last executing test programs: 14.209235588s ago: executing program 3 (id=3299): socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000400)={0x0, 0x1c28, 0x2000, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180), &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000001000000000000000000000071120a000000000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001ac0)={r5, 0x10000, {0x0, 0x0, 0x0, 0x2eed, 0x7fff, 0x0, 0x0, 0x0, 0xc, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a6a4274f040000000001000010e200"}}) syz_usb_connect(0x0, 0x0, 0x0, 0x0) writev(r6, &(0x7f0000000300)=[{&(0x7f00000000c0)='\b\r4V', 0x7e00}], 0x1) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0), 0x4) sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="0293"], 0x9) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 13.702629241s ago: executing program 1 (id=3302): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffca1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setuid(0xee00) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000000100001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48) 12.478799241s ago: executing program 1 (id=3304): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xf51) readv(r1, &(0x7f0000000340)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000140)="2aa229111272ff", 0x7}, {&(0x7f0000000200)="3cc5c48b32b27a215ed6734667e778fd5e31bd2a645c1ad3521f8bb3347afdda1150f0871a3dc29260bd8c43222471588c75a894d31eb4e0a8b9439adf553dd6c343aa6a7cb47d37bfcc1b89ff13a3e68d9ec5751948ea50e29915258db6597fa5c3ed168fe9704d5ecced81fd9dc1400a7b749d9495e6e621", 0x79}], 0x2}, 0x24044014) ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, &(0x7f0000000000)={0xe0, "091ed0848879c487a3f2fa4e84179bbae06d9f5131d00991275cc5fc336653f5f346f34fff6d8028d7ecb5e35b575ea4cb321183a842d27706fe1a6ef6b22ba91378cef5d6f49fb4d0ee03367b801f5f6a22d6bd0dcd51a6dce6b84e00cb03183814df89cb8b17eb2c19daae9df59d3e9302f33366d0699b5eb2f84186d28e160a95d8faf1e111b93a4ac1188868ca89accee9644a1f269beabd7f26619d8fe5361d00ae446df137ca77e3bdd6c5992499f1340085e2e5fdd9d22fd74a56e8eb427ce672ace83f1db664625889021c63b821f0aeecb7a413ebf52e97925a9b6698cdd127d50006777d6ba08dafe44fea1b1e04abaa0a966ad498333c2279dae4d28516fa9c634f2b38ca37afb8a0b62f8f4eda550cd21fb0074f4ec63e5dabef019b853cf94226610ac475095fff695610b579ffcb7e28200f8053da47d119fb42be5ad433ed17ff46d0443de7492b464a6cb3d5e8d95137a332b980c0687694ac0bdeb3fad79db13a2d7bbe8cfd2930535d1edba9f14ee284628569d11c61d95c84a7a30fce7ab38bf2b207dee68c3c6bcc28fc906219342ae33ec162505e4ecd97ef11109ba646589c3868a5eea802e7191ce4e1b96e59d8ae69fbe6943cd09a64a8c16f0cbe69f43e351e6e3391d933b2d9943446faa9ff86de44000e9ccb1b9aa80857873ef86f0ed6e52151dc0da9a2aeb8349f2dae855faa4a2f7b3ee1"}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f}, 0x94) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r5) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r6, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 11.465077657s ago: executing program 1 (id=3307): r0 = socket$rxrpc(0x21, 0x2, 0x2) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$afs(&(0x7f0000000040)=@cell={0x25, '', 'syz0', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10, &(0x7f00000001c0)={[{@flock_write}, {@flock_strict}, {@flock_local}], [{@dont_hash}, {@dont_hash}, {@measure}, {@euid_eq={'euid', 0x3d, r1}}, {@uid_gt={'uid>', 0xffffffffffffffff}}, {@dont_hash}, {@smackfsdef={'smackfsdef', 0x3d, '/*,\'@+&/'}}]}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000280)={'\x00', 0xc, 0x48734e8d, 0x6, 0x0, 0x5, 0xffffffffffffffff}) ioprio_set$pid(0x5, r2, 0x4004) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000340)=0x1d, 0x8) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000480)={'gretap0\x00', &(0x7f0000000380)={'tunl0\x00', 0x0, 0x700, 0x20, 0x8b6, 0x0, {{0x2b, 0x4, 0x2, 0x9, 0xac, 0x65, 0x0, 0x0, 0x4, 0x0, @broadcast, @local, {[@timestamp_prespec={0x44, 0x34, 0x50, 0x3, 0x6, [{@dev={0xac, 0x14, 0x14, 0x24}, 0x8}, {@private=0xa010101, 0x7}, {@private=0xa010102, 0x3}, {@remote, 0x7}, {@private=0xa010101, 0x7}, {@multicast2, 0x4}]}, @timestamp={0x44, 0x8, 0xa8, 0x0, 0x4, [0xfffffffb]}, @noop, @lsrr={0x83, 0x1b, 0xdc, [@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @local, @multicast2, @empty]}, @generic={0x82, 0x10, "7e8dadd726c5e8064beb748b604c"}, @rr={0x7, 0x1f, 0x8c, [@rand_addr=0x64010102, @empty, @rand_addr=0x64010102, @loopback, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x2e}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0xc, 0x6, 0x1, 0xf, [{@dev={0xac, 0x14, 0x14, 0x1f}, 0x6}]}]}}}}}) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0x5, [@type_tag={0x2, 0x0, 0x0, 0x12, 0x5}, @fwd={0x1}, @volatile={0x9, 0x0, 0x0, 0x9, 0x4}, @func={0x5, 0x0, 0x0, 0xc, 0x5}, @typedef={0x0, 0x0, 0x0, 0x8, 0x2}, @union={0xf, 0x5, 0x0, 0x5, 0x1, 0x525, [{0xc, 0x1, 0xe73b}, {0xb, 0x4, 0x5}, {0x10, 0x4, 0x1}, {0xe, 0x5, 0x1}, {0x6, 0x2, 0x1}]}]}, {0x0, [0x61, 0x0, 0x61]}}, &(0x7f0000000580)=""/225, 0xa1, 0xe1, 0x1, 0xbb}, 0x28) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x6c, 0x4, [@enum64={0xc, 0x4, 0x0, 0x13, 0x1, 0xa, [{0x3, 0x5, 0x6}, {0xc, 0x40, 0xe}, {0x2, 0x0, 0x3}, {0xb, 0x7, 0x4}]}, @union={0x8, 0x3, 0x0, 0x5, 0x1, 0x7ff, [{0xf, 0x3, 0x3}, {0xc, 0x4, 0xffffff3c}, {0x3, 0x5, 0x7}]}]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000800)=""/57, 0x88, 0x39, 0x1, 0x1, 0x10000}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@bloom_filter={0x1e, 0x1, 0xffffffff, 0xc, 0xd3f75b59c3209563, 0x1, 0x5, '\x00', r4, r5, 0x1, 0x2, 0x5, 0x9, @value=r6}, 0x50) getsockname(r3, &(0x7f0000000880)=@nfc_llcp, &(0x7f0000000900)=0x80) quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000940)=@nbd={'/dev/nbd', 0x0}, r1, &(0x7f0000000980)={0x10000, 0x9, 0x1, 0x5}) socket$inet_mptcp(0x2, 0x1, 0x106) r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000009c0), 0x2, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r6, 0x6612) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000a00), 0x12000) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b40)={@ifindex=r4, 0x2, 0x1, 0x8, &(0x7f0000000a40)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000a80)=[0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000b00)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) r8 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000bc0)=@newlink={0xb4, 0x10, 0x10, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1, 0x91e}, [@IFLA_EXT_MASK={0x8, 0x1d, 0x1}, @IFLA_NET_NS_FD={0x8, 0x1c, r8}, @IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @multicast1}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e24}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e20}]}}}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x6af2}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x3b2}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe4bcbffe45434859}}, @IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_LIMIT={0x5, 0xb, 0x3}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}, @IFLA_TXQLEN={0x8, 0xd, 0x7}]}, 0xb4}, 0x1, 0x0, 0x0, 0x880}, 0x8000) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000d00)={{0x1, 0x1, 0x18, r7}, './file0\x00'}) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000d80)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000d40), 0x111, 0x9}}, 0x20) socket(0x2a, 0x4, 0x4) socket$nl_route(0x10, 0x3, 0x0) r10 = syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf6, 0x60, 0x2, [{{0x9, 0x4, 0x0, 0xdd, 0x1, 0x7, 0x1, 0x1, 0x6, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x6, 0x4, 0x1}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x1, 0x58, 0x6}}]}}}]}}]}}, &(0x7f0000001300)={0xa, &(0x7f0000000e00)={0xa, 0x6, 0x310, 0x5, 0x7, 0x7, 0x20}, 0xc3, &(0x7f0000000e40)={0x5, 0xf, 0xc3, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "aae3dac0ece8dacc655c6c94811f8356"}, @generic={0x53, 0x10, 0xb, "48aba3a19dcef23ab7182b3f9078d0fe117670ec4c40cf950adcc2a837707abb398f3126d9227b80463e988274a40c2c4051b47761e0d0f4aba93a1cac50c0df17434db831b68f89f5e40fbad5e0386a"}, @generic={0x57, 0x10, 0xa, "b4bdd2dfc6190b540e007932c7c0ad9a3389b7af116db7ed916c74224cde7b13a0b2dc638aaf9959204b1b74dfaf95fa117e5c49223c58309678af05eafbb94eccd3dead289596cfdbb4b199fe34ae7c025cf2de"}]}, 0x7, [{0xe, &(0x7f0000000f40)=@string={0xe, 0x3, "01bc71f30ffae5692b8a22ef"}}, {0x4, &(0x7f0000000f80)=@lang_id={0x4, 0x3, 0x280a}}, {0xc5, &(0x7f0000000fc0)=@string={0xc5, 0x3, "2bf4fb7b8f480b995adeda30bd8ab4aa837a8aec861faaba72832f1b20625cdca97598a2b1f05096daed1773cbbb2a820218bb1fdbe412ed2237d40afc1b66c445227d79c132b917d90962e3b7351424e2095ce53b4e91cd6df9d009af3f3f0f41d0ffb5d7e923e503d77f7b331dfe5f645953b16a0f0725e3416f362d8384b8631d81e1ebdec6db6d328451dea282ad9546b3f4ff27bbd988dc0a1ea19f2a54c34ab8df5e65a26a9bc7cc7e403ccdd6dc0d4dd4b5f7f79f758f8a82856d4cd3154333"}}, {0x64, &(0x7f00000010c0)=@string={0x64, 0x3, "cd4a00a9107f6a8f0a11aa8a104d035f36b392d50ca0985d3e4dfe5814ad24fb6176ecdbc78205efc141014b0e3ac76e181d15c7a52b280ac4020cec2aae056389c93c7e7daf24b4d67ff42bccf308c875f4d140d3326d3168f4067c3f83cad408e8"}}, {0x54, &(0x7f0000001140)=@string={0x54, 0x3, "259f388f2414699f239ec974d70ac7b8263f3b68e459f9f6b67060a2ab7e214a232b2ced9fcc59f0954d704fb749d4a2a6c5dda87d286f81fb13ef9c3a35e776f298e3d12881d3a5eb85a4fe62cc8eae3c57"}}, {0x4, &(0x7f00000011c0)=@lang_id={0x4, 0x3, 0x83e}}, {0xcd, &(0x7f0000001200)=@string={0xcd, 0x3, "f1499ddbcbaea2080e06ee3e0e39cd7e36b6dd28f27b7075e74c5ede338fa08bd799527a0beee0fae9ce267a8896d51d26d457fda51a5f4856234ce6562a9c04ccb6e03ff9e74e1dc8c0ed6ec8a66ae6ac6243f7c8b0201f94068f99ca22e397a08e4922ab091ee46c01bb2af4733e06b684ec55fa4ac69c5c748a03bd4c342506ae813bc7780686d7a2bfc88d39b4fde2e98799f28ed44ad190738815154520a68a4aefd91d68ebb6c0d95becab606bd7c30839e4e7594db59280064764fa147fa6d8c639ac363a21d210"}}]}) syz_usb_control_io$printer(r10, &(0x7f00000014c0)={0x14, &(0x7f0000001380)={0x20, 0xd, 0xd4, {0xd4, 0x8, "fb2fa74e29e8065f57504958326aaf8e2cb68672cc565549d3ce42586aca32c3f582609215d6984ad9be5a44f62f181383441b19c5539af73172e82b8c7faf71c750a7889999945d07a0537e44329a2dc55d0d85a7a301ba4afd21cae983fe63ab7bd9f5a5508a1ba479c4a2aad4b6f65e4f7f463bec0dc27ea0b13a4aa1d94c8f82d81930b321994b5db56547fa8fc085fb6b73abacebc1d55ee12e25e11a9097ddd9cd82032d91c820a3aaaa4940fab5ebaab4903107a9144c1cc90b4eb8e3b306fffd8cf906038299e5f55ba1c08c744c"}}, &(0x7f0000001480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x409}}}, &(0x7f0000001700)={0x34, &(0x7f0000001500)={0x40, 0x30, 0x8a, "8b8a3fd3a99a4f00a1bbceb67c1729464b04ef437038460dfcbfe97f6ed88a84c59252ee0b324a4cb60d64697123798ffd1a7491c0444fd471ed7a63349edafa173f7be80b5e666dd36a5562bff6379cdc8ebe8a14273f9ef025cf83e3e6c698e69dbd225d6087f7e56f45bf379f5fd16e3c3a23e548d1a7b3b39641b5fa47ba8e19f3522ecf4a4cbd28"}, &(0x7f00000015c0)={0x0, 0xa, 0x1, 0xb}, &(0x7f0000001600)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000001640)={0x20, 0x0, 0x28, {0x26, "0def3f40c8e417b7bc6586afb72888b0121a0eb88ff658a69d0ac04502c4252e1f6111d305c5"}}, &(0x7f0000001680)={0x20, 0x1, 0x1, 0x81}, &(0x7f00000016c0)={0x20, 0x0, 0x1, 0x7f}}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001a80)={r9, 0x20, &(0x7f0000001a40)={&(0x7f0000001940)=""/107, 0x6b, 0x0, &(0x7f00000019c0)=""/126, 0x7e}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0xb, 0x5, &(0x7f0000001740)=@raw=[@exit, @ldst={0x1, 0x2, 0x1, 0x9, 0x1, 0xffffffffffffffd4, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @alu={0x0, 0x1, 0x4, 0x2, 0x2, 0x0, 0x4}, @alu={0x4, 0x1, 0x8, 0x7, 0x8, 0x8, 0xffffffffffffffff}], &(0x7f0000001780)='GPL\x00', 0x3, 0xf0, &(0x7f00000017c0)=""/240, 0x41000, 0x48, '\x00', r4, @fallback=0x1e, r9, 0x8, &(0x7f00000018c0)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000001900)={0x3, 0x2, 0x2fa, 0x5}, 0x10, r11, r9, 0x2, &(0x7f0000001ac0), &(0x7f0000001b00)=[{0x1, 0x3, 0x1, 0x7}, {0x4, 0x1, 0x5, 0x4}], 0x10, 0x2}, 0x94) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r9, 0x84, 0x13, &(0x7f0000001d00), &(0x7f0000001d40)=0x8) 10.798884736s ago: executing program 3 (id=3311): syz_open_dev$char_usb(0xc, 0xb4, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @auto=[0x63, 0x61, 0x35, 0x34, 0x61, 0x33, 0x62, 0x39, 0x37, 0x37, 0x63, 0x32, 0x66, 0x33, 0x30, 0x36]}, &(0x7f0000000180)={0x0, "7b30d7d535587adbf7501098f11f85bd734987c89b347e2beee1d1c0a00f6d2371632c8b6c71168115742f6a560d92737db954604f75576465ec7cf356f7665e", 0x2c}, 0x48, r4) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) 10.347177526s ago: executing program 3 (id=3312): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x2d8, 0x30, 0x300, 0x71bd22, 0x25dfdbff, {}, [{0x4}, {0x2c0, 0x1, [@m_skbedit={0xa8, 0x19, 0x0, 0x0, {{0xc}, {0x64, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0xfffffffb, 0x7, 0x6, 0x9, 0x2}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x8, 0x1}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xf00}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x3ff}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0xe}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x29296dd2, 0x4, 0x0, 0x6, 0x200}}]}, {0x19, 0x6, "3af5af1e03f1f751b7000cab7f795367efefbf4bbb"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x4c, 0x10, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x6, 0x20000000, 0x6}, 0x32}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0x1c8, 0x19, 0x0, 0x0, {{0x9}, {0x4}, {0x199, 0x6, "f0b8bf92cf8611111a0ff27fcc8825ca405600cfd0f6876d2892df6b5723118bb7d9d86de0a2706031cc8c62f7d1baf9b04f3a9ed11665c75023f87c16ce970413ede5e5f6782d0d17be877ac54c09075ed841c7daeddf3395a210eab4335ed3bcb36fe1598dc94259da01363ad59d8dc384cb8fe469869c99849bd0d19e999b2e8f62d563a2dcea91347cdc754302a566d6d8b7de1368972acbf9cfbdc3db5b71ceed91d4e9613e9cbf5e1ca71f3bf3b25cdf1ce11e5843ff89da11b01cf0b27474847e4fd8e648244e0dc6b3b99b8089d418ec3d6d27aa68b96ef236cc10ce12fb9c2fcd2426620f308c5e7fdb41bd5c78d6dfc482d978b6e7840a4280feab0b46813e74f89578a8084202486b4337e82b2790e39812421153e3352d7c704aa7333c65f298e8ce3466ac49f56e77602fe7e2c4667cb28a496da043ce93e094503497cad7145b73985b54e461016f5ecd42496334b73898ef674afffd9832a3f8df083e77ae2d16badf65e8b3525f750d4d6dcecf662c953a556a6bc771a780d8140f4e2630c11db5031a598d9702144399cc27d1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040850) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0x4000000}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 9.898802715s ago: executing program 2 (id=3315): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) sendto$packet(r0, &(0x7f0000000240)="feeb99b6f78ea44054792ad7d0e93312f7f3", 0x12, 0x4048080, &(0x7f0000000140)={0x11, 0x15, r2, 0x1, 0x7}, 0x14) 9.7136689s ago: executing program 3 (id=3317): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) setrlimit(0x1, &(0x7f0000000040)={0x200, 0x6}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_emit_ethernet(0xd2, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6c46a295009c1100fe80000000000000000000000000003cff0200000000000000000000000000014e214e23"], 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc) open_by_handle_at(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000008100000008000000000000000400000000000000cef2ffffffffffff03000000ad5f53c3f6bd8b671967d69c1fb804b682b1c81e6193d8686a6f66bbb90a185bd4d3950f4a486a8daabdd2d03dd471e4aef8fe3c721154f30dd7496adfa582cfa3c4b86828c4cd9cccfe583d8233ca9c7711eda2a963ec5bd71b6c3057ffbebba39b00176510117e1208c3eb90c7e5219a74c6248a90cfe024783f7e34c598"], 0x4800) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) write$sequencer(r4, &(0x7f0000000280), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ptrace(0x10, 0x0) r5 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000100)='/sys/fs/smackfs/direct\x00', 0x2, 0x0) write$smackfs_cipsonum(r5, &(0x7f0000000240)=0xee, 0x14) ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0xc0045401, 0xfffffffffffffffe) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$SG_GET_VERSION_NUM(r7, 0x2282, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x42, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=@newtaction={0x14, 0x12, 0xbf68af9d17701211, 0x0, 0x0, {0x7}}, 0x14}}, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r3, &(0x7f0000000140)={0x1f, 0x7fd, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xc}, 0xe) 8.910710108s ago: executing program 1 (id=3319): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48020}, 0x20000840) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCGKEY(r4, 0x80404518, &(0x7f0000000680)=""/211) 8.812887796s ago: executing program 2 (id=3320): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000016001d"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) syz_genetlink_get_family_id$tipc(0x0, r0) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) unshare(0x2c020400) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x81, @loopback, 0x7}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x8, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='yeah\x00', 0x5) 8.811686609s ago: executing program 4 (id=3321): socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000400)={0x0, 0x1c28, 0x2000, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180), &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000001000000000000000000000071120a000000000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r6 = syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001ac0)={r5, 0x10000, {0x0, 0x0, 0x0, 0x2eed, 0x7fff, 0x0, 0x0, 0x0, 0xc, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a6a4274f040000000001000010e200"}}) syz_usb_connect(0x0, 0x0, 0x0, 0x0) writev(r6, &(0x7f0000000300)=[{&(0x7f00000000c0)='\b\r4V', 0x7e00}], 0x1) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0), 0x4) sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="0293"], 0x9) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 6.854389842s ago: executing program 3 (id=3322): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce010203010902"], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') chdir(&(0x7f0000000100)='./file1\x00') r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x766c618eb221465a) quotactl_fd$Q_SETINFO(r2, 0xffffffff80000602, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000002100010000000000000000000a00000000000000ce0000001400110062726964676530"], 0x38}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 6.276897795s ago: executing program 2 (id=3323): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = fsopen(&(0x7f00000000c0)='cramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYRESDEC=0x0, @ANYBLOB=',gro', @ANYRESDEC=0x0]) r4 = syz_open_dev$sndctrl(&(0x7f0000002340), 0x1ff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r4, 0x80045530, &(0x7f0000002380)=""/185) 5.691630112s ago: executing program 0 (id=3324): memfd_create(&(0x7f0000000200)='\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xfe\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xa8ddj\x03\xbd\x16\x93\xb9r\x04h\xaa\x1aT\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\xa3[\x00\xa9C%}C\xf4c\xba\xf9H\x98}<\x98m#\xf5\x9e\xd3\xea\x00\x00\x00\x00', 0x3) execveat(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x400) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) open(0x0, 0x143c62, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x4) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r5, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) sendmsg$inet(r5, &(0x7f00000013c0)={0x0, 0x0, 0x0}, 0x40) sendmsg$NL80211_CMD_DEL_PMKSA(r4, 0x0, 0x1) sendmsg$nl_generic(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400002b927cb190615e8103000000000d000000"], 0x14}}, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0xa50003d1) sendmmsg(r0, &(0x7f0000000bc0)=[{{&(0x7f0000000500)=@qipcrtr={0x2a, 0x4}, 0x12, 0x0}}], 0x1, 0x4000044) r6 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r6, &(0x7f00000055c0)=[{{&(0x7f0000001640)={0xa, 0xb, 0xfffffc01, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0xe}, 0x1c, 0x0}}, {{&(0x7f0000002980)={0xa, 0x4e21, 0x3, @dev={0xfe, 0x80, '\x00', 0x2f}, 0xffff}, 0x1c, 0x0, 0x0, &(0x7f0000000100)}}], 0x0, 0x4001c00) 5.606920324s ago: executing program 1 (id=3325): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x80020003) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fanotify_init(0x40, 0x400) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r1, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time={0xffff, 0xa5}, {}, {0x2}, @connect={{0x2, 0x3}, {0x3}}}, {0x0, 0x0, 0x0, 0x0, @time={0x2, 0x2}, {0x0, 0x8}, {}, @control}, {0x0, 0x0, 0x1, 0x0, @time, {}, {}, @connect={{}, {0x0, 0x5}}}], 0x68) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x107b82, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000700)={&(0x7f0000000600)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[0x0, 0x0], &(0x7f00000006c0)=[0x0], 0x3, 0x6, 0x2, 0x1}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 5.190950619s ago: executing program 2 (id=3326): unshare(0x22020600) r0 = fsopen(&(0x7f0000000000)='pipefs\x00', 0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x5949}, 0x10, 0x0) (async) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x5949}, 0x10, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() (async) r3 = getpid() r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001a001fff0200ff7f0000000080000080"], 0x24}}, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000500)={'hsr0\x00', &(0x7f00000004c0)=@ethtool_sfeatures={0x3b, 0x2, [{0x200, 0x4a39b33c}, {0x2, 0x9}]}}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) (async) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknod(0x0, 0x8001420, 0x1) (async) mknod(0x0, 0x8001420, 0x1) r8 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r8, 0x11, 0x67, &(0x7f0000000040)=0x401, 0x4) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r8, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980)}}], 0x1, 0x4001c00) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) (async) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r9}, 0x50) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r9}, 0x50) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x1908, r0}, 0x0) r10 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r10, 0x4008af60, &(0x7f0000000140)) 4.513002674s ago: executing program 0 (id=3327): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000400000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000100)=0x8000, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) ioctl$HIDIOCGRAWPHYS(r4, 0x4004480d, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$HIDIOCGRAWNAME(r4, 0x80404804, &(0x7f0000000040)) close_range(r5, 0xffffffffffffffff, 0x0) 4.342873454s ago: executing program 4 (id=3328): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32, @ANYBLOB="080005000600000008001780"], 0x2c}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 2.363867321s ago: executing program 3 (id=3329): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0xa, 0x8c) r1 = syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x25b}, &(0x7f0000ffe000), &(0x7f0000ffe000)) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x3, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) close(0xffffffffffffffff) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r4 = accept4$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local}, &(0x7f0000000100)=0x1c, 0x80800) setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000240)=0x9, 0x4) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x2, &(0x7f0000000180), 0xfe) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c008a3600001000050400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c000280050015000100000005000100040000000500160002000000"], 0x4c}}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='bic\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@window={0x3, 0x0, 0x4}, @window={0x3, 0x2, 0x1}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x2}, @sack_perm, @timestamp, @mss={0x2, 0x1}, @sack_perm], 0x8) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[], 0x40) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) socket(0x15, 0x5, 0x0) 2.326365895s ago: executing program 4 (id=3330): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="feeb99b6f78ea44054792ad7d0e93312f7f3", 0x12, 0x4048080, &(0x7f0000000140)={0x11, 0x15, r2, 0x1, 0x7}, 0x14) 2.022693618s ago: executing program 4 (id=3331): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = syz_io_uring_setup(0x3, &(0x7f00000002c0)={0x0, 0x89b8, 0x1, 0x0, 0x207}, 0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 2.000699842s ago: executing program 2 (id=3332): r0 = socket$nl_route(0x10, 0x3, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) (async) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000300)=ANY=[@ANYBLOB="0567f8000000000063110c0000000000851000000200000085000000df64f6e2120500000000000000000000009500a52dae7af4382666b378e0e9f4cc93d995ef8f54fa3ac3bd6c9884bd1135a5e7b5b4d8661c63a7b10b0e16f9a9022f64057c12f88736dfe1567cadd09b5ec5740806435bf7e556f72dee6c9b3e10d3a924092bb3509a57b1f63ca2d29f8a76b14b08000000f76b45bc981a4d99049d6d23bbf0fcbdf1dc0b9b44ff298d2260782f975bb22c036fdfe581b528d3b01b1f7e8889a8483b918c409405a7bd5893fa0af1579ec2e1bbb88f9492bb8069028381b2afbd6dd813c8121f537493302ff58a1f33b17c43"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) (async) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@delneigh={0x28, 0x1d, 0x1, 0x8a, 0x0, {0x7, 0x0, 0x0, r5, 0x8, 0x12}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x28}}, 0x10) (async) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000840)=@security={'security\x00', 0x4, 0x4, 0x448, 0xffffffff, 0x2a8, 0x1d0, 0x1d0, 0xffffffff, 0xffffffff, 0x378, 0x378, 0x378, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, [0x0, 0xff000000, 0xffffffff, 0xffffffff], [0xff000000, 0xff000000, 0xffffff00, 0xff], 'dvmrp0\x00', 'vlan0\x00', {0xff}, {}, 0x2f, 0xb, 0x3, 0x18}, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x2, 0x2, 'system_u:object_r:lib_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private1, @local, [], [0x0, 0xffffff00], 'geneve1\x00', 'macvlan0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a8) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d4"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94) (async) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) (async) munlockall() sendmsg$nl_route(r0, 0x0, 0x0) r7 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) (async) unshare(0x22020600) (async) r10 = socket$rds(0x15, 0x5, 0x0) bind$rds(r10, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) (async) setsockopt$RDS_CANCEL_SENT_TO(r10, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) (async) syz_io_uring_submit(r8, r9, &(0x7f0000000440)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x3}) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x3, &(0x7f0000000000)=@framed={{0xc3, 0xa, 0xa, 0xfe00, 0x40, 0x71, 0x10, 0x1a}}, &(0x7f0000000480)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x48}, 0x94) 1.935252012s ago: executing program 0 (id=3333): umount2(0x0, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f000840031b000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee40021146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93", 0xcb}], 0x1, 0x0, 0x0, 0x7400}, 0x0) chown(0x0, 0x0, 0xee01) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0xc0403d08, 0xffffffffffffffff) chdir(0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x403, 0xfffffffc, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x6}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 1.68587509s ago: executing program 4 (id=3334): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x803d, 0xffffffffffffffff, 0xde34b000) sendto$inet6(r0, &(0x7f0000000180), 0x0, 0x14, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r5, 0x3b88, &(0x7f00000000c0)={0xc, r6}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r5, 0x3b72, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000001c00000000000000d19b5e6efc"]) 1.684313759s ago: executing program 0 (id=3335): sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) syz_open_dev$MSR(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX], 0x28}, 0x1, 0x0, 0x0, 0x4008014}, 0x20000480) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000a80)={'syz1\x00', {0xfffd}, 0x4a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x2000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x185], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x9, 0x0, 0x3cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe654, 0x0, 0xae, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x4, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x4a9c, 0x4, 0x1, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ec2, 0x0, 0x80, 0x4]}, 0x45c) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x2) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) ioctl$TCFLSH(r2, 0x540b, 0x1) ioctl$UI_DEV_CREATE(r1, 0x5501) 867.670871ms ago: executing program 0 (id=3336): syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f686a8abfa41f297a165b9fcb4800230ed07af34727fe6c2cc6daf796cc38e8f03ee4fb786a92fabfbded442086d657dec598edb21ba428d4bb28ac974c38218bcf08ad3b4f6698ae05855769dbe5693eac83a223b76a5f452195795d3d485e5c0a18caf2315c3a21acb4bb661082b1c4fccfff8f0c52c353dedd3b9e575b800cfec557e43527228abf820e16411b45c77e99f308dcc5dcd1c3b8ddb828e6481c1fc6275c3e1ed4a1f0fe6d97db39cb3ad5b08400cc990ed5797e23fcd81ee76eed1caaf2ec709c18b014dfcfac7eb658f1c07a894dca1d8e23ebbc18c7b0acefacd915235a54637d13965681a6a527325d13b4a88a21505860873038bc6ca68e25bed80496e65b53a4817e7dba3cbe31eebb770ab04202486634b7210500238707cd664735c07e539e8ccb09ec82d7fad69c4f31113b4a01089a81d4a1787d69957a2dfcf371f0c357eba5a587f0d09d64588f3fade99726d786085b513e720fd1d889104e1d98bf4fe23d6bd8c408c44fc702880e6c53a733aaafec836a80b9e69d1432225dda63a755bde5103fbba7af46f81b3b0c3457d49e187c7fa53e9410d4ff7dd1c9a954d549b49197f350e8451e850279ba4690a4ff3fa4f91ebfa4dda7d2a60257d70c09ad6520387baf2cd734bf1f993565f7ccf80f29b1414e595de79ec03faf7afbeff3daf0034aeecfe41640366ae3c1d1b9437cb7580b9a94fe71a5ffe7be4f959cc5972e1672c5f5c5d252a63804d1a292aac2582b78ac73ea143095bc1283b210c66ecc5b5b9be4d6649920118d51429328f8a983a89f8f5d6ec383c89f07e91e0726ed40776d72d7499652a84f9d0bb086e9479a6d703907ee17345ed763ae817751515c744d428ac51fb10eba495f9a477809a4c1b447a94a3f6d1a092b109478ca36c3da494552d34f30d74a32958c53ec091e32ca8aaf5c814881d4bb3add2b07f362e9e4ea17b3f8b6e7310fcbea4ea6f2d9f5505b011011b75eb4dbf2455f665027abe2bb73dd37dff9c6aab6e9454bbd7bb887aef12f19f446bcbf257ada0e5144f708ccf350f07b861b813eb4cdab02d74b660d960c737f553f84b2d027da58f02345704583717199f693c913bfc2704cfde1b31270c43f17d51c82b672796fd6e1d09e34659d7e5fd9a1a69dcdde367c074b47beeb88f374740a64d9e9a99f4fabdbfca311174da518f868704e3fe259e6069330b04d2d3804a3428d2e04a483599f5ff47ff8c877601fcae33999575180fb540ff00c55728d0ee8eb6550658c7cbc8be4f87b50a9650a33aa164c6bae4044dfc080cf43a1c80e8a8132f973faefcf2ee23f9c2f3119fa93c0e5875832d4f8b6c2a1c347d480f15ead27ba7fb6e2ba9f2204982023b15b0f9df44ce9bba765c9598810593dd32a520ba72a5bfc375f36f4ea4a55017b1494c392568ef6828c18a1f2cec1442f705687695e42f62734ac2c1b0fed399ccf29b20fccd476afc72217182a73c970029c7679dffaebfc2ab9e8d18f5e757ccde87ac69b2bb0243b2e86d225dd2edad4919977bde1806bd6305eff22f2d63646c3a856a002aaea40d96e4811fe0cf5ad942e087c55551fdccc65835686320aa635ec50872f1c30cd8a732515b4dbfa132f905205f4b2ec64d1b9a9101ee2c3d0a110e40fd40d2c0b19f9a77b43f0b14e283ad1038de31cb21c2857d278933fd4bf106a7a93e16b28d71dfa73fa0695c77c0b1236e4cc7f17837be252d1011edf8ba626315e416b2963e96172b3294ec1f087672b0fc404edb79ca9b8e7a46f69b7a6f8b0488ec6c10f937632cc29bdb6f2c0ca86b978db6ca3cb9aa9b5f253fb5ba52e5b3738468236bd3ed26da1158e14881860f37f586b3b004ff7233a7427ece1c1365bb273aa1ce801c6d61b35a247c38917df23b9f12f7e764dabf9af18885e447a952de7796c3dd27e77325be816eb82ae9026ef5a855ddfb9aaf4a0bfc153f079c95337d2ee3c2ac36e5b4e8c5da765bf5d11edcf01ef11a3748d7ca0b1fd6f8882fbfd3423bd429c8592ec28a98bba845e7fe829ae2b11f5215ce819bf777ab45d73e9afe3cc76840b7d368161ee140efdec81ca1d5716c2ea5b255fabb5a4698864c8d427738837c45f1006cbf1f68bbedbfdf70e5b65b21b1934826c06d4d3da4f08e3ad376cec5aafb2f9eae9a06cab375ef5a44f30a563e5245077d84823b88d71912f458fe17d36e4b2a88260ad121af2e5a43a555ef61ffd242c09d5011b9be422c4c310a834f664c732930c1d329212aa9f063356c85130c965d919180e62afd193224d3792db6a069ff2bc8770bd6294a6884cbfb71301859a26b7572440ee12719e8753831bf73d353a33ea64c57df0bac0cc8938ea28370724439170824d1b55d415eed14f620d3a28bb5009edd12e9322df3573bbd9b0d0ff2cbd2e48c0c297f63c100116097c48c8f4cf0a7c4fb5156723fcb615236b6db175442b2db90c3e426cca9de56f55effdbb981c75c99a8dd084a619882fb216b000cb99eae616f0b5d7a8a2cc675cbd3e0a61b6f602250b040ae57f998471095563334e165f35139ec22aabf8ada15b890e2cf038a4f40d129760e39b166f58cfb4bfee7d4455ce06ad098745e0edac9434e4c61f889cbe6d7cf74da35f1b6d2b4455abf954223d1638ff808508228a3060d390e9ce539d2dcb032ae5d6c5abcd4df4bfb63f9851e45bb961cca2150eb386abd67dab2a12c096aa8df742e41ff7718f9dd77099d9bc87a2a46d8d6ffb903b23b429747c9acb21c0e88067eb6c7fa2507ef0673e6b65a15767cfa4ef9b52adbce41ea3461f77b0e705a2d5cbcf3841bd22414f3ef2402a915705a18113d370d35619fdbbfb4fe6e1581a8520525e863d931aaaed58d06d093905b0d83dd1345f4b8213954102abf8048be627d437f267d4a0a6e6f181891562b61be55f1e646120cfe17d8d2961ad86d1575856fff39791b90ccc6895495cc0f3a1e2604f5b729aec7452b133b9c822bbc74df480670f34cf0335d42b5ad6a7009c49050d97ef8c09eff8716dbb9ce5a5d67ffad2541860017bfe982c0e48390f987f470c7b600fb29be4d3a74251d85ef1cf1fe3b5a146bb9f6fee2369cba1f2be75782b14a422b0820fa00c1250f4d437f24914a94a8564fa079fe803b39c528707dd2906120d53020000b725596b68553f1653aad2fdd23114e4a7ca3402fcdf0b060323a683a03109ffbec9627c803da8a55665e156a335528f113eb730bb28c0480daf8f2b65483d0f3805e1c512b680d8698e63a80b45aa8c7e12ad0f0e072eefc806fde42455bc4d157e402a86218896d5638f8fdadb1fbffaf4fe92f526475612980f0c5a539a9cec3c63e4efa5b893611af45c8003650888dc5b958a18848cffe11e0636f40e3ade10da702b71a69e6941e506ec3f0297349867949246310909ff445005f68910308df1e44f7ef04efbcb6ade53086aeb80b0ca96b94c9e6353c77bc1ce575edd6a1ab76e000d2ca0bc80c09d76d2bf25d90c93d5fcf6c123a9e83a3354b798356aeb2e99721732d52b1ec6c84d79d6f1237186260e7e63f29cfe8050a8fd44d57b52582b45e1fe027792c07ef33a0ac686606dd009ef3839e179190aca20d01db1d2263898a6953feb5d2e8093a4b4a2b18f6cb06a0251d3862672814b5165213c65174fe5dad7673186293e336348fc77a6d545cc07355c07a8b9a98c95d76fa5dc4c19181578a6dc4f2b29b647ab6a09f6756994c8e389c7c165766f154468b380e1e67cb2edbc7f67b6bfad1de690c3f472908b11d1c502ca61b5e869cd2cf8e11e39eceb9d31fca090fd5dd15e1f5a8c4de58531df3fa96d655653a5b99ea449d3865e07401ecb63fb4ac4042c893841c2b70b4a133937ac0dca8d6f442de175f138ab7cf19477c2483caf524fc443b3243d31f15f3f518b2d7964314d7d34754ae417dd9d46a83e443cef18eb673f46f34aeaba592a171bb4710002da17d9d6554208fc384de22bff7e05d2bfb821656e78bfa084be46fe6b0f04a06c6bc80afbd406a918a57d582345b260360cec7168142ef0e0da8ad70ac9703d6206c6da23558374ad8bc1e8fe5cdede25e8ad5d0d0741d85e86566b7b9172f457e36feabb881f14a04d182b6971bb1aa1c37a608ff0eeaba1b6c37c4bdb15696afb0e031ef8b214a7a72892593c910829c820f773135f3441afc90cadeb50f76d4a5bbd713c8b3dc441599dcae659b9ad417affde5d9ee3933f00ea69323fd33e0b9a12b1ee29b2e97c7b1db3fa0a900678c6490a847fdd85fa93bb134e3239638052359774bc22405a0abb698081ce1dce2dfe0c0430b641f00d230013944df65581f6b5f458165b16aad8b92b44bf28b3236cac5239c91fe2351c5f53359d072aa34ffee18ff275afdc0dc7b889da928fdd4e300a52699cb5a4fea8cc42f636b15e449daef52df3586d4b55fd047b04e96734aa2c45bcad8f05dbf3c97daefcd6bad396a6aed71849e484eb0e3526970973db9b268b71e726748aacb5c2203cde2992af74cac612d33cecba7f3e5d66e2a2e449eb00e770af4fe13be6d16877cfa46c108c29d8db1efff5356433fc627741d12605056ec78c02bf143afc9e2161c15ce65a0f8c9f13a6b7a9164f256301ff0ca23dfffb77ec46ddd29b63d7bcfe5ae482f76f1c0e819b24b970209058bd0c"], 0x1004) setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f00000002c0)="1af30500", 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 655.518606ms ago: executing program 4 (id=3337): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x28801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$binfmt_register(0xffffffffffffffff, &(0x7f00000002c0)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x492, 0x3a, '', 0x3a, '/dev/kvm\x00', 0x3a, './file0'}, 0x30) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0xc73}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text32={0x20, &(0x7f0000000000)="0f0d06f3a7f30f09b9a00d00000f320f01c20f00dec4e181fb43c4650f7913360f792d0500000066baa000b874804431ef", 0x31}], 0x1, 0x53, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000040)=0x3) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000073118600000000008510000002000000850000007600000095000810000000009500a50500000000e2044545cfbd17576630"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x5, 0x80000000, 0x8], 0x0, 0x8340}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 654.778637ms ago: executing program 1 (id=3338): socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000400)={0x0, 0x1c28, 0x2000, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180), &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000001000000000000000000000071120a000000000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r6 = syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001ac0)={r5, 0x10000, {0x0, 0x0, 0x0, 0x2eed, 0x7fff, 0x0, 0x0, 0x0, 0xc, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a6a4274f040000000001000010e200"}}) syz_usb_connect(0x0, 0x0, 0x0, 0x0) writev(r6, &(0x7f0000000300)=[{&(0x7f00000000c0)='\b\r4V', 0x7e00}], 0x1) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0), 0x4) sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="0293"], 0x9) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) 610.728647ms ago: executing program 0 (id=3339): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x4, 0x800000, 0x0, 0x0, 0xfffffffe, 0x2}) 0s ago: executing program 2 (id=3340): syz_open_procfs(0x0, 0x0) rt_sigpending(0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x9, @loopback, 0x2}, 0x1c) close(0x3) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) prlimit64(0x0, 0xe, 0x0, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ire+0x7d/0x100 [ 967.576905][T21133] should_fail_ex+0x414/0x560 [ 967.576930][T21133] should_failslab+0xa8/0x100 [ 967.576953][T21133] __kmalloc_noprof+0xcb/0x4f0 [ 967.576973][T21133] ? tomoyo_encode+0x28b/0x550 [ 967.577000][T21133] tomoyo_encode+0x28b/0x550 [ 967.577028][T21133] tomoyo_realpath_from_path+0x58d/0x5d0 [ 967.577051][T21133] ? tomoyo_domain+0xda/0x130 [ 967.577079][T21133] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 967.577099][T21133] tomoyo_path_number_perm+0x1e8/0x5a0 [ 967.577122][T21133] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 967.577166][T21133] ? __lock_acquire+0xab9/0xd20 [ 967.577208][T21133] ? __fget_files+0x2a/0x420 [ 967.577233][T21133] ? __fget_files+0x2a/0x420 [ 967.577252][T21133] ? __fget_files+0x3a0/0x420 [ 967.577272][T21133] ? __fget_files+0x2a/0x420 [ 967.577297][T21133] security_file_ioctl+0xcb/0x2d0 [ 967.577320][T21133] __se_sys_ioctl+0x47/0x170 [ 967.577340][T21133] do_syscall_64+0xfa/0x3b0 [ 967.577362][T21133] ? lockdep_hardirqs_on+0x9c/0x150 [ 967.577385][T21133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.577402][T21133] ? clear_bhb_loop+0x60/0xb0 [ 967.577424][T21133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.577441][T21133] RIP: 0033:0x7f7c49d8e929 [ 967.577457][T21133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 967.577473][T21133] RSP: 002b:00007f7c4ac31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 967.577493][T21133] RAX: ffffffffffffffda RBX: 00007f7c49fb5fa0 RCX: 00007f7c49d8e929 [ 967.577506][T21133] RDX: 0000000000000000 RSI: 000000000000ff0a RDI: 0000000000000003 [ 967.577518][T21133] RBP: 00007f7c4ac31090 R08: 0000000000000000 R09: 0000000000000000 [ 967.577530][T21133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 967.577541][T21133] R13: 0000000000000000 R14: 00007f7c49fb5fa0 R15: 00007ffef52c84a8 [ 967.577571][T21133] [ 967.577592][T21133] ERROR: Out of memory at tomoyo_realpath_from_path. [ 967.832154][T21135] trusted_key: encrypted_key: insufficient parameters specified [ 967.910639][T21141] FAULT_INJECTION: forcing a failure. [ 967.910639][T21141] name failslab, interval 1, probability 0, space 0, times 0 [ 967.950015][T21141] CPU: 0 UID: 0 PID: 21141 Comm: syz.4.2714 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 967.950038][T21141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 967.950045][T21141] Call Trace: [ 967.950050][T21141] [ 967.950055][T21141] dump_stack_lvl+0x189/0x250 [ 967.950074][T21141] ? __pfx____ratelimit+0x10/0x10 [ 967.950091][T21141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 967.950105][T21141] ? __pfx__printk+0x10/0x10 [ 967.950116][T21141] ? __pfx___might_resched+0x10/0x10 [ 967.950130][T21141] ? fs_reclaim_acquire+0x7d/0x100 [ 967.950146][T21141] should_fail_ex+0x414/0x560 [ 967.950161][T21141] should_failslab+0xa8/0x100 [ 967.950174][T21141] __kmalloc_noprof+0xcb/0x4f0 [ 967.950186][T21141] ? iovec_from_user+0x87/0x250 [ 967.950202][T21141] iovec_from_user+0x87/0x250 [ 967.950219][T21141] __import_iovec+0x163/0x7f0 [ 967.950238][T21141] import_iovec+0x74/0xa0 [ 967.950255][T21141] ___sys_recvmsg+0x43a/0x510 [ 967.950270][T21141] ? __pfx____sys_recvmsg+0x10/0x10 [ 967.950295][T21141] ? __fget_files+0x3a0/0x420 [ 967.950314][T21141] do_recvmmsg+0x307/0x770 [ 967.950339][T21141] ? __pfx_do_recvmmsg+0x10/0x10 [ 967.950368][T21141] ? _copy_from_user+0x94/0xb0 [ 967.950390][T21141] __x64_sys_recvmmsg+0x1af/0x240 [ 967.950404][T21141] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 967.950415][T21141] ? rcu_is_watching+0x15/0xb0 [ 967.950432][T21141] ? do_syscall_64+0xbe/0x3b0 [ 967.950448][T21141] do_syscall_64+0xfa/0x3b0 [ 967.950461][T21141] ? lockdep_hardirqs_on+0x9c/0x150 [ 967.950474][T21141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.950484][T21141] ? clear_bhb_loop+0x60/0xb0 [ 967.950496][T21141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.950506][T21141] RIP: 0033:0x7f6ba558e929 [ 967.950516][T21141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 967.950524][T21141] RSP: 002b:00007f6ba6350038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 967.950536][T21141] RAX: ffffffffffffffda RBX: 00007f6ba57b5fa0 RCX: 00007f6ba558e929 [ 967.950543][T21141] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 967.950550][T21141] RBP: 00007f6ba6350090 R08: 0000200000003700 R09: 0000000000000000 [ 967.950557][T21141] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 967.950563][T21141] R13: 0000000000000000 R14: 00007f6ba57b5fa0 R15: 00007ffeb4267828 [ 967.950578][T21141] [ 968.192673][ C0] vkms_vblank_simulate: vblank timer overrun [ 968.296035][T21149] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2716'. [ 968.685450][ T5945] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 968.842784][ T5945] usb 1-1: Using ep0 maxpacket: 32 [ 968.874434][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 968.885492][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 968.903864][ T5945] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 968.913387][T21139] netlink: 'syz.1.2713': attribute type 10 has an invalid length. [ 968.921295][ T5831] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 968.937047][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 968.966480][ T5945] usb 1-1: config 0 descriptor?? [ 969.087234][ T5831] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 969.098066][ T5831] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.109514][ T5831] usb 5-1: Product: syz [ 969.122816][ T5831] usb 5-1: Manufacturer: syz [ 969.136174][ T5831] usb 5-1: SerialNumber: syz [ 969.156933][ T5831] usb 5-1: config 0 descriptor?? [ 969.373383][ T5831] hso 5-1:0.0: Failed to find BULK IN ep [ 969.408191][ T5945] savu 0003:1E7D:2D5A.000F: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 969.420475][ T5831] usb-storage 5-1:0.0: USB Mass Storage device detected [ 969.462842][T17777] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 969.612835][T17777] usb 2-1: Using ep0 maxpacket: 32 [ 969.684772][ T3607] usb 5-1: USB disconnect, device number 43 [ 969.704240][T17777] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 969.716193][T21143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 969.716892][T17777] usb 2-1: config 0 has no interface number 0 [ 969.741035][T21143] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 969.744839][T17777] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 969.763369][T17777] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.790519][T17777] usb 2-1: Product: syz [ 969.798890][T17777] usb 2-1: Manufacturer: syz [ 969.817463][ T5894] usb 1-1: USB disconnect, device number 60 [ 969.833380][T17777] usb 2-1: SerialNumber: syz [ 969.868489][T17777] usb 2-1: config 0 descriptor?? [ 969.895017][T17777] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 969.905584][T17777] usb 2-1: selecting invalid altsetting 1 [ 969.911445][T17777] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 969.944020][T17777] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 969.957370][T17777] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 969.966355][T17777] usb 2-1: media controller created [ 970.038383][T17777] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 971.464733][T21221] loop6: detected capacity change from 0 to 63 [ 971.471516][T21221] buffer_io_error: 5 callbacks suppressed [ 971.471531][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 971.485502][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 971.501157][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 971.568643][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 971.602301][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 972.091549][T17777] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 972.094177][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 972.125521][T17777] zl10353_read_register: readreg error (reg=127, ret==-110) [ 972.157003][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 972.186879][T21221] Buffer I/O error on dev loop6, logical block 0, async page read [ 972.220129][T21221] Buffer I/O error on dev loop6, logical block 3, async page read [ 972.229156][T21222] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 972.308040][T21221] loop6: unable to read partition table [ 972.348471][T21221] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 972.515097][T21238] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2724'. [ 972.848155][T21237] syz.3.2725: attempt to access beyond end of device [ 972.848155][T21237] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 973.522969][ T5831] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 973.916705][T17777] usb 2-1: USB disconnect, device number 55 [ 974.134175][T21262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2727'. [ 974.463186][ T5831] usb 4-1: Using ep0 maxpacket: 32 [ 974.475796][ T5831] usb 4-1: unable to get BOS descriptor or descriptor too short [ 974.494477][ T5831] usb 4-1: config 6 has an invalid interface number: 3 but max is 2 [ 974.502486][ T5831] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 974.551175][ T5831] usb 4-1: config 6 has no interface number 1 [ 974.578847][ T5831] usb 4-1: config 6 interface 2 has no altsetting 0 [ 974.601145][ T5831] usb 4-1: config 6 interface 0 has no altsetting 0 [ 974.687036][ T5831] usb 4-1: New USB device found, idVendor=1410, idProduct=a001, bcdDevice=ec.5b [ 974.696290][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 974.704383][ T5831] usb 4-1: Product: syz [ 974.709641][ T5831] usb 4-1: Manufacturer: syz [ 974.714645][ T5831] usb 4-1: SerialNumber: syz [ 975.511565][ T30] audit: type=1326 audit(2000000781.168:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 975.545121][ T30] audit: type=1326 audit(2000000781.168:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 975.583511][T21278] 9pnet_fd: Insufficient options for proto=fd [ 975.695614][T21281] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2731'. [ 975.917327][T21281] bridge10: entered promiscuous mode [ 976.308617][T21278] bridge13: entered promiscuous mode [ 976.497661][ T30] audit: type=1326 audit(2000000781.168:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 976.969306][ T5831] usb 4-1: selecting invalid altsetting 0 [ 976.994863][ T5831] usb 4-1: Could not set interface, error -22 [ 977.000422][ T30] audit: type=1326 audit(2000000781.178:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 977.062436][ T5831] usb 4-1: USB disconnect, device number 60 [ 977.255417][ T30] audit: type=1326 audit(2000000781.178:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 977.558095][ T30] audit: type=1326 audit(2000000781.178:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 978.346040][T21313] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2737'. [ 978.411760][ T30] audit: type=1326 audit(2000000781.178:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 978.783028][T21318] openvswitch: : Dropping previously announced user features [ 979.172180][ T30] audit: type=1326 audit(2000000781.178:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21267 comm="syz.1.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 979.447979][T21321] netlink: 'syz.0.2739': attribute type 9 has an invalid length. [ 980.694968][ T5945] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 980.859540][ T5945] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 980.870291][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 980.878452][ T5945] usb 3-1: Product: syz [ 980.917771][ T5945] usb 3-1: Manufacturer: syz [ 980.934652][ T5945] usb 3-1: SerialNumber: syz [ 980.950260][ T5945] usb 3-1: config 0 descriptor?? [ 980.960695][ T5945] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 981.033036][ T5831] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 981.490814][ T5945] gspca_sq905c: sq905c_command: usb_control_msg failed (-110) [ 981.505748][ T5945] sq905c 3-1:0.0: Get version command failed [ 981.521939][ T5945] sq905c 3-1:0.0: probe with driver sq905c failed with error -110 [ 981.532092][ T5831] usb 2-1: config 0 has no interfaces? [ 981.574667][ T5831] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 981.584643][ T5831] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 981.607981][ T5831] usb 2-1: Manufacturer: syz [ 981.660097][ T5831] usb 2-1: config 0 descriptor?? [ 982.548454][T21364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 982.557955][T21364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 982.985463][T17777] usb 2-1: USB disconnect, device number 56 [ 983.110404][ T5831] usb 3-1: USB disconnect, device number 65 [ 984.496953][T21389] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2752'. [ 984.529235][T21389] 9pnet_fd: Insufficient options for proto=fd [ 984.564177][T21389] autofs4:pid:21389:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0xc0189379) [ 984.597133][T21389] autofs4:pid:21389:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189379) [ 984.600568][T21393] 9pnet_fd: Insufficient options for proto=fd [ 985.048834][T21405] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2755'. [ 985.128772][T21405] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2755'. [ 985.374115][T21404] bridge11: entered promiscuous mode [ 988.209878][T21471] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2763'. [ 988.809106][T21475] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2765'. [ 988.942322][T21475] bridge12: entered promiscuous mode [ 989.743727][T21498] 9pnet_fd: Insufficient options for proto=fd [ 990.107323][T21501] bridge9: entered promiscuous mode [ 992.837708][T21528] bridge13: entered promiscuous mode [ 992.864431][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.870868][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.959885][T21551] openvswitch: : Dropping previously announced user features [ 994.318743][ T5945] usb 3-1: new full-speed USB device number 66 using dummy_hcd [ 994.353132][T21549] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2779'. [ 994.556512][T21549] bridge10: entered promiscuous mode [ 994.841344][ T5945] usb 3-1: config 0 has an invalid interface number: 230 but max is 0 [ 994.855787][ T5945] usb 3-1: config 0 has no interface number 0 [ 994.866402][ T5945] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 995.083115][ T5945] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 995.094480][ T5945] usb 3-1: config 0 interface 230 has no altsetting 0 [ 995.105165][ T5945] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 995.117882][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 995.126219][ T5945] usb 3-1: Product: syz [ 995.130495][ T5945] usb 3-1: Manufacturer: syz [ 995.135238][ T5945] usb 3-1: SerialNumber: syz [ 995.146214][ T5945] usb 3-1: config 0 descriptor?? [ 995.178539][T21543] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 995.202108][T21543] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 995.338897][T21561] openvswitch: : Dropping previously announced user features [ 995.851477][ T5945] ums-usbat 3-1:0.230: USB Mass Storage device detected [ 995.898634][T21543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 995.911875][ T5945] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 995.920554][T21543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 995.997137][T21569] 9pnet_fd: Insufficient options for proto=fd [ 996.118270][T21570] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2784'. [ 996.265251][T21570] bridge12: entered promiscuous mode [ 996.486693][T21543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 996.537636][T21543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 997.420679][T21582] ubi: mtd0 is already attached to ubi31 [ 997.585614][T21595] loop6: detected capacity change from 0 to 63 [ 997.627961][T21595] buffer_io_error: 6 callbacks suppressed [ 997.627974][T21595] Buffer I/O error on dev loop6, logical block 0, async page read [ 997.653628][T21595] Buffer I/O error on dev loop6, logical block 0, async page read [ 997.664591][T21595] loop6: unable to read partition table [ 997.664903][T21600] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 997.729399][T21600] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 997.739662][T21600] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 997.795432][T21600] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 997.797073][T21595] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 997.804259][T21600] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 997.822442][T21600] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 997.834269][T21600] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 998.140172][ T5945] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5 [ 998.739379][ T5945] usb 3-1: USB disconnect, device number 66 [ 999.110084][T21619] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2790'. [ 999.587682][T21606] block device autoloading is deprecated and will be removed. [ 999.833188][T21628] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2793'. [ 999.992130][T21628] bridge14: entered promiscuous mode [ 1000.465440][T21632] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2796'. [ 1000.592877][T21638] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2796'. [ 1001.395239][T21644] netlink: 632 bytes leftover after parsing attributes in process `syz.3.2799'. [ 1001.662986][T17777] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1001.822925][T17777] usb 3-1: Using ep0 maxpacket: 16 [ 1001.842655][T17777] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 1001.914850][T17777] usb 3-1: config 0 has no interface number 0 [ 1002.035826][T17777] usb 3-1: config 0 interface 8 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1002.038851][T21658] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1002.351690][T17777] usb 3-1: config 0 interface 8 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1002.372152][T17777] usb 3-1: config 0 interface 8 has no altsetting 0 [ 1002.409551][T17777] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 1002.459453][T17777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.611543][T17777] usb 3-1: config 0 descriptor?? [ 1003.219108][T21679] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 1003.240170][T17777] uclogic 0003:5543:0522.0010: item fetching failed at offset 2/5 [ 1003.269008][T17777] uclogic 0003:5543:0522.0010: parse failed [ 1003.291907][T17777] uclogic 0003:5543:0522.0010: probe with driver uclogic failed with error -22 [ 1003.551985][T17777] usb 3-1: USB disconnect, device number 67 [ 1003.613841][T21691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2804'. [ 1007.036314][T21719] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2808'. [ 1007.239988][T21719] bridge11: entered promiscuous mode [ 1007.647911][T21728] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1010.193493][T21797] 9pnet_fd: Insufficient options for proto=fd [ 1010.828155][ T5831] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 1011.217137][T21807] bridge14: entered promiscuous mode [ 1011.430837][ T5831] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 1011.440504][ T5831] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1011.478223][ T5831] usb 2-1: config 0 has no interface number 0 [ 1011.516436][ T5831] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 1011.527296][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1011.552751][ T5831] usb 2-1: Product: syz [ 1011.556928][ T5831] usb 2-1: Manufacturer: syz [ 1011.561500][ T5831] usb 2-1: SerialNumber: syz [ 1011.577593][ T5831] usb 2-1: config 0 descriptor?? [ 1011.599073][ T5831] usb 2-1: Found UVC 0.00 device syz (046d:0823) [ 1011.613686][ T5831] usb 2-1: No valid video chain found. [ 1011.699028][T21821] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2824'. [ 1011.782449][T21821] bridge15: entered promiscuous mode [ 1012.048883][ T5831] usb 2-1: USB disconnect, device number 57 [ 1012.123544][ T5945] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1012.533033][ T5828] Bluetooth: hci4: command 0x0406 tx timeout [ 1012.582647][ T5945] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1012.602941][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1012.627343][ T5945] usb 4-1: config 0 descriptor?? [ 1012.853840][T21811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1012.867373][T21811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1012.916391][T21811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1012.944519][T21811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1013.653160][ T5945] ath6kl: Failed to submit usb control message: -110 [ 1013.666320][ T5945] ath6kl: unable to send the bmi data to the device: -110 [ 1013.675804][T21811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1013.695037][T21811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1013.769210][T21811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1013.795810][T21811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1013.802292][ T5945] ath6kl: Unable to send get target info: -110 [ 1013.860375][T21811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1014.302593][T21811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1016.858375][ T5945] ath6kl: Failed to init ath6kl core: -110 [ 1017.813561][ T5945] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1017.881846][T17777] usb 4-1: USB disconnect, device number 61 [ 1018.197304][T21894] bridge14: entered promiscuous mode [ 1018.392812][ T5945] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1018.739790][ T5945] usb 2-1: device descriptor read/64, error -71 [ 1019.193660][ T5945] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1019.403556][ T5945] usb 2-1: device descriptor read/64, error -71 [ 1019.513516][ T5945] usb usb2-port1: attempt power cycle [ 1020.112859][ T5945] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1020.133726][ T5945] usb 2-1: device descriptor read/8, error -71 [ 1020.272149][T21926] 9pnet_fd: Insufficient options for proto=fd [ 1020.384273][ T5945] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1020.985334][T21929] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2845'. [ 1021.198288][T21929] bridge16: entered promiscuous mode [ 1021.454791][ T5945] usb 2-1: device descriptor read/8, error -71 [ 1021.490422][T21934] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2846'. [ 1021.568852][ T5945] usb usb2-port1: unable to enumerate USB device [ 1021.689036][T21942] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1021.907424][T21934] bridge9: entered promiscuous mode [ 1022.709515][ T30] audit: type=1326 audit(2000000828.994:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm="syz.1.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1022.731803][ T30] audit: type=1326 audit(2000000829.024:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm="syz.1.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1022.847310][T21997] No such timeout policy "syz0" [ 1023.572228][ T30] audit: type=1326 audit(2000000829.044:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm="syz.1.2853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.594927][ T30] audit: type=1326 audit(2000000829.044:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.616589][ T30] audit: type=1326 audit(2000000829.044:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.665745][ T30] audit: type=1326 audit(2000000829.044:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.822938][ T30] audit: type=1326 audit(2000000829.044:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.904379][ T5945] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1023.940119][ T30] audit: type=1326 audit(2000000829.044:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.946245][T22004] lo speed is unknown, defaulting to 1000 [ 1023.961591][ T30] audit: type=1326 audit(2000000829.044:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1023.990475][ T30] audit: type=1326 audit(2000000829.044:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21995 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a5d78e929 code=0x7ffc0000 [ 1024.019352][T22004] lo speed is unknown, defaulting to 1000 [ 1024.028238][T22004] lo speed is unknown, defaulting to 1000 [ 1024.082767][ T5945] usb 2-1: Using ep0 maxpacket: 8 [ 1024.090861][ T5945] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1024.102666][ T5945] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1024.111968][ T5945] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1024.124501][ T5945] usb 2-1: Product: syz [ 1024.162782][ T5945] usb 2-1: Manufacturer: syz [ 1024.172876][ T5945] usb 2-1: SerialNumber: syz [ 1024.250724][T22005] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2855'. [ 1024.420818][ T5945] usb 2-1: Invalid connection information received from device [ 1024.631590][T21999] random: crng reseeded on system resumption [ 1024.715255][ T5945] usb 2-1: USB disconnect, device number 62 [ 1024.840356][ T5831] lo speed is unknown, defaulting to 1000 [ 1024.848473][T22004] infiniband sz1: set down [ 1024.859486][T22004] infiniband sz1: added lo [ 1024.990550][T22004] sz1: rxe_create_cq: returned err = -12 [ 1025.007381][T22004] infiniband sz1: Couldn't create ib_mad CQ [ 1025.024380][T22004] infiniband sz1: Couldn't open port 1 [ 1025.625889][T22029] omfs: Invalid superblock (0) [ 1025.659712][T22004] RDS/IB: sz1: added [ 1025.674122][T22004] smc: adding ib device sz1 with port count 1 [ 1025.694612][T22004] smc: ib device sz1 port 1 has pnetid [ 1025.701461][ T5945] lo speed is unknown, defaulting to 1000 [ 1025.767908][T22036] netlink: 632 bytes leftover after parsing attributes in process `syz.1.2860'. [ 1025.807311][T22004] lo speed is unknown, defaulting to 1000 [ 1025.885301][ T5831] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1026.192903][T17777] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 1026.364572][ T5831] usb 3-1: Using ep0 maxpacket: 16 [ 1026.406584][ T5831] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1026.422764][T17777] usb 1-1: Using ep0 maxpacket: 32 [ 1026.429827][ T5831] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1026.445033][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.463788][ T5831] usb 3-1: Product: syz [ 1026.464361][T17777] usb 1-1: config 0 has an invalid interface number: 191 but max is 0 [ 1026.467950][ T5831] usb 3-1: Manufacturer: syz [ 1026.467968][ T5831] usb 3-1: SerialNumber: syz [ 1026.496574][ T5831] usb 3-1: config 0 descriptor?? [ 1026.546387][T17777] usb 1-1: config 0 has no interface number 0 [ 1026.553726][T17777] usb 1-1: config 0 interface 191 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24 [ 1026.754853][T17777] usb 1-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 1026.923430][T17777] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.932332][T17777] usb 1-1: Product: syz [ 1026.937117][T17777] usb 1-1: Manufacturer: syz [ 1026.954860][T17777] usb 1-1: SerialNumber: syz [ 1026.985449][ T5945] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 1027.057198][T17777] usb 1-1: config 0 descriptor?? [ 1027.063521][T22040] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1027.120991][T22004] lo speed is unknown, defaulting to 1000 [ 1027.194452][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1027.205961][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1027.222395][ T5945] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1027.240626][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1027.260180][ T5945] usb 2-1: config 0 descriptor?? [ 1027.276052][T17777] asix 1-1:0.191 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1027.290668][T17777] asix 1-1:0.191: probe with driver asix failed with error -71 [ 1027.307190][T17777] usb 1-1: USB disconnect, device number 61 [ 1027.418551][T22004] lo speed is unknown, defaulting to 1000 [ 1027.676097][ T5945] hid (null): global environment stack underflow [ 1027.690321][T22004] lo speed is unknown, defaulting to 1000 [ 1027.690474][ T5945] steelseries 0003:1038:12B6.0011: unknown main item tag 0x1 [ 1027.706806][ T5945] steelseries 0003:1038:12B6.0011: global environment stack underflow [ 1027.715430][ T5945] steelseries 0003:1038:12B6.0011: item 0 2 1 11 parsing failed [ 1027.728175][ T5945] steelseries 0003:1038:12B6.0011: probe with driver steelseries failed with error -22 [ 1028.030881][ T5945] usb 2-1: USB disconnect, device number 63 [ 1028.188039][T22004] lo speed is unknown, defaulting to 1000 [ 1028.930800][ T5945] usb 3-1: USB disconnect, device number 68 [ 1029.249250][T22113] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1029.981294][T22124] netlink: 632 bytes leftover after parsing attributes in process `syz.0.2873'. [ 1029.993540][T22125] 9pnet_fd: Insufficient options for proto=fd [ 1030.178874][ T5908] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1030.582756][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 1030.622756][ T5908] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1030.641706][ T5908] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1030.649431][ T5908] usb 3-1: can't read configurations, error -71 [ 1030.891850][T22138] bridge15: entered promiscuous mode [ 1031.209165][T22133] lo speed is unknown, defaulting to 1000 [ 1033.757102][T22163] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2878'. [ 1034.121351][T22164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2880'. [ 1034.162897][T22164] IPv6: Can't replace route, no match found [ 1034.252168][T22163] bridge16: entered promiscuous mode [ 1034.967631][T22223] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2886'. [ 1035.784892][T22223] bridge10: entered promiscuous mode [ 1036.018768][T22228] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1036.368457][T22236] No such timeout policy "syz1" [ 1037.006149][T12854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1037.023994][T12854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1037.043952][T12854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1037.064181][T12854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1037.075640][T12854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1037.217860][T22241] lo speed is unknown, defaulting to 1000 [ 1039.224446][ T5828] Bluetooth: hci2: command tx timeout [ 1041.230106][T22274] openvswitch: : Dropping previously announced user features [ 1041.312756][ T5828] Bluetooth: hci2: command tx timeout [ 1041.358043][T22277] binder: 22276:22277 ioctl c0306201 0 returned -14 [ 1042.564539][ T3520] bridge_slave_1: left allmulticast mode [ 1042.710807][ T3520] bridge_slave_1: left promiscuous mode [ 1042.729308][ T3520] bridge0: port 2(bridge_slave_1) entered disabled state [ 1042.815311][ T3520] bridge_slave_0: left allmulticast mode [ 1042.840521][ T3520] bridge_slave_0: left promiscuous mode [ 1042.847990][ T3520] bridge0: port 1(bridge_slave_0) entered disabled state [ 1043.332833][ T5828] Bluetooth: hci2: command tx timeout [ 1043.572799][T22277] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1044.574132][T22411] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2898'. [ 1045.413027][ T5828] Bluetooth: hci2: command tx timeout [ 1045.453951][T22421] loop6: detected capacity change from 0 to 63 [ 1045.464374][T22421] Buffer I/O error on dev loop6, logical block 0, async page read [ 1045.472858][T22421] Buffer I/O error on dev loop6, logical block 0, async page read [ 1045.481416][T22421] Buffer I/O error on dev loop6, logical block 0, async page read [ 1045.514079][T22421] Buffer I/O error on dev loop6, logical block 0, async page read [ 1045.536395][T22421] Buffer I/O error on dev loop6, logical block 0, async page read [ 1045.558712][T22423] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1045.578753][T22421] loop6: unable to read partition table [ 1045.589662][T22423] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1045.599298][T22423] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1045.600026][T22421] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1045.669109][T22423] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 1045.686327][T22423] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 1046.340164][ T3520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1046.353047][ T3520] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1046.366916][ T3520] bond0 (unregistering): (slave bond1): Releasing backup interface [ 1046.376710][ T3520] bond0 (unregistering): Released all slaves [ 1046.525461][ T3520] bond1 (unregistering): Released all slaves [ 1046.554325][T22406] openvswitch: : Dropping previously announced user features [ 1046.690083][T22405] bridge17: entered promiscuous mode [ 1046.709669][T22414] lo speed is unknown, defaulting to 1000 [ 1046.750974][T22241] chnl_net:caif_netlink_parms(): no params data found [ 1047.933208][T22459] FAULT_INJECTION: forcing a failure. [ 1047.933208][T22459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1047.955853][ T3520] : left promiscuous mode [ 1048.021683][T22459] CPU: 0 UID: 0 PID: 22459 Comm: syz.2.2906 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1048.021710][T22459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1048.021721][T22459] Call Trace: [ 1048.021729][T22459] [ 1048.021739][T22459] dump_stack_lvl+0x189/0x250 [ 1048.021775][T22459] ? __pfx____ratelimit+0x10/0x10 [ 1048.021796][T22459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1048.021814][T22459] ? __pfx__printk+0x10/0x10 [ 1048.021836][T22459] should_fail_ex+0x414/0x560 [ 1048.021855][T22459] _copy_to_user+0x31/0xb0 [ 1048.021876][T22459] simple_read_from_buffer+0xe1/0x170 [ 1048.021896][T22459] proc_fail_nth_read+0x1df/0x250 [ 1048.021916][T22459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1048.021936][T22459] ? rw_verify_area+0x258/0x650 [ 1048.021950][T22459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1048.021968][T22459] vfs_read+0x1fd/0x980 [ 1048.021987][T22459] ? __pfx___mutex_lock+0x10/0x10 [ 1048.022006][T22459] ? __pfx_vfs_read+0x10/0x10 [ 1048.022022][T22459] ? __fget_files+0x2a/0x420 [ 1048.022041][T22459] ? __fget_files+0x3a0/0x420 [ 1048.022057][T22459] ? __fget_files+0x2a/0x420 [ 1048.022079][T22459] ksys_read+0x145/0x250 [ 1048.022095][T22459] ? __pfx_ksys_read+0x10/0x10 [ 1048.022107][T22459] ? rcu_is_watching+0x15/0xb0 [ 1048.022129][T22459] ? do_syscall_64+0xbe/0x3b0 [ 1048.022150][T22459] do_syscall_64+0xfa/0x3b0 [ 1048.022166][T22459] ? lockdep_hardirqs_on+0x9c/0x150 [ 1048.022183][T22459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.022195][T22459] ? clear_bhb_loop+0x60/0xb0 [ 1048.022212][T22459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.022224][T22459] RIP: 0033:0x7fbf14b8d33c [ 1048.022238][T22459] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1048.022249][T22459] RSP: 002b:00007fbf15a37030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1048.022264][T22459] RAX: ffffffffffffffda RBX: 00007fbf14db6080 RCX: 00007fbf14b8d33c [ 1048.022276][T22459] RDX: 000000000000000f RSI: 00007fbf15a370a0 RDI: 0000000000000005 [ 1048.022287][T22459] RBP: 00007fbf15a37090 R08: 0000000000000000 R09: 0000000000000000 [ 1048.022297][T22459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1048.022305][T22459] R13: 0000000000000000 R14: 00007fbf14db6080 R15: 00007ffe33f99bc8 [ 1048.022326][T22459] [ 1048.381791][ T3520] tipc: Left network mode [ 1049.166870][T22241] bridge0: port 1(bridge_slave_0) entered blocking state [ 1049.197315][T22241] bridge0: port 1(bridge_slave_0) entered disabled state [ 1049.205728][T22241] bridge_slave_0: entered allmulticast mode [ 1049.221464][T22241] bridge_slave_0: entered promiscuous mode [ 1049.267119][T22241] bridge0: port 2(bridge_slave_1) entered blocking state [ 1049.308383][T22241] bridge0: port 2(bridge_slave_1) entered disabled state [ 1049.979470][T22241] bridge_slave_1: entered allmulticast mode [ 1050.003626][T22241] bridge_slave_1: entered promiscuous mode [ 1050.334820][T22241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1050.367492][T22241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1050.493155][T13113] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1050.682995][T13113] usb 3-1: Using ep0 maxpacket: 16 [ 1050.792350][T13113] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1050.821381][T13113] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1050.838246][T13113] usb 3-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 1050.847555][T13113] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1050.871376][T13113] usb 3-1: config 0 descriptor?? [ 1051.223052][T13113] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1051.230728][T22536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1051.263162][T22536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1051.456474][T22592] bridge17: entered promiscuous mode [ 1051.494414][T22241] team0: Port device team_slave_0 added [ 1051.542560][T22241] team0: Port device team_slave_1 added [ 1051.573572][T13113] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 1051.647837][T22620] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1051.709530][T22633] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1051.743412][T13113] usb 1-1: Using ep0 maxpacket: 8 [ 1051.761981][T13113] usb 1-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 1051.787262][T13113] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.810670][T13113] usb 1-1: Product: syz [ 1051.827134][T13113] usb 1-1: Manufacturer: syz [ 1051.831809][T13113] usb 1-1: SerialNumber: syz [ 1051.892467][T22241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1051.929967][T22241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1052.011939][T22241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1052.202301][T22241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1052.241889][T22241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1052.308456][T22241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1052.496134][ T3520] hsr_slave_0: left promiscuous mode [ 1052.560504][ T3520] hsr_slave_1: left promiscuous mode [ 1053.284908][ T3607] usb 3-1: USB disconnect, device number 71 [ 1054.313173][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.319513][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.608634][T13113] mxuport 1-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 1055.652977][T13113] mxuport 1-1:254.0: probe with driver mxuport failed with error -5 [ 1055.688243][T13113] usb 1-1: USB disconnect, device number 62 [ 1057.271162][T22241] hsr_slave_0: entered promiscuous mode [ 1057.340410][T22241] hsr_slave_1: entered promiscuous mode [ 1057.996395][ T3520] IPVS: stop unused estimator thread 0... [ 1058.393537][T22797] bridge18: entered promiscuous mode [ 1058.704332][T22819] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1058.720581][T22819] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1059.418211][T22828] veth0_vlan: entered allmulticast mode [ 1060.522066][T22241] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1060.616055][T22241] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1060.684838][T22241] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1060.732012][T22241] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1060.864824][T22863] lo speed is unknown, defaulting to 1000 [ 1061.048404][T22241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1061.082024][T22241] 8021q: adding VLAN 0 to HW filter on device team0 [ 1061.118205][ T3520] bridge0: port 1(bridge_slave_0) entered blocking state [ 1061.125483][ T3520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1061.177214][T15489] bridge0: port 2(bridge_slave_1) entered blocking state [ 1061.185859][T15489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1061.603255][T22885] openvswitch: : Dropping previously announced user features [ 1063.495876][T22918] bridge15: entered promiscuous mode [ 1063.556756][T22241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1063.636008][T22241] veth0_vlan: entered promiscuous mode [ 1063.687691][T22241] veth1_vlan: entered promiscuous mode [ 1064.218104][T22241] veth0_macvtap: entered promiscuous mode [ 1064.253852][T22241] veth1_macvtap: entered promiscuous mode [ 1064.326230][T22241] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1064.362031][T22241] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1064.399060][T22241] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.423809][T22241] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.432608][T22241] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.462902][T22241] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1064.677961][T22924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.525280][T22924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.774564][T13961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1065.782458][T13961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1065.931080][T22966] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2942'. [ 1065.946469][T22966] bridge16: entered promiscuous mode [ 1066.094765][T22971] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1066.104930][T22971] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1067.183071][ T5828] Bluetooth: hci2: command 0x0405 tx timeout [ 1068.403089][T12854] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 1068.403149][T12854] Bluetooth: hci4: ACL packet for unknown connection handle 111 [ 1069.065801][T23003] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2951'. [ 1069.131053][T23003] bridge19: entered promiscuous mode [ 1069.346900][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1069.390687][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1069.403340][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1069.414964][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1069.423589][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1069.511925][T23018] loop6: detected capacity change from 0 to 63 [ 1069.521983][T23018] buffer_io_error: 2 callbacks suppressed [ 1069.522061][T23018] Buffer I/O error on dev loop6, logical block 0, async page read [ 1069.551138][T23018] Buffer I/O error on dev loop6, logical block 0, async page read [ 1069.560156][T23018] Buffer I/O error on dev loop6, logical block 0, async page read [ 1069.568604][T23022] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1069.584359][T17037] bond0: (slave syz_tun): Releasing backup interface [ 1069.696824][T23018] loop6: unable to read partition table [ 1069.696939][T23022] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1069.711141][T23022] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1069.711224][T23018] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1069.719586][T23022] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 1069.719714][T23022] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 1069.719798][T23022] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 1069.719888][T23022] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 1070.049052][T23030] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2954'. [ 1070.226278][T23030] bridge18: entered promiscuous mode [ 1070.460738][T23010] lo speed is unknown, defaulting to 1000 [ 1071.178750][T13961] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1071.493255][ T5828] Bluetooth: hci0: command tx timeout [ 1072.550900][T23012] lo speed is unknown, defaulting to 1000 [ 1072.746839][T13961] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1072.995091][T13961] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1073.022840][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 1073.022857][ T30] audit: type=1326 audit(2000000879.274:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.146445][ T30] audit: type=1326 audit(2000000879.274:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.177936][ T30] audit: type=1326 audit(2000000879.274:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.202930][ T30] audit: type=1326 audit(2000000879.274:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.301862][ T30] audit: type=1326 audit(2000000879.274:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.324297][ T30] audit: type=1326 audit(2000000879.284:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.420927][ T30] audit: type=1326 audit(2000000879.284:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.442729][ T30] audit: type=1326 audit(2000000879.294:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.464387][ T30] audit: type=1326 audit(2000000879.294:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.486076][ T30] audit: type=1326 audit(2000000879.294:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23056 comm="syz.2.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbf14b8e929 code=0x7ffc0000 [ 1073.572778][ T5828] Bluetooth: hci0: command tx timeout [ 1073.905808][T13961] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1075.641022][T23192] Bluetooth: MGMT ver 1.23 [ 1075.691710][ T5828] Bluetooth: hci0: command tx timeout [ 1076.605215][T13113] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1076.877539][T23214] loop6: detected capacity change from 0 to 63 [ 1076.884373][T23214] buffer_io_error: 7 callbacks suppressed [ 1076.884383][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1076.911512][T13113] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1076.922166][T13113] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1076.933215][T13113] usb 3-1: too many endpoints for config 1 interface 1 altsetting 145: 217, using maximum allowed: 30 [ 1076.944451][T13113] usb 3-1: config 1 interface 1 altsetting 145 has 0 endpoint descriptors, different from the interface descriptor's value: 217 [ 1076.962823][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1076.972422][T13113] usb 3-1: config 1 interface 1 has no altsetting 0 [ 1076.982008][T13113] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1076.991176][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1076.999305][T13113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1077.007700][T13113] usb 3-1: Product: syz [ 1077.012058][T13113] usb 3-1: Manufacturer: syz [ 1077.052730][T13113] usb 3-1: SerialNumber: syz [ 1077.090725][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.144059][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.144824][T13113] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22 [ 1077.203473][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.212066][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.220373][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.232746][T23214] ldm_validate_partition_table(): Disk read failed. [ 1077.241745][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.249766][T23214] Buffer I/O error on dev loop6, logical block 0, async page read [ 1077.257945][T23214] Dev loop6: unable to read RDB block 0 [ 1077.292963][T23214] loop6: unable to read partition table [ 1077.305403][T23214] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1077.732847][ T5828] Bluetooth: hci0: command tx timeout [ 1078.650908][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 1078.651031][ T30] audit: type=1326 audit(2000000884.934:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ba558e929 code=0x7ffc0000 [ 1078.682992][T13961] bond2 (unregistering): (slave bridge0): Releasing active interface [ 1078.913956][ T30] audit: type=1326 audit(2000000884.994:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ba558e929 code=0x7ffc0000 [ 1078.939987][ T30] audit: type=1326 audit(2000000884.994:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f6ba558e929 code=0x7ffc0000 [ 1078.962392][ T30] audit: type=1326 audit(2000000884.994:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ba558e929 code=0x7ffc0000 [ 1078.984055][ C0] vkms_vblank_simulate: vblank timer overrun [ 1078.984280][T13113] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1079.030929][ T30] audit: type=1326 audit(2000000884.994:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ba558e929 code=0x7ffc0000 [ 1079.055440][ T30] audit: type=1326 audit(2000000884.994:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6ba558d290 code=0x7ffc0000 [ 1079.077586][ T30] audit: type=1326 audit(2000000885.004:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ba558e52b code=0x7ffc0000 [ 1079.099126][ C0] vkms_vblank_simulate: vblank timer overrun [ 1079.108197][ T30] audit: type=1326 audit(2000000885.004:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ba558e52b code=0x7ffc0000 [ 1079.131979][ T30] audit: type=1326 audit(2000000885.014:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ba558e52b code=0x7ffc0000 [ 1079.187874][ T30] audit: type=1326 audit(2000000885.014:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23238 comm="syz.4.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ba558e52b code=0x7ffc0000 [ 1079.292803][T13113] usb 5-1: Using ep0 maxpacket: 8 [ 1079.474906][T13113] usb 5-1: config 162 has an invalid interface number: 84 but max is 2 [ 1079.527301][T13113] usb 5-1: config 162 has an invalid interface number: 3 but max is 2 [ 1079.535612][T13113] usb 5-1: config 162 has no interface number 0 [ 1079.541921][T13113] usb 5-1: config 162 has no interface number 1 [ 1079.548505][T13113] usb 5-1: config 162 interface 84 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1079.596442][T13113] usb 5-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 1079.616872][T13113] usb 5-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 1079.749167][T13113] usb 5-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 1079.760764][T13113] usb 5-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 1079.773892][T13113] usb 5-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 1079.793173][T13113] usb 5-1: config 162 interface 84 has no altsetting 0 [ 1079.800191][T13113] usb 5-1: config 162 interface 2 has no altsetting 0 [ 1079.807225][T13113] usb 5-1: config 162 interface 3 has no altsetting 0 [ 1080.059366][T23248] loop6: detected capacity change from 0 to 524287999 [ 1080.097240][T13113] usb 5-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1080.363096][T13113] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.384765][T13113] usb 5-1: Product: syz [ 1080.392743][T13113] usb 5-1: Manufacturer: syz [ 1080.398390][T13113] usb 5-1: SerialNumber: syz [ 1080.672144][ T5828] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 1080.703142][T13113] usb 5-1: USB disconnect, device number 44 [ 1080.979055][T13961] team0: Port device bond0 removed [ 1080.987763][T13961] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1080.999460][T13961] bond0 (unregistering): Released all slaves [ 1081.094362][T23255] netlink: 'syz.0.2972': attribute type 2 has an invalid length. [ 1081.131938][T13961] bond1 (unregistering): Released all slaves [ 1081.145647][T13961] bond2 (unregistering): Released all slaves [ 1081.293147][T13113] usb 3-1: USB disconnect, device number 72 [ 1081.362984][T13961] : left promiscuous mode [ 1081.549545][T23012] chnl_net:caif_netlink_parms(): no params data found [ 1082.177997][T23012] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.209010][T23012] bridge0: port 1(bridge_slave_0) entered disabled state [ 1082.216509][T23012] bridge_slave_0: entered allmulticast mode [ 1082.224300][T23012] bridge_slave_0: entered promiscuous mode [ 1082.363258][T23012] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.370429][T23012] bridge0: port 2(bridge_slave_1) entered disabled state [ 1082.593895][T23012] bridge_slave_1: entered allmulticast mode [ 1082.668428][T23012] bridge_slave_1: entered promiscuous mode [ 1083.041004][T23012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1083.128976][T23012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1083.501983][T23012] team0: Port device team_slave_0 added [ 1083.536398][T13961] hsr_slave_0: left promiscuous mode [ 1083.542494][T13961] hsr_slave_1: left promiscuous mode [ 1083.557542][T13961] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1083.577739][T13961] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1083.909486][T23476] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2986'. [ 1084.227665][T13961] team0 (unregistering): Port device team_slave_1 removed [ 1084.271411][T13961] team0 (unregistering): Port device team_slave_0 removed [ 1084.639013][T23012] team0: Port device team_slave_1 added [ 1084.744969][T23483] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1084.919502][T23012] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.939808][T23012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.966718][T23012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1084.988134][T23012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1084.997978][T23012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1085.025869][T23012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1085.333310][ T3607] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 1085.443510][T23555] openvswitch: : Dropping previously announced user features [ 1085.662607][T23559] bridge20: entered allmulticast mode [ 1085.699169][T23012] hsr_slave_0: entered promiscuous mode [ 1085.708697][T23012] hsr_slave_1: entered promiscuous mode [ 1085.716999][T23012] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1085.726101][ T3607] usb 3-1: Using ep0 maxpacket: 32 [ 1085.736423][T23012] Cannot create hsr debugfs directory [ 1085.754866][ T3607] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1085.764112][ T3607] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1085.774576][ T3607] usb 3-1: New USB device found, idVendor=05ac, idProduct=021b, bcdDevice= 0.40 [ 1085.792722][ T3607] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.800808][ T3607] usb 3-1: Product: syz [ 1085.822221][ T3607] usb 3-1: Manufacturer: syz [ 1085.840647][ T3607] usb 3-1: SerialNumber: syz [ 1087.076164][ T3607] usbhid 3-1:1.0: can't add hid device: -71 [ 1087.090186][T13961] IPVS: stop unused estimator thread 0... [ 1087.101004][ T3607] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 1087.474749][ T3607] usb 3-1: USB disconnect, device number 73 [ 1088.042762][T23688] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2999'. [ 1088.459145][T23012] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1088.501972][T23012] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1088.579488][T23012] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1088.622801][T23012] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1089.320226][T23716] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1089.456069][T23012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1090.263778][T23012] 8021q: adding VLAN 0 to HW filter on device team0 [ 1090.398813][T23760] lo speed is unknown, defaulting to 1000 [ 1090.412757][T13113] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1090.429810][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1090.437062][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1090.478953][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 1090.486294][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1090.702835][T13113] usb 2-1: Using ep0 maxpacket: 16 [ 1090.709872][T13113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1090.721270][T13113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1090.744143][T13113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1090.795752][T13113] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1090.825688][T13113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1090.866600][T13113] usb 2-1: config 0 descriptor?? [ 1091.006517][T23776] FAULT_INJECTION: forcing a failure. [ 1091.006517][T23776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1091.059696][T23776] CPU: 1 UID: 0 PID: 23776 Comm: syz.4.3006 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1091.059728][T23776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1091.059740][T23776] Call Trace: [ 1091.059748][T23776] [ 1091.059755][T23776] dump_stack_lvl+0x189/0x250 [ 1091.059783][T23776] ? __pfx____ratelimit+0x10/0x10 [ 1091.059805][T23776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1091.059829][T23776] ? __pfx__printk+0x10/0x10 [ 1091.059860][T23776] should_fail_ex+0x414/0x560 [ 1091.059886][T23776] _copy_to_user+0x31/0xb0 [ 1091.059911][T23776] simple_read_from_buffer+0xe1/0x170 [ 1091.059938][T23776] proc_fail_nth_read+0x1df/0x250 [ 1091.059963][T23776] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1091.059989][T23776] ? rw_verify_area+0x258/0x650 [ 1091.060007][T23776] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1091.060032][T23776] vfs_read+0x1fd/0x980 [ 1091.060057][T23776] ? __pfx___mutex_lock+0x10/0x10 [ 1091.060081][T23776] ? __pfx_vfs_read+0x10/0x10 [ 1091.060101][T23776] ? __fget_files+0x2a/0x420 [ 1091.060126][T23776] ? __fget_files+0x3a0/0x420 [ 1091.060145][T23776] ? __fget_files+0x2a/0x420 [ 1091.060181][T23776] ksys_read+0x145/0x250 [ 1091.060202][T23776] ? __pfx_ksys_read+0x10/0x10 [ 1091.060219][T23776] ? rcu_is_watching+0x15/0xb0 [ 1091.060247][T23776] ? do_syscall_64+0xbe/0x3b0 [ 1091.060274][T23776] do_syscall_64+0xfa/0x3b0 [ 1091.060298][T23776] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1091.060315][T23776] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1091.060331][T23776] ? clear_bhb_loop+0x60/0xb0 [ 1091.060353][T23776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1091.060369][T23776] RIP: 0033:0x7f6ba558d33c [ 1091.060385][T23776] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1091.060397][T23776] RSP: 002b:00007f6ba6350030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1091.060416][T23776] RAX: ffffffffffffffda RBX: 00007f6ba57b5fa0 RCX: 00007f6ba558d33c [ 1091.060428][T23776] RDX: 000000000000000f RSI: 00007f6ba63500a0 RDI: 0000000000000004 [ 1091.060439][T23776] RBP: 00007f6ba6350090 R08: 0000000000000000 R09: 0000000000000000 [ 1091.060450][T23776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1091.060461][T23776] R13: 0000000000000000 R14: 00007f6ba57b5fa0 R15: 00007ffeb4267828 [ 1091.060491][T23776] [ 1091.197017][T23012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1091.200377][ C1] vkms_vblank_simulate: vblank timer overrun [ 1091.290893][T23012] veth0_vlan: entered promiscuous mode [ 1091.293490][ C1] vkms_vblank_simulate: vblank timer overrun [ 1091.317126][ C1] vkms_vblank_simulate: vblank timer overrun [ 1091.317478][T23012] veth1_vlan: entered promiscuous mode [ 1091.323287][ C1] hrtimer: interrupt took 122934247 ns [ 1091.423421][ C1] vkms_vblank_simulate: vblank timer overrun [ 1091.436470][T23012] veth0_macvtap: entered promiscuous mode [ 1091.525597][T23012] veth1_macvtap: entered promiscuous mode [ 1091.863797][T13113] HID 045e:07da: Invalid code 65791 type 1 [ 1092.038731][T23012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1092.066468][T13113] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0012/input/input32 [ 1092.085915][T23012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1092.098947][T23012] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.115278][T23012] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.129417][T23012] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.144117][T13113] microsoft 0003:045E:07DA.0012: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 1092.150044][T23012] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.220885][T23784] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3008'. [ 1092.243390][T23784] bridge21: entered promiscuous mode [ 1092.325519][T13113] usb 2-1: USB disconnect, device number 64 [ 1092.587836][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1092.609556][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1092.707627][ T5894] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1092.745985][T21428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1092.781756][T21428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1092.895182][ T5894] usb 5-1: config 0 has an invalid interface number: 154 but max is 0 [ 1092.912948][ T5894] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1092.942013][ T5894] usb 5-1: config 0 has no interface number 0 [ 1092.962369][ T5894] usb 5-1: New USB device found, idVendor=413c, idProduct=8196, bcdDevice=1f.e0 [ 1093.113274][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.256400][ T5894] usb 5-1: config 0 descriptor?? [ 1093.271833][ T5894] qmi_wwan 5-1:0.154: bogus CDC Union: master=0, slave=0 [ 1093.281284][ T5894] qmi_wwan 5-1:0.154: probe with driver qmi_wwan failed with error -22 [ 1093.315901][T23849] bond2: option mode: unable to set because the bond device is up [ 1093.343832][T23854] : entered promiscuous mode [ 1093.481659][T23799] usb 5-1: USB disconnect, device number 45 [ 1094.564530][T23888] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3017'. [ 1095.673515][T12854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1095.683906][T12854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1095.692041][T12854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1095.700292][T12854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1095.707947][T12854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1095.887100][T23904] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1095.899124][T23904] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1097.276668][T23917] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3020'. [ 1097.467838][T23890] lo speed is unknown, defaulting to 1000 [ 1097.813235][ T5828] Bluetooth: hci1: command tx timeout [ 1097.953259][T15489] bridge_slave_1: left allmulticast mode [ 1097.958978][T15489] bridge_slave_1: left promiscuous mode [ 1097.993125][T15489] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.045124][T15489] bridge_slave_0: left allmulticast mode [ 1098.051228][T15489] bridge_slave_0: left promiscuous mode [ 1098.262835][T15489] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.892874][ T5828] Bluetooth: hci1: command tx timeout [ 1100.162757][T13113] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1100.362128][T13113] usb 2-1: Using ep0 maxpacket: 32 [ 1100.379765][T13113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1100.418381][T13113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1100.451730][T13113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1100.485218][T13113] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1100.497723][T13113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1100.516611][T13113] usb 2-1: config 0 descriptor?? [ 1100.947159][T13113] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0013/input/input33 [ 1101.017879][T13113] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.0013/input/input34 [ 1101.049697][T13113] kye 0003:0458:5011.0013: input,hiddev0,hidraw0: USB HID v9.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0 [ 1101.331933][T23953] No control pipe specified [ 1101.534786][T15489] bond0 (unregistering): Released all slaves [ 1101.667794][T13113] usb 2-1: USB disconnect, device number 65 [ 1101.685220][T15489] bond1 (unregistering): Released all slaves [ 1101.828495][T15489] bond2 (unregistering): Released all slaves [ 1101.841683][T23940] bridge0: left allmulticast mode [ 1101.848244][T23940] bridge1: left allmulticast mode [ 1101.874093][T23940] bridge20: left allmulticast mode [ 1101.927409][T23949] bridge17: entered promiscuous mode [ 1101.946235][T23950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3024'. [ 1101.972821][ T5828] Bluetooth: hci1: command tx timeout [ 1102.004476][T15489] : left promiscuous mode [ 1102.112511][T15489] tipc: Left network mode [ 1102.677981][T24035] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3029'. [ 1103.765715][T23890] chnl_net:caif_netlink_parms(): no params data found [ 1104.053174][ T5828] Bluetooth: hci1: command tx timeout [ 1104.844056][T15489] hsr_slave_0: left promiscuous mode [ 1104.877426][T15489] hsr_slave_1: left promiscuous mode [ 1104.895645][T15489] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1104.926304][T15489] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1106.219924][T24166] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3035'. [ 1107.516171][T15489] team0 (unregistering): Port device team_slave_1 removed [ 1107.558377][T15489] team0 (unregistering): Port device C removed [ 1107.952186][T24161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3036'. [ 1107.968560][T24167] bridge23: entered promiscuous mode [ 1109.288555][T24211] openvswitch: : Dropping previously announced user features [ 1109.298971][T23890] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.380918][T23890] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.513285][T23890] bridge_slave_0: entered allmulticast mode [ 1109.608734][T23890] bridge_slave_0: entered promiscuous mode [ 1109.727567][T23890] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.749450][T23890] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.759768][T23890] bridge_slave_1: entered allmulticast mode [ 1109.782517][T23890] bridge_slave_1: entered promiscuous mode [ 1109.928201][T23890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1109.957206][T23890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1111.227535][T23890] team0: Port device team_slave_0 added [ 1111.335912][T23890] team0: Port device team_slave_1 added [ 1111.445739][T23890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1111.526251][T24327] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3048'. [ 1111.654812][T23890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1111.946846][T23890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1111.979518][T23890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1111.994927][T23890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1112.181648][T23890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1112.223992][T24331] bridge1: entered promiscuous mode [ 1112.594401][T24340] openvswitch: netlink: Actions may not be safe on all matching packets [ 1113.249939][T24342] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3051'. [ 1114.843385][T24339] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1114.864380][T24340] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1114.873193][T24340] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1114.881875][T24340] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1114.890668][T24340] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1115.238429][T23890] hsr_slave_0: entered promiscuous mode [ 1115.284296][T23890] hsr_slave_1: entered promiscuous mode [ 1115.606623][T23890] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1115.833167][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.840413][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.872698][T23890] Cannot create hsr debugfs directory [ 1115.883864][T24381] openvswitch: : Dropping previously announced user features [ 1116.307232][T24410] bridge24: entered promiscuous mode [ 1116.621789][T24409] lo speed is unknown, defaulting to 1000 [ 1116.742819][ T5894] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1117.293005][ T5894] usb 2-1: Using ep0 maxpacket: 16 [ 1117.310911][ T5894] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 1117.320499][ T5894] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1117.330866][ T5894] usb 2-1: config 0 has no interface number 0 [ 1117.357871][ T5894] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1117.367776][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1117.381450][ T5894] usb 2-1: Product: syz [ 1117.385885][ T5894] usb 2-1: Manufacturer: syz [ 1117.390925][ T5894] usb 2-1: SerialNumber: syz [ 1117.560350][ T5894] usb 2-1: config 0 descriptor?? [ 1117.583012][ T5894] usb 2-1: Found UVC 0.00 device syz (046d:08f3) [ 1117.589570][ T5894] usb 2-1: No valid video chain found. [ 1117.655783][T24416] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3057'. [ 1117.720106][T24494] netlink: 'syz.4.3064': attribute type 1 has an invalid length. [ 1117.728100][T24494] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.3064'. [ 1117.917330][ T5894] usb 2-1: USB disconnect, device number 66 [ 1118.055062][T23890] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1118.098091][T23890] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1118.116344][T23890] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1118.138952][T23890] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1118.338697][T23890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1118.400130][T23890] 8021q: adding VLAN 0 to HW filter on device team0 [ 1118.415948][T15489] bridge0: port 1(bridge_slave_0) entered blocking state [ 1118.423075][T15489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1118.467606][ T3520] bridge0: port 2(bridge_slave_1) entered blocking state [ 1118.474871][ T3520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1119.037752][T24562] : entered promiscuous mode [ 1120.017192][T24571] bridge1: entered promiscuous mode [ 1120.226211][T24581] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3071'. [ 1120.531829][T24586] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1120.618801][T23890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1120.883380][ T5894] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 1121.126778][T24639] openvswitch: : Dropping previously announced user features [ 1121.160732][T23890] veth0_vlan: entered promiscuous mode [ 1121.843471][ T5894] usb 4-1: device descriptor read/64, error -71 [ 1122.521686][T23890] veth1_vlan: entered promiscuous mode [ 1123.640350][ T5894] usb 4-1: new full-speed USB device number 63 using dummy_hcd [ 1124.117276][T24649] bridge18: entered promiscuous mode [ 1124.151214][T24655] openvswitch: : Dropping previously announced user features [ 1124.159637][T24655] tmpfs: Unknown parameter 'grpquota 0 [ 1124.159637][T24655] ' [ 1124.171144][T23890] veth0_macvtap: entered promiscuous mode [ 1124.233186][T23890] veth1_macvtap: entered promiscuous mode [ 1124.306157][T23890] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1124.317672][T24667] netlink: 22864 bytes leftover after parsing attributes in process `syz.4.3083'. [ 1124.623500][T23890] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1124.639076][T23890] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.672837][T23890] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.672858][T23890] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.672873][T23890] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1124.729934][T24667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3083'. [ 1124.745078][T24667] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1124.823503][T24683] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3084'. [ 1124.855066][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1124.855101][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1124.884844][ T5894] usb usb4-port1: attempt power cycle [ 1124.925805][ T6006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1124.949627][ T6006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1125.223123][ T5894] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1125.276567][ T5894] usb 4-1: Using ep0 maxpacket: 32 [ 1125.290560][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1125.314950][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1125.512325][ T5894] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1125.522212][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.534038][ T5894] usb 4-1: config 0 descriptor?? [ 1126.173770][T24659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1126.214497][T24659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1127.016566][ T5894] ft260 0003:0403:6030.0014: unknown main item tag 0x0 [ 1127.227136][T24717] openvswitch: : Dropping previously announced user features [ 1127.240595][ T5894] ft260 0003:0403:6030.0014: chip code: 6424 8183 [ 1127.799021][ T5894] ft260 0003:0403:6030.0014: failed to retrieve system status [ 1127.833153][ T5894] ft260 0003:0403:6030.0014: probe with driver ft260 failed with error -32 [ 1127.978424][T24732] tmpfs: Unknown parameter 'grpquota 0 [ 1127.978424][T24732] ' [ 1128.118945][T24727] openvswitch: : Dropping previously announced user features [ 1128.171939][T24733] bridge19: entered promiscuous mode [ 1128.343902][T12854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1128.465308][T12854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1128.634074][T12854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1128.658071][T12854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1128.673967][T12854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1128.765500][ T5945] usb 4-1: USB disconnect, device number 64 [ 1130.339333][T24762] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1130.452949][T24762] openvswitch: netlink: Actions may not be safe on all matching packets [ 1130.625292][T24762] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1130.634052][T24762] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1130.642764][T24762] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1130.651457][T24762] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1130.790877][T24737] lo speed is unknown, defaulting to 1000 [ 1130.922939][ T5828] Bluetooth: hci3: command tx timeout [ 1133.208756][T12854] Bluetooth: hci3: command tx timeout [ 1133.633998][T24814] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 1133.654567][T24814] cramfs: wrong magic [ 1133.939196][T23799] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1134.413069][T23799] usb 2-1: Using ep0 maxpacket: 8 [ 1134.421019][T23799] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1134.478626][T23799] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1134.517358][T23799] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1134.531602][T23799] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1134.567536][T23799] usb 2-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 1134.576752][T23799] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.597879][T23799] usb 2-1: config 0 descriptor?? [ 1134.838617][T24837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1134.840839][T23799] redragon 0003:0C45:760B.0015: unknown main item tag 0x6 [ 1134.848761][T24837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1134.876391][T23799] redragon 0003:0C45:760B.0015: item fetching failed at offset 7/133 [ 1134.902706][T23799] redragon 0003:0C45:760B.0015: probe with driver redragon failed with error -22 [ 1134.908055][T24837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1134.978304][T24837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1135.085331][T23799] usb 2-1: USB disconnect, device number 67 [ 1135.252769][T12854] Bluetooth: hci3: command 0x040f tx timeout [ 1137.332738][T12854] Bluetooth: hci3: command 0x040f tx timeout [ 1138.793613][T24867] loop6: detected capacity change from 0 to 63 [ 1138.809109][T24867] buffer_io_error: 6 callbacks suppressed [ 1138.809126][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.824050][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.833991][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.850201][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.866106][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.876218][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.885061][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.901339][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.916609][T24867] ldm_validate_partition_table(): Disk read failed. [ 1138.930261][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1138.934832][T24871] 9pnet_fd: Insufficient options for proto=fd [ 1138.950084][T24867] Buffer I/O error on dev loop6, logical block 0, async page read [ 1139.009445][T24867] Dev loop6: unable to read RDB block 0 [ 1139.032005][T24867] loop6: unable to read partition table [ 1139.033096][ T6006] bond0 (unregistering): Released all slaves [ 1139.048423][T24867] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1139.326722][ T6006] bond1 (unregistering): Released all slaves [ 1139.370445][T24825] bridge1: entered promiscuous mode [ 1139.422358][T12854] Bluetooth: hci3: command 0x040f tx timeout [ 1139.687129][ T6006] : left promiscuous mode [ 1141.290027][T24909] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3115'. [ 1141.302933][T24909] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3115'. [ 1142.154083][T24987] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3116'. [ 1143.170632][T24991] bridge2: entered promiscuous mode [ 1143.379158][T24737] chnl_net:caif_netlink_parms(): no params data found [ 1144.182309][T24737] bridge0: port 1(bridge_slave_0) entered blocking state [ 1144.207780][T24737] bridge0: port 1(bridge_slave_0) entered disabled state [ 1144.218511][T24737] bridge_slave_0: entered allmulticast mode [ 1144.227090][T24737] bridge_slave_0: entered promiscuous mode [ 1145.793491][ T6006] hsr_slave_0: left promiscuous mode [ 1145.966422][ T6006] hsr_slave_1: left promiscuous mode [ 1146.382755][ T5894] usb 1-1: new full-speed USB device number 63 using dummy_hcd [ 1146.546671][ T5894] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1146.557746][ T5894] usb 1-1: config 0 has no interfaces? [ 1146.576392][ T5894] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1146.600330][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1146.608619][ T5894] usb 1-1: Product: syz [ 1146.612979][ T5894] usb 1-1: Manufacturer: syz [ 1146.617690][ T5894] usb 1-1: SerialNumber: syz [ 1146.641838][ T5894] usb 1-1: config 0 descriptor?? [ 1146.988614][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 1146.988630][ T30] audit: type=1326 audit(2000000953.274:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25052 comm="syz.2.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf14b8e929 code=0x7fc00000 [ 1147.035996][T15505] smc: removing ib device sz1 [ 1147.059034][ T5831] usb 1-1: USB disconnect, device number 63 [ 1147.111795][T24737] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.127264][T24737] bridge0: port 2(bridge_slave_1) entered disabled state [ 1147.141612][T24737] bridge_slave_1: entered allmulticast mode [ 1147.160219][T24737] bridge_slave_1: entered promiscuous mode [ 1147.409841][T25129] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3125'. [ 1148.051993][T25151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3128'. [ 1148.222822][ T5908] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1148.687379][ T5908] usb 4-1: Using ep0 maxpacket: 8 [ 1148.695314][ T5908] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1148.740166][ T5908] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1148.750422][ T5908] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1148.776245][ T5908] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1148.830176][ T5908] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1148.942889][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.947219][T24737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1149.019254][ T5908] usb 4-1: Product: syz [ 1149.072820][ T5908] usb 4-1: Manufacturer: syz [ 1149.151249][ T5908] usb 4-1: SerialNumber: syz [ 1149.262119][T24737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1150.264022][T24737] team0: Port device team_slave_0 added [ 1150.297718][T24737] team0: Port device team_slave_1 added [ 1150.517266][T25263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3136'. [ 1150.550576][T24737] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1150.561956][T24737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.599296][T24737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1150.612001][T25275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3136'. [ 1150.662007][T24737] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1150.724233][ T5908] usb 4-1: 0:2 : does not exist [ 1150.815123][T24737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.848946][T24737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1151.400312][ T5908] usb 4-1: USB disconnect, device number 65 [ 1151.485496][T25281] bridge2: entered promiscuous mode [ 1151.597715][T25292] bridge3: entered promiscuous mode [ 1151.759151][T24737] hsr_slave_0: entered promiscuous mode [ 1151.773755][T24737] hsr_slave_1: entered promiscuous mode [ 1151.790762][T24737] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1151.818943][T24737] Cannot create hsr debugfs directory [ 1151.931855][T12854] Bluetooth: hci1: Dropping invalid advertising data [ 1151.939215][T12854] Bluetooth: hci1: Malformed LE Event: 0x02 [ 1153.713047][T25391] loop6: detected capacity change from 0 to 63 [ 1153.743310][T25391] buffer_io_error: 6 callbacks suppressed [ 1153.743329][T25391] Buffer I/O error on dev loop6, logical block 0, async page read [ 1153.758672][T25391] Buffer I/O error on dev loop6, logical block 0, async page read [ 1153.769257][T25391] loop6: unable to read partition table [ 1153.769553][T25398] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1153.793173][T25391] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1153.840243][T25398] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1153.958678][T25398] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1153.980528][T25398] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 1153.994468][T25413] bridge20: entered promiscuous mode [ 1154.012976][T25398] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 1154.021930][T25398] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 1154.031100][T25398] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 1154.662857][ T5908] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1154.855642][ T5908] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 1154.907873][ T5908] usb 4-1: config 0 has no interface number 0 [ 1154.954807][ T5908] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1155.358124][ T5908] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1155.368182][ T5908] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1155.386374][ T5908] usb 4-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1155.400691][ T5908] usb 4-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6 [ 1155.542573][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1155.563231][ T5908] usb 4-1: Product: syz [ 1155.568595][ T5908] usb 4-1: Manufacturer: syz [ 1155.703697][ T5908] usb 4-1: SerialNumber: syz [ 1155.713286][T25467] bridge21: entered promiscuous mode [ 1155.729027][ T5908] usb 4-1: config 0 descriptor?? [ 1155.790482][ T5908] xpad 4-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1155.809447][ T5908] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.237/input/input35 [ 1156.010475][T25400] netlink: 'syz.3.3150': attribute type 21 has an invalid length. [ 1156.068804][T25400] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3150'. [ 1156.082470][T25400] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 1156.286856][T24737] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1156.348953][T24737] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1156.399907][T24737] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1156.476858][T24737] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1156.610965][T25156] usb 4-1: USB disconnect, device number 66 [ 1156.619336][T25156] xpad 4-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1156.774836][T25526] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present [ 1156.861054][T24737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1156.910668][T24737] 8021q: adding VLAN 0 to HW filter on device team0 [ 1156.924249][T15505] bridge0: port 1(bridge_slave_0) entered blocking state [ 1156.931492][T15505] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1156.952510][T15505] bridge0: port 2(bridge_slave_1) entered blocking state [ 1156.959756][T15505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1156.990924][T25535] binder: 25527:25535 ioctl c018620c 200000000640 returned -22 [ 1157.475215][T25534] infiniband syz1: set active [ 1157.506957][T25534] infiniband syz1: added veth0_to_team [ 1157.615364][T24737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1157.712852][T25534] RDS/IB: syz1: added [ 1157.716973][T25534] smc: adding ib device syz1 with port count 1 [ 1157.757576][T25534] smc: ib device syz1 port 1 has pnetid [ 1159.591221][T24737] veth0_vlan: entered promiscuous mode [ 1159.670996][T24737] veth1_vlan: entered promiscuous mode [ 1159.804904][T24737] veth0_macvtap: entered promiscuous mode [ 1159.851971][T24737] veth1_macvtap: entered promiscuous mode [ 1159.920156][T24737] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1159.938377][T25592] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3168'. [ 1160.001825][T24737] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1160.048044][T24737] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1160.097321][T24737] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1160.125317][T24737] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1160.160142][T24737] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1160.479318][T15505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1160.516032][T15505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1160.660116][T21428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1160.720045][T21428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1161.149767][T25625] bridge3: entered promiscuous mode [ 1161.293279][T25624] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1161.843465][T25669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3171'. [ 1161.985792][T12854] Bluetooth: hci0: unexpected cc 0x080f length: 3 > 1 [ 1162.067022][T25675] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1162.494487][T25681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3174'. [ 1163.907411][T12854] Bluetooth: hci2: command 0x0405 tx timeout [ 1167.129407][T12854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1167.186064][T12854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1167.200461][T12854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1167.209251][T12854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1167.218283][T12854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1167.484867][T25727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3182'. [ 1167.606546][T25729] ubi: mtd0 is already attached to ubi31 [ 1168.003083][ T3607] usb 4-1: new full-speed USB device number 67 using dummy_hcd [ 1168.285180][T25713] chnl_net:caif_netlink_parms(): no params data found [ 1168.303770][ T3607] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 1168.343202][ T3607] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1168.393622][ T3607] usb 4-1: config 0 descriptor?? [ 1168.423323][ T3607] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 1168.657138][ T3607] gp8psk: usb in 128 operation failed. [ 1168.722455][T25713] bridge0: port 1(bridge_slave_0) entered blocking state [ 1168.750996][T25713] bridge0: port 1(bridge_slave_0) entered disabled state [ 1168.775419][T25713] bridge_slave_0: entered allmulticast mode [ 1168.809673][T25713] bridge_slave_0: entered promiscuous mode [ 1168.849901][T25713] bridge0: port 2(bridge_slave_1) entered blocking state [ 1168.877129][ T3607] gp8psk: FW Version = 107.255.166 (0x6bffa6) Build 2064/41/152 [ 1168.882766][T25713] bridge0: port 2(bridge_slave_1) entered disabled state [ 1168.924046][T25713] bridge_slave_1: entered allmulticast mode [ 1168.931671][T25713] bridge_slave_1: entered promiscuous mode [ 1169.076554][T25903] : entered promiscuous mode [ 1169.084878][ T3607] gp8psk: usb in 149 operation failed. [ 1169.090366][ T3607] gp8psk: failed to get FPGA version [ 1169.121195][ T3607] gp8psk: usb in 138 operation failed. [ 1169.142392][ T3607] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1169.163053][ T3607] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 1169.175713][ T3607] usb 4-1: USB disconnect, device number 67 [ 1169.233728][T25713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1169.266276][T25713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1169.333194][T12854] Bluetooth: hci4: command tx timeout [ 1169.510734][T25713] team0: Port device team_slave_0 added [ 1169.538517][T25713] team0: Port device team_slave_1 added [ 1169.634809][T25713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1169.672812][T25713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1169.776867][T25713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1169.904586][T25713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1169.911555][T25713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1169.937448][ C1] vkms_vblank_simulate: vblank timer overrun [ 1170.514964][T25713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1170.802037][T25713] hsr_slave_0: entered promiscuous mode [ 1170.842156][T25713] hsr_slave_1: entered promiscuous mode [ 1170.865675][T25713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1170.876975][T25713] Cannot create hsr debugfs directory [ 1170.946910][T26038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3193'. [ 1171.024902][ T3607] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 1171.207369][ T3607] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1171.235011][ T3607] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1171.246521][ T3607] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1171.267656][ T3607] usb 5-1: config 0 descriptor?? [ 1171.284150][ T3607] pwc: Askey VC010 type 2 USB webcam detected. [ 1171.354110][T26065] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1171.413671][T12854] Bluetooth: hci4: command tx timeout [ 1171.733449][ T3607] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1171.989667][ T3607] pwc: recv_control_msg error -32 req 02 val 2700 [ 1172.006147][ T3607] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1172.019099][ T3607] pwc: recv_control_msg error -32 req 04 val 1000 [ 1172.052818][ T3607] pwc: recv_control_msg error -32 req 04 val 1300 [ 1172.087669][ T3607] pwc: recv_control_msg error -32 req 04 val 1400 [ 1172.097103][ T3607] pwc: recv_control_msg error -32 req 02 val 2000 [ 1172.119832][ T3607] pwc: recv_control_msg error -32 req 02 val 2100 [ 1172.145575][ T3607] pwc: recv_control_msg error -32 req 04 val 1500 [ 1172.161792][T26140] ubi: mtd0 is already attached to ubi31 [ 1172.172588][ T3607] pwc: recv_control_msg error -32 req 02 val 2500 [ 1172.196906][ T3607] pwc: recv_control_msg error -32 req 02 val 2400 [ 1172.232364][ T3607] pwc: recv_control_msg error -32 req 02 val 2600 [ 1172.246966][ T3607] pwc: recv_control_msg error -32 req 02 val 2900 [ 1172.254668][ T3607] pwc: recv_control_msg error -32 req 02 val 2800 [ 1172.452947][T26153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3197'. [ 1172.799760][ T3607] pwc: Registered as video103. [ 1172.832940][ T3607] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input36 [ 1173.071054][ T5945] usb 5-1: USB disconnect, device number 46 [ 1173.548516][T12854] Bluetooth: hci4: command tx timeout [ 1174.210853][T26172] bridge2: entered promiscuous mode [ 1174.269238][T26194] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3204'. [ 1174.270950][T25713] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1174.427573][T25713] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1174.470023][T25713] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1174.559137][T25713] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1175.577572][T12854] Bluetooth: hci4: command tx timeout [ 1175.832783][T26226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3206'. [ 1175.952877][T26242] Bluetooth: MGMT ver 1.23 [ 1176.082390][T26226] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1176.094093][T26226] bond0: (slave bond2): Enslaving as an active interface with an up link [ 1176.245386][T25713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1176.375578][T25713] 8021q: adding VLAN 0 to HW filter on device team0 [ 1176.444254][ T1323] bridge0: port 1(bridge_slave_0) entered blocking state [ 1176.451455][ T1323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1176.853510][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state [ 1176.860735][ T1323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1177.196511][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.211939][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.764171][T26294] ubi: mtd0 is already attached to ubi31 [ 1178.040230][T25713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1178.140294][T26308] loop6: detected capacity change from 0 to 63 [ 1178.148658][T26308] Buffer I/O error on dev loop6, logical block 0, async page read [ 1178.157688][T26308] Buffer I/O error on dev loop6, logical block 0, async page read [ 1178.165810][T26308] Buffer I/O error on dev loop6, logical block 0, async page read [ 1178.174152][T26308] Buffer I/O error on dev loop6, logical block 0, async page read [ 1178.182991][T26308] Buffer I/O error on dev loop6, logical block 0, async page read [ 1178.193176][T26308] Buffer I/O error on dev loop6, logical block 0, async page read [ 1178.202267][T26310] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1178.210888][T26310] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1178.219596][T26310] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1178.228179][T26310] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 1178.239961][T26308] loop6: unable to read partition table [ 1178.246068][T26308] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1178.286753][T25713] veth0_vlan: entered promiscuous mode [ 1178.323744][T25713] veth1_vlan: entered promiscuous mode [ 1178.390909][T26312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3213'. [ 1178.436152][T25713] veth0_macvtap: entered promiscuous mode [ 1178.463393][T26312] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1178.481770][T25713] veth1_macvtap: entered promiscuous mode [ 1178.516216][T25713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1178.561833][T26317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3214'. [ 1178.579264][T25713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1178.648751][T26324] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3215'. [ 1178.657519][T25713] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.182411][T26324] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3215'. [ 1179.192990][T25713] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.266336][T25713] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.298111][T25713] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1180.468861][T26330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3217'. [ 1180.500561][T26330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3217'. [ 1181.094416][T13961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1181.102263][T13961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1181.275027][T22417] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1181.289673][T22417] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1181.460611][T26359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3220'. [ 1182.253266][T26363] FAULT_INJECTION: forcing a failure. [ 1182.253266][T26363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1182.310784][T26363] CPU: 1 UID: 0 PID: 26363 Comm: syz.2.3172 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1182.310811][T26363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1182.310822][T26363] Call Trace: [ 1182.310830][T26363] [ 1182.310840][T26363] dump_stack_lvl+0x189/0x250 [ 1182.310868][T26363] ? __pfx____ratelimit+0x10/0x10 [ 1182.310892][T26363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1182.310916][T26363] ? __pfx__printk+0x10/0x10 [ 1182.310934][T26363] ? __might_fault+0xb0/0x130 [ 1182.310965][T26363] should_fail_ex+0x414/0x560 [ 1182.310990][T26363] _copy_from_user+0x2d/0xb0 [ 1182.311014][T26363] ___sys_sendmsg+0x158/0x2a0 [ 1182.311037][T26363] ? __pfx____sys_sendmsg+0x10/0x10 [ 1182.311093][T26363] ? __fget_files+0x2a/0x420 [ 1182.311119][T26363] ? __fget_files+0x3a0/0x420 [ 1182.311154][T26363] __x64_sys_sendmsg+0x19b/0x260 [ 1182.311176][T26363] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1182.311205][T26363] ? __pfx_ksys_write+0x10/0x10 [ 1182.311230][T26363] ? do_syscall_64+0xbe/0x3b0 [ 1182.311256][T26363] do_syscall_64+0xfa/0x3b0 [ 1182.311276][T26363] ? lockdep_hardirqs_on+0x9c/0x150 [ 1182.311298][T26363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1182.311315][T26363] ? clear_bhb_loop+0x60/0xb0 [ 1182.311336][T26363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1182.311353][T26363] RIP: 0033:0x7f34f5f8e929 [ 1182.311369][T26363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1182.311384][T26363] RSP: 002b:00007f34f6d47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1182.311404][T26363] RAX: ffffffffffffffda RBX: 00007f34f61b5fa0 RCX: 00007f34f5f8e929 [ 1182.311417][T26363] RDX: 0000000020008840 RSI: 0000200000000000 RDI: 0000000000000003 [ 1182.311430][T26363] RBP: 00007f34f6d47090 R08: 0000000000000000 R09: 0000000000000000 [ 1182.311441][T26363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1182.311452][T26363] R13: 0000000000000000 R14: 00007f34f61b5fa0 R15: 00007ffdb95263e8 [ 1182.311481][T26363] [ 1183.332834][T14286] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1183.438186][T26378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'. [ 1183.518934][T14286] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 1183.552682][T14286] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1183.579062][T26371] ubi: mtd0 is already attached to ubi31 [ 1183.599267][T14286] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1183.631212][T14286] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1183.648096][T14286] usb 4-1: Manufacturer: syz [ 1183.667345][T14286] usb 4-1: config 0 descriptor?? [ 1183.835194][T14286] rc_core: IR keymap rc-hauppauge not found [ 1183.841132][T14286] Registered IR keymap rc-empty [ 1183.867743][T14286] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1183.903382][T14286] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input37 [ 1183.941291][ C0] igorplugusb 4-1:0.0: Error: urb status = -32 [ 1183.960006][T14286] usb 4-1: USB disconnect, device number 68 [ 1185.048571][T26420] loop6: detected capacity change from 0 to 63 [ 1185.060917][T26420] buffer_io_error: 3 callbacks suppressed [ 1185.060929][T26420] Buffer I/O error on dev loop6, logical block 0, async page read [ 1185.147495][T26420] Buffer I/O error on dev loop6, logical block 0, async page read [ 1185.168473][T26423] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1185.179357][T26423] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1185.188509][T26423] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1185.197697][T26423] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 1185.206305][T26423] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 1185.220484][T26423] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 1185.240088][T26420] loop6: unable to read partition table [ 1185.250407][T26420] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1185.253269][T26423] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 1185.368166][T26427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3233'. [ 1186.907354][T26451] bridge1: entered promiscuous mode [ 1187.329930][T26455] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1187.482631][T26503] ubi: mtd0 is already attached to ubi31 [ 1187.533597][T26488] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1187.611218][T26443] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3237'. [ 1187.626996][T26443] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3237'. [ 1188.336112][T26538] FAULT_INJECTION: forcing a failure. [ 1188.336112][T26538] name failslab, interval 1, probability 0, space 0, times 0 [ 1188.356723][T26538] CPU: 0 UID: 0 PID: 26538 Comm: syz.2.3247 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1188.356750][T26538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1188.356762][T26538] Call Trace: [ 1188.356770][T26538] [ 1188.356778][T26538] dump_stack_lvl+0x189/0x250 [ 1188.356805][T26538] ? __pfx____ratelimit+0x10/0x10 [ 1188.356828][T26538] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1188.356851][T26538] ? __pfx__printk+0x10/0x10 [ 1188.356875][T26538] ? ref_tracker_alloc+0x318/0x460 [ 1188.356898][T26538] should_fail_ex+0x414/0x560 [ 1188.356923][T26538] should_failslab+0xa8/0x100 [ 1188.356946][T26538] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1188.356965][T26538] ? skb_clone+0x212/0x3a0 [ 1188.356990][T26538] skb_clone+0x212/0x3a0 [ 1188.357013][T26538] __netlink_deliver_tap+0x404/0x850 [ 1188.357045][T26538] ? netlink_deliver_tap+0x2e/0x1b0 [ 1188.357065][T26538] netlink_deliver_tap+0x19c/0x1b0 [ 1188.357085][T26538] netlink_unicast+0x72f/0x8d0 [ 1188.357121][T26538] netlink_sendmsg+0x805/0xb30 [ 1188.357150][T26538] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1188.357177][T26538] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1188.357197][T26538] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1188.357217][T26538] __sock_sendmsg+0x219/0x270 [ 1188.357243][T26538] ____sys_sendmsg+0x505/0x830 [ 1188.357269][T26538] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1188.357298][T26538] ? import_iovec+0x74/0xa0 [ 1188.357326][T26538] ___sys_sendmsg+0x21f/0x2a0 [ 1188.357354][T26538] ? __pfx____sys_sendmsg+0x10/0x10 [ 1188.357412][T26538] ? __fget_files+0x2a/0x420 [ 1188.357432][T26538] ? __fget_files+0x3a0/0x420 [ 1188.357465][T26538] __x64_sys_sendmsg+0x19b/0x260 [ 1188.357488][T26538] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1188.357517][T26538] ? __pfx_ksys_write+0x10/0x10 [ 1188.357543][T26538] ? do_syscall_64+0xbe/0x3b0 [ 1188.357570][T26538] do_syscall_64+0xfa/0x3b0 [ 1188.357590][T26538] ? lockdep_hardirqs_on+0x9c/0x150 [ 1188.357612][T26538] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1188.357629][T26538] ? clear_bhb_loop+0x60/0xb0 [ 1188.357650][T26538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1188.357666][T26538] RIP: 0033:0x7f34f5f8e929 [ 1188.357683][T26538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1188.357698][T26538] RSP: 002b:00007f34f6d47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1188.357717][T26538] RAX: ffffffffffffffda RBX: 00007f34f61b5fa0 RCX: 00007f34f5f8e929 [ 1188.357730][T26538] RDX: 2c77edc509ee2fa8 RSI: 0000200000000680 RDI: 0000000000000003 [ 1188.357743][T26538] RBP: 00007f34f6d47090 R08: 0000000000000000 R09: 0000000000000000 [ 1188.357754][T26538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1188.357765][T26538] R13: 0000000000000000 R14: 00007f34f61b5fa0 R15: 00007ffdb95263e8 [ 1188.357795][T26538] [ 1188.357831][T26538] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3247'. [ 1188.782943][ T5945] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1188.942685][ T5945] usb 5-1: Using ep0 maxpacket: 8 [ 1188.953738][ T5945] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1188.963105][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1188.975063][ T5945] usb 5-1: Product: syz [ 1188.984255][ T5945] usb 5-1: Manufacturer: syz [ 1188.999762][ T5945] usb 5-1: SerialNumber: syz [ 1189.015719][ T5945] usb 5-1: config 0 descriptor?? [ 1189.138643][T26543] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1189.165395][T26543] CIFS mount error: No usable UNC path provided in device string! [ 1189.165395][T26543] [ 1189.176076][T26543] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1189.464365][ T5908] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1189.473528][ T5945] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1189.531040][ T5945] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1189.570755][ T5945] usb 5-1: USB disconnect, device number 47 [ 1189.652659][ T5908] usb 2-1: Using ep0 maxpacket: 16 [ 1189.666459][T26586] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3249'. [ 1189.695318][ T5908] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1189.732921][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1189.771267][ T5908] usb 2-1: Product: syz [ 1189.796658][ T5908] usb 2-1: Manufacturer: syz [ 1189.816760][ T5908] usb 2-1: SerialNumber: syz [ 1189.842875][ T5908] usb 2-1: config 0 descriptor?? [ 1190.118513][T26543] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 1190.125451][T26543] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1190.134773][T26543] vhci_hcd vhci_hcd.0: Device attached [ 1190.289874][T26595] : entered promiscuous mode [ 1190.382715][ T5894] vhci_hcd: vhci_device speed not set [ 1190.544758][ T5894] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 1191.547410][T26593] vhci_hcd: connection reset by peer [ 1191.693018][ T5908] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 1191.740513][T22924] vhci_hcd: stop threads [ 1191.743595][ T5908] usb 2-1: clie_3_5_startup: get config number failed: -71 [ 1191.772895][ T5908] visor 2-1:0.0: probe with driver visor failed with error -71 [ 1191.788649][T22924] vhci_hcd: release socket [ 1191.808788][ T5908] usb 2-1: USB disconnect, device number 68 [ 1191.819850][T22924] vhci_hcd: disconnect device [ 1192.159985][T26618] ubi: mtd0 is already attached to ubi31 [ 1194.616104][T12854] Bluetooth: hci0: command 0x0406 tx timeout [ 1196.046720][ T5894] vhci_hcd: vhci_device speed not set [ 1198.397086][T26694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3273'. [ 1199.072830][T13113] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1199.272809][T13113] usb 5-1: Using ep0 maxpacket: 16 [ 1199.308833][T13113] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1199.309105][T13113] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 1199.309203][T13113] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.538494][T13113] usb 5-1: config 0 descriptor?? [ 1199.552683][T13113] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input38 [ 1200.206672][T13113] bcm5974 5-1:0.0: could not read from device [ 1200.345045][ T5178] bcm5974 5-1:0.0: could not read from device [ 1200.363707][T13113] input: failed to attach handler mousedev to device input38, error: -5 [ 1200.378017][T13113] usb 5-1: USB disconnect, device number 48 [ 1200.955204][T26757] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3284'. [ 1201.819369][ T5908] usb 4-1: new full-speed USB device number 69 using dummy_hcd [ 1202.114301][ T5908] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1202.121907][ T5908] usb 4-1: can't read configurations, error -61 [ 1202.822512][ T5908] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 1203.248348][T26784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3290'. [ 1203.352282][T26786] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3291'. [ 1203.447979][ T5908] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1203.671254][ T5908] usb 4-1: can't read configurations, error -61 [ 1203.700122][ T5908] usb usb4-port1: attempt power cycle [ 1203.814704][T26786] bridge2: entered promiscuous mode [ 1204.772213][ T5908] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 1204.961613][T26801] openvswitch: : Dropping previously announced user features [ 1205.450076][ T5908] usb 4-1: device descriptor read/8, error -71 [ 1208.917248][T26843] trusted_key: encrypted_key: master key parameter '' is invalid [ 1210.132075][T23799] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1210.347722][T23799] usb 2-1: Using ep0 maxpacket: 16 [ 1210.394330][T23799] usb 2-1: config 1 interface 0 altsetting 221 bulk endpoint 0x1 has invalid maxpacket 8 [ 1210.495631][T23799] usb 2-1: config 1 interface 0 altsetting 221 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1210.516729][T23799] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1210.529055][T23799] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1210.540542][T23799] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1210.549993][T23799] usb 2-1: Product: 篻䢏餋ペ誽ꪴ窃ᾆ몪荲ᬯ戠疩ꊘ限猗믋航᠂Ά㜢૔᯼쑦≅祽㋁ឹ৙㖷␔ৢ主춑省৐㾯༿큁뗿휃筿ᴳ忾奤녓ཪ┇䇣㙯茭뢄ᵣ㉭冄ꋞ궂䚕⟿񾲈Ḋ龡吪䫃敞檢잛绌㱀훍ො푍鿷轵芊涅퍌䌕 [ 1210.582265][T23799] usb 2-1: Manufacturer: ⠊ [ 1210.587047][T23799] usb 2-1: SerialNumber: 䫍꤀缐轪ᄊ說䴐弃댶햒ꀌ嶘䴾壾괔ﬤ癡苇䇁䬁㨎滇ᴘ윕⮥ਨ˄긪挅즉縼꽽됤翖⯴절䃑㋓ㅭ簆茿퓊 [ 1210.641359][T26854] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1210.650771][T26854] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1211.302394][T23799] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 69 if 0 alt 221 proto 1 vid 0x0525 pid 0xA4A8 [ 1211.435717][T23799] usb 2-1: USB disconnect, device number 69 [ 1211.908574][T26892] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1211.946818][T26892] openvswitch: netlink: Actions may not be safe on all matching packets [ 1211.974559][T26892] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1211.983362][T26892] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1211.992134][T26892] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1212.000826][T26892] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1212.508683][T23799] usblp0: removed [ 1215.202109][T23799] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1215.735929][T23799] usb 4-1: Using ep0 maxpacket: 32 [ 1215.847040][T23799] usb 4-1: config 0 has no interfaces? [ 1215.891880][T23799] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1215.911620][T23799] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1215.919689][T23799] usb 4-1: Product: syz [ 1215.930850][T23799] usb 4-1: Manufacturer: syz [ 1215.935664][T23799] usb 4-1: SerialNumber: syz [ 1216.085287][T26931] dlm: no local IP address has been set [ 1216.091698][T26931] dlm: cannot start dlm midcomms -107 [ 1216.098728][T23799] usb 4-1: config 0 descriptor?? [ 1216.820540][T23799] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 1216.864782][T23799] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1218.922246][T17777] usb 4-1: USB disconnect, device number 73 [ 1219.074123][T26958] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3330'. [ 1219.600268][T26975] bridge5: entered promiscuous mode [ 1220.926803][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 1221.385388][T27003] ------------[ cut here ]------------ [ 1221.392125][T27003] WARNING: CPU: 1 PID: 27003 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 1221.402244][T27003] Modules linked in: [ 1221.406560][T27003] CPU: 1 UID: 0 PID: 27003 Comm: syz.4.3337 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1221.418670][T27003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1221.428767][T27003] RIP: 0010:folio_memcg+0x1a8/0x310 [ 1221.434021][T27003] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 1221.453655][T27003] RSP: 0018:ffffc9000ca37250 EFLAGS: 00010283 [ 1221.459708][T27003] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000 [ 1221.467737][T27003] RDX: ffffc9000eac1000 RSI: 000000000001f3a6 RDI: 000000000001f3a7 [ 1221.475790][T27003] RBP: 0000000000000000 R08: ffffea0001f507c7 R09: 1ffffd40003ea0f8 [ 1221.483986][T27003] R10: dffffc0000000000 R11: fffff940003ea0f9 R12: ffffea0001f507f0 [ 1221.492958][T27003] R13: dffffc0000000000 R14: ffff888034674f00 R15: 0000000000000002 [ 1221.500954][T27003] FS: 00007f1765fe36c0(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000 [ 1221.510273][T27003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1221.516889][T27003] CR2: 0000000000000000 CR3: 0000000034a6c000 CR4: 00000000003526f0 [ 1221.524888][T27003] Call Trace: [ 1221.528155][T27003] [ 1221.531073][T27003] workingset_activation+0x5f/0x4a0 [ 1221.536355][T27003] ? folio_mark_accessed+0x341/0x4a0 [ 1221.541669][T27003] folio_mark_accessed+0x3b5/0x4a0 [ 1221.546798][T27003] kvm_release_page_clean+0x9a/0xe0 [ 1221.552073][T27003] kvm_tdp_page_fault+0x2dd/0x370 [ 1221.557126][T27003] kvm_mmu_do_page_fault+0x2c5/0x640 [ 1221.562481][T27003] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 1221.568319][T27003] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 1221.573940][T27003] kvm_mmu_page_fault+0x22f/0xb70 [ 1221.578992][T27003] ? __pfx_handle_ept_violation+0x10/0x10 [ 1221.584855][T27003] vmx_handle_exit+0x1093/0x18a0 [ 1221.589816][T27003] ? vcpu_run+0x361c/0x6f70 [ 1221.595129][T27003] ? preempt_schedule_thunk+0x16/0x30 [ 1221.600528][T27003] vcpu_run+0x432e/0x6f70 [ 1221.605407][T27003] ? vcpu_run+0x361c/0x6f70 [ 1221.609973][T27003] ? __pfx_vcpu_run+0x10/0x10 [ 1221.614717][T27003] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1221.620434][T27003] ? rcu_is_watching+0x15/0xb0 [ 1221.625223][T27003] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 1221.630758][T27003] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1221.636713][T27003] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1221.642453][T27003] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 1221.648421][T27003] ? rcu_is_watching+0x15/0xb0 [ 1221.653222][T27003] ? __mutex_lock+0xa6d/0xe80 [ 1221.657890][T27003] ? __lock_acquire+0xab9/0xd20 [ 1221.662764][T27003] kvm_vcpu_ioctl+0x95c/0xe90 [ 1221.667434][T27003] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1221.672656][T27003] ? __lock_acquire+0xab9/0xd20 [ 1221.677501][T27003] ? __asan_memset+0x22/0x50 [ 1221.682239][T27003] ? smack_file_ioctl+0x302/0x340 [ 1221.687254][T27003] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1221.692658][T27003] ? __fget_files+0x2a/0x420 [ 1221.697649][T27003] ? __fget_files+0x3a0/0x420 [ 1221.702639][T27003] ? __fget_files+0x2a/0x420 [ 1221.707227][T27003] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1221.712193][T27003] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1221.717404][T27003] __se_sys_ioctl+0xfc/0x170 [ 1221.722037][T27003] do_syscall_64+0xfa/0x3b0 [ 1221.726532][T27003] ? lockdep_hardirqs_on+0x9c/0x150 [ 1221.731785][T27003] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1221.737855][T27003] ? clear_bhb_loop+0x60/0xb0 [ 1221.742550][T27003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1221.748431][T27003] RIP: 0033:0x7f176518e929 [ 1221.752860][T27003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1221.772505][T27003] RSP: 002b:00007f1765fe3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1221.780906][T27003] RAX: ffffffffffffffda RBX: 00007f17653b6080 RCX: 00007f176518e929 [ 1221.788892][T27003] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b [ 1221.797331][T27003] RBP: 00007f1765210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1221.805595][T27003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1221.813620][T27003] R13: 0000000000000000 R14: 00007f17653b6080 R15: 00007ffcfafa1038 [ 1221.821964][T27003] [ 1221.824983][T27003] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1221.832245][T27003] CPU: 1 UID: 0 PID: 27003 Comm: syz.4.3337 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1221.844284][T27003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1221.854329][T27003] Call Trace: [ 1221.857603][T27003] [ 1221.860521][T27003] dump_stack_lvl+0x99/0x250 [ 1221.865099][T27003] ? __asan_memcpy+0x40/0x70 [ 1221.869680][T27003] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1221.874872][T27003] ? __pfx__printk+0x10/0x10 [ 1221.879450][T27003] panic+0x2db/0x790 [ 1221.883338][T27003] ? __pfx_panic+0x10/0x10 [ 1221.887753][T27003] __warn+0x31b/0x4b0 [ 1221.891720][T27003] ? folio_memcg+0x1a8/0x310 [ 1221.896297][T27003] ? folio_memcg+0x1a8/0x310 [ 1221.900884][T27003] report_bug+0x2be/0x4f0 [ 1221.905208][T27003] ? folio_memcg+0x1a8/0x310 [ 1221.909792][T27003] ? folio_memcg+0x1a8/0x310 [ 1221.914382][T27003] ? folio_memcg+0x1aa/0x310 [ 1221.918967][T27003] handle_bug+0x84/0x160 [ 1221.923198][T27003] exc_invalid_op+0x1a/0x50 [ 1221.927689][T27003] asm_exc_invalid_op+0x1a/0x20 [ 1221.932538][T27003] RIP: 0010:folio_memcg+0x1a8/0x310 [ 1221.937764][T27003] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 1221.957383][T27003] RSP: 0018:ffffc9000ca37250 EFLAGS: 00010283 [ 1221.963443][T27003] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000 [ 1221.971409][T27003] RDX: ffffc9000eac1000 RSI: 000000000001f3a6 RDI: 000000000001f3a7 [ 1221.979371][T27003] RBP: 0000000000000000 R08: ffffea0001f507c7 R09: 1ffffd40003ea0f8 [ 1221.987342][T27003] R10: dffffc0000000000 R11: fffff940003ea0f9 R12: ffffea0001f507f0 [ 1221.995309][T27003] R13: dffffc0000000000 R14: ffff888034674f00 R15: 0000000000000002 [ 1222.003278][T27003] ? folio_memcg+0x1a7/0x310 [ 1222.007875][T27003] workingset_activation+0x5f/0x4a0 [ 1222.013068][T27003] ? folio_mark_accessed+0x341/0x4a0 [ 1222.018356][T27003] folio_mark_accessed+0x3b5/0x4a0 [ 1222.023465][T27003] kvm_release_page_clean+0x9a/0xe0 [ 1222.028658][T27003] kvm_tdp_page_fault+0x2dd/0x370 [ 1222.033681][T27003] kvm_mmu_do_page_fault+0x2c5/0x640 [ 1222.038959][T27003] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 1222.044766][T27003] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 1222.050307][T27003] kvm_mmu_page_fault+0x22f/0xb70 [ 1222.055334][T27003] ? __pfx_handle_ept_violation+0x10/0x10 [ 1222.061048][T27003] vmx_handle_exit+0x1093/0x18a0 [ 1222.065986][T27003] ? vcpu_run+0x361c/0x6f70 [ 1222.070483][T27003] ? preempt_schedule_thunk+0x16/0x30 [ 1222.075851][T27003] vcpu_run+0x432e/0x6f70 [ 1222.080182][T27003] ? vcpu_run+0x361c/0x6f70 [ 1222.084709][T27003] ? __pfx_vcpu_run+0x10/0x10 [ 1222.089378][T27003] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1222.095092][T27003] ? rcu_is_watching+0x15/0xb0 [ 1222.099850][T27003] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 1222.105390][T27003] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1222.111286][T27003] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1222.117007][T27003] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 1222.122978][T27003] ? rcu_is_watching+0x15/0xb0 [ 1222.127754][T27003] ? __mutex_lock+0xa6d/0xe80 [ 1222.132430][T27003] ? __lock_acquire+0xab9/0xd20 [ 1222.137293][T27003] kvm_vcpu_ioctl+0x95c/0xe90 [ 1222.141963][T27003] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1222.147151][T27003] ? __lock_acquire+0xab9/0xd20 [ 1222.151993][T27003] ? __asan_memset+0x22/0x50 [ 1222.156571][T27003] ? smack_file_ioctl+0x302/0x340 [ 1222.161587][T27003] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1222.166953][T27003] ? __fget_files+0x2a/0x420 [ 1222.171533][T27003] ? __fget_files+0x3a0/0x420 [ 1222.176200][T27003] ? __fget_files+0x2a/0x420 [ 1222.180782][T27003] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1222.185712][T27003] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1222.190904][T27003] __se_sys_ioctl+0xfc/0x170 [ 1222.195484][T27003] do_syscall_64+0xfa/0x3b0 [ 1222.199978][T27003] ? lockdep_hardirqs_on+0x9c/0x150 [ 1222.205168][T27003] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.211227][T27003] ? clear_bhb_loop+0x60/0xb0 [ 1222.215906][T27003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.221785][T27003] RIP: 0033:0x7f176518e929 [ 1222.226188][T27003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1222.245786][T27003] RSP: 002b:00007f1765fe3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1222.254190][T27003] RAX: ffffffffffffffda RBX: 00007f17653b6080 RCX: 00007f176518e929 [ 1222.262149][T27003] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b [ 1222.270104][T27003] RBP: 00007f1765210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1222.278060][T27003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1222.286020][T27003] R13: 0000000000000000 R14: 00007f17653b6080 R15: 00007ffcfafa1038 [ 1222.293994][T27003] [ 1222.297232][T27003] Kernel Offset: disabled [ 1222.301546][T27003] Rebooting in 86400 seconds..