last executing test programs: 12.19651254s ago: executing program 4 (id=393): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x800, 0x70bd26, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff1, 0x9}, {0x1, 0xc}, {0xfff3, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x44045}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f0000004a80)=0xffff8000, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) syz_io_uring_setup(0x49f, 0x0, &(0x7f0000000340), &(0x7f0000000040)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = userfaultfd(0x801) r4 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, 0x0, &(0x7f0000000280)) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000000200)=""/104, 0x68}], 0x1, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) read$msr(r1, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r6 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_restrict_self(r6, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 11.136980806s ago: executing program 4 (id=394): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xfffffffc}, 0x10) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000001a00010027bd70000000000002202000000020"], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x48010) 11.076114816s ago: executing program 4 (id=395): r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a440000102030109021b00010100c00009040000020701010009050102"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) (fail_nth: 2) 8.024546048s ago: executing program 4 (id=409): prlimit64(0x0, 0x5, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rmdir(0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYRESOCT=r0, @ANYBLOB="54a49df728783c421c3d9a7cf41a13853a3a8151d2cf8c6a3dfed43c82f978f3c7d4309d337940a7884fcb72bda8abafbf0398139e676c7f524a1bdca9df6d29e893502b55f8b6316f62df384c72cc1467844ae90000a17b0c6b89542427799c184093fb1637eb45", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000900)={r5, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=r5, @ANYBLOB="03004b002c2a3a34c5f0e6c5446002ed3af0350600c8f54496c308b28a7de3ab17abf3f039f14e4b3d756a4447238ee284908e446cf1b6a88110fa73c430050b7371756eec3ab6e07d9c6341490195"], 0x53) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdeeH\xe5+\xf0', 0xffffffffffffffff) timer_create(0x2, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f0000000040)) openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x80, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4}}}}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000af00000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0x7406, 0x0, &(0x7f00000003c0)="452846938cebbd031f4d", 0x0, 0x7406, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r8 = socket$nl_route(0x10, 0x3, 0x0) write(r8, &(0x7f00000006c0)="240000005800410f9c00f4f90085b3029b05fddf080001006c01000008000280010000009b02acd9f9d0d50ed7c3ecb888d374589cc11f8a0af2c54c5923854c9c789e31000097ffffffffd333d17b62d4d640ea6fa1c9028b2e3111d8d969cffe21ec7352a6a16817698efb8f71eb99f9489adcc75059019518d73b697e9172b57868621ffbed681619c8d11961753a6c34ebb8cba30301be3c43ebcfb2521f20c585188528c4199f00a66ca4d524e090afdc336a5a377980c0c1753f1e2d98b00d43bcc43a6d86cd410ea15a71c4c9dfb4fee51ef80cf9014853acaf4e699213118bb06e4dc134bff45d53a327252d304dac10c269227fc35477400924cba56dd5b2a6679cc575403f3ef8244ff8eda9fd4c760bf18569a82976dbc68557f1effc57167ab665206d551308427f69790cfe5f3a3dc612bca5fcac5b009c60a5c02eb656229723cf328e9e8f6aa99d70d193ca5b74e858013502f3bd2a2a306d382dea2d0d990e3a76a88e67b59a4d4cee1c53d45c725824642371f58abae17e63ae8330011171387d209006f72cb37dc13efaa0bf8b7ca14040472da3ba33639206a3ef6dbc82d0cf52b4e98e247da0c3a531f2c5736916b07fade94730602c095c0fc1ebe57d0864463d7336c29caf6b0f9ab6f95342bcabf7957742ca50e06e2d028b1f8e72544e546d1ad62cae8e4b9f339a3a033ce69d4db27516d21b7aad6e94b06592f551e306bf6d72854590b257cf2d298625419ffc45f87abc44b18aec35001b52c405d1d80dbf65783f0c", 0x230) 7.835161304s ago: executing program 2 (id=411): openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x80400, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, &(0x7f00000000c0)=0x58, 0x5) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000100)=@req3={0x6, 0xb, 0x6, 0x10000, 0x1, 0x6}, 0x1c) r5 = openat$cgroup_devices(r2, 0x0, 0x2, 0x0) r6 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_WKALM_SET(r6, 0x4028700f, &(0x7f0000000040)={0x1, 0xfc, {0x0, 0x20, 0x5, 0x4, 0x3, 0x8000, 0x4, 0x2}}) write$cgroup_devices(r5, &(0x7f0000000080)=ANY=[@ANYBLOB='c '], 0x25) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x4c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x7}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x7}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_MODE={0xa, 0x2, {0x9, 0x1}}, @NFULA_CFG_MODE={0xa, 0x2, {0x5654021a}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008001}, 0x9858) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 6.870179126s ago: executing program 2 (id=414): r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) timer_create(0x3, 0x0, &(0x7f0000000140)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x49a, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x3, 0x400000000001, 0x9, 0x0, 0xf, 0x80000002, 0x2}, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) syz_open_dev$MSR(0x0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x0, 0x35315258, 0xf00, 0x870, 0x0, @stepwise={{0x3bd, 0x7}, {0x4006, 0x38a}, {0x16e0, 0x5}}}) 6.458823709s ago: executing program 2 (id=416): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x2c, &(0x7f0000000000)=[@in={0x2, 0x0, @broadcast}, @in6={0xa, 0x4e23, 0x4000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xf4}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000340)={r1, @in={{0x2, 0x4e21, @local}}, [0x2, 0x7, 0xc0e, 0x8, 0x8657, 0x7, 0xfff, 0x7, 0x101, 0x9, 0xfffffffffffffffe, 0x7, 0x1480000000, 0x8000, 0x7]}, &(0x7f0000000100)=0x100) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000180)={'gre0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x1, &(0x7f0000000100)=0x5) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000340)={[{0x522e, 0x3, 0x14, 0x0, 0x0, 0x4, 0xc, 0x0, 0x5, 0xff, 0x23, 0x0, 0x10000}, {0x3, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc, 0x0, 0x0, 0x4000000000000}, {0x0, 0x0, 0x3c, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x63, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1300000000000000) listen(r2, 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000040", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) 5.581868635s ago: executing program 0 (id=418): writev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000c80)="19a316acadc23c5786641b2c2ab7a2ae60a3d5c4bee4041f6f0a301dc15f6d2608b8a91e6a235c2c7cb5c8ce927169ac9f6b536809fc677ca3e11f58c23e19663e3e410ef742b605c076ff862fe86854255cf1d993b1e4bb252669affc0368fe5cb3a6dd53151ad06622a33a4373863eaca32ca3b9600870efd3a6ff9340a2b68bab7a3487ae9b8563aed9af72e4f029a3f021b0e138fe306c61072ee12dd17f3246bb04e5f342b4f1bcfcba7031a9424b725040e30e320a9bc2c674811a1650f6c31bcdb5000744dd44", 0xca}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x7, 0x6, 0x4, '\x00', 0x3}) (async, rerun: 32) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) (rerun: 32) read(r3, &(0x7f00000002c0)=""/150, 0x96) ioctl$vim2m_VIDIOC_G_FMT(r3, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x7, 0x0, 0x0, 0x0, 0x0}}) 5.041894075s ago: executing program 2 (id=419): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r1 = socket$inet(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="14010000340001000000000000000000020100800c00fe00000000000000000014000100"/46], 0x114}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x4}, 0x8) sendto$inet6(r5, &(0x7f0000000000)="99", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2, 0x4}, 0x1c) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, 0x0}) syz_emit_ethernet(0x2a, &(0x7f0000000200)={@local, @remote, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @loopback}}}}, 0x0) sendto$inet6(r5, &(0x7f0000000180)="f6", 0x1, 0x20000050, &(0x7f0000000200)={0xa, 0x4e22, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x0, 0xef1}, 0x8) syz_usb_disconnect(r0) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081020100bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030200030000001d440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) writev(r9, &(0x7f0000002580)=[{&(0x7f0000000400)="df", 0x1}], 0x1) syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) 4.524615129s ago: executing program 0 (id=423): r0 = syz_io_uring_setup(0x31c7, &(0x7f0000000400)={0x0, 0x0, 0x2}, 0x0, &(0x7f00000005c0)) syz_io_uring_setup(0x3c5f, &(0x7f0000000240)={0x0, 0x0, 0x27, 0x2, 0x0, 0x0, r0}, &(0x7f00000002c0), &(0x7f0000000300)) 4.356809832s ago: executing program 4 (id=424): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x8b1b, &(0x7f0000000040)) 4.332634184s ago: executing program 0 (id=425): openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@empty, 0x6, 0x1, 0x103, 0x10, 0x0, 0x2}, 0x20) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000400)={'ip_vti0\x00', 0x0, 0x0, 0x40, 0xfffffff7, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfd, 0x0, 0x0, @multicast2, @broadcast}}}}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(0xffffffffffffffff, 0x8b1b, &(0x7f0000000040)) 4.277266423s ago: executing program 0 (id=426): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x740, 0x328, 0x580, 0x580, 0xd0, 0x328, 0x670, 0x670, 0x670, 0x670, 0x670, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0x230, 0x258, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x8, 0x5, 0x3c, 0x97, 0x6, 0x401, 0x4, 0x120e, 0x18, 0x40}, {0x5}}}, @common=@srh={{0x30}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7a0) 4.184056851s ago: executing program 1 (id=428): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002a80)=[{&(0x7f0000002800)='A', 0x1}], 0x1}, 0x4040) sendmsg$inet(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000002d80)=[{&(0x7f0000002c40)='4', 0x1}], 0x1}, 0x4841) 4.157223417s ago: executing program 0 (id=429): unshare(0x6a040000) r0 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x10, r0, 0xc3490000) unshare(0x20000080) socket$kcm(0x2, 0xa, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x1, 0x4, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001180)=ANY=[@ANYBLOB="300000002000010000000000000000000200000000000000000000000c00144000000000000000000500130001"], 0x30}}, 0x0) 3.426909617s ago: executing program 4 (id=430): ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000480)="77a78ea3071426ba4221162ec54dce94159534eb4b5f6d698f8378674237f2c49055fc4d464b42389cf32ad5f179d986c7cd99bf5ae21924288ed0650396503de7a65c9745f65dcaf9b1e5d4965ef09437b3dbf162c120ad5f83a9f9e8ff43530c8960f0d9a9333843bb706aeb8822dc78f802a9f2be218271aa6e66aafeb3af90bed085619c4fa0c61af8eb204295acc74c") r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090224000100000000090400050103000000092105000001220500090581030002000007"], 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000140)={0x0, 0x9, 0xa0, "6a12173cf04e47ffb033222482012491e0608c69c9bf69d8f35aea42f747c94958756a076fcd90451553da48a3132e38dcbad1db544661b04b9c5039c42ff8bc0b204ed233066be175e9c66f3ac9d94c5bbb0000c226abef53431f0c871cbf3aa1fcadff4b8e6f5dee67ad12ee9b6a742fe643616f62eb96d9fc2c22b874232bca9f702a38e34f7ce626850b000000000000001f301928fc5f2b30ec5e2a47e4"}, 0xa8) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0xee01, 0xee01, 0x0) setreuid(0xee01, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000080)='P') 3.125839253s ago: executing program 1 (id=431): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_sctp(0x2, 0x5, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x0, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='4'], 0x34}, 0x1, 0x0, 0x0, 0x200040c1}, 0x8004) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r5 = socket(0x10, 0x3, 0x6) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="f0000000160001000000000000000000ac1414aa000000000000000000000000fe800000000000000000000000000013000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="200100000000000000000000000000000033000000ac1414aa00000000000000000000000005000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010a0001000000000000000000"], 0xf0}}, 0x0) r7 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0xa, 0x0, 0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x2000]}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x5, 0x5, 0x1, 0x1, 0x10, 0x8}}, {0x4}}]}]}, 0xac}}, 0x20000000) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) 2.227765728s ago: executing program 3 (id=432): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback=0x7f000011, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) (fail_nth: 2) 1.856225454s ago: executing program 1 (id=433): r0 = socket$can_raw(0x1d, 0x3, 0x1) unshare(0x22020400) setsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, 0x0, 0x0) 1.737419897s ago: executing program 3 (id=434): socket(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet(0x2, 0x2, 0x1) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=0x0, @ANYBLOB="ed"], 0x20) (fail_nth: 2) 1.736305527s ago: executing program 1 (id=435): r0 = syz_io_uring_setup(0x31c7, &(0x7f0000000400)={0x0, 0x0, 0x2}, 0x0, &(0x7f00000005c0)) syz_io_uring_setup(0x3c5f, &(0x7f0000000240)={0x0, 0x0, 0x27, 0x2, 0x0, 0x0, r0}, &(0x7f00000002c0), &(0x7f0000000300)) 1.343038581s ago: executing program 1 (id=436): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) msgsnd(0x0, 0x0, 0x27, 0x0) r0 = syz_io_uring_setup(0x121c, &(0x7f0000000480)={0x0, 0xfffffffd, 0x80, 0x3, 0x34e}, &(0x7f0000000980)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r3 = socket(0x2a, 0x2, 0xfffffffe) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x27, 0x2000, @fd_index=0x9, 0x6, &(0x7f0000000800)=[{&(0x7f00000001c0)="73677e728d880f93eaef590eacc50117d2c09fe256bade53f1f33e45c969dde970bf529b6b29faadd4305a0e4dbb9e33acecf2848dc41fc3", 0x38}, {&(0x7f0000000300)="90e4587273867da50f581c4a3833d18ba7ce51a8c39387bc6941d7db9cf9ab9852c5c8da0d2970d5f64f1add3b8849b280b4155f7aa30fbb8ef7cc98406d148cdcdcbfed1e2868f772bdd7acfb7cc4b01d0e3f060f1689c1fe89d1f26481dd8ab7da7c296f00ae0f2695a45115e230afa45ed0cecde0b1e7f90ec81d4ebea2cf2c50ebd59c84af5f246117efca02ad00c83ccf5aeb9f42fd2e974a2a393c77716eda248aa08cb0ae375a59b0b111804c768ac1795dc95a95f3ac0778bcc804f854a0900fb8ff5e17007a089c1f925cc9d3da2e1929ec4f5a0068eb3a8b157933f825768c31c17403", 0xe8}, {&(0x7f0000000880)="3d59ae5bb45e27b7e0272cf3374721435b621c4326443284136f81f114f136b1d0a14e011a5a0f47540101c6f8eff44e16773bd9d87d572fd5d90bed4c6b81c6769df884792d9d0ce1018472ce715f8541e570ef7db5be34ce351457599cf926773fd1856ec96e794b3a0329135e3ebb6e985ba8bbc611b6f2723b2860a25feb99d5a9e734a6f3b88f32a594307059710327609e5edeb231351c7b477d2a70cb70048aca736a449f834423fc77cb019d262c41a68cec8ea9523259531ab5da5664c1faf0e00ce8cf1864d1f02e844bc0bf92ab66145fc6a60670649f9da44bbb9aaf398608afd27a6034fb8eb133bd76", 0xf0}, {&(0x7f0000000680)="3d08d161b5c848d1937b9b4c1b1a856481afca5dfc8fdc0e3b837b64e478542109075fc3a732425ce30880af316ef9246c254f19f7032159188752464c2a4d258ccb0db7", 0x44}, {&(0x7f0000000580)="688039857804e2006695e884425946a899aacfa3256019679136ca43977bf652c0d60d3a9a59321515cbfdcb705d677b2207dbe66119e99f51b9165221e0ecd2b7a9396c7a89f4a26ae64f8a18b97a85faf791a17a3b889381413af96ecec5b8a27a8a808b37ad8b71131e12f311acd82b36d574f7090bde1816a74f2932bdabad1a6e35a3ae98a3f1f1c39a2c94b869bc1a51a487ccbbe69e84a8bb89113e1912e117c3299cd5a1c25b0a732f9574e6214c99ab6c6909585208b3599aa717e4e35bb3134bac401e", 0xc8}], 0x5, 0x12, 0x1}) io_uring_enter(r0, 0x47bc, 0xa8be, 0x0, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x1f, 0x109001) 1.30420942s ago: executing program 3 (id=437): openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@empty, 0x6, 0x1, 0x103, 0x10, 0x0, 0x2}, 0x20) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000400)={'ip_vti0\x00', 0x0, 0x0, 0x40, 0xfffffff7, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfd, 0x0, 0x0, @multicast2, @broadcast}}}}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(0xffffffffffffffff, 0x8b1b, &(0x7f0000000040)) 996.89051ms ago: executing program 3 (id=438): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) getrusage(0xffffffffffffffff, &(0x7f0000000140)) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230000) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x40047452, 0xf0ff1f00000000) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r5 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x4}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 651.020853ms ago: executing program 2 (id=439): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @empty, 0x3}, 0x1c) listen(r1, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x74, &(0x7f0000000440)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f800", 0x3e, 0x6, 0x0, @remote, @mcast1, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x40}, {"8950c647f77b448b0b3107c16ab4372e7f2b2388141bef6caeeb6f3a235f34e7d51a8217a0f1c25eee35"}}}}}}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000040)=0x5, 0x4) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x20000400) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2566e506bce1e8", 0x14}], 0x41}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x29, 0x5, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) recvmsg(0xffffffffffffffff, 0x0, 0x40010000) socket$nl_route(0x10, 0x3, 0x0) 458.652573ms ago: executing program 3 (id=440): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x8b1b, &(0x7f0000000040)) 328.903004ms ago: executing program 2 (id=441): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020435581000000000000010902240001000000000904e200010300000009210000000122290009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000012c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x7, [@var={0x5, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x0, 0x0, 0x5}, @volatile={0x0, 0x0, 0x0, 0xb, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x47}, 0x20) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x3, 0x91, 0xea, 0x40, 0x547, 0x2720, 0xde7f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x5a, 0x0, 0x0, 0x28, 0xfc, 0x89}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) 220.762017ms ago: executing program 0 (id=442): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffffffc, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x400000bce) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000180)=0x3, 0x4) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x61}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, 0x1, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xd}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040890}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000740)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) write$smackfs_access(r3, &(0x7f0000000780)=ANY=[@ANYBLOB='* * X'], 0x9) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x4, 0xfd, 0x1, 0x6, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0x96}, 0xe) r5 = syz_open_procfs(0x0, &(0x7f0000000380)='numa_maps\x00') openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000009ee50000000000500000000000000001000000f7b25a6b000000000000"], 0x48) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x15, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000fcffffff000000008000000818110000d88b14aa12840266e1311ccd061cffe7203c", @ANYRES8=0x0, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r6, @ANYBLOB="0000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70462907900000200000085000000a80000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) pread64(r5, &(0x7f0000001180)=""/4107, 0x100b, 0x200280) 24.397684ms ago: executing program 3 (id=443): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r3, 0x5761, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000000000000ff014000000000000000000000000000000000000000080000000000000000000000000000000000000000000043f05d9ab7250615202a6dacfaa9b645926c9113803d18ae20d5e155089231d7c361d56329eebe12d481602b52fd165032dba5fbc5109dfd3f21683cda887537544aa3c660267a3f94f8e2f3e3e2646349dc3c28571d9e03e4d387ba7c80248e3288a385bbac3703557ea200785df8b5e03719800ff652df012e733ada924e7e80c266d7d06eeeb764e10c00a28bb7ceb1f62350255026cfd9802d2a86f1c364404ef097e16c0334fe48acc89a481ffe40188d5c678d5bdfb0daf210ae26e81cd495e804b14fc721c393955d81c9f93228f32268ba71ac"]) close_range(r2, r3, 0x0) readlinkat(r3, &(0x7f0000000300)='./file0\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000b73800000000000000000000000000000000000000000000008ef8762e429367db972ad7d7906b438b90f813cca4217495d130830060689c261aac5d5b402562eb008b0dc869fa5c33927cc62a39e992058fd976d47c4c20cf3ddc295bb5d4ead9e039b27989954da03b5100790d5ee320a833143bf5"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bind$ax25(r0, &(0x7f0000000140)={{0x3, @default}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @bcast]}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000000b01"]) chdir(&(0x7f0000000540)='./cgroup\x00') r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open_by_handle_at(r8, &(0x7f0000000040)=@reiserfs_2={0x8, 0xfe, {0xb}}, 0xfe) socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000080), &(0x7f0000000100)=0x4) r9 = userfaultfd(0x80001) ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000103000/0x2000)=nil, 0x2000}, 0x2}) ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000c66000/0x3000)=nil, 0x3000}, 0x1}) 0s ago: executing program 1 (id=444): socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000000c0)={0x0, 0x72, "c8e98e13d15f52a2f15fb6aed0544addf53f4cf1291a2a07444bf45a63c35ae0dbce1d47a06966a989b3a99ccfdc485b40230b06faddc90f1af667b3731a9832682f0b7a8e91296f0f3b55bc57d1f61ef8496a3167377da84b854f21060874791325c7637e183574caebe84e0a81b9846ca1"}, &(0x7f0000000040)=0x7a) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000003c0)={r1, 0x1000, "f0164936c6825a0779b7a73d6298ce4336f1a18075b1f84f0601926a29b02cfccb54433e19f4bdff16f259b14fa6b86a0a71a7fde367205424bf1e2597012e62fc6b2dc679ba07fd177d576b58586ce0fef4b68da1e194ed2921c687f5087a746971f0a64d06465076d9df3875ec36692b6a95c2efa076532ea33ffdbc4f345f8b0716f8005656037e26d132f8c739f72fa8731c441ea24a287e55eb34ac916771e9a70e0cbb23988ea194417e7478f5ab74b2b8c151b7d88e0a7e7b4f33df001f1b9b29ff6e1f2a6efce371997f1eb827df8d678a20dbfd028534aa7c60ed141f4c3ad47509340cfce017bd225d824b646c0e28dc926836130269fcb99d5e32107cb89e19c0c8f0ad1ca042c803fc2c88921f9503df4bc6dee292a85329fcc1fb607b96cf287e83a107b4234d26ed95d2b3afb4806a96c489b69cac18885514b9ca19feb55cffb58e392cc45dbf869d6b0c411cdb990ce29470bdf4cf27589b02b4301ccea190a161871df219396af67e92d3585f10f5dc67b352621fd3eda12003a62474f31cf32b318fce1aeae63abfaf96b9a56c4737e39b0564abeb5a8f7a861460e98b339aeaa80f676951e80465480f1a3bff28c910620b544588f51087c8edc3f5a071b42a98945ed7edb12703002c1b76d7eb85cb01f1ef6c2c7cfb4ff934510c655e2699744e1e3990324d67c23d998b23da8857dad5570a14869d756cb0591c37f62c91f3de381a013ec898ba066b47b58fa439085dc44dcefdd9f697ad15fdb752665f114ac2b4cdb88deb6a6fb6ec8b7f4f79bf00fe8e7f8d25127aff3403a1719e3803cac2737b066d492e9405e60467806f12a5cefabcdf77b4b443079e35a0869a3bae1f8c9d6b8f8da334a6cec6f197a2f3f147a34536364bc2d0ec4d1d100bcfc164a108d73df812c700898b944741b3495726cf484ce3a6ec751073ad695fb43b075ebc18cb58833014b6417e795cbcb0300570e4c6527556ef5c21824f9ea3ef9a81407cf2217a1d8adc646bf49f586a9651ae0b4c3d2e19f92d72cddb69ab9c34eab6a624aba3c315786faeaf87a4ee5f83cacaf8a4370ed04a55afbb6829ec1b54cb82093211282572abd31084360f6f2d6bfa025de334e306da67e0fda01d79f6436c8724b983ff3836d8b454ec94bcc722a1e2d7da263ee5c020987c2f917d235b10caf29121a2dcc76cd885a1a200835fd2ae17ea01ccaec5aff5149c0f556dd1f6e96809d44947e7e9fc7f692ce30249895f66ef093a04cf4c49939f57173f6e90da08eafa765057e3e299c26c6e7d2a5eebf6c22bc5b6e58b4ad67ae00eb4e656e6b7efe70950aa8090fed07130d68614b3ce0cb44de257d21fdae4daa2493edbda45e449ae4e6d165fb752f552ba542e1d12242041ffcf815f1fd0e838b13b95450cecc5d29f99ba04be04b100dfd511359e32b823fe04a2499a2fb355c9d5b3cf5ded46290c497d79cccb354061dcc09391fbfeeb1a131c883a1ccb6e461a1d22055e105059ddc5ecabff920ce623bf67d71dedd40b9e95ff4ec83ab2f55855ef4a9a18bfca089aa9ef5604e98837e2ad405f427abf14bd9869787fda1a859d9a47d1f06c146354532e1cf9d3a23ccfcfdfffb7ea46fe3a4f5c91b3ef97d001164bd05fc027904f9bc3539f55a5befbb5ed82e92e7af1c8821b9c8c2ee2f931cb35245631acba4c0bb9e920ae0871c5cd9b6b32efa7864a062a397f91bd74f1a44171415b1ba94869c2ced521458f74112607b435fb6c7d222e79b6975a91912630da24aacd9417c21269270e08fa8778ebf961d5464d0319b8fa0b0fbdf7a06ab9cf466e657c7eff054a60b8c6ae9c0545b3dca34a8f991c1cbb65b680decfe20dae85db508607bbe1a4b21c1d51675a501f583dc227b82e9848337cc38c476b0b9a336644b94e1ca33c28be7cc050f926586b621579c402d3db7259b40b4015bf6884b426932442cf79e7ad461587fa7e7cb4f6467b4352f44b96f0170fc4f48962feef201fb38e3bf04d7b1139b3d9f1710f44804828cbcb55d0c2b1b689ee470e24c6f6e6c94d23be9c108eb4a848b536f104f65baf60a8c93e8d80fe5a2dd76fb579d79183ca6f571d81db46d357934aac452a68f2db0919e5158fd6697cfc207e048cdf4f17e49be734c1b87d88e85c9fdb9058deed3df278dcf45fe03f68d302b27fc6dd01ea2a2be295d2ab6e766e1d29c5379c58e3dfeda9f7a189e1e98e622b1160ee506e120d1f0baffce1062ef085abd1e5278cc9dd6457b397734616f2f7d77c2b773349481352d5c2e69dc4be316be702e84c5792f2932f8fade76d8278ac93f290cd081bd435759ed110bd549fc8421c5e5e9be72ec764378c598fcc0ed30b67ef5286587c13d6779c1277370a8db61e015776a242d46728fd740931d94d1af11722d03e59fa9363ca4e8989e4dab37f33c6a399b7952b4fef19a5a305684bafde7da29ce0ca4fce3a2d8e59fc7811e1df5b2346b551dc5d1e28f30ad3d57a03b52ea86f8bd48b8c57ffe54ff8f655616ab371cac92df284b2ad3f8d4c95dc6498d65da1804dba2c7bab9bc3a939cacd073b69bce8568776ede0b8c939d20ea15e26b90133386cb2afe89ec35e988f831dc925a968b19cd52cbb2bd9be19c393f890b3d8e65edf2b836da8eb3844db96e4723f59060bf33f7bb5e33223aee9e60832ac1058a02f34d461c310cc0745b00f4c33be9cb20457ac809699a425cffefd0311b7057f2ebe88acb1cc8f358c39003785031b095b42823745dd7cc3dbd2c23d80341e0224614e56e06c4652111dc4f39529f2643aa92232d23eaf77fef54facae50e0cc1c26ce6cce9ce980ac9da32a1492b3f08f43589d2c7e7a1b2ba01ccfa89f58ee05b64e8f37378b1bfe46cf0bff6b20415e7ad36624ac45dfc0a385295081587ed53a3ae89e4484a8453d0c6114eb227fa8e804eb60159b3abc953c5e58eb972f2ade0a378dfef4a1c4eaaa780ccf9009a2e9aecf66a3503de7a667b8b1596a212e25bd885b066916f7b1d0eb088fcd453e1e94566f5b6bff21dd810f9d21efd8b762b6ead30df85a4a42cae71f5607fa29111e63c3ef222df6961e215a53ca4baee65ddb711b45750bf68ac7e1750fb816a2059e9ea9a40c61036d49809955f1cb41df46f5774963c6c31f19d072c84e92d248bcd85819da45a2ebcd0e695f67030cb9e0877106f2935d54ea94dc184404a9805d39dc70f5e89bef298291a68a672b56cfd4360b303a2cf79372eb73bf17022b58c01184a60d15699f495965b4a428c85cef0886f85ff36929c2071684cec553e08ba3accf5724bbaefdf5b5724ee21693455c8dac1c9bf060a50d3d748c4806fd4260d36ea57a1953e797a31c95f9e8941e5f99a59e515ad8827a875da6e1d2fd16a89c467a8f872e8d89dd8872bac92f1a199436cc2919eacb8678764ea4436eb30cdf06fca96984e8538f74acd8f9bc272187b1b0135f44cac3056720daa289b42f34080904873e9fc8d4efe39a0fae8ad6ed80a24575aca286a4493047f7c3791826324acef6cc2a2913f88367330ccca5605e8a54ef1e8cab1b63bfaf8d4f7a2b97d5f1916166a2995c47038d55312ac812fc2fe8d2752d9e9a01ccea639bad50fae703fc6a78c890ee972066580bc5076396c3d209fec83cbea05dc75a9a9a9f8085eeaea01779a2d433aa9c32217c7523586cfa4ecf41b1e645b6a6804211bf78b84c396b99fffdfc422adad83d34cd7cd2b5748619be07d80196685f0c41643e5a49247aaa5adbf85d98e0c970419a50e28387f19c19af09857077a62a44b55450cb088871d662b5a25459dbd06ca8aea4f1a7217553795c315d5ba8605f775e6e5718cc119d35e4338cde63fe8f1d452cb9daf090ce6d0d130e77f17f09f6d50f5d235413cd915e5cabe631cad17173717415b6162331233d09a1caf6fbeed256f5a975497256f6ca4a1c8afe6bbfa1a3cb7c5842dcb15173e9092cf3daced473ff9c31520e838f6642ac315812f6b4c0ab23163aeb90de806969223163dee1a939ae9f186827a4c1ad16a8e20ca09113e2429834f492e7d9dc2af96bfeec6b0bf45c24d060e73c4d710c7655791df0b2e444ccdd8472bc13455533994eb97389e71e14cf7224bc7d295fc54f15c75c9e4eb24d3db2705fc623ebc05513ee69a7063f36ef92cf215768860aeb86d16270ecbc682d7f13d641eb5b561e304017531f0bfa080cf796f22b46f0c7c0f91dfdc0b2f14f8b25928b155edb79a62c63c0bc41087d19abf580cdd8a70b989d2da138760e20994607ad00ee54e5d6b0786f1add999e69b2a6d016035df21882a0836a55ed400d77bd17a4eca63f2d9fc7aba753baf80ab0a1350df9b7b7cac84f77b97548d4d8b3ccbfad3970aa703929fe8fa1f04064fe8861e79d75eed6c43d6cfd28cd2bc3838b63713a66220da47682a443a93acd50d9ea66325c233411e89af4c6d1516ffbe80938d4a724a67404f3af4fbc956e730add799e61f9a0b250375bf11cdc0c30c5194584f960ee954c4b4ceecac7df87a40963550d3ccb3647d5a1540e78a07814d7fee8c91caaff89afa95856682a7c55011cc3998bebad12ccc8a524b910e5f92c5b8b53322bff5366223a5c4b2a84832a6bdfcf1d13f60ee748adde222d233165f77302ebc1edeef9aac1e8e4824ee85c06dcbec18d855569163c53ed18c6e4042cbe63bd6a76f0f89b36668b75f1ab49f507ea355c73cb818697e3896518c3afacfe78c1ada0d7ac9b0e881666370f78a5de04411be3aa9d1345b71372873c9203b29370dda91a321572724081b94dd680fb39d1e1af4742fffd8685ec1fc3c3f3922536f20985e8372518e0d4fe612bb5692cba1a5a35af17c68aa8254df374469bcfc4d8825b89e6fa098504b0f27230ed66060080a92f8ee422bf59c66080345cc10c2936423b32c5256f5fdcc685e4743e43399ab26ef47635dbdae78f9b574f5de8455f36faeadc7597decc62238b20da68f9879da1196f780fbc894ba6162b34e20c7c9d14267e9c71f14f7a99ec015e89bc245ddab513ee68f8598fd3b75dfaef01a4d87475114460e4aeb80f4a1d8524b68874b0aa8c85f1b0087dc0a8d1809061c03488c38f15fd345a989188540a115fdb421023aa2e225c6ee41066fac4dbf29453c47bade421c61857529561a4abf27e2c848702b27fb73ed0f2c2263b6771a95bef95b9f591358e54d0bdab49f0ff41803e5e80faf194a1be0f6526139df34459c4510707eea7aeafdb11bb8aa68815ee59b2b326cc08901463ad961074ab77034d73371ff00f33b1c7b29080f51d12d036020317946a48e6fe598b98e4b73e8e62bdb10ba44ee5c40939b849fd9a959692eb07b981c7a3e5a8a78580c8fd46d3e990e43758966093aefc2468001953523f6835f73de906277882b61d098846d307320c7b18e44e5aac9750e9e69c1371a11a99ca5545dddb149a9d4fb0230aee96eb07d7af763433e89f77ef94876fa77c35a1b1422065c08f048a3fcbfe4dd4ecd10c8fb17045caebed25bb516047fe6a00ce9afde7aa1c8410f81e0e22e276c8bbee8d28716388c6faad5c98da3d2be18778425baaf93d01ce356df790d7ee1b4de7966028a41964ed69672f819de26c0a081a7976e340b28ea52b684fa34804cc24f3a7865666945fe768f224f3b9024bf9bd0c0fd3f7a55ad8c773fea2fb085c1be4eb93cc749b678646b33eedeea528485931f142590aa4087d2180f61e7c8df58cbd31ba1616950e8c81"}, &(0x7f0000000240)=0x1008) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8f}, 0x0) r2 = fsopen(&(0x7f0000000700)='affs\x00', 0x1) r3 = fcntl$dupfd(r2, 0x0, r2) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106000000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350602000fff07201706000020191800160600000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000001400)={'sit0\x00', 0x0, 0x7800, 0x20, 0x2, 0x1000, {{0x1d, 0x4, 0x0, 0x1d, 0x74, 0x67, 0x0, 0xa, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}, @broadcast, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x18, 0x3, [{0x5, 0xe, "3727856f0810d6ef151f52db"}, {0x0, 0x4, "ceff"}]}, @generic={0x89, 0xe, "0c735dfc2b9143617c092961"}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x2c, 0xdf, 0x3, 0x9, [{@dev={0xac, 0x14, 0x14, 0x31}, 0x4}, {@dev={0xac, 0x14, 0x14, 0xf}, 0x2ce7}, {@empty, 0x8}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8001}, {@remote, 0x8}]}]}}}}}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, 0x0, 0x1) getpid() r5 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe) r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r6, r5}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) kernel console output (not intermixed with test programs): 5] rtc_cmos 00:00: Alarms can be up to one day in the future [ 96.363566][ T24] usbhid 4-1:0.0: can't add hid device: -71 [ 96.394904][ T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 96.636875][ T6080] tmpfs: Bad value for 'mpol' [ 96.646372][ T24] usb 4-1: USB disconnect, device number 3 [ 97.373609][ T6087] evm: overlay not supported [ 97.839832][ T44] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 98.013029][ T6093] Can't find a SQUASHFS superblock on nullb0 [ 98.022423][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 98.049139][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.096030][ T44] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 98.129888][ T5960] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.162627][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.203971][ T44] usb 5-1: config 0 descriptor?? [ 98.289960][ T5960] usb 1-1: device descriptor read/64, error -71 [ 98.749317][ T5960] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 98.856511][ T6100] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 98.863070][ T6100] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 98.874063][ T6100] vhci_hcd vhci_hcd.0: Device attached [ 98.891803][ T6100] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5) [ 98.898344][ T6100] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 98.940043][ T6100] vhci_hcd vhci_hcd.0: Device attached [ 98.977487][ T6100] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(7) [ 98.984033][ T6100] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 98.999861][ T5960] usb 1-1: device descriptor read/64, error -71 [ 99.025755][ T6107] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(10) [ 99.032460][ T6107] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 99.047138][ T6100] vhci_hcd vhci_hcd.0: Device attached [ 99.056642][ T6111] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 99.063276][ T6111] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 99.070130][ T6107] vhci_hcd vhci_hcd.0: Device attached [ 99.079643][ T6100] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 99.094904][ T6111] vhci_hcd vhci_hcd.0: Device attached [ 99.109043][ T6111] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 99.115669][ T6111] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 99.128760][ T6100] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(12) [ 99.132638][ T5960] usb usb1-port1: attempt power cycle [ 99.135372][ T6100] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 99.148733][ T5941] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 99.159696][ T44] usbhid 5-1:0.0: can't add hid device: -71 [ 99.165750][ T44] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 99.174173][ T6118] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(8) [ 99.179877][ T6101] vhci_hcd: cannot find the pending unlink 3 [ 99.180687][ T6118] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 99.204975][ T44] usb 5-1: USB disconnect, device number 3 [ 99.213591][ T6111] vhci_hcd vhci_hcd.0: Device attached [ 99.213649][ T6118] vhci_hcd vhci_hcd.0: Device attached [ 99.223940][ T6100] vhci_hcd vhci_hcd.0: Device attached [ 99.237481][ T6114] vhci_hcd: connection closed [ 99.237714][ T13] vhci_hcd: stop threads [ 99.248350][ T13] vhci_hcd: release socket [ 99.257575][ T6121] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(7) [ 99.258665][ T6101] vhci_hcd: connection reset by peer [ 99.264180][ T6121] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 99.266049][ T6103] vhci_hcd: connection closed [ 99.271243][ T6108] vhci_hcd: connection closed [ 99.283772][ T6105] vhci_hcd: connection closed [ 99.284231][ T13] vhci_hcd: disconnect device [ 99.298746][ T13] vhci_hcd: stop threads [ 99.304157][ T13] vhci_hcd: release socket [ 99.308708][ T13] vhci_hcd: disconnect device [ 99.317059][ T13] vhci_hcd: stop threads [ 99.321249][ T6121] vhci_hcd vhci_hcd.0: Device attached [ 99.323956][ T6111] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 99.335105][ T24] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 99.342799][ T13] vhci_hcd: release socket [ 99.354473][ T13] vhci_hcd: disconnect device [ 99.361893][ T13] vhci_hcd: stop threads [ 99.365417][ T6111] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(12) [ 99.366353][ T13] vhci_hcd: release socket [ 99.372735][ T6111] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 99.379929][ T6111] vhci_hcd vhci_hcd.0: Device attached [ 99.398321][ T13] vhci_hcd: disconnect device [ 99.406679][ T13] vhci_hcd: stop threads [ 99.415029][ T6112] vhci_hcd: cannot find the pending unlink 3 [ 99.427507][ T13] vhci_hcd: release socket [ 99.430335][ T6111] vhci_hcd vhci_hcd.0: pdev(1) rhport(6) sockfd(15) [ 99.435333][ T13] vhci_hcd: disconnect device [ 99.438598][ T6111] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 99.462656][ T6111] vhci_hcd vhci_hcd.0: Device attached [ 99.475709][ T6126] vhci_hcd: connection closed [ 99.476004][ T13] vhci_hcd: stop threads [ 99.486535][ T6124] vhci_hcd: connection closed [ 99.487339][ T6119] vhci_hcd: connection closed [ 99.487545][ T6122] vhci_hcd: connection closed [ 99.499831][ T6115] vhci_hcd: connection closed [ 99.509350][ T6112] vhci_hcd: connection reset by peer [ 99.520320][ T13] vhci_hcd: release socket [ 99.524742][ T5960] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 99.534052][ T13] vhci_hcd: disconnect device [ 99.539635][ T13] vhci_hcd: stop threads [ 99.553885][ T5960] usb 1-1: device descriptor read/8, error -71 [ 99.561227][ T13] vhci_hcd: release socket [ 99.565736][ T13] vhci_hcd: disconnect device [ 99.573942][ T13] vhci_hcd: stop threads [ 99.578213][ T13] vhci_hcd: release socket [ 99.583428][ T13] vhci_hcd: disconnect device [ 99.594979][ T13] vhci_hcd: stop threads [ 99.599256][ T13] vhci_hcd: release socket [ 99.604213][ T13] vhci_hcd: disconnect device [ 99.609338][ T13] vhci_hcd: stop threads [ 99.614569][ T13] vhci_hcd: release socket [ 99.619098][ T13] vhci_hcd: disconnect device [ 99.624993][ T13] vhci_hcd: stop threads [ 99.629278][ T13] vhci_hcd: release socket [ 99.633826][ T13] vhci_hcd: disconnect device [ 99.799960][ T5960] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 99.819814][ T2152] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 99.834257][ T5960] usb 1-1: device descriptor read/8, error -71 [ 99.939975][ T44] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 100.321626][ T5960] usb usb1-port1: unable to enumerate USB device [ 100.354056][ T2152] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 100.367455][ T2152] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.386839][ T2152] usb 4-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 100.409158][ T2152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.434663][ T2152] usb 4-1: config 0 descriptor?? [ 100.513617][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 100.643089][ T6140] hub 8-0:1.0: USB hub found [ 100.648342][ T6140] hub 8-0:1.0: 1 port detected [ 100.739301][ T44] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 100.754654][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.795945][ T44] usb 5-1: Product: syz [ 100.855870][ T44] usb 5-1: Manufacturer: syz [ 100.900126][ T44] usb 5-1: SerialNumber: syz [ 101.157401][ T44] r8152-cfgselector 5-1: Unknown version 0x0000 [ 101.265846][ T44] r8152-cfgselector 5-1: config 0 descriptor?? [ 101.459606][ T2152] usbhid 4-1:0.0: can't add hid device: -71 [ 101.465690][ T2152] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 101.548809][ T2152] usb 4-1: USB disconnect, device number 4 [ 101.842817][ T5960] r8152-cfgselector 5-1: USB disconnect, device number 4 [ 102.032156][ T6157] syz.2.52 uses obsolete (PF_INET,SOCK_PACKET) [ 102.404455][ T6161] FAULT_INJECTION: forcing a failure. [ 102.404455][ T6161] name failslab, interval 1, probability 0, space 0, times 0 [ 102.474818][ T6161] CPU: 0 UID: 0 PID: 6161 Comm: syz.2.54 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 102.474843][ T6161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.474854][ T6161] Call Trace: [ 102.474861][ T6161] [ 102.474870][ T6161] dump_stack_lvl+0x189/0x250 [ 102.474902][ T6161] ? __pfx____ratelimit+0x10/0x10 [ 102.474928][ T6161] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.474955][ T6161] ? __pfx__printk+0x10/0x10 [ 102.474976][ T6161] ? __pfx___might_resched+0x10/0x10 [ 102.475001][ T6161] ? fs_reclaim_acquire+0x7d/0x100 [ 102.475031][ T6161] should_fail_ex+0x414/0x560 [ 102.475058][ T6161] should_failslab+0xa8/0x100 [ 102.475083][ T6161] __kmalloc_noprof+0xcb/0x4f0 [ 102.475103][ T6161] ? tomoyo_encode+0x28b/0x550 [ 102.475139][ T6161] tomoyo_encode+0x28b/0x550 [ 102.475170][ T6161] tomoyo_realpath_from_path+0x58d/0x5d0 [ 102.475206][ T6161] ? tomoyo_domain+0xda/0x130 [ 102.475239][ T6161] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 102.475261][ T6161] tomoyo_path_number_perm+0x1e8/0x5a0 [ 102.475285][ T6161] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 102.475322][ T6161] ? __lock_acquire+0xab9/0xd20 [ 102.475366][ T6161] ? __fget_files+0x2a/0x420 [ 102.475392][ T6161] ? __fget_files+0x2a/0x420 [ 102.475415][ T6161] ? __fget_files+0x3a0/0x420 [ 102.475437][ T6161] ? __fget_files+0x2a/0x420 [ 102.475465][ T6161] security_file_ioctl+0xcb/0x2d0 [ 102.475491][ T6161] __se_sys_ioctl+0x47/0x170 [ 102.475512][ T6161] do_syscall_64+0xfa/0x3b0 [ 102.475538][ T6161] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.475563][ T6161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.475581][ T6161] ? clear_bhb_loop+0x60/0xb0 [ 102.475604][ T6161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.475621][ T6161] RIP: 0033:0x7fe938d8e929 [ 102.475637][ T6161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.475652][ T6161] RSP: 002b:00007fe939c1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 102.475670][ T6161] RAX: ffffffffffffffda RBX: 00007fe938fb5fa0 RCX: 00007fe938d8e929 [ 102.475683][ T6161] RDX: 0000200000000540 RSI: 000000000000890c RDI: 0000000000000004 [ 102.475694][ T6161] RBP: 00007fe939c1d090 R08: 0000000000000000 R09: 0000000000000000 [ 102.475705][ T6161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.475715][ T6161] R13: 0000000000000000 R14: 00007fe938fb5fa0 R15: 00007fff29653ba8 [ 102.475744][ T6161] [ 102.728446][ T6161] ERROR: Out of memory at tomoyo_realpath_from_path. [ 103.089818][ T6136] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 103.680066][ T6136] usb 5-1: Using ep0 maxpacket: 16 [ 103.699395][ T6136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.718798][ T6136] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 103.740617][ T6136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.847697][ T6169] Can't find a SQUASHFS superblock on nullb0 [ 104.165911][ T6136] usb 5-1: config 0 descriptor?? [ 104.205730][ T6175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.242754][ T6175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.290080][ T5941] vhci_hcd: vhci_device speed not set [ 104.420168][ T5960] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 104.439775][ T5885] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 104.449839][ T24] vhci_hcd: vhci_device speed not set [ 104.547706][ T5962] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 104.590016][ T5960] usb 4-1: device descriptor read/64, error -71 [ 104.713648][ T5962] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 104.738268][ T5962] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.759483][ T5962] usb 1-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 104.784683][ T5962] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.811131][ T5962] usb 1-1: config 0 descriptor?? [ 104.818394][ T6136] usbhid 5-1:0.0: can't add hid device: -71 [ 104.849924][ T5960] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 104.880839][ T6136] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 104.908320][ T6136] usb 5-1: USB disconnect, device number 5 [ 104.990065][ T5960] usb 4-1: device descriptor read/64, error -71 [ 105.100144][ T5960] usb usb4-port1: attempt power cycle [ 105.833897][ T5960] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 109.367295][ T5960] usb 4-1: device descriptor read/8, error -71 [ 109.390978][ T5962] usbhid 1-1:0.0: can't add hid device: -71 [ 109.405610][ T6191] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.430253][ T5962] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 109.492723][ T6197] FAULT_INJECTION: forcing a failure. [ 109.492723][ T6197] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.506189][ T6197] CPU: 1 UID: 0 PID: 6197 Comm: syz.3.66 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 109.506209][ T6197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.506218][ T6197] Call Trace: [ 109.506225][ T6197] [ 109.506231][ T6197] dump_stack_lvl+0x189/0x250 [ 109.506258][ T6197] ? __pfx____ratelimit+0x10/0x10 [ 109.506280][ T6197] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.506302][ T6197] ? __pfx__printk+0x10/0x10 [ 109.506317][ T6197] ? __might_fault+0xb0/0x130 [ 109.506344][ T6197] should_fail_ex+0x414/0x560 [ 109.506365][ T6197] _copy_from_user+0x2d/0xb0 [ 109.506380][ T6197] __sys_bpf+0x1ed/0x860 [ 109.506400][ T6197] ? __pfx___sys_bpf+0x10/0x10 [ 109.506428][ T6197] ? ksys_write+0x22a/0x250 [ 109.506447][ T6197] ? __pfx_ksys_write+0x10/0x10 [ 109.506462][ T6197] ? rcu_is_watching+0x15/0xb0 [ 109.506499][ T6197] __x64_sys_bpf+0x7c/0x90 [ 109.506516][ T6197] do_syscall_64+0xfa/0x3b0 [ 109.506538][ T6197] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.506558][ T6197] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.506573][ T6197] ? clear_bhb_loop+0x60/0xb0 [ 109.506591][ T6197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.506606][ T6197] RIP: 0033:0x7fd14838e929 [ 109.506619][ T6197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.506631][ T6197] RSP: 002b:00007fd1491a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 109.506647][ T6197] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838e929 [ 109.506658][ T6197] RDX: 0000000000000050 RSI: 0000200000000040 RDI: 000000000000000a [ 109.506667][ T6197] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 109.506676][ T6197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.506684][ T6197] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 109.506707][ T6197] [ 109.515642][ T6191] batadv_slave_0: entered promiscuous mode [ 109.651527][ T6203] FAULT_INJECTION: forcing a failure. [ 109.651527][ T6203] name failslab, interval 1, probability 0, space 0, times 0 [ 109.669827][ T5962] usb 1-1: USB disconnect, device number 6 [ 109.697435][ T6191] batadv_slave_0: entered allmulticast mode [ 109.740625][ T6203] CPU: 0 UID: 0 PID: 6203 Comm: syz.3.67 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 109.740653][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.740666][ T6203] Call Trace: [ 109.740674][ T6203] [ 109.740683][ T6203] dump_stack_lvl+0x189/0x250 [ 109.740725][ T6203] ? __pfx____ratelimit+0x10/0x10 [ 109.740755][ T6203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.740786][ T6203] ? __pfx__printk+0x10/0x10 [ 109.740813][ T6203] ? __pfx___might_resched+0x10/0x10 [ 109.740841][ T6203] ? fs_reclaim_acquire+0x7d/0x100 [ 109.740876][ T6203] should_fail_ex+0x414/0x560 [ 109.740904][ T6203] ? __pfx_sock_alloc_inode+0x10/0x10 [ 109.740933][ T6203] should_failslab+0xa8/0x100 [ 109.740961][ T6203] ? __pfx_sock_alloc_inode+0x10/0x10 [ 109.740988][ T6203] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 109.741013][ T6203] ? sock_alloc_inode+0x28/0xc0 [ 109.741045][ T6203] ? __pfx_sock_alloc_inode+0x10/0x10 [ 109.741075][ T6203] sock_alloc_inode+0x28/0xc0 [ 109.741103][ T6203] alloc_inode+0x6a/0x1b0 [ 109.741133][ T6203] do_accept+0x111/0x680 [ 109.741158][ T6203] ? __pfx_do_accept+0x10/0x10 [ 109.741202][ T6203] __sys_accept4+0x11c/0x1c0 [ 109.741225][ T6203] ? __pfx___sys_accept4+0x10/0x10 [ 109.741244][ T6203] ? __pfx_ksys_write+0x10/0x10 [ 109.741265][ T6203] ? rcu_is_watching+0x15/0xb0 [ 109.741301][ T6203] __x64_sys_accept4+0x9a/0xb0 [ 109.741324][ T6203] do_syscall_64+0xfa/0x3b0 [ 109.741353][ T6203] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.741380][ T6203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.741401][ T6203] ? clear_bhb_loop+0x60/0xb0 [ 109.741425][ T6203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.741446][ T6203] RIP: 0033:0x7fd14838e929 [ 109.741463][ T6203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.741480][ T6203] RSP: 002b:00007fd1491a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 109.741502][ T6203] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838e929 [ 109.741517][ T6203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 109.741528][ T6203] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 109.741541][ T6203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.741552][ T6203] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 109.741583][ T6203] [ 109.988536][ T6205] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 109.989952][ T5892] kernel read not supported for file /vga_arbiter (pid: 5892 comm: kworker/0:6) [ 110.691176][ T5826] Bluetooth: hci1: unknown advertising packet type: 0x70 [ 111.900327][ T6222] netlink: 68 bytes leftover after parsing attributes in process `syz.1.73'. [ 113.529411][ T6237] hub 8-0:1.0: USB hub found [ 113.540051][ T6237] hub 8-0:1.0: 1 port detected [ 114.406744][ T6243] tmpfs: Bad value for 'mpol' [ 114.569776][ T5885] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 114.711978][ T6248] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 114.718583][ T6248] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 114.752717][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 114.783010][ T6248] vhci_hcd vhci_hcd.0: Device attached [ 114.789891][ T5885] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.801137][ T6252] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6) [ 114.807674][ T6252] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 114.810516][ T5885] usb 4-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 114.837808][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.849809][ T6252] vhci_hcd vhci_hcd.0: Device attached [ 114.902937][ T6248] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(5) [ 114.909479][ T6248] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 114.918333][ T5885] usb 4-1: config 0 descriptor?? [ 114.978418][ T6248] vhci_hcd vhci_hcd.0: Device attached [ 115.000052][ T6252] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(8) [ 115.006691][ T6252] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 115.009801][ T5960] usb 33-1: new low-speed USB device number 3 using vhci_hcd [ 115.030673][ T6252] vhci_hcd vhci_hcd.0: Device attached [ 115.040632][ T6248] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 115.093810][ T6248] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(12) [ 115.100446][ T6248] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 115.117732][ T6248] vhci_hcd vhci_hcd.0: Device attached [ 115.131972][ T6249] vhci_hcd: cannot find the pending unlink 3 [ 115.148158][ T6258] vhci_hcd: connection closed [ 115.150017][ T6256] vhci_hcd: connection closed [ 115.157743][ T42] vhci_hcd: stop threads [ 115.160392][ T6260] vhci_hcd: connection closed [ 115.167289][ T42] vhci_hcd: release socket [ 115.190386][ T6254] vhci_hcd: connection closed [ 115.191485][ T6249] vhci_hcd: connection reset by peer [ 115.206783][ T42] vhci_hcd: disconnect device [ 115.215978][ T42] vhci_hcd: stop threads [ 115.224393][ T42] vhci_hcd: release socket [ 115.229073][ T42] vhci_hcd: disconnect device [ 115.239104][ T42] vhci_hcd: stop threads [ 115.247165][ T42] vhci_hcd: release socket [ 115.257959][ T42] vhci_hcd: disconnect device [ 115.267784][ T42] vhci_hcd: stop threads [ 115.276594][ T42] vhci_hcd: release socket [ 115.284079][ T42] vhci_hcd: disconnect device [ 115.291613][ T42] vhci_hcd: stop threads [ 115.295924][ T42] vhci_hcd: release socket [ 115.303560][ T42] vhci_hcd: disconnect device [ 115.366377][ T5885] logitech-hidpp-device 0003:046D:C262.0004: item fetching failed at offset 0/3 [ 115.376267][ T5885] logitech-hidpp-device 0003:046D:C262.0004: hidpp_probe:parse failed [ 115.408933][ T5885] logitech-hidpp-device 0003:046D:C262.0004: probe with driver logitech-hidpp-device failed with error -22 [ 115.434959][ T6136] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 115.611033][ T6136] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 115.653070][ T6136] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 115.799973][ T6136] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 115.856476][ T6136] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 115.905941][ T6136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 115.947071][ T6136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 39, setting to 8 [ 115.996617][ T6136] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 116.191106][ T6136] usb 5-1: string descriptor 0 read error: -22 [ 116.199350][ T6136] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 116.208694][ T6136] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.350675][ T6136] usb 5-1: config 0 descriptor?? [ 116.360409][ T6263] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 116.451812][ T6136] hub 5-1:0.0: bad descriptor, ignoring hub [ 116.457844][ T6136] hub 5-1:0.0: probe with driver hub failed with error -5 [ 116.903703][ T5885] usb 4-1: USB disconnect, device number 9 [ 116.924549][ T6136] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5 [ 117.456388][ T6279] process 'syz.4.81' launched './file0' with NULL argv: empty string added [ 118.862386][ C0] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -1 [ 118.874359][ T6284] rtc_cmos 00:00: Alarms can be up to one day in the future [ 119.377834][ T44] usb 5-1: USB disconnect, device number 6 [ 119.377949][ C0] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -19 [ 119.401184][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.87'. [ 119.509855][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 119.890159][ T6289] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 120.210821][ T30] audit: type=1326 audit(1750991606.999:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6285 comm="syz.1.87" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9455f8e929 code=0x0 [ 120.344408][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 120.419854][ T5960] vhci_hcd: vhci_device speed not set [ 120.444132][ T9] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 120.587930][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.596721][ T9] usb 3-1: Product: syz [ 120.600997][ T9] usb 3-1: Manufacturer: syz [ 120.605614][ T9] usb 3-1: SerialNumber: syz [ 120.872820][ T6298] rtc_cmos 00:00: Alarms can be up to one day in the future [ 120.939996][ T44] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 121.162561][ T9] r8152-cfgselector 3-1: Unknown version 0x0000 [ 121.188540][ T9] r8152-cfgselector 3-1: config 0 descriptor?? [ 121.313803][ T44] usb 5-1: no configurations [ 121.331061][ T44] usb 5-1: can't read configurations, error -22 [ 122.223776][ T44] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 122.415069][ T6136] r8152-cfgselector 3-1: USB disconnect, device number 4 [ 122.541583][ T44] usb 5-1: no configurations [ 122.549942][ T44] usb 5-1: can't read configurations, error -22 [ 122.562181][ T44] usb usb5-port1: attempt power cycle [ 122.570566][ T6309] tmpfs: Bad value for 'mpol' [ 122.843787][ T5941] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 122.930522][ T44] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 123.059682][ T44] usb 5-1: no configurations [ 123.120910][ T5941] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.131491][ T44] usb 5-1: can't read configurations, error -22 [ 123.157465][ T5941] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 123.183818][ T5941] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 123.195590][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.237353][ T5941] usb 1-1: Product: syz [ 123.249808][ T5941] usb 1-1: Manufacturer: syz [ 123.258166][ T5941] usb 1-1: SerialNumber: syz [ 123.284064][ T44] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 123.342348][ T44] usb 5-1: no configurations [ 123.348539][ T44] usb 5-1: can't read configurations, error -22 [ 123.367486][ T44] usb usb5-port1: unable to enumerate USB device [ 124.553459][ T5941] usb 1-1: 0:2 : does not exist [ 124.561579][ T5941] usb 1-1: unit 6 not found! [ 124.708121][ T5941] usb 1-1: USB disconnect, device number 7 [ 124.745834][ T6315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.804450][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 126.124988][ T6326] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns [ 126.529780][ T5892] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 126.951300][ T6338] rtc_cmos 00:00: Alarms can be up to one day in the future [ 127.422335][ T5892] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 127.443909][ T5892] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 127.490065][ T5892] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 127.529529][ T9] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 127.531980][ T30] audit: type=1326 audit(1750991614.429:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6347 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 127.537169][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.629952][ T30] audit: type=1326 audit(1750991614.429:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6347 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 127.676210][ T6335] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 127.709913][ T5892] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 127.712545][ T30] audit: type=1326 audit(1750991614.429:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6347 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 127.771245][ T9] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 129.407507][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.481695][ T30] audit: type=1326 audit(1750991614.429:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6347 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 129.505626][ T30] audit: type=1326 audit(1750991614.429:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6347 comm="syz.4.105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 129.529559][ T9] usb 1-1: config 0 descriptor?? [ 129.560113][ T5823] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 129.630295][ T5892] usb 2-1: USB disconnect, device number 7 [ 129.658908][ T9] usb 1-1: can't set config #0, error -71 [ 129.667951][ T9] usb 1-1: USB disconnect, device number 8 [ 129.720699][ T5823] usb 4-1: Using ep0 maxpacket: 16 [ 129.745448][ T5823] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 129.770579][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.783136][ T5823] usb 4-1: Product: syz [ 129.789540][ T5823] usb 4-1: Manufacturer: syz [ 129.799313][ T5823] usb 4-1: SerialNumber: syz [ 130.230666][ T5892] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 130.246145][ T5823] r8152-cfgselector 4-1: Unknown version 0x0000 [ 130.253602][ T6365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.111'. [ 130.264494][ T5823] r8152-cfgselector 4-1: config 0 descriptor?? [ 130.411722][ T5892] usb 2-1: no configurations [ 130.419580][ T5892] usb 2-1: can't read configurations, error -22 [ 130.640055][ T5892] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 130.842723][ T5941] r8152-cfgselector 4-1: USB disconnect, device number 10 [ 131.048612][ T6379] tmpfs: Bad value for 'mpol' [ 131.554727][ T5892] usb 2-1: no configurations [ 132.119803][ T5892] usb 2-1: can't read configurations, error -22 [ 132.716079][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.153840][ T5892] usb usb2-port1: attempt power cycle [ 133.174506][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.337070][ T6390] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 133.343649][ T6390] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 133.353785][ T6390] vhci_hcd vhci_hcd.0: Device attached [ 133.396746][ T6390] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 133.403296][ T6390] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 133.645323][ T6399] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(8) [ 133.651886][ T6399] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 133.660570][ T6399] vhci_hcd vhci_hcd.0: Device attached [ 133.660754][ T6390] vhci_hcd vhci_hcd.0: Device attached [ 133.667176][ T6391] vhci_hcd: cannot find the pending unlink 3 [ 133.705813][ T6393] vhci_hcd: connection closed [ 133.706071][ T1156] vhci_hcd: stop threads [ 133.706072][ T9] usb 35-1: new low-speed USB device number 3 using vhci_hcd [ 133.711584][ T1156] vhci_hcd: release socket [ 133.729926][ T6400] vhci_hcd: connection closed [ 133.784938][ T6397] rtc_cmos 00:00: Alarms can be up to one day in the future [ 133.953100][ T1156] vhci_hcd: disconnect device [ 133.958089][ T6391] vhci_hcd: connection closed [ 133.958261][ T1156] vhci_hcd: stop threads [ 133.980694][ T6392] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 134.012111][ T1156] vhci_hcd: release socket [ 134.036463][ T1156] vhci_hcd: disconnect device [ 134.045209][ T1156] vhci_hcd: stop threads [ 134.049509][ T1156] vhci_hcd: release socket [ 134.058466][ T1156] vhci_hcd: disconnect device [ 134.128968][ T6406] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 134.135517][ T6406] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 134.169913][ T6406] vhci_hcd vhci_hcd.0: Device attached [ 134.229823][ T6406] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(5) [ 134.236388][ T6406] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 134.626521][ T5823] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 134.670439][ T6406] vhci_hcd vhci_hcd.0: Device attached [ 134.698193][ T6414] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(8) [ 134.704750][ T6414] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 134.724275][ T6406] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(7) [ 134.730819][ T6406] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 134.770463][ T6414] vhci_hcd vhci_hcd.0: Device attached [ 134.780582][ T5960] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 134.792326][ T6406] vhci_hcd vhci_hcd.0: Device attached [ 134.812985][ T6406] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 134.827404][ T5823] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 134.851549][ T5823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.982711][ T6426] rtc_cmos 00:00: Alarms can be up to one day in the future [ 135.264303][ T6415] vhci_hcd: connection closed [ 135.264482][ T6407] vhci_hcd: connection reset by peer [ 135.269790][ T13] vhci_hcd: stop threads [ 135.278748][ T13] vhci_hcd: release socket [ 135.284875][ T6417] vhci_hcd: connection closed [ 135.285072][ T6411] vhci_hcd: connection closed [ 135.289945][ T6406] vhci_hcd vhci_hcd.0: pdev(3) rhport(5) sockfd(13) [ 135.301221][ T6406] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 135.326712][ T5823] usb 1-1: config 0 descriptor?? [ 135.358033][ T13] vhci_hcd: disconnect device [ 135.363218][ T6406] vhci_hcd vhci_hcd.0: Device attached [ 135.369241][ T6423] vhci_hcd: connection closed [ 135.496174][ T5823] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 135.554256][ T13] vhci_hcd: stop threads [ 135.567059][ T5823] gp8psk: usb in 128 operation failed. [ 135.572923][ T13] vhci_hcd: release socket [ 135.584316][ T13] vhci_hcd: disconnect device [ 135.603144][ T13] vhci_hcd: stop threads [ 135.614005][ T13] vhci_hcd: release socket [ 135.623392][ T13] vhci_hcd: disconnect device [ 135.640195][ T13] vhci_hcd: stop threads [ 135.652327][ T13] vhci_hcd: release socket [ 135.679882][ T13] vhci_hcd: disconnect device [ 135.696151][ T13] vhci_hcd: stop threads [ 135.705516][ T13] vhci_hcd: release socket [ 135.716152][ T13] vhci_hcd: disconnect device [ 135.935855][ T6434] hub 8-0:1.0: USB hub found [ 135.946480][ T6434] hub 8-0:1.0: 1 port detected [ 135.994976][ T5823] gp8psk: FW Version = 106.237.228 (0x6aede4) Build 2130/20/147 [ 136.152913][ T6439] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.161195][ T6439] batadv_slave_0: entered promiscuous mode [ 136.167175][ T6439] batadv_slave_0: entered allmulticast mode [ 137.528048][ T5823] gp8psk: usb in 149 operation failed. [ 137.623443][ T5823] gp8psk: failed to get FPGA version [ 137.832227][ T5823] gp8psk: usb in 138 operation failed. [ 137.838079][ T5823] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 137.860636][ T5823] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 138.582064][ T5962] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 139.023850][ T5823] usb 1-1: USB disconnect, device number 9 [ 139.089948][ T9] vhci_hcd: vhci_device speed not set [ 139.181791][ T6464] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 139.188349][ T6464] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 139.232807][ T6464] vhci_hcd vhci_hcd.0: Device attached [ 139.248794][ T6469] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6) [ 139.255338][ T6469] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 139.339917][ T6469] vhci_hcd vhci_hcd.0: Device attached [ 139.360651][ T6465] vhci_hcd: cannot find the pending unlink 3 [ 139.366686][ T6465] vhci_hcd: connection closed [ 139.369254][ T6470] vhci_hcd: connection closed [ 139.383576][ T36] vhci_hcd: stop threads [ 139.417222][ T6475] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 139.423761][ T6475] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 139.441496][ T36] vhci_hcd: release socket [ 139.460395][ T5823] usb 33-1: new low-speed USB device number 4 using vhci_hcd [ 139.461292][ T36] vhci_hcd: disconnect device [ 139.474831][ T6475] vhci_hcd vhci_hcd.0: Device attached [ 139.508409][ T36] vhci_hcd: stop threads [ 139.528243][ T6478] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(6) [ 139.534786][ T6478] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 139.542625][ T36] vhci_hcd: release socket [ 139.553566][ T36] vhci_hcd: disconnect device [ 139.566585][ T6478] vhci_hcd vhci_hcd.0: Device attached [ 139.584470][ T6475] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(5) [ 139.591135][ T6475] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 139.599422][ T6475] vhci_hcd vhci_hcd.0: Device attached [ 139.611569][ T6475] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(9) [ 139.618112][ T6475] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 140.031909][ T6475] vhci_hcd vhci_hcd.0: Device attached [ 140.042732][ T6478] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 140.086321][ T6476] vhci_hcd: cannot find the pending unlink 3 [ 140.096351][ T6480] vhci_hcd: connection closed [ 140.096844][ T6483] vhci_hcd: connection closed [ 140.097815][ T6485] vhci_hcd: connection closed [ 140.103676][ T36] vhci_hcd: stop threads [ 140.106561][ T5960] vhci_hcd: vhci_device speed not set [ 140.113522][ T6476] vhci_hcd: connection closed [ 140.159073][ T36] vhci_hcd: release socket [ 140.183113][ T36] vhci_hcd: disconnect device [ 140.192950][ T36] vhci_hcd: stop threads [ 140.197625][ T36] vhci_hcd: release socket [ 140.203260][ T36] vhci_hcd: disconnect device [ 140.212357][ T36] vhci_hcd: stop threads [ 140.217778][ T36] vhci_hcd: release socket [ 140.258269][ T36] vhci_hcd: disconnect device [ 140.268458][ T36] vhci_hcd: stop threads [ 140.273853][ T36] vhci_hcd: release socket [ 140.278662][ T36] vhci_hcd: disconnect device [ 140.300144][ T9] usb 35-1: device descriptor read/64, error -110 [ 140.317297][ T6491] hub 8-0:1.0: USB hub found [ 140.327058][ T6491] hub 8-0:1.0: 1 port detected [ 140.519861][ T9] vhci_hcd: vhci_device speed not set [ 140.791478][ T6136] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 141.593388][ T6136] usb 1-1: no configurations [ 141.676552][ T6136] usb 1-1: can't read configurations, error -22 [ 141.849824][ T6136] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 141.959789][ T5962] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 142.029212][ T6136] usb 1-1: no configurations [ 142.035431][ T6136] usb 1-1: can't read configurations, error -22 [ 142.336341][ T6136] usb usb1-port1: attempt power cycle [ 142.429800][ T5962] usb 3-1: Using ep0 maxpacket: 16 [ 142.447775][ T5962] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 142.457543][ T5962] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.466526][ T5962] usb 3-1: Product: syz [ 142.471382][ T5962] usb 3-1: Manufacturer: syz [ 142.476757][ T5962] usb 3-1: SerialNumber: syz [ 142.482362][ T44] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 142.509849][ T5962] r8152-cfgselector 3-1: Unknown version 0x0000 [ 142.522801][ T5962] r8152-cfgselector 3-1: config 0 descriptor?? [ 142.798556][ T6136] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 142.809058][ T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.821581][ T44] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 142.830916][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 142.842070][ T6136] usb 1-1: no configurations [ 142.846697][ T6136] usb 1-1: can't read configurations, error -22 [ 142.853060][ T44] usb 2-1: Product: syz [ 142.857233][ T44] usb 2-1: Manufacturer: syz [ 142.862877][ T44] usb 2-1: SerialNumber: syz [ 142.869460][ T44] usb 2-1: config 0 descriptor?? [ 142.947942][ T6523] tmpfs: Bad value for 'mpol' [ 143.468456][ T9] r8152-cfgselector 3-1: USB disconnect, device number 5 [ 143.505048][ T6136] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 143.655858][ T6529] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 143.662416][ T6529] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 143.678321][ T6529] vhci_hcd vhci_hcd.0: Device attached [ 143.687659][ T6530] vhci_hcd: cannot find the pending unlink 3 [ 143.693949][ T6530] vhci_hcd: connection closed [ 143.695042][ T3498] vhci_hcd: stop threads [ 143.705223][ T3498] vhci_hcd: release socket [ 143.711382][ T3498] vhci_hcd: disconnect device [ 143.749773][ T6136] usb 1-1: device not accepting address 13, error -71 [ 144.731077][ T5823] vhci_hcd: vhci_device speed not set [ 144.886231][ T6136] usb usb1-port1: unable to enumerate USB device [ 145.570914][ T6539] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 145.577488][ T6539] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 145.596423][ T5960] usb 2-1: USB disconnect, device number 12 [ 145.599931][ T6539] vhci_hcd vhci_hcd.0: Device attached [ 145.644945][ T6551] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(9) [ 145.651489][ T6551] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 145.673485][ T6551] vhci_hcd vhci_hcd.0: Device attached [ 145.693709][ T6547] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6) [ 145.700252][ T6547] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 146.117999][ T6547] vhci_hcd vhci_hcd.0: Device attached [ 146.142041][ T6559] hub 8-0:1.0: USB hub found [ 146.146903][ T6559] hub 8-0:1.0: 1 port detected [ 146.225472][ T6539] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(5) [ 146.232067][ T6539] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 146.260052][ T6539] vhci_hcd vhci_hcd.0: Device attached [ 146.282010][ T6540] vhci_hcd: cannot find the pending unlink 3 [ 146.288774][ T6562] vhci_hcd: connection closed [ 146.290913][ T6549] vhci_hcd: connection closed [ 146.290999][ T6540] vhci_hcd: connection closed [ 146.305106][ T6552] vhci_hcd: connection closed [ 146.305424][ T59] vhci_hcd: stop threads [ 146.322766][ T59] vhci_hcd: release socket [ 146.330445][ T59] vhci_hcd: disconnect device [ 146.335471][ T59] vhci_hcd: stop threads [ 146.341385][ T59] vhci_hcd: release socket [ 146.346034][ T59] vhci_hcd: disconnect device [ 146.353484][ T59] vhci_hcd: stop threads [ 146.358915][ T59] vhci_hcd: release socket [ 146.389874][ T5823] usb 33-1: device descriptor read/64, error -110 [ 146.525186][ T59] vhci_hcd: disconnect device [ 147.214375][ T59] vhci_hcd: stop threads [ 147.218773][ T59] vhci_hcd: release socket [ 147.223478][ T5823] vhci_hcd: vhci_device speed not set [ 147.270034][ T59] vhci_hcd: disconnect device [ 149.344830][ T5885] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 149.529828][ T5885] usb 5-1: Using ep0 maxpacket: 16 [ 149.556638][ T5885] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 149.576842][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.606598][ T5885] usb 5-1: Product: syz [ 149.619829][ T44] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 149.627629][ T5885] usb 5-1: Manufacturer: syz [ 149.645712][ T5885] usb 5-1: SerialNumber: syz [ 149.680308][ T5885] r8152-cfgselector 5-1: Unknown version 0x0000 [ 149.686613][ T5885] r8152-cfgselector 5-1: config 0 descriptor?? [ 149.736219][ T6599] hub 8-0:1.0: USB hub found [ 149.770421][ T6599] hub 8-0:1.0: 1 port detected [ 149.801463][ T44] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 149.811822][ T5910] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 149.837967][ T44] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 149.863224][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 149.883212][ T44] usb 1-1: Product: syz [ 149.891233][ T44] usb 1-1: Manufacturer: syz [ 149.899494][ T44] usb 1-1: SerialNumber: syz [ 149.908953][ T44] usb 1-1: config 0 descriptor?? [ 149.985738][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 149.997013][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.007581][ T5910] usb 3-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 150.018687][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.029022][ T5910] usb 3-1: config 0 descriptor?? [ 150.129802][ T5941] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 150.139354][ T5885] r8152-cfgselector 5-1: USB disconnect, device number 11 [ 150.269781][ T5941] usb 4-1: device descriptor read/64, error -71 [ 150.444333][ T5910] logitech-hidpp-device 0003:046D:C262.0005: item fetching failed at offset 0/3 [ 150.453937][ T5910] logitech-hidpp-device 0003:046D:C262.0005: hidpp_probe:parse failed [ 150.462877][ T5910] logitech-hidpp-device 0003:046D:C262.0005: probe with driver logitech-hidpp-device failed with error -22 [ 150.519800][ T5941] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 150.671958][ T5941] usb 4-1: device descriptor read/64, error -71 [ 150.802592][ T5941] usb usb4-port1: attempt power cycle [ 151.192672][ T44] usb 3-1: USB disconnect, device number 6 [ 151.230027][ T5941] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 151.281394][ T5941] usb 4-1: device descriptor read/8, error -71 [ 151.691709][ T5941] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 151.710734][ T5941] usb 4-1: device descriptor read/8, error -71 [ 151.956224][ T5941] usb usb4-port1: unable to enumerate USB device [ 152.409999][ T44] usb 1-1: USB disconnect, device number 14 [ 152.488273][ T5885] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 153.040505][ T6632] hub 8-0:1.0: USB hub found [ 153.046248][ T6632] hub 8-0:1.0: 1 port detected [ 153.079206][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 153.122148][ T5885] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 153.158718][ T5885] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02 [ 153.183635][ T6638] Zero length message leads to an empty skb [ 153.190931][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.214473][ T5885] usb 5-1: Product: syz [ 153.224063][ T5885] usb 5-1: Manufacturer: syz [ 153.234101][ T5885] usb 5-1: SerialNumber: syz [ 153.253523][ T5885] usb 5-1: config 0 descriptor?? [ 153.475055][ T5962] usb 5-1: USB disconnect, device number 12 [ 153.539791][ T5941] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 153.649779][ T5885] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 153.699865][ T5941] usb 4-1: Using ep0 maxpacket: 16 [ 153.709863][ T5941] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 153.719001][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.727229][ T5941] usb 4-1: Product: syz [ 153.734077][ T5941] usb 4-1: Manufacturer: syz [ 153.738700][ T5941] usb 4-1: SerialNumber: syz [ 153.748010][ T5941] r8152-cfgselector 4-1: Unknown version 0x0000 [ 153.768399][ T5941] r8152-cfgselector 4-1: config 0 descriptor?? [ 153.831100][ T5885] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.842943][ T5885] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 154.005097][ T5885] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 154.015773][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.024075][ T5885] usb 2-1: Product: syz [ 154.304073][ T5885] usb 2-1: Manufacturer: syz [ 154.308723][ T5885] usb 2-1: SerialNumber: syz [ 154.377934][ T5941] r8152-cfgselector 4-1: USB disconnect, device number 15 [ 154.777148][ T5885] usb 2-1: 0:2 : does not exist [ 154.881728][ T5885] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 154.900008][ T6660] FAULT_INJECTION: forcing a failure. [ 154.900008][ T6660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.923476][ T6660] CPU: 0 UID: 0 PID: 6660 Comm: syz.2.194 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 154.923500][ T6660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.923511][ T6660] Call Trace: [ 154.923518][ T6660] [ 154.923526][ T6660] dump_stack_lvl+0x189/0x250 [ 154.923564][ T6660] ? __pfx____ratelimit+0x10/0x10 [ 154.923584][ T6660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.923602][ T6660] ? __pfx__printk+0x10/0x10 [ 154.923615][ T6660] ? __might_fault+0xb0/0x130 [ 154.923637][ T6660] should_fail_ex+0x414/0x560 [ 154.923656][ T6660] _copy_from_user+0x2d/0xb0 [ 154.923668][ T6660] ___sys_recvmsg+0x12e/0x510 [ 154.923687][ T6660] ? __pfx____sys_recvmsg+0x10/0x10 [ 154.923718][ T6660] ? __fget_files+0x3a0/0x420 [ 154.923742][ T6660] do_recvmmsg+0x307/0x770 [ 154.923763][ T6660] ? __pfx_do_recvmmsg+0x10/0x10 [ 154.923787][ T6660] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 154.923817][ T6660] __x64_sys_recvmmsg+0x190/0x240 [ 154.923835][ T6660] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 154.923849][ T6660] ? rcu_is_watching+0x15/0xb0 [ 154.923871][ T6660] ? do_syscall_64+0xbe/0x3b0 [ 154.923892][ T6660] do_syscall_64+0xfa/0x3b0 [ 154.923911][ T6660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.923923][ T6660] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 154.923935][ T6660] ? clear_bhb_loop+0x60/0xb0 [ 154.923949][ T6660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.923962][ T6660] RIP: 0033:0x7fe938d8e929 [ 154.923973][ T6660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.923989][ T6660] RSP: 002b:00007fe939c1d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 154.924003][ T6660] RAX: ffffffffffffffda RBX: 00007fe938fb5fa0 RCX: 00007fe938d8e929 [ 154.924012][ T6660] RDX: 0000000000000001 RSI: 0000200000002f80 RDI: 0000000000000005 [ 154.924020][ T6660] RBP: 00007fe939c1d090 R08: 0000000000000000 R09: 0000000000000000 [ 154.924027][ T6660] R10: 0000000000002041 R11: 0000000000000246 R12: 0000000000000001 [ 154.924035][ T6660] R13: 0000000000000000 R14: 00007fe938fb5fa0 R15: 00007fff29653ba8 [ 154.924053][ T6660] [ 155.311735][ T5885] usb 2-1: USB disconnect, device number 13 [ 156.118023][ T5826] Bluetooth: hci0: unknown advertising packet type: 0x70 [ 156.675769][ T6676] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 156.689391][ T6676] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 156.705650][ T6679] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[6679] [ 156.758559][ T6676] vhci_hcd vhci_hcd.0: Device attached [ 156.777016][ T6677] vhci_hcd: connection closed [ 156.919772][ T1156] vhci_hcd: stop threads [ 156.942016][ T1156] vhci_hcd: release socket [ 156.948201][ T1156] vhci_hcd: disconnect device [ 156.989953][ T5962] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 157.007541][ T5962] usb 37-1: enqueue for inactive port 0 [ 157.029423][ T6690] hub 8-0:1.0: USB hub found [ 157.036182][ T6690] hub 8-0:1.0: 1 port detected [ 157.225645][ T5962] vhci_hcd: vhci_device speed not set [ 160.783455][ T5823] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 161.019941][ T2152] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 161.235526][ T5823] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.269630][ T5823] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 161.284938][ T5823] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 161.303478][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.321868][ T5823] usb 4-1: Product: syz [ 161.326068][ T5823] usb 4-1: Manufacturer: syz [ 161.359769][ T5823] usb 4-1: SerialNumber: syz [ 161.502148][ T2152] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 161.511524][ T2152] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.530269][ T2152] usb 2-1: config 0 descriptor?? [ 161.541942][ T2152] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 161.594540][ T5823] usb 4-1: 0:2 : does not exist [ 161.631136][ T5823] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 161.876243][ T2152] gp8psk: usb in 128 operation failed. [ 161.879803][ T5823] usb 4-1: USB disconnect, device number 16 [ 161.936411][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 162.052597][ T6735] hub 8-0:1.0: USB hub found [ 162.063056][ T6735] hub 8-0:1.0: 1 port detected [ 162.466562][ T2152] gp8psk: FW Version = 106.237.228 (0x6aede4) Build 2130/20/147 [ 162.623761][ T2152] gp8psk: usb in 149 operation failed. [ 162.639472][ T2152] gp8psk: failed to get FPGA version [ 162.899210][ T2152] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 162.940047][ T5941] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 162.996954][ T2152] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 163.215896][ T2152] usb 2-1: USB disconnect, device number 14 [ 163.256351][ T5941] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02 [ 163.375025][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.511244][ T5941] usb 4-1: Product: syz [ 163.552711][ T5941] usb 4-1: Manufacturer: syz [ 163.604449][ T5941] usb 4-1: SerialNumber: syz [ 163.615473][ T5941] usb 4-1: config 0 descriptor?? [ 163.641396][ T5941] hso 4-1:0.0: Not our interface [ 163.843544][ T5941] usb 4-1: USB disconnect, device number 17 [ 165.566223][ T6773] Can't find a SQUASHFS superblock on nullb0 [ 166.559913][ T5962] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 167.735334][ T5962] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 167.774915][ T5962] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.828084][ T5962] usb 4-1: config 0 descriptor?? [ 167.838354][ T5962] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 168.200808][ T5962] gp8psk: usb in 128 operation failed. [ 168.874081][ T5962] gp8psk: FW Version = 106.237.228 (0x6aede4) Build 2130/20/147 [ 169.084627][ T5962] gp8psk: usb in 149 operation failed. [ 169.099934][ T5962] gp8psk: failed to get FPGA version [ 169.100337][ T5941] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 169.209779][ T44] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 169.270199][ T5941] usb 2-1: Using ep0 maxpacket: 16 [ 169.285994][ T5941] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 169.299726][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.307422][ T5962] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 169.307731][ T5941] usb 2-1: Product: syz [ 169.307749][ T5941] usb 2-1: Manufacturer: syz [ 169.326135][ T5962] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 169.369951][ T5941] usb 2-1: SerialNumber: syz [ 169.384572][ T5941] usb 2-1: config 0 descriptor?? [ 169.401427][ T44] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02 [ 169.420181][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.435546][ T44] usb 1-1: Product: syz [ 169.440000][ T44] usb 1-1: Manufacturer: syz [ 169.444666][ T44] usb 1-1: SerialNumber: syz [ 169.460701][ T44] usb 1-1: config 0 descriptor?? [ 169.505085][ T44] hso 1-1:0.0: Not our interface [ 169.522608][ T5962] usb 4-1: USB disconnect, device number 18 [ 169.673126][ T5823] usb 1-1: USB disconnect, device number 15 [ 169.831140][ T5941] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 169.873742][ T5941] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 169.909186][ T5941] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 169.928723][ T5941] usb 2-1: media controller created [ 169.956327][ T5941] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 170.525599][ T6801] dtv5100: wlen = 0, aborting. [ 170.531083][ T5941] zl10353_read_register: readreg error (reg=127, ret==0) [ 170.563342][ T5941] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 170.645385][ T5941] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 170.763119][ T5941] usb 2-1: USB disconnect, device number 15 [ 171.385816][ T5941] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 173.968732][ T6852] warning: `syz.1.251' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 174.229661][ T5941] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 174.239781][ T5885] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 174.304846][ T44] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 174.900405][ T5941] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 175.129038][ T44] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.210856][ T44] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 175.812239][ T44] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 175.864960][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 175.922365][ T44] usb 2-1: SerialNumber: syz [ 176.030291][ T5941] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 176.096058][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 176.157938][ T5941] usb 1-1: Product: syz [ 176.187421][ T5941] usb 1-1: Manufacturer: syz [ 176.216485][ T5941] usb 1-1: SerialNumber: syz [ 177.718865][ T44] usb 2-1: can't set config #1, error -71 [ 177.741813][ T5885] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 177.746935][ T5941] usb 1-1: config 0 descriptor?? [ 177.759789][ T5885] usb 5-1: can't read configurations, error -71 [ 177.784912][ T5941] usb 1-1: can't set config #0, error -71 [ 177.823547][ T5941] usb 1-1: USB disconnect, device number 16 [ 177.848283][ T44] usb 2-1: USB disconnect, device number 16 [ 179.019358][ T5826] Bluetooth: hci3: unknown advertising packet type: 0x70 [ 182.074007][ T6900] hub 8-0:1.0: USB hub found [ 182.086592][ T6900] hub 8-0:1.0: 1 port detected [ 185.020661][ T6922] tmpfs: Bad value for 'mpol' [ 185.679928][ T5941] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 185.752680][ T5960] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 185.941314][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.068476][ T5941] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 186.079758][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 186.128196][ T5941] usb 4-1: Product: syz [ 186.308914][ T5941] usb 4-1: Manufacturer: syz [ 186.319987][ T5960] usb 2-1: Using ep0 maxpacket: 16 [ 186.334699][ T5941] usb 4-1: SerialNumber: syz [ 187.223689][ T5941] usb 4-1: config 0 descriptor?? [ 187.284699][ T5960] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 187.294163][ T5960] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.302320][ T5960] usb 2-1: Product: syz [ 187.306495][ T5960] usb 2-1: Manufacturer: syz [ 187.311241][ T5960] usb 2-1: SerialNumber: syz [ 187.331115][ T5960] usb 2-1: config 0 descriptor?? [ 187.834467][ T5885] usb 4-1: USB disconnect, device number 19 [ 187.840708][ T5960] dvb_usb_dtv5100 2-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71 [ 187.869053][ T5960] usb 2-1: USB disconnect, device number 17 [ 191.249809][ T5941] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 191.431391][ T5941] usb 5-1: Using ep0 maxpacket: 16 [ 191.466025][ T5941] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 191.481271][ T6981] FAULT_INJECTION: forcing a failure. [ 191.481271][ T6981] name failslab, interval 1, probability 0, space 0, times 0 [ 191.494298][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.506023][ T5941] usb 5-1: Product: syz [ 191.509984][ T6981] CPU: 0 UID: 0 PID: 6981 Comm: syz.3.284 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 191.510010][ T6981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.510023][ T6981] Call Trace: [ 191.510032][ T6981] [ 191.510040][ T6981] dump_stack_lvl+0x189/0x250 [ 191.510089][ T6981] ? __pfx____ratelimit+0x10/0x10 [ 191.510120][ T6981] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.510149][ T6981] ? __pfx__printk+0x10/0x10 [ 191.510174][ T6981] ? __pfx___might_resched+0x10/0x10 [ 191.510203][ T6981] ? fs_reclaim_acquire+0x7d/0x100 [ 191.510237][ T6981] should_fail_ex+0x414/0x560 [ 191.510266][ T6981] should_failslab+0xa8/0x100 [ 191.510291][ T6981] __kmalloc_noprof+0xcb/0x4f0 [ 191.510312][ T6981] ? tomoyo_encode+0x28b/0x550 [ 191.510344][ T6981] tomoyo_encode+0x28b/0x550 [ 191.510381][ T6981] tomoyo_realpath_from_path+0x58d/0x5d0 [ 191.510425][ T6981] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 191.510458][ T6981] tomoyo_path_number_perm+0x1e8/0x5a0 [ 191.510487][ T6981] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 191.510529][ T6981] ? __lock_acquire+0xab9/0xd20 [ 191.510578][ T6981] ? __fget_files+0x2a/0x420 [ 191.510609][ T6981] ? __fget_files+0x2a/0x420 [ 191.510634][ T6981] ? __fget_files+0x3a0/0x420 [ 191.510660][ T6981] ? __fget_files+0x2a/0x420 [ 191.510690][ T6981] security_file_ioctl+0xcb/0x2d0 [ 191.510735][ T6981] __se_sys_ioctl+0x47/0x170 [ 191.510761][ T6981] do_syscall_64+0xfa/0x3b0 [ 191.510789][ T6981] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.510819][ T6981] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.510841][ T6981] ? clear_bhb_loop+0x60/0xb0 [ 191.510868][ T6981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.510907][ T6981] RIP: 0033:0x7fd14838e929 [ 191.510933][ T6981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.510953][ T6981] RSP: 002b:00007fd1491a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 191.510982][ T6981] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838e929 [ 191.510999][ T6981] RDX: 0000200000000040 RSI: 0000000000000001 RDI: 0000000000000005 [ 191.511013][ T6981] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 191.511027][ T6981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.511040][ T6981] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 191.511077][ T6981] [ 191.511101][ T6981] ERROR: Out of memory at tomoyo_realpath_from_path. [ 191.522351][ T5941] usb 5-1: Manufacturer: syz [ 191.522369][ T5941] usb 5-1: SerialNumber: syz [ 191.560793][ T5941] r8152-cfgselector 5-1: Unknown version 0x0000 [ 191.578049][ T6981] program syz.3.284 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 191.617981][ T5941] r8152-cfgselector 5-1: config 0 descriptor?? [ 191.849799][ T44] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 192.382574][ T44] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.398333][ T44] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 192.407725][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 192.435083][ T44] usb 3-1: Product: syz [ 192.439450][ T44] usb 3-1: Manufacturer: syz [ 192.446594][ T44] usb 3-1: SerialNumber: syz [ 192.478749][ T44] usb 3-1: config 0 descriptor?? [ 192.530022][ T5885] r8152-cfgselector 5-1: USB disconnect, device number 15 [ 194.310232][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.316646][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.888549][ T5885] usb 3-1: USB disconnect, device number 7 [ 196.473608][ T7018] rtc_cmos 00:00: Alarms can be up to one day in the future [ 197.912811][ T5941] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 198.250027][ T5941] usb 4-1: Using ep0 maxpacket: 16 [ 198.320150][ T44] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 198.398097][ T5941] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 198.747518][ T7044] Can't find a SQUASHFS superblock on nullb0 [ 198.920214][ T5941] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 170, changing to 11 [ 198.931905][ T5941] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 34661, setting to 1024 [ 198.943189][ T5941] usb 4-1: config 0 interface 0 has no altsetting 0 [ 198.952722][ T5941] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 198.961902][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.970025][ T5941] usb 4-1: Product: syz [ 198.974245][ T5941] usb 4-1: Manufacturer: syz [ 198.978917][ T5941] usb 4-1: SerialNumber: syz [ 198.986489][ T44] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 198.995665][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.004580][ T44] usb 3-1: Product: syz [ 199.009416][ T5941] usb 4-1: config 0 descriptor?? [ 199.026295][ T44] usb 3-1: Manufacturer: syz [ 199.031569][ T7028] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 199.183693][ T44] usb 3-1: SerialNumber: syz [ 199.203301][ T44] usb 3-1: config 0 descriptor?? [ 199.409021][ T7051] hub 8-0:1.0: USB hub found [ 199.416153][ T7051] hub 8-0:1.0: 1 port detected [ 200.174885][ T7028] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 200.221439][ T44] usb 3-1: USB disconnect, device number 8 [ 200.240298][ T5941] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input6 [ 200.470389][ T7028] tmpfs: Bad value for 'mpol' [ 200.480420][ T5941] usb 4-1: USB disconnect, device number 20 [ 200.905327][ T7061] kvm: pic: non byte write [ 201.342814][ T5832] Bluetooth: hci3: command 0x0406 tx timeout [ 201.348872][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 201.348909][ T5830] Bluetooth: hci1: command 0x0406 tx timeout [ 201.355620][ T5832] Bluetooth: hci0: command 0x0406 tx timeout [ 201.361686][ T5830] Bluetooth: hci2: command 0x0406 tx timeout [ 203.211147][ T5837] Bluetooth: hci3: unknown advertising packet type: 0x70 [ 203.598911][ T7090] syzkaller1: entered promiscuous mode [ 203.613947][ T7090] syzkaller1: entered allmulticast mode [ 203.623536][ T7090] FAULT_INJECTION: forcing a failure. [ 203.623536][ T7090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 203.639282][ T7090] CPU: 0 UID: 0 PID: 7090 Comm: syz.2.313 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 203.639306][ T7090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 203.639318][ T7090] Call Trace: [ 203.639326][ T7090] [ 203.639333][ T7090] dump_stack_lvl+0x189/0x250 [ 203.639364][ T7090] ? __pfx____ratelimit+0x10/0x10 [ 203.639390][ T7090] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.639417][ T7090] ? __pfx__printk+0x10/0x10 [ 203.639435][ T7090] ? __might_fault+0xb0/0x130 [ 203.639466][ T7090] should_fail_ex+0x414/0x560 [ 203.639493][ T7090] _copy_from_iter+0x1db/0x16f0 [ 203.639519][ T7090] ? __lock_acquire+0xab9/0xd20 [ 203.639551][ T7090] ? __pfx__copy_from_iter+0x10/0x10 [ 203.639591][ T7090] tun_get_user+0x4ce/0x3ce0 [ 203.639620][ T7090] ? __lock_acquire+0xab9/0xd20 [ 203.639653][ T7090] ? __might_fault+0xb0/0x130 [ 203.639680][ T7090] ? __pfx_tun_get_user+0x10/0x10 [ 203.639713][ T7090] ? __lock_acquire+0xab9/0xd20 [ 203.639741][ T7090] ? ref_tracker_alloc+0x318/0x460 [ 203.639762][ T7090] ? __lock_acquire+0xab9/0xd20 [ 203.639787][ T7090] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 203.639814][ T7090] ? tun_get+0x1c/0x2f0 [ 203.639844][ T7090] ? tun_get+0x1c/0x2f0 [ 203.639868][ T7090] ? tun_get+0x1c/0x2f0 [ 203.639897][ T7090] tun_chr_write_iter+0x113/0x200 [ 203.639925][ T7090] vfs_write+0x54b/0xa90 [ 203.639950][ T7090] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 203.639976][ T7090] ? __pfx_vfs_write+0x10/0x10 [ 203.640006][ T7090] ? __fget_files+0x2a/0x420 [ 203.640037][ T7090] ksys_write+0x145/0x250 [ 203.640060][ T7090] ? __pfx_ksys_write+0x10/0x10 [ 203.640078][ T7090] ? rcu_is_watching+0x15/0xb0 [ 203.640108][ T7090] ? do_syscall_64+0xbe/0x3b0 [ 203.640144][ T7090] do_syscall_64+0xfa/0x3b0 [ 203.640170][ T7090] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.640195][ T7090] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.640213][ T7090] ? clear_bhb_loop+0x60/0xb0 [ 203.640234][ T7090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.640252][ T7090] RIP: 0033:0x7fe938d8e929 [ 203.640267][ T7090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.640282][ T7090] RSP: 002b:00007fe939c1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 203.640301][ T7090] RAX: ffffffffffffffda RBX: 00007fe938fb5fa0 RCX: 00007fe938d8e929 [ 203.640314][ T7090] RDX: 0000000000000046 RSI: 0000200000000080 RDI: 0000000000000003 [ 203.640325][ T7090] RBP: 00007fe939c1d090 R08: 0000000000000000 R09: 0000000000000000 [ 203.640336][ T7090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.640347][ T7090] R13: 0000000000000000 R14: 00007fe938fb5fa0 R15: 00007fff29653ba8 [ 203.640373][ T7090] [ 203.908268][ C0] vkms_vblank_simulate: vblank timer overrun [ 204.079876][ T44] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 204.198776][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 204.305357][ T44] usb 2-1: no configurations [ 204.307759][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 204.395632][ T44] usb 2-1: can't read configurations, error -22 [ 204.395805][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 204.670549][ T44] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 204.881980][ T44] usb 2-1: no configurations [ 204.888791][ T44] usb 2-1: can't read configurations, error -22 [ 204.941473][ T44] usb usb2-port1: attempt power cycle [ 205.759805][ T44] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 205.833220][ T44] usb 2-1: no configurations [ 205.869845][ T44] usb 2-1: can't read configurations, error -22 [ 206.059882][ T44] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 206.257369][ T44] usb 2-1: no configurations [ 206.325105][ T44] usb 2-1: can't read configurations, error -22 [ 206.398753][ T44] usb usb2-port1: unable to enumerate USB device [ 207.080019][ T7098] infiniband syz0: set active [ 207.086349][ T9] dummy0 speed is unknown, defaulting to 1000 [ 207.093381][ T7098] infiniband syz0: added dummy0 [ 207.529625][ T7098] syz0: rxe_create_cq: returned err = -12 [ 207.537295][ T7098] infiniband syz0: Couldn't create ib_mad CQ [ 207.568012][ T7098] infiniband syz0: Couldn't open port 1 [ 207.828231][ T7098] RDS/IB: syz0: added [ 208.051096][ T7127] netlink: 'syz.2.326': attribute type 20 has an invalid length. [ 208.053944][ T7098] smc: adding ib device syz0 with port count 1 [ 208.085005][ T7098] smc: ib device syz0 port 1 has pnetid [ 208.093481][ T9] dummy0 speed is unknown, defaulting to 1000 [ 208.104223][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 208.127155][ T7133] mmap: syz.1.328 (7133) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 210.074720][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 210.289950][ T6136] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 210.460664][ T6136] usb 4-1: no configurations [ 210.478304][ T6136] usb 4-1: can't read configurations, error -22 [ 210.524169][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 210.619944][ T6136] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 210.639748][ T5941] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 210.783964][ T6136] usb 4-1: no configurations [ 210.788595][ T6136] usb 4-1: can't read configurations, error -22 [ 210.811321][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 210.830065][ T6136] usb usb4-port1: attempt power cycle [ 210.835530][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.855756][ T5941] usb 2-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 210.879716][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.898780][ T5941] usb 2-1: config 0 descriptor?? [ 210.923467][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 211.180019][ T6136] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 211.197026][ T7098] dummy0 speed is unknown, defaulting to 1000 [ 211.208238][ T6136] usb 4-1: no configurations [ 211.213898][ T6136] usb 4-1: can't read configurations, error -22 [ 211.345412][ T5941] logitech-hidpp-device 0003:046D:C262.0006: item fetching failed at offset 0/3 [ 211.355204][ T6136] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 211.364521][ T5941] logitech-hidpp-device 0003:046D:C262.0006: hidpp_probe:parse failed [ 211.373337][ T5941] logitech-hidpp-device 0003:046D:C262.0006: probe with driver logitech-hidpp-device failed with error -22 [ 211.391348][ T6136] usb 4-1: no configurations [ 211.396289][ T6136] usb 4-1: can't read configurations, error -22 [ 211.403168][ T6136] usb usb4-port1: unable to enumerate USB device [ 211.424387][ T7125] rdma_rxe: rxe_newlink: failed to add dummy0 [ 211.449935][ T7098] syz.4.317 (7098) used greatest stack depth: 18880 bytes left [ 211.563914][ T9] usb 2-1: USB disconnect, device number 22 [ 211.755112][ T7167] FAULT_INJECTION: forcing a failure. [ 211.755112][ T7167] name failslab, interval 1, probability 0, space 0, times 0 [ 211.775249][ T7167] CPU: 0 UID: 0 PID: 7167 Comm: syz.0.339 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 211.775273][ T7167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.775284][ T7167] Call Trace: [ 211.775291][ T7167] [ 211.775299][ T7167] dump_stack_lvl+0x189/0x250 [ 211.775330][ T7167] ? __pfx____ratelimit+0x10/0x10 [ 211.775357][ T7167] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.775383][ T7167] ? __pfx__printk+0x10/0x10 [ 211.775406][ T7167] ? __pfx___might_resched+0x10/0x10 [ 211.775437][ T7167] should_fail_ex+0x414/0x560 [ 211.775463][ T7167] should_failslab+0xa8/0x100 [ 211.775489][ T7167] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 211.775511][ T7167] ? __alloc_skb+0x112/0x2d0 [ 211.775534][ T7167] __alloc_skb+0x112/0x2d0 [ 211.775556][ T7167] netlink_sendmsg+0x5c6/0xb30 [ 211.775590][ T7167] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.775618][ T7167] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 211.775639][ T7167] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.775659][ T7167] __sock_sendmsg+0x219/0x270 [ 211.775688][ T7167] ____sys_sendmsg+0x505/0x830 [ 211.775715][ T7167] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.775745][ T7167] ? import_iovec+0x74/0xa0 [ 211.775764][ T7167] ___sys_sendmsg+0x21f/0x2a0 [ 211.775788][ T7167] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.775842][ T7167] ? __fget_files+0x2a/0x420 [ 211.775866][ T7167] ? __fget_files+0x3a0/0x420 [ 211.775899][ T7167] __x64_sys_sendmsg+0x19b/0x260 [ 211.775923][ T7167] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 211.775953][ T7167] ? __pfx_ksys_write+0x10/0x10 [ 211.775971][ T7167] ? rcu_is_watching+0x15/0xb0 [ 211.776001][ T7167] ? do_syscall_64+0xbe/0x3b0 [ 211.776051][ T7167] do_syscall_64+0xfa/0x3b0 [ 211.776079][ T7167] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.776107][ T7167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.776128][ T7167] ? clear_bhb_loop+0x60/0xb0 [ 211.776152][ T7167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.776172][ T7167] RIP: 0033:0x7fae6978e929 [ 211.776190][ T7167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.776207][ T7167] RSP: 002b:00007fae6a673038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.776228][ T7167] RAX: ffffffffffffffda RBX: 00007fae699b5fa0 RCX: 00007fae6978e929 [ 211.776243][ T7167] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 211.776256][ T7167] RBP: 00007fae6a673090 R08: 0000000000000000 R09: 0000000000000000 [ 211.776268][ T7167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.776280][ T7167] R13: 0000000000000000 R14: 00007fae699b5fa0 R15: 00007fffc8ade9e8 [ 211.776311][ T7167] [ 212.038439][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.203280][ T7170] netlink: 16 bytes leftover after parsing attributes in process `syz.0.340'. [ 212.228893][ T7170] netlink: 108 bytes leftover after parsing attributes in process `syz.0.340'. [ 212.300402][ T7170] netlink: 8 bytes leftover after parsing attributes in process `syz.0.340'. [ 213.689828][ T5837] Bluetooth: hci0: unknown advertising packet type: 0x70 [ 213.709051][ T7183] netlink: 2 bytes leftover after parsing attributes in process `syz.4.344'. [ 214.130803][ T7182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.344'. [ 215.174546][ T7199] rtc_cmos 00:00: Alarms can be up to one day in the future [ 215.599735][ T6136] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 216.520321][ T6136] usb 3-1: Using ep0 maxpacket: 32 [ 216.537636][ T6136] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.572399][ T6136] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.647784][ T6136] usb 3-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 216.670935][ T6136] usb 3-1: config 0 interface 0 has no altsetting 0 [ 216.677658][ T6136] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 216.702768][ T6136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.722920][ T6136] usb 3-1: config 0 descriptor?? [ 217.333441][ T6136] usbhid 3-1:0.0: can't add hid device: -71 [ 217.356320][ T6136] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 217.439648][ T6136] usb 3-1: USB disconnect, device number 9 [ 217.747561][ T7233] FAULT_INJECTION: forcing a failure. [ 217.747561][ T7233] name failslab, interval 1, probability 0, space 0, times 0 [ 217.773506][ T5941] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 217.806242][ T7233] CPU: 1 UID: 0 PID: 7233 Comm: syz.1.359 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 217.806271][ T7233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.806284][ T7233] Call Trace: [ 217.806292][ T7233] [ 217.806301][ T7233] dump_stack_lvl+0x189/0x250 [ 217.806337][ T7233] ? __pfx____ratelimit+0x10/0x10 [ 217.806368][ T7233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.806399][ T7233] ? __pfx__printk+0x10/0x10 [ 217.806427][ T7233] ? __pfx___might_resched+0x10/0x10 [ 217.806464][ T7233] should_fail_ex+0x414/0x560 [ 217.806494][ T7233] should_failslab+0xa8/0x100 [ 217.806524][ T7233] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 217.806551][ T7233] ? __alloc_skb+0x112/0x2d0 [ 217.806578][ T7233] __alloc_skb+0x112/0x2d0 [ 217.806604][ T7233] netlink_sendmsg+0x5c6/0xb30 [ 217.806638][ T7233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.806671][ T7233] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 217.806696][ T7233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.806721][ T7233] __sock_sendmsg+0x219/0x270 [ 217.806757][ T7233] ____sys_sendmsg+0x505/0x830 [ 217.806788][ T7233] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.806824][ T7233] ? import_iovec+0x74/0xa0 [ 217.806847][ T7233] ___sys_sendmsg+0x21f/0x2a0 [ 217.806875][ T7233] ? __pfx____sys_sendmsg+0x10/0x10 [ 217.806940][ T7233] ? __fget_files+0x2a/0x420 [ 217.806974][ T7233] ? __fget_files+0x3a0/0x420 [ 217.807020][ T7233] __x64_sys_sendmsg+0x19b/0x260 [ 217.807049][ T7233] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 217.807086][ T7233] ? __pfx_ksys_write+0x10/0x10 [ 217.807108][ T7233] ? rcu_is_watching+0x15/0xb0 [ 217.807145][ T7233] ? do_syscall_64+0xbe/0x3b0 [ 217.807180][ T7233] do_syscall_64+0xfa/0x3b0 [ 217.807220][ T7233] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.807258][ T7233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.807275][ T7233] ? clear_bhb_loop+0x60/0xb0 [ 217.807301][ T7233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.807318][ T7233] RIP: 0033:0x7f9455f8e929 [ 217.807334][ T7233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.807349][ T7233] RSP: 002b:00007f9456d2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.807369][ T7233] RAX: ffffffffffffffda RBX: 00007f94561b5fa0 RCX: 00007f9455f8e929 [ 217.807382][ T7233] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 217.807393][ T7233] RBP: 00007f9456d2b090 R08: 0000000000000000 R09: 0000000000000000 [ 217.807404][ T7233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.807414][ T7233] R13: 0000000000000000 R14: 00007f94561b5fa0 R15: 00007ffd6aa8c138 [ 217.807442][ T7233] [ 218.312859][ T5941] usb 1-1: no configurations [ 218.317562][ T5941] usb 1-1: can't read configurations, error -22 [ 218.506546][ T5941] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 219.055213][ T5941] usb 1-1: no configurations [ 219.070193][ T5941] usb 1-1: can't read configurations, error -22 [ 219.117742][ T5941] usb usb1-port1: attempt power cycle [ 219.240474][ T5962] usb 2-1: new low-speed USB device number 23 using dummy_hcd [ 219.434675][ T5962] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 219.457065][ T5962] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 219.476776][ T5962] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 219.509904][ T5941] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 219.517679][ T6136] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 219.547656][ T5962] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 219.630790][ T5941] usb 1-1: no configurations [ 219.635419][ T5941] usb 1-1: can't read configurations, error -22 [ 219.689887][ T5962] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 219.753420][ T5962] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 39, setting to 8 [ 219.792553][ T5962] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 219.811337][ T5941] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 219.839860][ T6136] usb 3-1: Using ep0 maxpacket: 32 [ 219.851205][ T5941] usb 1-1: no configurations [ 219.855838][ T5941] usb 1-1: can't read configurations, error -22 [ 219.866039][ T6136] usb 3-1: config 0 has an invalid interface number: 244 but max is 0 [ 219.874436][ T6136] usb 3-1: config 0 has no interface number 0 [ 219.880745][ T5941] usb usb1-port1: unable to enumerate USB device [ 219.890529][ T6136] usb 3-1: config 0 interface 244 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 219.945616][ T6136] usb 3-1: config 0 interface 244 has no altsetting 0 [ 219.962703][ T6136] usb 3-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c [ 219.987790][ T6136] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.024999][ T6136] usb 3-1: Product: syz [ 220.029558][ T6136] usb 3-1: Manufacturer: syz [ 220.063027][ T6136] usb 3-1: SerialNumber: syz [ 220.076328][ T5962] usb 2-1: string descriptor 0 read error: -22 [ 220.080914][ T6136] usb 3-1: config 0 descriptor?? [ 220.082822][ T5962] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 220.096851][ T5962] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.107759][ T5962] usb 2-1: config 0 descriptor?? [ 220.114828][ T7239] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 220.124299][ T5962] hub 2-1:0.0: bad descriptor, ignoring hub [ 220.128528][ T6136] snd_usb_toneport 3-1:0.244: Line 6 GuitarPort found [ 220.135484][ T5962] hub 2-1:0.0: probe with driver hub failed with error -5 [ 220.150461][ T5962] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input7 [ 220.471971][ T7241] FAULT_INJECTION: forcing a failure. [ 220.471971][ T7241] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.632085][ T7241] CPU: 0 UID: 0 PID: 7241 Comm: syz.2.362 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 220.632111][ T7241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.632122][ T7241] Call Trace: [ 220.632129][ T7241] [ 220.632138][ T7241] dump_stack_lvl+0x189/0x250 [ 220.632170][ T7241] ? __pfx____ratelimit+0x10/0x10 [ 220.632197][ T7241] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.632223][ T7241] ? __pfx__printk+0x10/0x10 [ 220.632253][ T7241] should_fail_ex+0x414/0x560 [ 220.632280][ T7241] _copy_to_user+0x31/0xb0 [ 220.632299][ T7241] simple_read_from_buffer+0xe1/0x170 [ 220.632327][ T7241] proc_fail_nth_read+0x1df/0x250 [ 220.632355][ T7241] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 220.632383][ T7241] ? rw_verify_area+0x258/0x650 [ 220.632402][ T7241] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 220.632429][ T7241] vfs_read+0x1fd/0x980 [ 220.632462][ T7241] ? __pfx___mutex_lock+0x10/0x10 [ 220.632491][ T7241] ? __pfx_vfs_read+0x10/0x10 [ 220.632513][ T7241] ? __fget_files+0x2a/0x420 [ 220.632541][ T7241] ? __fget_files+0x3a0/0x420 [ 220.632564][ T7241] ? __fget_files+0x2a/0x420 [ 220.632595][ T7241] ksys_read+0x145/0x250 [ 220.632619][ T7241] ? __pfx_ksys_read+0x10/0x10 [ 220.632636][ T7241] ? rcu_is_watching+0x15/0xb0 [ 220.632668][ T7241] ? do_syscall_64+0xbe/0x3b0 [ 220.632699][ T7241] do_syscall_64+0xfa/0x3b0 [ 220.632726][ T7241] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.632743][ T7241] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 220.632761][ T7241] ? clear_bhb_loop+0x60/0xb0 [ 220.632783][ T7241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.632801][ T7241] RIP: 0033:0x7fe938d8d33c [ 220.632818][ T7241] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 220.632833][ T7241] RSP: 002b:00007fe939c1d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 220.632852][ T7241] RAX: ffffffffffffffda RBX: 00007fe938fb5fa0 RCX: 00007fe938d8d33c [ 220.632864][ T7241] RDX: 000000000000000f RSI: 00007fe939c1d0a0 RDI: 0000000000000007 [ 220.632875][ T7241] RBP: 00007fe939c1d090 R08: 0000000000000000 R09: 0000000000000000 [ 220.632886][ T7241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.632896][ T7241] R13: 0000000000000000 R14: 00007fe938fb5fa0 R15: 00007fff29653ba8 [ 220.632924][ T7241] [ 220.871526][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.922985][ T7260] dummy0 speed is unknown, defaulting to 1000 [ 221.872698][ T6136] snd_usb_toneport 3-1:0.244: set_interface failed [ 221.882224][ T6136] snd_usb_toneport 3-1:0.244: Line 6 GuitarPort now disconnected [ 221.899540][ T6136] snd_usb_toneport 3-1:0.244: probe with driver snd_usb_toneport failed with error -71 [ 221.951918][ T6136] usb 3-1: USB disconnect, device number 10 [ 222.028706][ T30] audit: type=1326 audit(1750991708.939:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7269 comm="syz.0.368" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae6978e929 code=0x0 [ 222.059140][ T30] audit: type=1326 audit(1750991708.939:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7271 comm="syz.4.369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x0 [ 222.129261][ T7274] FAULT_INJECTION: forcing a failure. [ 222.129261][ T7274] name failslab, interval 1, probability 0, space 0, times 0 [ 222.142098][ T7274] CPU: 0 UID: 0 PID: 7274 Comm: syz.0.368 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 222.142122][ T7274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.142134][ T7274] Call Trace: [ 222.142141][ T7274] [ 222.142149][ T7274] dump_stack_lvl+0x189/0x250 [ 222.142181][ T7274] ? __pfx____ratelimit+0x10/0x10 [ 222.142208][ T7274] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.142235][ T7274] ? __pfx__printk+0x10/0x10 [ 222.142259][ T7274] ? __pfx___might_resched+0x10/0x10 [ 222.142290][ T7274] should_fail_ex+0x414/0x560 [ 222.142317][ T7274] should_failslab+0xa8/0x100 [ 222.142343][ T7274] kmem_cache_alloc_noprof+0x73/0x3c0 [ 222.142365][ T7274] ? getname_flags+0xb8/0x540 [ 222.142394][ T7274] getname_flags+0xb8/0x540 [ 222.142418][ T7274] ? security_capable+0x7e/0x2e0 [ 222.142448][ T7274] user_path_at+0x24/0x60 [ 222.142467][ T7274] __se_sys_pivot_root+0x17e/0xc20 [ 222.142493][ T7274] ? __fget_files+0x3a0/0x420 [ 222.142527][ T7274] ? __pfx___se_sys_pivot_root+0x10/0x10 [ 222.142552][ T7274] ? ksys_write+0x22a/0x250 [ 222.142574][ T7274] ? __pfx_ksys_write+0x10/0x10 [ 222.142599][ T7274] ? rcu_is_watching+0x15/0xb0 [ 222.142630][ T7274] ? do_syscall_64+0xbe/0x3b0 [ 222.142661][ T7274] do_syscall_64+0xfa/0x3b0 [ 222.142687][ T7274] ? lockdep_hardirqs_on+0x9c/0x150 [ 222.142712][ T7274] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.142731][ T7274] ? clear_bhb_loop+0x60/0xb0 [ 222.142754][ T7274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.142773][ T7274] RIP: 0033:0x7fae6978e929 [ 222.142789][ T7274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.142805][ T7274] RSP: 002b:00007fae6a652038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 222.142825][ T7274] RAX: ffffffffffffffda RBX: 00007fae699b6080 RCX: 00007fae6978e929 [ 222.142839][ T7274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 222.142850][ T7274] RBP: 00007fae6a652090 R08: 0000000000000000 R09: 0000000000000000 [ 222.142862][ T7274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.142873][ T7274] R13: 0000000000000001 R14: 00007fae699b6080 R15: 00007fffc8ade9e8 [ 222.142901][ T7274] [ 222.371647][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.380700][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 222.529705][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 222.536851][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.547357][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 222.560338][ T9] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 222.572915][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.584221][ T9] usb 4-1: config 0 descriptor?? [ 222.899833][ T44] usb 2-1: USB disconnect, device number 23 [ 223.696123][ T5960] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 223.766613][ T7296] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 223.872403][ T5960] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 223.900052][ T5960] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.939619][ T7294] SET target dimension over the limit! [ 223.952448][ T5960] usb 2-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 223.977996][ T5960] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.024139][ T5960] usb 2-1: config 0 descriptor?? [ 224.928611][ T5960] logitech-hidpp-device 0003:046D:C262.0007: item fetching failed at offset 0/3 [ 224.953324][ T5960] logitech-hidpp-device 0003:046D:C262.0007: hidpp_probe:parse failed [ 224.972810][ T9] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 224.990785][ T5960] logitech-hidpp-device 0003:046D:C262.0007: probe with driver logitech-hidpp-device failed with error -22 [ 225.005377][ T5962] usb 4-1: USB disconnect, device number 25 [ 225.114044][ T5960] usb 2-1: USB disconnect, device number 24 [ 225.170327][ T9] usb 5-1: no configurations [ 225.179809][ T9] usb 5-1: can't read configurations, error -22 [ 225.339764][ T9] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 226.287855][ T9] usb 5-1: no configurations [ 226.586228][ T9] usb 5-1: can't read configurations, error -22 [ 226.592970][ T9] usb usb5-port1: attempt power cycle [ 226.613853][ T7318] FAULT_INJECTION: forcing a failure. [ 226.613853][ T7318] name failslab, interval 1, probability 0, space 0, times 0 [ 226.633027][ T7318] CPU: 0 UID: 0 PID: 7318 Comm: syz.3.382 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 226.633053][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.633064][ T7318] Call Trace: [ 226.633072][ T7318] [ 226.633079][ T7318] dump_stack_lvl+0x189/0x250 [ 226.633113][ T7318] ? __pfx____ratelimit+0x10/0x10 [ 226.633140][ T7318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.633167][ T7318] ? __pfx__printk+0x10/0x10 [ 226.633194][ T7318] ? __pfx___might_resched+0x10/0x10 [ 226.633221][ T7318] ? fs_reclaim_acquire+0x7d/0x100 [ 226.633251][ T7318] should_fail_ex+0x414/0x560 [ 226.633278][ T7318] should_failslab+0xa8/0x100 [ 226.633303][ T7318] __kmalloc_noprof+0xcb/0x4f0 [ 226.633324][ T7318] ? tomoyo_encode+0x28b/0x550 [ 226.633355][ T7318] tomoyo_encode+0x28b/0x550 [ 226.633387][ T7318] tomoyo_realpath_from_path+0x58d/0x5d0 [ 226.633417][ T7318] ? tomoyo_domain+0xda/0x130 [ 226.633449][ T7318] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 226.633472][ T7318] tomoyo_path_number_perm+0x1e8/0x5a0 [ 226.633497][ T7318] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 226.633533][ T7318] ? __lock_acquire+0xab9/0xd20 [ 226.633576][ T7318] ? __fget_files+0x2a/0x420 [ 226.633604][ T7318] ? __fget_files+0x2a/0x420 [ 226.633627][ T7318] ? __fget_files+0x3a0/0x420 [ 226.633649][ T7318] ? __fget_files+0x2a/0x420 [ 226.633677][ T7318] security_file_ioctl+0xcb/0x2d0 [ 226.633703][ T7318] __se_sys_ioctl+0x47/0x170 [ 226.633726][ T7318] do_syscall_64+0xfa/0x3b0 [ 226.633752][ T7318] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.633778][ T7318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.633797][ T7318] ? clear_bhb_loop+0x60/0xb0 [ 226.633819][ T7318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.633837][ T7318] RIP: 0033:0x7fd14838e929 [ 226.633859][ T7318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.633875][ T7318] RSP: 002b:00007fd1491a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 226.633894][ T7318] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838e929 [ 226.633908][ T7318] RDX: 0000200000000040 RSI: 0000000000008b19 RDI: 0000000000000005 [ 226.633919][ T7318] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 226.633931][ T7318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.633941][ T7318] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 226.633970][ T7318] [ 226.633987][ T7318] ERROR: Out of memory at tomoyo_realpath_from_path. [ 227.159737][ T9] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 227.367643][ T7330] FAULT_INJECTION: forcing a failure. [ 227.367643][ T7330] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.380839][ T7330] CPU: 1 UID: 0 PID: 7330 Comm: syz.2.385 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 227.380863][ T7330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.380874][ T7330] Call Trace: [ 227.380882][ T7330] [ 227.380890][ T7330] dump_stack_lvl+0x189/0x250 [ 227.380921][ T7330] ? __pfx____ratelimit+0x10/0x10 [ 227.380948][ T7330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.380976][ T7330] ? __pfx__printk+0x10/0x10 [ 227.381006][ T7330] should_fail_ex+0x414/0x560 [ 227.381032][ T7330] strncpy_from_user+0x36/0x290 [ 227.381065][ T7330] getname_flags+0xf3/0x540 [ 227.381096][ T7330] __x64_sys_rmdir+0x3a/0x50 [ 227.381115][ T7330] do_syscall_64+0xfa/0x3b0 [ 227.381143][ T7330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.381160][ T7330] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 227.381178][ T7330] ? clear_bhb_loop+0x60/0xb0 [ 227.381200][ T7330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.381217][ T7330] RIP: 0033:0x7fe938d8e929 [ 227.381233][ T7330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.381249][ T7330] RSP: 002b:00007fe939bdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 227.381269][ T7330] RAX: ffffffffffffffda RBX: 00007fe938fb6160 RCX: 00007fe938d8e929 [ 227.381283][ T7330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380 [ 227.381294][ T7330] RBP: 00007fe939bdb090 R08: 0000000000000000 R09: 0000000000000000 [ 227.381305][ T7330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.381315][ T7330] R13: 0000000000000000 R14: 00007fe938fb6160 R15: 00007fff29653ba8 [ 227.381342][ T7330] [ 227.693106][ T9] usb 5-1: no configurations [ 227.713550][ T9] usb 5-1: can't read configurations, error -22 [ 227.784359][ T7328] mkiss: ax0: crc mode is auto. [ 227.850228][ T9] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 228.083228][ T9] usb 5-1: device not accepting address 19, error -71 [ 228.089808][ T6136] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 228.090745][ T9] usb usb5-port1: unable to enumerate USB device [ 228.339916][ T6136] usb 1-1: Using ep0 maxpacket: 16 [ 228.349095][ T6136] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 228.364991][ T6136] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.390776][ T6136] usb 1-1: Product: syz [ 228.399068][ T6136] usb 1-1: Manufacturer: syz [ 228.420969][ T6136] usb 1-1: SerialNumber: syz [ 228.472431][ T7350] rtc_cmos 00:00: Alarms can be up to one day in the future [ 229.263850][ T6136] r8152-cfgselector 1-1: Unknown version 0x0000 [ 229.272866][ T6136] r8152-cfgselector 1-1: config 0 descriptor?? [ 229.706613][ T9] r8152-cfgselector 1-1: USB disconnect, device number 21 [ 229.839923][ T6136] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 229.940466][ T7369] Can't find a SQUASHFS superblock on nullb0 [ 230.356503][ T44] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 230.531634][ T6136] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 230.675654][ T7373] FAULT_INJECTION: forcing a failure. [ 230.675654][ T7373] name failslab, interval 1, probability 0, space 0, times 0 [ 230.686300][ T6136] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 230.698305][ T7373] CPU: 0 UID: 0 PID: 7373 Comm: syz.3.400 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 230.698330][ T7373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.698342][ T7373] Call Trace: [ 230.698349][ T7373] [ 230.698357][ T7373] dump_stack_lvl+0x189/0x250 [ 230.698388][ T7373] ? __pfx____ratelimit+0x10/0x10 [ 230.698415][ T7373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.698439][ T7373] ? __pfx__printk+0x10/0x10 [ 230.698462][ T7373] ? __pfx___might_resched+0x10/0x10 [ 230.698487][ T7373] ? fs_reclaim_acquire+0x7d/0x100 [ 230.698517][ T7373] should_fail_ex+0x414/0x560 [ 230.698543][ T7373] ? xt_alloc_table_info+0x3b/0xa0 [ 230.698566][ T7373] should_failslab+0xa8/0x100 [ 230.698591][ T7373] __kvmalloc_node_noprof+0x161/0x5f0 [ 230.698614][ T7373] ? xt_alloc_table_info+0x3b/0xa0 [ 230.698640][ T7373] xt_alloc_table_info+0x3b/0xa0 [ 230.698664][ T7373] do_ipt_set_ctl+0x881/0xcd0 [ 230.698690][ T7373] ? rcu_is_watching+0x15/0xb0 [ 230.698725][ T7373] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 230.698762][ T7373] ? __pfx___mutex_lock+0x10/0x10 [ 230.698789][ T7373] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 230.698831][ T7373] nf_setsockopt+0x26c/0x290 [ 230.698855][ T7373] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 230.698904][ T7373] do_sock_setsockopt+0x25a/0x3e0 [ 230.698929][ T7373] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 230.698955][ T7373] ? __fget_files+0x2a/0x420 [ 230.698989][ T7373] __x64_sys_setsockopt+0x18b/0x220 [ 230.699018][ T7373] do_syscall_64+0xfa/0x3b0 [ 230.699046][ T7373] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.699073][ T7373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.699092][ T7373] ? clear_bhb_loop+0x60/0xb0 [ 230.699116][ T7373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.699134][ T7373] RIP: 0033:0x7fd14838e929 [ 230.699152][ T7373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.699169][ T7373] RSP: 002b:00007fd1491a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 230.699190][ T7373] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838e929 [ 230.699204][ T7373] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 230.699216][ T7373] RBP: 00007fd1491a0090 R08: 0000000000000310 R09: 0000000000000000 [ 230.699228][ T7373] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 230.699241][ T7373] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 230.699269][ T7373] [ 230.700846][ T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.957986][ T6136] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 230.977338][ T6136] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 230.990499][ T6136] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.009312][ T6136] usb 5-1: Product: syz [ 231.013697][ T44] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 231.023104][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 231.032939][ T6136] usb 5-1: Manufacturer: syz [ 231.037531][ T6136] usb 5-1: SerialNumber: syz [ 231.046941][ T44] usb 2-1: Product: syz [ 231.054119][ T44] usb 2-1: Manufacturer: syz [ 231.072930][ T44] usb 2-1: SerialNumber: syz [ 231.107229][ T44] usb 2-1: config 0 descriptor?? [ 231.309778][ T5933] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 231.374337][ T7386] tmpfs: Unknown parameter 'usrquota' [ 231.386745][ T6136] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 231.511593][ T7356] FAULT_INJECTION: forcing a failure. [ 231.511593][ T7356] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 231.720242][ T7356] CPU: 0 UID: 0 PID: 7356 Comm: syz.4.395 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 231.720267][ T7356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.720275][ T7356] Call Trace: [ 231.720280][ T7356] [ 231.720286][ T7356] dump_stack_lvl+0x189/0x250 [ 231.720309][ T7356] ? __pfx____ratelimit+0x10/0x10 [ 231.720327][ T7356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.720346][ T7356] ? __pfx__printk+0x10/0x10 [ 231.720365][ T7356] should_fail_ex+0x414/0x560 [ 231.720384][ T7356] strncpy_from_user+0x36/0x290 [ 231.720401][ T7356] getname_flags+0xf3/0x540 [ 231.720422][ T7356] do_sys_openat2+0xbc/0x1c0 [ 231.720443][ T7356] ? __pfx_do_sys_openat2+0x10/0x10 [ 231.720467][ T7356] ? rcu_is_watching+0x15/0xb0 [ 231.720487][ T7356] __x64_sys_openat+0x138/0x170 [ 231.720510][ T7356] do_syscall_64+0xfa/0x3b0 [ 231.720529][ T7356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.720542][ T7356] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 231.720554][ T7356] ? clear_bhb_loop+0x60/0xb0 [ 231.720569][ T7356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.720581][ T7356] RIP: 0033:0x7efce5b8d290 [ 231.720593][ T7356] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 231.720609][ T7356] RSP: 002b:00007efce69d8b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 231.720623][ T7356] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007efce5b8d290 [ 231.720632][ T7356] RDX: 0000000000000002 RSI: 00007efce69d8c10 RDI: 00000000ffffff9c [ 231.720641][ T7356] RBP: 00007efce69d8c10 R08: 0000000000000000 R09: 00007efce69d8987 [ 231.720649][ T7356] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 231.720657][ T7356] R13: 0000000000000000 R14: 00007efce5db5fa0 R15: 00007fff2b77dab8 [ 231.720676][ T7356] [ 231.913090][ T5962] usb 5-1: USB disconnect, device number 20 [ 231.922213][ T5962] usblp0: removed [ 231.928970][ T5933] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 231.964099][ T5933] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 231.976486][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 231.995165][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 232.005179][ T5933] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 232.029315][ T5933] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 232.060206][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 232.064030][ T7392] FAULT_INJECTION: forcing a failure. [ 232.064030][ T7392] name failslab, interval 1, probability 0, space 0, times 0 [ 232.075123][ T5933] usb 1-1: Product: syz [ 232.084327][ T7392] CPU: 0 UID: 0 PID: 7392 Comm: syz.3.406 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 232.084356][ T7392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.084369][ T7392] Call Trace: [ 232.084378][ T7392] [ 232.084386][ T7392] dump_stack_lvl+0x189/0x250 [ 232.084423][ T7392] ? __pfx____ratelimit+0x10/0x10 [ 232.084454][ T7392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.084485][ T7392] ? __pfx__printk+0x10/0x10 [ 232.084511][ T7392] ? __pfx___might_resched+0x10/0x10 [ 232.084546][ T7392] should_fail_ex+0x414/0x560 [ 232.084575][ T7392] should_failslab+0xa8/0x100 [ 232.084603][ T7392] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 232.084630][ T7392] ? __alloc_skb+0x112/0x2d0 [ 232.084655][ T7392] __alloc_skb+0x112/0x2d0 [ 232.084681][ T7392] netlink_sendmsg+0x5c6/0xb30 [ 232.084715][ T7392] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.084749][ T7392] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 232.084774][ T7392] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.084797][ T7392] __sock_sendmsg+0x219/0x270 [ 232.084830][ T7392] ____sys_sendmsg+0x505/0x830 [ 232.084860][ T7392] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.084895][ T7392] ? import_iovec+0x74/0xa0 [ 232.084917][ T7392] ___sys_sendmsg+0x21f/0x2a0 [ 232.084944][ T7392] ? __pfx____sys_sendmsg+0x10/0x10 [ 232.085005][ T7392] ? __fget_files+0x2a/0x420 [ 232.085032][ T7392] ? __fget_files+0x3a0/0x420 [ 232.085070][ T7392] __x64_sys_sendmsg+0x19b/0x260 [ 232.085099][ T7392] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 232.085135][ T7392] ? __pfx_ksys_write+0x10/0x10 [ 232.085157][ T7392] ? rcu_is_watching+0x15/0xb0 [ 232.085193][ T7392] ? do_syscall_64+0xbe/0x3b0 [ 232.085226][ T7392] do_syscall_64+0xfa/0x3b0 [ 232.085255][ T7392] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.085283][ T7392] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.085304][ T7392] ? clear_bhb_loop+0x60/0xb0 [ 232.085336][ T7392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.085357][ T7392] RIP: 0033:0x7fd14838e929 [ 232.085375][ T7392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.085393][ T7392] RSP: 002b:00007fd1491a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.085415][ T7392] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838e929 [ 232.085431][ T7392] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 232.085444][ T7392] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 232.085457][ T7392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.085469][ T7392] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 232.085501][ T7392] [ 232.430261][ T5933] usb 1-1: Manufacturer: syz [ 232.439513][ T5933] usb 1-1: SerialNumber: syz [ 232.461589][ T5933] usb 1-1: config 0 descriptor?? [ 232.511083][ T7394] xt_CONNSECMARK: invalid mode: 0 [ 232.521378][ T30] audit: type=1326 audit(1750991719.429:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.581263][ T30] audit: type=1326 audit(1750991719.429:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.658858][ T30] audit: type=1326 audit(1750991719.439:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.688487][ T5933] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 232.703155][ T30] audit: type=1326 audit(1750991719.439:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.730166][ T30] audit: type=1326 audit(1750991719.439:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.755783][ T30] audit: type=1326 audit(1750991719.439:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.790378][ T30] audit: type=1326 audit(1750991719.439:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.819228][ T30] audit: type=1326 audit(1750991719.439:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.846729][ T30] audit: type=1326 audit(1750991719.459:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.872141][ T30] audit: type=1326 audit(1750991719.459:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7397 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efce5b8e929 code=0x7ffc0000 [ 232.877392][ T5933] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 233.014616][ T7405] rtc_cmos 00:00: Alarms can be up to one day in the future [ 233.067456][ T5933] radio-si470x 1-1:0.0: software version 0, hardware version 0 [ 233.123619][ T5933] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 233.255342][ T5933] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 233.357753][ T6136] usb 2-1: USB disconnect, device number 25 [ 233.435602][ T5933] radio-si470x 1-1:0.0: submitting int urb failed (-90) [ 234.032203][ T5933] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 234.042824][ T5933] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22 [ 234.094243][ T5933] usb 1-1: USB disconnect, device number 22 [ 235.524354][ T7439] netlink: 12 bytes leftover after parsing attributes in process `syz.1.420'. [ 235.556193][ T7439] FAULT_INJECTION: forcing a failure. [ 235.556193][ T7439] name failslab, interval 1, probability 0, space 0, times 0 [ 235.576094][ T7439] CPU: 1 UID: 0 PID: 7439 Comm: syz.1.420 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 235.576123][ T7439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.576137][ T7439] Call Trace: [ 235.576145][ T7439] [ 235.576155][ T7439] dump_stack_lvl+0x189/0x250 [ 235.576191][ T7439] ? __pfx____ratelimit+0x10/0x10 [ 235.576223][ T7439] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.576255][ T7439] ? __pfx__printk+0x10/0x10 [ 235.576283][ T7439] ? __pfx___might_resched+0x10/0x10 [ 235.576320][ T7439] should_fail_ex+0x414/0x560 [ 235.576351][ T7439] should_failslab+0xa8/0x100 [ 235.576382][ T7439] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 235.576408][ T7439] ? __alloc_skb+0x112/0x2d0 [ 235.576436][ T7439] __alloc_skb+0x112/0x2d0 [ 235.576463][ T7439] netlink_sendmsg+0x5c6/0xb30 [ 235.576498][ T7439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.576532][ T7439] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 235.576557][ T7439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.576582][ T7439] __sock_sendmsg+0x219/0x270 [ 235.576617][ T7439] ____sys_sendmsg+0x505/0x830 [ 235.576649][ T7439] ? __pfx_____sys_sendmsg+0x10/0x10 [ 235.576686][ T7439] ? import_iovec+0x74/0xa0 [ 235.576709][ T7439] ___sys_sendmsg+0x21f/0x2a0 [ 235.576738][ T7439] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.576803][ T7439] ? __fget_files+0x2a/0x420 [ 235.576830][ T7439] ? __fget_files+0x3a0/0x420 [ 235.576871][ T7439] __x64_sys_sendmsg+0x19b/0x260 [ 235.576900][ T7439] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 235.576936][ T7439] ? __pfx_ksys_write+0x10/0x10 [ 235.576959][ T7439] ? rcu_is_watching+0x15/0xb0 [ 235.577004][ T7439] ? do_syscall_64+0xbe/0x3b0 [ 235.577040][ T7439] do_syscall_64+0xfa/0x3b0 [ 235.577070][ T7439] ? lockdep_hardirqs_on+0x9c/0x150 [ 235.577101][ T7439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.577123][ T7439] ? clear_bhb_loop+0x60/0xb0 [ 235.577161][ T7439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.577181][ T7439] RIP: 0033:0x7f9455f8e929 [ 235.577200][ T7439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.577218][ T7439] RSP: 002b:00007f9456d2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.577250][ T7439] RAX: ffffffffffffffda RBX: 00007f94561b5fa0 RCX: 00007f9455f8e929 [ 235.577263][ T7439] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 235.577275][ T7439] RBP: 00007f9456d2b090 R08: 0000000000000000 R09: 0000000000000000 [ 235.577286][ T7439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.577297][ T7439] R13: 0000000000000000 R14: 00007f94561b5fa0 R15: 00007ffd6aa8c138 [ 235.577325][ T7439] [ 235.945834][ T7445] netlink: 12 bytes leftover after parsing attributes in process `syz.3.421'. [ 236.105883][ T5823] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 236.301952][ T5823] usb 3-1: Using ep0 maxpacket: 32 [ 236.779907][ T5823] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 237.263410][ T5823] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 237.275080][ T5823] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 237.286654][ T5823] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 237.299873][ T5823] usb 3-1: config 0 interface 0 has no altsetting 0 [ 237.308952][ T5823] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 237.319344][ T5823] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 237.328442][ T5823] usb 3-1: Product: syz [ 237.333173][ T5823] usb 3-1: Manufacturer: syz [ 237.338055][ T5823] usb 3-1: SerialNumber: syz [ 237.350432][ T5823] usb 3-1: config 0 descriptor?? [ 237.359583][ T5823] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 237.373081][ T5823] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 237.427737][ T7468] dummy0 speed is unknown, defaulting to 1000 [ 237.616170][ T7441] netlink: 'syz.2.419': attribute type 1 has an invalid length. [ 237.625443][ T5941] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 237.644973][ T7441] netlink: 224 bytes leftover after parsing attributes in process `syz.2.419'. [ 237.750823][ T7476] Can't find a SQUASHFS superblock on nullb0 [ 237.901169][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.176166][ T5941] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 238.188807][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.208462][ T5941] usb 5-1: config 0 descriptor?? [ 238.274723][ T7480] FAULT_INJECTION: forcing a failure. [ 238.274723][ T7480] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.288337][ T7480] CPU: 0 UID: 0 PID: 7480 Comm: syz.3.432 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 238.288361][ T7480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.288372][ T7480] Call Trace: [ 238.288380][ T7480] [ 238.288387][ T7480] dump_stack_lvl+0x189/0x250 [ 238.288419][ T7480] ? __pfx____ratelimit+0x10/0x10 [ 238.288446][ T7480] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.288474][ T7480] ? __pfx__printk+0x10/0x10 [ 238.288492][ T7480] ? __might_fault+0xb0/0x130 [ 238.288525][ T7480] should_fail_ex+0x414/0x560 [ 238.288551][ T7480] _copy_from_iter+0x1db/0x16f0 [ 238.288586][ T7480] ? policy_nodemask+0x27c/0x720 [ 238.288609][ T7480] ? __pfx__copy_from_iter+0x10/0x10 [ 238.288641][ T7480] ? set_page_refcounted+0xa0/0x1e0 [ 238.288664][ T7480] ? page_copy_sane+0x4e/0x280 [ 238.288691][ T7480] copy_page_from_iter+0xdd/0x170 [ 238.288721][ T7480] tun_get_user+0x1c4d/0x3ce0 [ 238.288751][ T7480] ? tun_get_user+0x693/0x3ce0 [ 238.288792][ T7480] ? __pfx_tun_get_user+0x10/0x10 [ 238.288825][ T7480] ? __lock_acquire+0xab9/0xd20 [ 238.288854][ T7480] ? ref_tracker_alloc+0x318/0x460 [ 238.288876][ T7480] ? __lock_acquire+0xab9/0xd20 [ 238.288902][ T7480] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 238.288930][ T7480] ? tun_get+0x1c/0x2f0 [ 238.288968][ T7480] ? tun_get+0x1c/0x2f0 [ 238.288992][ T7480] ? tun_get+0x1c/0x2f0 [ 238.289022][ T7480] tun_chr_write_iter+0x113/0x200 [ 238.289051][ T7480] vfs_write+0x54b/0xa90 [ 238.289076][ T7480] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 238.289102][ T7480] ? __pfx_vfs_write+0x10/0x10 [ 238.289132][ T7480] ? __fget_files+0x2a/0x420 [ 238.289165][ T7480] ksys_write+0x145/0x250 [ 238.289188][ T7480] ? __pfx_ksys_write+0x10/0x10 [ 238.289206][ T7480] ? rcu_is_watching+0x15/0xb0 [ 238.289238][ T7480] ? do_syscall_64+0xbe/0x3b0 [ 238.289269][ T7480] do_syscall_64+0xfa/0x3b0 [ 238.289294][ T7480] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.289321][ T7480] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.289339][ T7480] ? clear_bhb_loop+0x60/0xb0 [ 238.289361][ T7480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.289378][ T7480] RIP: 0033:0x7fd14838d3df [ 238.289394][ T7480] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 238.289410][ T7480] RSP: 002b:00007fd1491a0000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 238.289431][ T7480] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838d3df [ 238.289445][ T7480] RDX: 0000000000000046 RSI: 0000200000000000 RDI: 00000000000000c8 [ 238.289456][ T7480] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 238.289468][ T7480] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001 [ 238.289479][ T7480] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 238.289507][ T7480] [ 238.623311][ T5941] usbhid 5-1:0.0: can't add hid device: -71 [ 238.629323][ T5941] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 238.742489][ T5941] usb 5-1: USB disconnect, device number 21 [ 238.773860][ T7485] FAULT_INJECTION: forcing a failure. [ 238.773860][ T7485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.787443][ T7485] CPU: 0 UID: 0 PID: 7485 Comm: syz.3.434 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 238.787467][ T7485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.787478][ T7485] Call Trace: [ 238.787486][ T7485] [ 238.787493][ T7485] dump_stack_lvl+0x189/0x250 [ 238.787525][ T7485] ? __pfx____ratelimit+0x10/0x10 [ 238.787552][ T7485] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.787579][ T7485] ? __pfx__printk+0x10/0x10 [ 238.787608][ T7485] should_fail_ex+0x414/0x560 [ 238.787635][ T7485] _copy_to_user+0x31/0xb0 [ 238.787655][ T7485] simple_read_from_buffer+0xe1/0x170 [ 238.787683][ T7485] proc_fail_nth_read+0x1df/0x250 [ 238.787713][ T7485] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 238.787742][ T7485] ? rw_verify_area+0x258/0x650 [ 238.787761][ T7485] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 238.787788][ T7485] vfs_read+0x1fd/0x980 [ 238.787813][ T7485] ? __pfx___mutex_lock+0x10/0x10 [ 238.787841][ T7485] ? __pfx_vfs_read+0x10/0x10 [ 238.787863][ T7485] ? __fget_files+0x2a/0x420 [ 238.787890][ T7485] ? __fget_files+0x3a0/0x420 [ 238.787912][ T7485] ? __fget_files+0x2a/0x420 [ 238.787949][ T7485] ksys_read+0x145/0x250 [ 238.787972][ T7485] ? __pfx_ksys_read+0x10/0x10 [ 238.787990][ T7485] ? rcu_is_watching+0x15/0xb0 [ 238.788022][ T7485] ? do_syscall_64+0xbe/0x3b0 [ 238.788053][ T7485] do_syscall_64+0xfa/0x3b0 [ 238.788078][ T7485] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.788104][ T7485] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.788121][ T7485] ? clear_bhb_loop+0x60/0xb0 [ 238.788144][ T7485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.788162][ T7485] RIP: 0033:0x7fd14838d33c [ 238.788177][ T7485] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 238.788194][ T7485] RSP: 002b:00007fd1491a0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 238.788213][ T7485] RAX: ffffffffffffffda RBX: 00007fd1485b5fa0 RCX: 00007fd14838d33c [ 238.788227][ T7485] RDX: 000000000000000f RSI: 00007fd1491a00a0 RDI: 000000000000000d [ 238.788238][ T7485] RBP: 00007fd1491a0090 R08: 0000000000000000 R09: 0000000000000000 [ 238.788249][ T7485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.788259][ T7485] R13: 0000000000000000 R14: 00007fd1485b5fa0 R15: 00007fff0816b978 [ 238.788288][ T7485] [ 239.033373][ T7478] ldusb 3-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 239.062199][ T6136] usb 3-1: USB disconnect, device number 11 [ 239.068169][ C1] ldusb 3-1:0.0: usb_submit_urb failed (-19) [ 239.094638][ T6136] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 239.481438][ T5941] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 239.670476][ T5941] usb 5-1: Using ep0 maxpacket: 16 [ 239.692954][ T5941] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.929723][ T5941] usb 5-1: config 0 interface 0 has no altsetting 0 [ 239.942045][ T5941] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 239.959816][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.981421][ T5941] usb 5-1: config 0 descriptor?? [ 240.423394][ T5941] mcp2221 0003:04D8:00DD.0008: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 240.484268][ T5823] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 240.626843][ C1] ================================================================== [ 240.634955][ C1] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0xfcd/0x1190 [ 240.642873][ C1] Read of size 1 at addr ffff88805926bfff by task syz.4.430/7472 [ 240.650610][ C1] [ 240.652956][ C1] CPU: 1 UID: 0 PID: 7472 Comm: syz.4.430 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 240.652984][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.652998][ C1] Call Trace: [ 240.653006][ C1] [ 240.653014][ C1] dump_stack_lvl+0x189/0x250 [ 240.653050][ C1] ? rcu_is_watching+0x15/0xb0 [ 240.653080][ C1] ? __kasan_check_byte+0x12/0x40 [ 240.653109][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.653139][ C1] ? rcu_is_watching+0x15/0xb0 [ 240.653169][ C1] ? lock_release+0x4b/0x3e0 [ 240.653196][ C1] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 240.653224][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 240.653245][ C1] ? __virt_addr_valid+0x4a5/0x5c0 [ 240.653266][ C1] print_report+0xd2/0x2b0 [ 240.653292][ C1] ? mcp2221_raw_event+0xfcd/0x1190 [ 240.653314][ C1] kasan_report+0x118/0x150 [ 240.653341][ C1] ? mcp2221_raw_event+0xfcd/0x1190 [ 240.653367][ C1] mcp2221_raw_event+0xfcd/0x1190 [ 240.653388][ C1] ? down_trylock+0x50/0xb0 [ 240.653408][ C1] hid_input_report+0x407/0x520 [ 240.653440][ C1] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 240.653463][ C1] hid_irq_in+0x47e/0x6d0 [ 240.653487][ C1] __usb_hcd_giveback_urb+0x417/0x690 [ 240.653510][ C1] ? usb_hcd_unlink_urb_from_ep+0x2c/0x110 [ 240.653533][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 240.653558][ C1] ? usb_hcd_giveback_urb+0x10e/0x420 [ 240.653579][ C1] dummy_timer+0x862/0x4550 [ 240.653628][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 240.653650][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 240.653670][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 240.653689][ C1] __hrtimer_run_queues+0x529/0xc60 [ 240.653736][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 240.653766][ C1] ? read_tsc+0x9/0x20 [ 240.653794][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 240.653827][ C1] handle_softirqs+0x286/0x870 [ 240.653858][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 240.653890][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 240.653921][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 240.653946][ C1] __irq_exit_rcu+0xca/0x1f0 [ 240.653975][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 240.654008][ C1] irq_exit_rcu+0x9/0x30 [ 240.654035][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 240.654063][ C1] [ 240.654070][ C1] [ 240.654078][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 240.654102][ C1] RIP: 0010:finish_task_switch+0x26b/0x950 [ 240.654129][ C1] Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 e9 27 05 00 00 4c 8b 75 d0 4c 89 e7 e8 ff 58 d0 09 e8 5a fe 35 00 fb 4c 8b 65 c0 <49> 8d bc 24 18 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 240.654148][ C1] RSP: 0018:ffffc90002eb7518 EFLAGS: 00000286 [ 240.654168][ C1] RAX: fc35966be402d600 RBX: 0000000000000000 RCX: fc35966be402d600 [ 240.654183][ C1] RDX: 0000000000000000 RSI: ffffffff8d96eaa2 RDI: ffffffff8be1b9c0 [ 240.654199][ C1] RBP: ffffc90002eb7570 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e [ 240.654215][ C1] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: ffff88807de88000 [ 240.654231][ C1] R13: dffffc0000000000 R14: ffff8880255b9e00 R15: ffff8880b873a9d8 [ 240.654256][ C1] ? finish_task_switch+0x266/0x950 [ 240.654285][ C1] __schedule+0x16aa/0x4cb0 [ 240.654320][ C1] ? preempt_schedule_common+0x83/0xd0 [ 240.654351][ C1] ? __pfx___schedule+0x10/0x10 [ 240.654379][ C1] ? register_lock_class+0x51/0x320 [ 240.654408][ C1] ? __lock_acquire+0xab9/0xd20 [ 240.654436][ C1] ? preempt_schedule+0xae/0xc0 [ 240.654463][ C1] preempt_schedule_common+0x83/0xd0 [ 240.654492][ C1] preempt_schedule+0xae/0xc0 [ 240.654518][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 240.654549][ C1] preempt_schedule_thunk+0x16/0x30 [ 240.654576][ C1] _raw_spin_unlock_irqrestore+0xfd/0x110 [ 240.654602][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 240.654633][ C1] dummy_queue+0x573/0x8e0 [ 240.654670][ C1] usb_ep_queue+0xed/0x390 [ 240.654700][ C1] raw_process_ep_io+0x599/0xbc0 [ 240.654732][ C1] ? __pfx_raw_process_ep_io+0x10/0x10 [ 240.654762][ C1] raw_ioctl+0x23d1/0x3c90 [ 240.654781][ C1] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 240.654807][ C1] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 240.654830][ C1] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 240.654854][ C1] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 240.654878][ C1] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 240.654901][ C1] ? smack_log+0xef/0x3f0 [ 240.654931][ C1] ? __pfx_raw_ioctl+0x10/0x10 [ 240.654949][ C1] ? __pfx_smack_log+0x10/0x10 [ 240.654979][ C1] ? smk_access+0x14c/0x4e0 [ 240.655012][ C1] ? smk_tskacc+0x2fc/0x370 [ 240.655032][ C1] ? smack_file_ioctl+0x24a/0x340 [ 240.655054][ C1] ? __pfx_smack_file_ioctl+0x10/0x10 [ 240.655079][ C1] ? __fget_files+0x2a/0x420 [ 240.655105][ C1] ? __fget_files+0x3a0/0x420 [ 240.655129][ C1] ? __fget_files+0x2a/0x420 [ 240.655156][ C1] ? bpf_lsm_file_ioctl+0x9/0x20 [ 240.655184][ C1] ? __pfx_raw_ioctl+0x10/0x10 [ 240.655200][ C1] __se_sys_ioctl+0xf9/0x170 [ 240.655221][ C1] do_syscall_64+0xfa/0x3b0 [ 240.655251][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.655271][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 240.655290][ C1] ? clear_bhb_loop+0x60/0xb0 [ 240.655313][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.655332][ C1] RIP: 0033:0x7efce5b8e52b [ 240.655348][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 240.655366][ C1] RSP: 002b:00007efce69d7f70 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.655385][ C1] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007efce5b8e52b [ 240.655399][ C1] RDX: 00007efce69d7ff0 RSI: 0000000040085507 RDI: 0000000000000003 [ 240.655414][ C1] RBP: 0000000000000003 R08: 00007efce5ee0320 R09: 0000000000000000 [ 240.655427][ C1] R10: 0000000000000003 R11: 0000000000000246 R12: 0000200000000080 [ 240.655439][ C1] R13: 0000000000000000 R14: 00007efce5db5fa0 R15: 00007fff2b77dab8 [ 240.655461][ C1] [ 240.655468][ C1] [ 241.240036][ C1] Allocated by task 23: [ 241.244184][ C1] kasan_save_track+0x3e/0x80 [ 241.248866][ C1] __kasan_slab_alloc+0x6c/0x80 [ 241.253720][ C1] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 241.259610][ C1] kmalloc_reserve+0xbd/0x290 [ 241.264291][ C1] __alloc_skb+0x142/0x2d0 [ 241.268705][ C1] skb_copy+0x188/0x800 [ 241.272861][ C1] mac80211_hwsim_tx_frame_no_nl+0xcd3/0x11c0 [ 241.278927][ C1] mac80211_hwsim_tx_frame+0x1b5/0x200 [ 241.284388][ C1] mac80211_hwsim_beacon_tx+0x3f0/0x860 [ 241.289941][ C1] __iterate_interfaces+0x2a8/0x590 [ 241.295139][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 241.302160][ C1] mac80211_hwsim_beacon+0xbb/0x1c0 [ 241.307352][ C1] __hrtimer_run_queues+0x529/0xc60 [ 241.312561][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 241.317682][ C1] handle_softirqs+0x286/0x870 [ 241.322446][ C1] run_ksoftirqd+0x9b/0x100 [ 241.326950][ C1] smpboot_thread_fn+0x53f/0xa60 [ 241.331914][ C1] kthread+0x70e/0x8a0 [ 241.335991][ C1] ret_from_fork+0x3fc/0x770 [ 241.340589][ C1] ret_from_fork_asm+0x1a/0x30 [ 241.345351][ C1] [ 241.347669][ C1] Freed by task 1108: [ 241.351640][ C1] kasan_save_track+0x3e/0x80 [ 241.356325][ C1] kasan_save_free_info+0x46/0x50 [ 241.361361][ C1] __kasan_slab_free+0x62/0x70 [ 241.366130][ C1] kmem_cache_free+0x18f/0x400 [ 241.370903][ C1] skb_release_data+0x62d/0x7c0 [ 241.375752][ C1] sk_skb_reason_drop+0x127/0x170 [ 241.380772][ C1] ieee80211_iface_work+0x997/0xfe0 [ 241.385975][ C1] cfg80211_wiphy_work+0x2df/0x460 [ 241.391083][ C1] process_scheduled_works+0xade/0x17b0 [ 241.396635][ C1] worker_thread+0x8a0/0xda0 [ 241.401240][ C1] kthread+0x70e/0x8a0 [ 241.405304][ C1] ret_from_fork+0x3fc/0x770 [ 241.409902][ C1] ret_from_fork_asm+0x1a/0x30 [ 241.414682][ C1] [ 241.417004][ C1] The buggy address belongs to the object at ffff88805926ba80 [ 241.417004][ C1] which belongs to the cache skbuff_small_head of size 704 [ 241.431582][ C1] The buggy address is located 703 bytes to the right of [ 241.431582][ C1] allocated 704-byte region [ffff88805926ba80, ffff88805926bd40) [ 241.446246][ C1] [ 241.448569][ C1] The buggy address belongs to the physical page: [ 241.454972][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059268d00 pfn:0x59268 [ 241.465041][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 241.473556][ C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 241.482069][ C1] page_type: f5(slab) [ 241.486080][ C1] raw: 00fff00000000240 ffff88801eae9b40 ffffea00014bfd10 ffffea0001604310 [ 241.494672][ C1] raw: ffff888059268d00 0000000000130003 00000000f5000000 0000000000000000 [ 241.503255][ C1] head: 00fff00000000240 ffff88801eae9b40 ffffea00014bfd10 ffffea0001604310 [ 241.511924][ C1] head: ffff888059268d00 0000000000130003 00000000f5000000 0000000000000000 [ 241.520592][ C1] head: 00fff00000000002 ffffea0001649a01 00000000ffffffff 00000000ffffffff [ 241.529262][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 241.537927][ C1] page dumped because: kasan: bad access detected [ 241.544338][ C1] page_owner tracks the page as allocated [ 241.550052][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (syz-executor), ts 124313584089, free_ts 94804498313 [ 241.570896][ C1] post_alloc_hook+0x240/0x2a0 [ 241.575680][ C1] get_page_from_freelist+0x21d5/0x22b0 [ 241.581237][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 241.587058][ C1] alloc_pages_mpol+0x232/0x4a0 [ 241.591920][ C1] allocate_slab+0x8a/0x3b0 [ 241.596435][ C1] ___slab_alloc+0xbfc/0x1480 [ 241.601124][ C1] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 241.607022][ C1] kmalloc_reserve+0xbd/0x290 [ 241.611707][ C1] __alloc_skb+0x142/0x2d0 [ 241.616138][ C1] tcp_stream_alloc_skb+0x3d/0x340 [ 241.621275][ C1] tcp_write_xmit+0xeec/0x67f0 [ 241.626046][ C1] __tcp_push_pending_frames+0x97/0x360 [ 241.631623][ C1] tcp_rcv_established+0x101c/0x1de0 [ 241.636916][ C1] tcp_v4_do_rcv+0xa23/0xce0 [ 241.641519][ C1] __release_sock+0x21c/0x350 [ 241.646217][ C1] release_sock+0x5f/0x1f0 [ 241.650646][ C1] page last free pid 6047 tgid 6047 stack trace: [ 241.656998][ C1] __free_frozen_pages+0xc65/0xe60 [ 241.662128][ C1] __put_partials+0x161/0x1c0 [ 241.666812][ C1] put_cpu_partial+0x17c/0x250 [ 241.671593][ C1] __slab_free+0x2f7/0x400 [ 241.676017][ C1] qlist_free_all+0x97/0x140 [ 241.680646][ C1] kasan_quarantine_reduce+0x148/0x160 [ 241.686111][ C1] __kasan_slab_alloc+0x22/0x80 [ 241.690973][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 241.696434][ C1] getname_flags+0xb8/0x540 [ 241.700951][ C1] do_sys_openat2+0xbc/0x1c0 [ 241.705546][ C1] __x64_sys_openat+0x138/0x170 [ 241.710399][ C1] do_syscall_64+0xfa/0x3b0 [ 241.714912][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.720807][ C1] [ 241.723128][ C1] Memory state around the buggy address: [ 241.728753][ C1] ffff88805926be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 241.736823][ C1] ffff88805926bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 241.744886][ C1] >ffff88805926bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 241.753290][ C1] ^ [ 241.761257][ C1] ffff88805926c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 241.769308][ C1] ffff88805926c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 241.777370][ C1] ================================================================== [ 241.785440][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 241.792640][ C1] CPU: 1 UID: 0 PID: 7472 Comm: syz.4.430 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 241.804524][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.814577][ C1] Call Trace: [ 241.817858][ C1] [ 241.820705][ C1] dump_stack_lvl+0x99/0x250 [ 241.825309][ C1] ? __asan_memcpy+0x40/0x70 [ 241.829906][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.835126][ C1] ? __pfx__printk+0x10/0x10 [ 241.839730][ C1] panic+0x2db/0x790 [ 241.843639][ C1] ? __pfx_panic+0x10/0x10 [ 241.848060][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 241.853502][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 241.859399][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 241.865733][ C1] ? mcp2221_raw_event+0xfcd/0x1190 [ 241.870935][ C1] check_panic_on_warn+0x89/0xb0 [ 241.875881][ C1] ? mcp2221_raw_event+0xfcd/0x1190 [ 241.881086][ C1] end_report+0x78/0x160 [ 241.885330][ C1] kasan_report+0x129/0x150 [ 241.889843][ C1] ? mcp2221_raw_event+0xfcd/0x1190 [ 241.895047][ C1] mcp2221_raw_event+0xfcd/0x1190 [ 241.900073][ C1] ? down_trylock+0x50/0xb0 [ 241.904579][ C1] hid_input_report+0x407/0x520 [ 241.909447][ C1] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 241.914909][ C1] hid_irq_in+0x47e/0x6d0 [ 241.919241][ C1] __usb_hcd_giveback_urb+0x417/0x690 [ 241.924619][ C1] ? usb_hcd_unlink_urb_from_ep+0x2c/0x110 [ 241.930434][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 241.936334][ C1] ? usb_hcd_giveback_urb+0x10e/0x420 [ 241.941722][ C1] dummy_timer+0x862/0x4550 [ 241.946265][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 241.951216][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 241.956157][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 241.961103][ C1] __hrtimer_run_queues+0x529/0xc60 [ 241.966318][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 241.972062][ C1] ? read_tsc+0x9/0x20 [ 241.976149][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 241.981288][ C1] handle_softirqs+0x286/0x870 [ 241.986082][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 241.990881][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 241.996180][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 242.001402][ C1] __irq_exit_rcu+0xca/0x1f0 [ 242.006009][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 242.011240][ C1] irq_exit_rcu+0x9/0x30 [ 242.015489][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 242.021129][ C1] [ 242.024060][ C1] [ 242.026999][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 242.032991][ C1] RIP: 0010:finish_task_switch+0x26b/0x950 [ 242.038798][ C1] Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 e9 27 05 00 00 4c 8b 75 d0 4c 89 e7 e8 ff 58 d0 09 e8 5a fe 35 00 fb 4c 8b 65 c0 <49> 8d bc 24 18 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 242.058405][ C1] RSP: 0018:ffffc90002eb7518 EFLAGS: 00000286 [ 242.064474][ C1] RAX: fc35966be402d600 RBX: 0000000000000000 RCX: fc35966be402d600 [ 242.072447][ C1] RDX: 0000000000000000 RSI: ffffffff8d96eaa2 RDI: ffffffff8be1b9c0 [ 242.080419][ C1] RBP: ffffc90002eb7570 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e [ 242.088388][ C1] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: ffff88807de88000 [ 242.096363][ C1] R13: dffffc0000000000 R14: ffff8880255b9e00 R15: ffff8880b873a9d8 [ 242.104353][ C1] ? finish_task_switch+0x266/0x950 [ 242.109571][ C1] __schedule+0x16aa/0x4cb0 [ 242.114092][ C1] ? preempt_schedule_common+0x83/0xd0 [ 242.119558][ C1] ? __pfx___schedule+0x10/0x10 [ 242.124417][ C1] ? register_lock_class+0x51/0x320 [ 242.129628][ C1] ? __lock_acquire+0xab9/0xd20 [ 242.134496][ C1] ? preempt_schedule+0xae/0xc0 [ 242.139353][ C1] preempt_schedule_common+0x83/0xd0 [ 242.144644][ C1] preempt_schedule+0xae/0xc0 [ 242.149332][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 242.154709][ C1] preempt_schedule_thunk+0x16/0x30 [ 242.159910][ C1] _raw_spin_unlock_irqrestore+0xfd/0x110 [ 242.165631][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 242.171967][ C1] dummy_queue+0x573/0x8e0 [ 242.176405][ C1] usb_ep_queue+0xed/0x390 [ 242.180839][ C1] raw_process_ep_io+0x599/0xbc0 [ 242.185777][ C1] ? __pfx_raw_process_ep_io+0x10/0x10 [ 242.191245][ C1] raw_ioctl+0x23d1/0x3c90 [ 242.195662][ C1] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.201300][ C1] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.206938][ C1] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 242.212579][ C1] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.218211][ C1] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 242.224188][ C1] ? smack_log+0xef/0x3f0 [ 242.228524][ C1] ? __pfx_raw_ioctl+0x10/0x10 [ 242.233288][ C1] ? __pfx_smack_log+0x10/0x10 [ 242.238061][ C1] ? smk_access+0x14c/0x4e0 [ 242.242583][ C1] ? smk_tskacc+0x2fc/0x370 [ 242.247090][ C1] ? smack_file_ioctl+0x24a/0x340 [ 242.252125][ C1] ? __pfx_smack_file_ioctl+0x10/0x10 [ 242.257500][ C1] ? __fget_files+0x2a/0x420 [ 242.262096][ C1] ? __fget_files+0x3a0/0x420 [ 242.266781][ C1] ? __fget_files+0x2a/0x420 [ 242.271387][ C1] ? bpf_lsm_file_ioctl+0x9/0x20 [ 242.276336][ C1] ? __pfx_raw_ioctl+0x10/0x10 [ 242.281102][ C1] __se_sys_ioctl+0xf9/0x170 [ 242.285694][ C1] do_syscall_64+0xfa/0x3b0 [ 242.290207][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.296290][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 242.301948][ C1] ? clear_bhb_loop+0x60/0xb0 [ 242.306636][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.312538][ C1] RIP: 0033:0x7efce5b8e52b [ 242.316964][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 242.336586][ C1] RSP: 002b:00007efce69d7f70 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.345015][ C1] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007efce5b8e52b [ 242.352989][ C1] RDX: 00007efce69d7ff0 RSI: 0000000040085507 RDI: 0000000000000003 [ 242.360962][ C1] RBP: 0000000000000003 R08: 00007efce5ee0320 R09: 0000000000000000 [ 242.368929][ C1] R10: 0000000000000003 R11: 0000000000000246 R12: 0000200000000080 [ 242.376901][ C1] R13: 0000000000000000 R14: 00007efce5db5fa0 R15: 00007fff2b77dab8 [ 242.384884][ C1] [ 242.388222][ C1] Kernel Offset: disabled [ 242.392552][ C1] Rebooting in 86400 seconds..