpacket: 32 [ 634.054845][ T5874] usb 1-1: config 0 has an invalid interface number: 247 but max is 0 [ 634.063209][ T5874] usb 1-1: config 0 has no interface number 0 [ 634.111988][ T5874] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 634.127976][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 634.140512][ T5874] usb 1-1: Product: syz [ 634.144798][ T5874] usb 1-1: Manufacturer: syz [ 634.153400][ T5874] usb 1-1: config 0 descriptor?? [ 634.562050][T13234] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.2007'. [ 634.562215][T13234] netlink: zone id is out of range [ 634.562388][T13234] netlink: get zone limit has 8 unknown bytes [ 635.587100][ T30] audit: type=1400 audit(1749765516.916:1258): avc: denied { remount } for pid=13235 comm="syz.1.2008" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 636.553529][ T5874] usb 1-1: USB disconnect, device number 76 [ 636.936680][ T30] audit: type=1400 audit(1749765518.266:1259): avc: denied { map } for pid=13250 comm="syz.1.2013" path="socket:[40840]" dev="sockfs" ino=40840 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 636.991031][T13252] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.2012'. [ 637.001761][T13252] netlink: zone id is out of range [ 637.007546][T13252] netlink: get zone limit has 8 unknown bytes [ 639.716849][ T5887] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 639.808765][T13278] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 639.837740][T13280] openvswitch: netlink: Unknown key attributes 2 [ 639.858495][T13281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2020'. [ 639.902566][ T5887] usb 5-1: Using ep0 maxpacket: 8 [ 639.914279][ T5887] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 639.920285][T13281] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 639.938089][ T5887] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 639.939751][T13281] macsec1: entered allmulticast mode [ 639.955257][T13281] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 639.990872][T13281] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 639.998606][T13281] mac80211_hwsim hwsim6 wlan0: left promiscuous mode [ 640.034678][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 640.087759][ T5887] usb 5-1: SerialNumber: syz [ 640.103723][ T5887] usb 5-1: config 0 descriptor?? [ 640.135009][ T5887] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 640.150168][ T5887] usb 5-1: No valid video chain found. [ 640.234288][T13291] IPVS: set_ctl: invalid protocol: 51 255.255.255.255:20003 [ 640.499590][ T5887] usb 5-1: USB disconnect, device number 64 [ 641.243388][T13298] max out of range [ 641.440074][ T5822] Bluetooth: hci5: command 0x0405 tx timeout [ 641.683543][ T5887] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 641.701933][ T5887] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz1] on syz0 [ 642.374913][T13308] FAULT_INJECTION: forcing a failure. [ 642.374913][T13308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.389000][T13308] CPU: 0 UID: 0 PID: 13308 Comm: syz.2.2027 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 642.389026][T13308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 642.389037][T13308] Call Trace: [ 642.389044][T13308] [ 642.389058][T13308] dump_stack_lvl+0x16c/0x1f0 [ 642.389088][T13308] should_fail_ex+0x512/0x640 [ 642.389116][T13308] _copy_to_user+0x32/0xd0 [ 642.389143][T13308] simple_read_from_buffer+0xcb/0x170 [ 642.389168][T13308] proc_fail_nth_read+0x197/0x270 [ 642.389190][T13308] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 642.389214][T13308] ? rw_verify_area+0xcf/0x680 [ 642.389233][T13308] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 642.389254][T13308] vfs_read+0x1e4/0xc60 [ 642.389279][T13308] ? __pfx___mutex_lock+0x10/0x10 [ 642.389304][T13308] ? __pfx_vfs_read+0x10/0x10 [ 642.389331][T13308] ? __fget_files+0x20e/0x3c0 [ 642.389362][T13308] ksys_read+0x12a/0x250 [ 642.389382][T13308] ? __pfx_ksys_read+0x10/0x10 [ 642.389411][T13308] do_syscall_64+0xcd/0x4c0 [ 642.389439][T13308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.389458][T13308] RIP: 0033:0x7f81f858d33c [ 642.389472][T13308] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 642.389489][T13308] RSP: 002b:00007f81f9459030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 642.389507][T13308] RAX: ffffffffffffffda RBX: 00007f81f87b5fa0 RCX: 00007f81f858d33c [ 642.389519][T13308] RDX: 000000000000000f RSI: 00007f81f94590a0 RDI: 0000000000000004 [ 642.389530][T13308] RBP: 00007f81f9459090 R08: 0000000000000000 R09: 0000000000000000 [ 642.389541][T13308] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 642.389552][T13308] R13: 0000000000000000 R14: 00007f81f87b5fa0 R15: 00007fffe2ed8b28 [ 642.389576][T13308] [ 642.650036][ T5927] usb 5-1: new full-speed USB device number 65 using dummy_hcd [ 642.702532][ T30] audit: type=1400 audit(1749765524.036:1260): avc: denied { link } for pid=13312 comm="syz.5.2029" name="file1" dev="tmpfs" ino=829 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 642.744178][ T30] audit: type=1400 audit(1749765524.076:1261): avc: denied { rename } for pid=13312 comm="syz.5.2029" name="file0" dev="overlay" ino=829 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 642.801426][ T5927] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 642.818437][ T5927] usb 5-1: config 0 has no interfaces? [ 642.832944][ T5927] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=87.c0 [ 642.845230][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.854093][ T5927] usb 5-1: Product: syz [ 642.859580][ T5927] usb 5-1: Manufacturer: syz [ 642.874180][ T5927] usb 5-1: SerialNumber: syz [ 642.891554][ T5927] usb 5-1: config 0 descriptor?? [ 643.020177][T10494] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 643.160035][T10494] usb 6-1: device descriptor read/64, error -71 [ 643.295599][ T5927] usb 5-1: USB disconnect, device number 65 [ 643.407171][T10494] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 643.717650][T13336] sch_tbf: burst 0 is lower than device ip6_vti0 mtu (1332) ! [ 643.802907][T10494] usb 6-1: device descriptor read/64, error -71 [ 644.045724][T10494] usb usb6-port1: attempt power cycle [ 644.940029][T10494] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 644.992871][T10494] usb 6-1: device descriptor read/8, error -71 [ 645.740106][T10494] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 646.227252][T13365] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2043'. [ 646.242553][T13365] vlan0: entered promiscuous mode [ 646.418648][T13368] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2042'. [ 646.429326][T13368] netlink: zone id is out of range [ 646.434708][T13368] netlink: get zone limit has 8 unknown bytes [ 646.460000][T10494] usb 6-1: device not accepting address 30, error -71 [ 647.110316][T10494] usb usb6-port1: unable to enumerate USB device [ 647.822216][ T5927] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 647.858871][T13389] xt_TPROXY: Can be used only with -p tcp or -p udp [ 647.960441][T13389] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2049'. [ 648.010786][ T5927] usb 1-1: Using ep0 maxpacket: 8 [ 648.014991][T13387] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 648.019233][T13389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2049'. [ 648.090421][ T5927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 648.170519][ T5927] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 648.179653][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 648.247350][ T5927] usb 1-1: config 0 descriptor?? [ 649.187614][T13397] vivid-000: kernel_thread() failed [ 649.276729][ T5927] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 649.303869][T13398] tty tty29: ldisc open failed (-12), clearing slot 28 [ 649.683687][ T30] audit: type=1400 audit(1749765531.006:1262): avc: denied { write } for pid=13412 comm="syz.1.2058" name="ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 649.731441][T13418] input: syz0 as /devices/virtual/input/input24 [ 650.166207][T10494] usb 1-1: USB disconnect, device number 77 [ 650.250026][ T5927] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 650.410218][ T5927] usb 3-1: Using ep0 maxpacket: 32 [ 650.417023][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.438039][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.462373][ T5927] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 650.471730][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.490573][ T5927] usb 3-1: config 0 descriptor?? [ 650.497918][ T5927] hub 3-1:0.0: USB hub found [ 650.548187][T13432] fuse: Unknown parameter 'fdohƽ*ú' [ 650.563136][T13432] bridge_slave_0: left allmulticast mode [ 650.568930][T13432] bridge_slave_0: left promiscuous mode [ 650.575013][T13432] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.587522][T13432] bridge_slave_1: left allmulticast mode [ 650.595962][T13432] bridge_slave_1: left promiscuous mode [ 650.601890][T13432] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.614894][T13432] bond0: (slave bond_slave_0): Releasing backup interface [ 650.627925][T13432] bond0: (slave bond_slave_1): Releasing backup interface [ 650.654385][T13432] team0: Port device team_slave_0 removed [ 650.668143][T13432] team0: Port device team_slave_1 removed [ 650.674697][T13432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 650.682444][T13432] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.690992][T13432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.698428][T13432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.712153][ T5927] hub 3-1:0.0: 1 port detected [ 650.944396][ T30] audit: type=1400 audit(1749765532.276:1263): avc: denied { bind } for pid=13443 comm="syz.0.2069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 650.973158][T13446] futex_wake_op: syz.5.2070 tries to shift op by 144; fix this program [ 651.060278][ T5887] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 652.220313][ T5887] usb 2-1: config index 0 descriptor too short (expected 4114, got 18) [ 652.264540][ T5927] hub 3-1:0.0: activate --> -90 [ 652.318783][ T5887] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 652.328210][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.566030][ T5887] usb 2-1: Product: syz [ 652.570350][ T5887] usb 2-1: Manufacturer: syz [ 652.575725][ T5887] usb 2-1: SerialNumber: syz [ 652.590563][ T5887] usb 2-1: config 0 descriptor?? [ 652.636789][T10494] usb 3-1: USB disconnect, device number 59 [ 652.807253][ T5887] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 652.836597][ T5887] asix 2-1:0.0: probe with driver asix failed with error -61 [ 652.897404][ T30] audit: type=1400 audit(1749765534.226:1264): avc: denied { module_load } for pid=13470 comm="syz.5.2079" path="/sys/kernel/address_bits" dev="sysfs" ino=1393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 653.430097][ T5887] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 653.593096][ T5887] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 653.606869][ T5887] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 653.618499][ T5887] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 653.635190][ T5887] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 653.645788][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.655540][ T5887] usb 3-1: Product: syz [ 653.659852][ T5887] usb 3-1: Manufacturer: syz [ 653.667138][ T5887] usb 3-1: SerialNumber: syz [ 653.698599][ T6127] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 654.049595][ T5927] usb 2-1: USB disconnect, device number 72 [ 654.266254][T13508] usb usb1: usbfs: process 13508 (syz.5.2092) did not claim interface 0 before use [ 654.383131][T13514] usb usb8: usbfs: process 13514 (syz.5.2094) did not claim interface 0 before use [ 654.450136][ T9] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 654.620758][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 654.638347][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.684498][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 654.695460][ T5887] cdc_ncm 3-1:1.0: bind() failure [ 654.706818][ T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00 [ 654.716812][ T5887] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 654.725356][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.735471][ T5887] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 654.745042][ T9] usb 5-1: config 0 descriptor?? [ 654.750115][ T5927] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 654.759627][ T5887] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 654.775132][ T5887] usb 3-1: USB disconnect, device number 60 [ 654.912239][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.930902][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 654.944498][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 654.981502][ T5927] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 654.990711][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.002420][ T5927] usb 6-1: config 0 descriptor?? [ 655.222084][ T9] wacom 0003:056A:0000.0013: unbalanced collection at end of report description [ 655.244076][ T9] wacom 0003:056A:0000.0013: parse failed [ 655.250397][ T9] wacom 0003:056A:0000.0013: probe with driver wacom failed with error -22 [ 655.278611][T13529] Bluetooth: hci2: Opcode 0x0401 failed: -4 [ 655.423965][T10494] usb 5-1: USB disconnect, device number 66 [ 655.445559][ T5927] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 655.483755][ T5927] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 655.500334][ T5927] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 655.507795][ T5927] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 655.518827][ T5927] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 655.550078][ T5927] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 655.551895][ T5905] kernel write not supported for file /snd/seq (pid: 5905 comm: kworker/1:6) [ 655.558063][ T5927] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 655.600420][ T5927] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 655.736628][ T5905] usb 6-1: USB disconnect, device number 31 [ 656.347231][T13564] netlink: 'syz.1.2114': attribute type 4 has an invalid length. [ 656.419695][T13566] netlink: 'syz.1.2114': attribute type 4 has an invalid length. [ 656.436781][ T5927] usb 5-1: new full-speed USB device number 67 using dummy_hcd [ 656.570201][ T30] audit: type=1400 audit(1749765537.896:1265): avc: denied { mount } for pid=13562 comm="syz.5.2115" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 656.618544][ T5927] usb 5-1: config index 0 descriptor too short (expected 5668, got 36) [ 656.636013][ T5927] usb 5-1: config 3 has too many interfaces: 84, using maximum allowed: 32 [ 656.697687][ T5927] usb 5-1: config 3 has 1 interface, different from the descriptor's value: 84 [ 656.749234][ T5927] usb 5-1: config 3 has no interface number 0 [ 656.805308][ T5823] Bluetooth: hci2: command 0x0c1a tx timeout [ 656.828482][ T5927] usb 5-1: config 3 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 656.842158][ T5927] usb 5-1: config 3 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 656.854581][ T5927] usb 5-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 656.866837][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.876334][ T5927] usb 5-1: Product: syz [ 656.880927][ T5927] usb 5-1: Manufacturer: syz [ 656.885559][ T5927] usb 5-1: SerialNumber: syz [ 656.896151][T13558] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 657.134153][ T5927] usb-storage 5-1:3.20: USB Mass Storage device detected [ 657.233920][ T5927] usb-storage 5-1:3.20: Quirks match for vid 04e6 pid 000b: 4 [ 657.357179][ T5927] scsi host1: usb-storage 5-1:3.20 [ 657.578841][ T5874] usb 5-1: USB disconnect, device number 67 [ 658.499563][T13602] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2129'. [ 658.559084][T13604] usb usb1: usbfs: process 13604 (syz.0.2130) did not claim interface 0 before use [ 658.672738][T13588] kthread_run failed with err -4 [ 658.922684][ T30] audit: type=1400 audit(1749765540.246:1266): avc: denied { ioctl } for pid=13614 comm="syz.2.2135" path="socket:[42773]" dev="sockfs" ino=42773 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 659.510172][ T5874] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 659.601787][ T5887] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 659.720100][ T5874] usb 6-1: Using ep0 maxpacket: 32 [ 659.744756][ T5874] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 659.767331][ T5874] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 659.778296][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.787034][ T5874] usb 6-1: Product: syz [ 659.791851][ T5874] usb 6-1: Manufacturer: syz [ 659.793371][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.796538][ T5874] usb 6-1: SerialNumber: syz [ 659.823640][ T5874] usb 6-1: config 0 descriptor?? [ 659.832922][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.844601][T13634] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 659.855022][ T5874] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 659.859960][ T5887] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 659.885780][ T5887] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 659.900942][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.916437][ T5887] usb 1-1: config 0 descriptor?? [ 660.087644][T13659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13659 comm=syz.1.2147 [ 660.481986][ T5887] plantronics 0003:047F:FFFF.0015: reserved main item tag 0xd [ 660.753837][ T5887] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 660.780419][ T5887] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 660.807277][ T5887] usb 1-1: USB disconnect, device number 78 [ 660.953079][T13672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2152'. [ 661.008857][T13670] fido_id[13670]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 661.216973][T13682] binder: 13681:13682 ioctl c0306201 200000000480 returned -14 [ 661.242552][ T30] audit: type=1400 audit(1749765542.566:1267): avc: denied { transfer } for pid=13681 comm="syz.1.2157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 661.866241][T13688] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 662.074824][ T2151] usb 6-1: USB disconnect, device number 32 [ 662.161522][ T5927] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 662.344366][ T5927] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 662.365276][ T5927] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 662.384738][ T5927] usb 3-1: config 1 has no interface number 0 [ 662.397113][ T5927] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 662.441850][ T5927] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 662.451220][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.459339][ T5927] usb 3-1: Product: syz [ 662.463627][ T5927] usb 3-1: Manufacturer: syz [ 662.468229][ T5927] usb 3-1: SerialNumber: syz [ 662.479039][ T5927] cdc_ncm 3-1:1.1: NCM or ECM functional descriptors missing [ 662.521115][ T5927] cdc_ncm 3-1:1.1: bind() failure [ 663.673719][ T5927] usb 3-1: USB disconnect, device number 61 [ 663.677542][ T5822] Bluetooth: hci0: command 0x0c1a tx timeout [ 664.170155][ T2151] usb 5-1: new low-speed USB device number 68 using dummy_hcd [ 664.363713][ T2151] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 664.383173][ T2151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.413428][T13746] kvm: pic: single mode not supported [ 664.413634][T13746] kvm: pic: non byte read [ 664.425897][ T2151] usb 5-1: config 0 descriptor?? [ 664.874273][ T2151] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 664.925862][ T2151] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0 [ 664.982940][ T2151] asix 5-1:0.0: probe with driver asix failed with error -32 [ 665.671635][T13731] input: syz1 as /devices/virtual/input/input26 [ 665.740114][ T2151] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 665.950146][ T2151] usb 3-1: Using ep0 maxpacket: 8 [ 665.983254][ T2151] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 666.012353][ T2151] usb 3-1: config 179 has no interface number 0 [ 666.018691][ T2151] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 666.075948][ T2151] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 666.112042][ T2151] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 666.186251][ T2151] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 666.239712][ T2151] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 666.303071][ T2151] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 666.359979][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.389541][T13780] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 666.713591][ T2151] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input27 [ 666.901523][T13780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.949061][ T2151] usb 5-1: USB disconnect, device number 68 [ 667.020201][T13780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 667.072356][ C1] [ 667.074736][ C1] ======================================================== [ 667.081948][ C1] WARNING: possible irq lock inversion dependency detected [ 667.089141][ C1] 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 Not tainted [ 667.096232][ C1] -------------------------------------------------------- [ 667.103410][ C1] syz.5.2203/13806 just changed the state of lock: [ 667.109891][ C1] ffff888078de1230 (&dev->event_lock#2){..-.}-{3:3}, at: input_event+0x70/0xb0 [ 667.118854][ C1] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 667.126812][ C1] (tasklist_lock){.+.+}-{3:3} [ 667.126839][ C1] [ 667.126839][ C1] [ 667.126839][ C1] and interrupts could create inverse lock ordering between them. [ 667.126839][ C1] [ 667.145866][ C1] [ 667.145866][ C1] other info that might help us debug this: [ 667.153908][ C1] Chain exists of: [ 667.153908][ C1] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 667.153908][ C1] [ 667.167459][ C1] Possible interrupt unsafe locking scenario: [ 667.167459][ C1] [ 667.175759][ C1] CPU0 CPU1 [ 667.181113][ C1] ---- ---- [ 667.186461][ C1] lock(tasklist_lock); [ 667.190691][ C1] local_irq_disable(); [ 667.197424][ C1] lock(&dev->event_lock#2); [ 667.204613][ C1] lock(&client->buffer_lock); [ 667.211967][ C1] [ 667.215403][ C1] lock(&dev->event_lock#2); [ 667.220245][ C1] [ 667.220245][ C1] *** DEADLOCK *** [ 667.220245][ C1] [ 667.228369][ C1] 6 locks held by syz.5.2203/13806: [ 667.233549][ C1] #0: ffffffff8e4667d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x53/0xc0 [ 667.243462][ C1] #1: ffffffff8e6e8c68 (jump_label_mutex){+.+.}-{4:4}, at: __static_key_slow_dec_cpuslocked.part.0+0x18/0xf0 [ 667.255113][ C1] #2: ffffffff8e482de8 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_apply+0x17/0x30 [ 667.265544][ C1] #3: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: ___pte_offset_map+0x37/0x570 [ 667.275112][ C1] #4: ffff88801b86d078 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: __pte_offset_map_lock+0x10f/0x310 [ 667.285728][ C1] #5: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: xpad_irq_in+0x1343/0x2aa0 [ 667.295028][ C1] [ 667.295028][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 667.304388][ C1] -> (tasklist_lock){.+.+}-{3:3} { [ 667.309847][ C1] HARDIRQ-ON-R at: [ 667.314160][ C1] lock_acquire+0x179/0x350 [ 667.321003][ C1] _raw_read_lock+0x5f/0x70 [ 667.327845][ C1] __do_wait+0x105/0x890 [ 667.334425][ C1] do_wait+0x21e/0x5a0 [ 667.340841][ C1] kernel_wait+0x9f/0x160 [ 667.347513][ C1] call_usermodehelper_exec_work+0xf1/0x170 [ 667.355741][ C1] process_one_work+0x9cf/0x1b70 [ 667.363007][ C1] worker_thread+0x6c8/0xf10 [ 667.369927][ C1] kthread+0x3c5/0x780 [ 667.376323][ C1] ret_from_fork+0x5d4/0x6f0 [ 667.383252][ C1] ret_from_fork_asm+0x1a/0x30 [ 667.390348][ C1] SOFTIRQ-ON-R at: [ 667.394659][ C1] lock_acquire+0x179/0x350 [ 667.401499][ C1] _raw_read_lock+0x5f/0x70 [ 667.408339][ C1] __do_wait+0x105/0x890 [ 667.414922][ C1] do_wait+0x21e/0x5a0 [ 667.421330][ C1] kernel_wait+0x9f/0x160 [ 667.427999][ C1] call_usermodehelper_exec_work+0xf1/0x170 [ 667.436225][ C1] process_one_work+0x9cf/0x1b70 [ 667.443494][ C1] worker_thread+0x6c8/0xf10 [ 667.450414][ C1] kthread+0x3c5/0x780 [ 667.456818][ C1] ret_from_fork+0x5d4/0x6f0 [ 667.463751][ C1] ret_from_fork_asm+0x1a/0x30 [ 667.470858][ C1] INITIAL USE at: [ 667.475085][ C1] lock_acquire+0x179/0x350 [ 667.481845][ C1] _raw_write_lock_irq+0x36/0x50 [ 667.489032][ C1] copy_process+0x4caf/0x76a0 [ 667.495961][ C1] kernel_clone+0xfc/0x960 [ 667.502626][ C1] user_mode_thread+0xc7/0x110 [ 667.509639][ C1] rest_init+0x23/0x2b0 [ 667.516040][ C1] start_kernel+0x3ee/0x4d0 [ 667.522795][ C1] x86_64_start_reservations+0x18/0x30 [ 667.530506][ C1] x86_64_start_kernel+0x130/0x190 [ 667.537867][ C1] common_startup_64+0x13e/0x148 [ 667.545046][ C1] INITIAL READ USE at: [ 667.549706][ C1] lock_acquire+0x179/0x350 [ 667.556896][ C1] _raw_read_lock+0x5f/0x70 [ 667.564083][ C1] __do_wait+0x105/0x890 [ 667.571013][ C1] do_wait+0x21e/0x5a0 [ 667.577763][ C1] kernel_wait+0x9f/0x160 [ 667.584776][ C1] call_usermodehelper_exec_work+0xf1/0x170 [ 667.593364][ C1] process_one_work+0x9cf/0x1b70 [ 667.600982][ C1] worker_thread+0x6c8/0xf10 [ 667.608254][ C1] kthread+0x3c5/0x780 [ 667.615000][ C1] ret_from_fork+0x5d4/0x6f0 [ 667.622275][ C1] ret_from_fork_asm+0x1a/0x30 [ 667.629719][ C1] } [ 667.632548][ C1] ... key at: [] tasklist_lock+0x18/0x40 [ 667.640606][ C1] ... acquired at: [ 667.644737][ C1] _raw_read_lock+0x5f/0x70 [ 667.649403][ C1] send_sigurg+0xed/0xc80 [ 667.654238][ C1] sk_send_sigurg+0x76/0x360 [ 667.658992][ C1] unix_stream_sendmsg+0xeb3/0x11d0 [ 667.664356][ C1] ____sys_sendmsg+0xa98/0xc70 [ 667.669279][ C1] ___sys_sendmsg+0x134/0x1d0 [ 667.674121][ C1] __sys_sendmsg+0x16d/0x220 [ 667.678876][ C1] do_syscall_64+0xcd/0x4c0 [ 667.683546][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.689596][ C1] [ 667.691906][ C1] -> (&f_owner->lock){....}-{3:3} { [ 667.697374][ C1] INITIAL USE at: [ 667.701598][ C1] lock_acquire+0x179/0x350 [ 667.708180][ C1] _raw_write_lock_irq+0x36/0x50 [ 667.715191][ C1] __f_setown+0x61/0x3c0 [ 667.721514][ C1] generic_setlease+0xef2/0x1300 [ 667.728523][ C1] kernel_setlease+0x106/0x140 [ 667.735361][ C1] vfs_setlease+0x258/0x2d0 [ 667.741945][ C1] fcntl_setlease+0x3ed/0x5a0 [ 667.748695][ C1] do_fcntl+0x751/0x15a0 [ 667.755010][ C1] __x64_sys_fcntl+0x163/0x200 [ 667.761842][ C1] do_syscall_64+0xcd/0x4c0 [ 667.768423][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.776387][ C1] INITIAL READ USE at: [ 667.780964][ C1] lock_acquire+0x179/0x350 [ 667.787985][ C1] _raw_read_lock_irqsave+0x74/0x90 [ 667.795693][ C1] send_sigurg+0x5f/0xc80 [ 667.802524][ C1] sk_send_sigurg+0x76/0x360 [ 667.809626][ C1] unix_stream_sendmsg+0xeb3/0x11d0 [ 667.817334][ C1] ____sys_sendmsg+0xa98/0xc70 [ 667.824601][ C1] ___sys_sendmsg+0x134/0x1d0 [ 667.831794][ C1] __sys_sendmsg+0x16d/0x220 [ 667.838899][ C1] do_syscall_64+0xcd/0x4c0 [ 667.845916][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.854312][ C1] } [ 667.857054][ C1] ... key at: [] __key.1+0x0/0x40 [ 667.864417][ C1] ... acquired at: [ 667.868459][ C1] _raw_read_lock_irqsave+0x74/0x90 [ 667.873825][ C1] send_sigio+0x31/0x3e0 [ 667.878226][ C1] kill_fasync+0x214/0x510 [ 667.882802][ C1] sock_wake_async+0x132/0x160 [ 667.887721][ C1] unix_release_sock+0xb7d/0x12e0 [ 667.892909][ C1] unix_release+0x91/0xf0 [ 667.897404][ C1] __sock_release+0xb3/0x270 [ 667.902162][ C1] sock_close+0x1c/0x30 [ 667.906481][ C1] __fput+0x402/0xb70 [ 667.910627][ C1] task_work_run+0x14d/0x240 [ 667.915374][ C1] get_signal+0x1d1/0x26d0 [ 667.919954][ C1] arch_do_signal_or_restart+0x8f/0x7d0 [ 667.925670][ C1] exit_to_user_mode_loop+0x84/0x110 [ 667.931125][ C1] do_syscall_64+0x3f6/0x4c0 [ 667.935895][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.941949][ C1] [ 667.944255][ C1] -> (&new->fa_lock){....}-{3:3} { [ 667.949540][ C1] INITIAL USE at: [ 667.953589][ C1] lock_acquire+0x179/0x350 [ 667.959997][ C1] _raw_write_lock_irq+0x36/0x50 [ 667.966840][ C1] fasync_remove_entry+0xb2/0x1e0 [ 667.973784][ C1] fasync_helper+0xaf/0xd0 [ 667.980128][ C1] pipe_fasync+0xc7/0x200 [ 667.986368][ C1] __fput+0x968/0xb70 [ 667.992260][ C1] task_work_run+0x14d/0x240 [ 667.998750][ C1] exit_to_user_mode_loop+0xeb/0x110 [ 668.005935][ C1] do_syscall_64+0x3f6/0x4c0 [ 668.012428][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.020220][ C1] INITIAL READ USE at: [ 668.024706][ C1] lock_acquire+0x179/0x350 [ 668.031548][ C1] _raw_read_lock_irqsave+0x74/0x90 [ 668.039113][ C1] kill_fasync+0x138/0x510 [ 668.045878][ C1] do_splice+0x80c/0x1fc0 [ 668.052556][ C1] __do_splice+0x15d/0x360 [ 668.059308][ C1] __x64_sys_splice+0x187/0x250 [ 668.066497][ C1] do_syscall_64+0xcd/0x4c0 [ 668.073340][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.081565][ C1] } [ 668.084221][ C1] ... key at: [] __key.0+0x0/0x40 [ 668.091501][ C1] ... acquired at: [ 668.095459][ C1] _raw_read_lock_irqsave+0x74/0x90 [ 668.100920][ C1] kill_fasync+0x138/0x510 [ 668.105496][ C1] evdev_pass_values+0x619/0x9b0 [ 668.110601][ C1] evdev_events+0x1bb/0x390 [ 668.115267][ C1] input_pass_values+0x6c4/0x890 [ 668.120367][ C1] input_handle_event+0xf00/0x14d0 [ 668.125642][ C1] input_inject_event+0x1cd/0x390 [ 668.130833][ C1] evdev_write+0x457/0x750 [ 668.135415][ C1] vfs_write+0x29d/0x1150 [ 668.139910][ C1] ksys_write+0x1f8/0x250 [ 668.144409][ C1] do_syscall_64+0xcd/0x4c0 [ 668.149080][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.155159][ C1] [ 668.157466][ C1] -> (&client->buffer_lock){....}-{3:3} { [ 668.163279][ C1] INITIAL USE at: [ 668.167242][ C1] lock_acquire+0x179/0x350 [ 668.173475][ C1] _raw_spin_lock+0x2e/0x40 [ 668.179701][ C1] evdev_handle_get_val+0x66/0x600 [ 668.186541][ C1] evdev_do_ioctl+0x800/0x1b30 [ 668.193033][ C1] evdev_ioctl+0x16f/0x1a0 [ 668.199176][ C1] __x64_sys_ioctl+0x18b/0x210 [ 668.205662][ C1] do_syscall_64+0xcd/0x4c0 [ 668.211896][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.219512][ C1] } [ 668.222079][ C1] ... key at: [] __key.1+0x0/0x40 [ 668.229287][ C1] ... acquired at: [ 668.233186][ C1] _raw_spin_lock+0x2e/0x40 [ 668.237863][ C1] evdev_handle_get_val+0x66/0x600 [ 668.243143][ C1] evdev_do_ioctl+0x800/0x1b30 [ 668.248074][ C1] evdev_ioctl+0x16f/0x1a0 [ 668.252649][ C1] __x64_sys_ioctl+0x18b/0x210 [ 668.257570][ C1] do_syscall_64+0xcd/0x4c0 [ 668.262239][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.268292][ C1] [ 668.270597][ C1] -> (&dev->event_lock#2){..-.}-{3:3} { [ 668.276172][ C1] IN-SOFTIRQ-W at: [ 668.280136][ C1] lock_acquire+0x179/0x350 [ 668.286281][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 668.293141][ C1] input_event+0x70/0xb0 [ 668.299027][ C1] xpad360_process_packet.part.0+0xed/0xce0 [ 668.306569][ C1] xpad_irq_in+0x1414/0x2aa0 [ 668.312791][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0 [ 668.319807][ C1] usb_hcd_giveback_urb+0x39b/0x450 [ 668.326645][ C1] dummy_timer+0x180e/0x3a20 [ 668.332872][ C1] __hrtimer_run_queues+0x1ff/0xad0 [ 668.339707][ C1] hrtimer_run_softirq+0x17d/0x350 [ 668.346454][ C1] handle_softirqs+0x219/0x8e0 [ 668.352860][ C1] __irq_exit_rcu+0x109/0x170 [ 668.359173][ C1] irq_exit_rcu+0x9/0x30 [ 668.365053][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 668.372329][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 668.379946][ C1] __text_poke+0x4bc/0xb70 [ 668.385998][ C1] smp_text_poke_batch_finish+0x653/0xdb0 [ 668.393357][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 668.400973][ C1] jump_label_update+0x376/0x550 [ 668.407547][ C1] __static_key_slow_dec_cpuslocked.part.0+0xc0/0xf0 [ 668.415857][ C1] static_key_slow_dec+0x7c/0xc0 [ 668.422431][ C1] kvm_free_lapic+0x184/0x1c0 [ 668.428745][ C1] kvm_arch_vcpu_destroy+0x264/0x440 [ 668.435669][ C1] kvm_destroy_vcpus+0x24e/0x3c0 [ 668.442243][ C1] kvm_arch_destroy_vm+0x87/0x2f0 [ 668.448907][ C1] kvm_put_kvm+0x4f2/0xb40 [ 668.454969][ C1] kvm_vm_release+0x3c/0x50 [ 668.461115][ C1] __fput+0x402/0xb70 [ 668.466739][ C1] task_work_run+0x14d/0x240 [ 668.472964][ C1] exit_to_user_mode_loop+0xeb/0x110 [ 668.479888][ C1] do_syscall_64+0x3f6/0x4c0 [ 668.486131][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.493678][ C1] INITIAL USE at: [ 668.497555][ C1] lock_acquire+0x179/0x350 [ 668.503631][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 668.510412][ C1] input_inject_event+0x9f/0x390 [ 668.516915][ C1] led_set_brightness+0x217/0x290 [ 668.523492][ C1] kbd_led_trigger_activate+0xcb/0x110 [ 668.530509][ C1] led_trigger_set+0x59a/0xc50 [ 668.536825][ C1] led_trigger_set_default+0x1e0/0x2e0 [ 668.543848][ C1] led_classdev_register_ext+0x7b8/0xa10 [ 668.551032][ C1] input_leds_connect+0x552/0x8e0 [ 668.557612][ C1] input_attach_handler.isra.0+0x181/0x260 [ 668.564976][ C1] input_register_device+0xa84/0x1130 [ 668.571903][ C1] atkbd_connect+0x5da/0xa20 [ 668.578049][ C1] serio_driver_probe+0x74/0xb0 [ 668.584456][ C1] really_probe+0x23e/0xa90 [ 668.590512][ C1] __driver_probe_device+0x1de/0x440 [ 668.597352][ C1] driver_probe_device+0x4c/0x1b0 [ 668.603946][ C1] __driver_attach+0x283/0x580 [ 668.610266][ C1] bus_for_each_dev+0x13b/0x1d0 [ 668.616667][ C1] serio_handle_event+0x247/0xa50 [ 668.623241][ C1] process_one_work+0x9cf/0x1b70 [ 668.629732][ C1] worker_thread+0x6c8/0xf10 [ 668.635870][ C1] kthread+0x3c5/0x780 [ 668.641491][ C1] ret_from_fork+0x5d4/0x6f0 [ 668.647637][ C1] ret_from_fork_asm+0x1a/0x30 [ 668.653956][ C1] } [ 668.656458][ C1] ... key at: [] __key.7+0x0/0x40 [ 668.663560][ C1] ... acquired at: [ 668.667346][ C1] __lock_acquire+0x8a5/0x1c90 [ 668.672282][ C1] lock_acquire+0x179/0x350 [ 668.676949][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 668.682334][ C1] input_event+0x70/0xb0 [ 668.686743][ C1] xpad360_process_packet.part.0+0xed/0xce0 [ 668.692806][ C1] xpad_irq_in+0x1414/0x2aa0 [ 668.697551][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0 [ 668.703090][ C1] usb_hcd_giveback_urb+0x39b/0x450 [ 668.708449][ C1] dummy_timer+0x180e/0x3a20 [ 668.713210][ C1] __hrtimer_run_queues+0x1ff/0xad0 [ 668.718568][ C1] hrtimer_run_softirq+0x17d/0x350 [ 668.723842][ C1] handle_softirqs+0x219/0x8e0 [ 668.728765][ C1] __irq_exit_rcu+0x109/0x170 [ 668.733602][ C1] irq_exit_rcu+0x9/0x30 [ 668.738103][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 668.743899][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 668.750045][ C1] __text_poke+0x4bc/0xb70 [ 668.754623][ C1] smp_text_poke_batch_finish+0x653/0xdb0 [ 668.760505][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 668.766657][ C1] jump_label_update+0x376/0x550 [ 668.771754][ C1] __static_key_slow_dec_cpuslocked.part.0+0xc0/0xf0 [ 668.778587][ C1] static_key_slow_dec+0x7c/0xc0 [ 668.783684][ C1] kvm_free_lapic+0x184/0x1c0 [ 668.788517][ C1] kvm_arch_vcpu_destroy+0x264/0x440 [ 668.793964][ C1] kvm_destroy_vcpus+0x24e/0x3c0 [ 668.799061][ C1] kvm_arch_destroy_vm+0x87/0x2f0 [ 668.804269][ C1] kvm_put_kvm+0x4f2/0xb40 [ 668.808876][ C1] kvm_vm_release+0x3c/0x50 [ 668.813559][ C1] __fput+0x402/0xb70 [ 668.817713][ C1] task_work_run+0x14d/0x240 [ 668.822462][ C1] exit_to_user_mode_loop+0xeb/0x110 [ 668.827905][ C1] do_syscall_64+0x3f6/0x4c0 [ 668.832662][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.838712][ C1] [ 668.841019][ C1] [ 668.841019][ C1] stack backtrace: [ 668.846895][ C1] CPU: 1 UID: 0 PID: 13806 Comm: syz.5.2203 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full) [ 668.846916][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 668.846927][ C1] Call Trace: [ 668.846932][ C1] [ 668.846938][ C1] dump_stack_lvl+0x116/0x1f0 [ 668.846962][ C1] print_irq_inversion_bug.part.0+0x212/0x270 [ 668.846989][ C1] mark_lock+0x2e5/0x610 [ 668.847014][ C1] __lock_acquire+0x8a5/0x1c90 [ 668.847038][ C1] ? __lock_acquire+0x622/0x1c90 [ 668.847062][ C1] lock_acquire+0x179/0x350 [ 668.847085][ C1] ? input_event+0x70/0xb0 [ 668.847106][ C1] ? lock_acquire+0x179/0x350 [ 668.847130][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 668.847152][ C1] ? input_event+0x70/0xb0 [ 668.847171][ C1] input_event+0x70/0xb0 [ 668.847191][ C1] xpad360_process_packet.part.0+0xed/0xce0 [ 668.847219][ C1] xpad_irq_in+0x1414/0x2aa0 [ 668.847235][ C1] __usb_hcd_giveback_urb+0x38a/0x6e0 [ 668.847259][ C1] usb_hcd_giveback_urb+0x39b/0x450 [ 668.847281][ C1] dummy_timer+0x180e/0x3a20 [ 668.847308][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 668.847321][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 668.847335][ C1] ? mark_held_locks+0x49/0x80 [ 668.847356][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 668.847378][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 668.847391][ C1] __hrtimer_run_queues+0x1ff/0xad0 [ 668.847410][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 668.847427][ C1] ? read_tsc+0x9/0x20 [ 668.847447][ C1] hrtimer_run_softirq+0x17d/0x350 [ 668.847464][ C1] handle_softirqs+0x219/0x8e0 [ 668.847485][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 668.847504][ C1] __irq_exit_rcu+0x109/0x170 [ 668.847522][ C1] irq_exit_rcu+0x9/0x30 [ 668.847538][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 668.847560][ C1] [ 668.847565][ C1] [ 668.847571][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 668.847588][ C1] RIP: 0010:__text_poke+0x4bc/0xb70 [ 668.847604][ C1] Code: 00 48 85 db 0f 85 d2 02 00 00 e8 bf ab 5c 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 1d a7 5c 00 48 85 db 0f 85 a3 05 00 00 9f ab 5c 00 48 8b bc 24 80 00 00 00 e8 c2 f3 22 0a e8 ad 50 20 [ 668.847621][ C1] RSP: 0018:ffffc900043df9b8 EFLAGS: 00000293 [ 668.847635][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815f73da [ 668.847645][ C1] RDX: ffff88803570a440 RSI: ffffffff815f73e8 RDI: 0000000000000007 [ 668.847656][ C1] RBP: ffffffff81527c04 R08: 0000000000000007 R09: 0000000000000000 [ 668.847666][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000c05 [ 668.847675][ C1] R13: ffff888023fec080 R14: 0000000000000001 R15: 8000000000000063 [ 668.847687][ C1] ? vmx_vcpu_reset+0x2814/0x2bc0 [ 668.847712][ C1] ? __text_poke+0x78a/0xb70 [ 668.847726][ C1] ? __text_poke+0x798/0xb70 [ 668.847741][ C1] ? __text_poke+0x798/0xb70 [ 668.847755][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 668.847771][ C1] ? __pfx___text_poke+0x10/0x10 [ 668.847786][ C1] ? vmx_vcpu_reset+0x2814/0x2bc0 [ 668.847809][ C1] smp_text_poke_batch_finish+0x653/0xdb0 [ 668.847832][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 668.847852][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 668.847874][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 668.847894][ C1] jump_label_update+0x376/0x550 [ 668.847913][ C1] __static_key_slow_dec_cpuslocked.part.0+0xc0/0xf0 [ 668.847932][ C1] static_key_slow_dec+0x7c/0xc0 [ 668.847949][ C1] kvm_free_lapic+0x184/0x1c0 [ 668.847965][ C1] kvm_arch_vcpu_destroy+0x264/0x440 [ 668.847986][ C1] kvm_destroy_vcpus+0x24e/0x3c0 [ 668.848004][ C1] ? __pfx_kvm_destroy_vcpus+0x10/0x10 [ 668.848021][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 668.848044][ C1] kvm_arch_destroy_vm+0x87/0x2f0 [ 668.848064][ C1] kvm_put_kvm+0x4f2/0xb40 [ 668.848089][ C1] ? __pfx_kvm_vm_release+0x10/0x10 [ 668.848111][ C1] kvm_vm_release+0x3c/0x50 [ 668.848133][ C1] __fput+0x402/0xb70 [ 668.848157][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 668.848178][ C1] task_work_run+0x14d/0x240 [ 668.848194][ C1] ? __pfx_task_work_run+0x10/0x10 [ 668.848209][ C1] ? __pfx___do_sys_close_range+0x10/0x10 [ 668.848235][ C1] exit_to_user_mode_loop+0xeb/0x110 [ 668.848252][ C1] do_syscall_64+0x3f6/0x4c0 [ 668.848275][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.848291][ C1] RIP: 0033:0x7f93b3b8e929 [ 668.848303][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.848319][ C1] RSP: 002b:00007ffe3c4d8c18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 668.848333][ C1] RAX: 0000000000000000 RBX: 00000000000a2c5a RCX: 00007f93b3b8e929 [ 668.848343][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 668.848352][ C1] RBP: 00007f93b3db7ba0 R08: 0000000000000001 R09: 000000043c4d8f0f [ 668.848362][ C1] R10: 00007f93b3a00000 R11: 0000000000000246 R12: 00007f93b3db5fac [ 668.848372][ C1] R13: 00007f93b3db5fa0 R14: ffffffffffffffff R15: 00007ffe3c4d8d30 [ 668.848386][ C1] [ 669.386792][ T9] usb 3-1: USB disconnect, device number 62 [ 669.386866][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 669.401404][ T9] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 669.402567][ C1] dummy_hcd dummy_hcd.2: timer fired with no URBs pending?