last executing test programs: 17.93311497s ago: executing program 4 (id=4312): openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x14) request_key(&(0x7f00000001c0)='trusted\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000380)='#\xd8.([\x00', 0xfffffffffffffffe) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, 0x0, 0x0) 16.015215246s ago: executing program 4 (id=4316): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, r3}]) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) memfd_create(0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3, 0x0, 0x0, 0x4000000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 12.946371546s ago: executing program 4 (id=4322): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x39) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)={0x14, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0xc845) read$alg(r4, &(0x7f0000002dc0)=""/4096, 0x1000) 12.637366137s ago: executing program 3 (id=4323): syz_open_dev$sndmidi(0x0, 0x2, 0x141102) futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x84, 0x2, "078d"}, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000500)={0x40, 0x1, 0x2, "3aec"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000540)=ANY=[@ANYBLOB="4005bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000340)={0x40, 0x1, 0x2, "cd62"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10.12062279s ago: executing program 2 (id=4329): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x11) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) r1 = getpid() process_vm_readv(r1, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000001100)=ANY=[@ANYBLOB="6b0000000000000002004e2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000600000002004e210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e21ac14142100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e226401010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e2364010100"/699], 0x390) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f00000000c0)={'wg1\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001640)=ANY=[@ANYBLOB='D\n\x00\x00', @ANYRES16=r7, @ANYBLOB="05002abd7000fddbdf2501000000060006004e240000fc0908802804008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0004098070000080060001000a00000014000200fe80000000000000000000000000000a0500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000a00000014000200fe8000000000000000000000000000aa0500030003000000a0000080060001000a0000001400020000000000000000000000ffff640101010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030002000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fc00000000000000000000000000000105000300020000000600010002000000080002000a0101020500030001000000d0000080060001000200000008000200ac1e01010500030000000000060001000a00000014000200000000000000000000000000000000000500030000000000060001000200000008000200ac1414bb0500030006000000060001000a00000014000200fe8000000000000000000000000000420500030001000000060001000a00000014000200fc02000000000000000000000000000105000300020000000600010002000000080002007f0000010500030002000000060001000200000008000200000000000500030002000000ac000080060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fc00000000000000000000000000000005000300020000000600010002000000080002000a01010105000300000000000600010002000000080002007f0000010500030001000000060001000200000008000200e00000010500030001000000060001000a0000001400020020010000000000000000000000000001050003000200000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030002000000060001000200000008000200ac1414aa05000300000000000c010080060001000200000008000200000000000500030001000000060001000a00000014000200fe8000000000000000000000000000410500030003000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000200fc0100000000000000000000000000010500030000000000060001000a00000014000200fc0200000000000000000000000000000500030003000000060001000200000008000200ac1414aa0500030003000000060001000a00000014000200fc0200000000000000000000000000010500030001000000060001000a00000014000200fe80000000000000000000000000002b050003000200000040000080080003000000000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b392208000300030000008c00008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c24000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b392208000a000100000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e22000000000000000000000000040500807002098094000080060001000a00000014000200000000000000000000000000000000000500030002000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e000000105000300020000000600010002000000080002007f0000010500030002000000060001000a000000140002000000000000000000000000000000000105000300010000004c000080060001000200000008000200ac1414bb0500030002000000060001000200000008000200640100fe0500030001000000060001000200000008000200ac1414bb0500030002000000e8000080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300020000000600010002000000080002006401010005000300020000000600010002000000080002007f00000105000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200fe8000000000000000000000000000bb0500030002000000060001000200000008000200e00000010500030003000000060001000a00000014000200200100000000000000000000000000020500030001000000880000800600010002000000080002000000000005000300000000000600010002000000080002006401010205000300000000000600010002000000080002007f0000010500030003000000060001000a00000014000200200100000000000000000000000000000500030001000000060001000200000008000200ac14142d05000300010000001c000080060001000200000008000200ffffffff0500030003000000080003000200000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39221c02098058000080060001000200000008000200000000000500030003000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe880000000000000000000000000101050003000100000040000080060001000200000008000200ac1e00010500030001000000060001000a0000001400020000000000000000000000ffff0a010102050003000300000000010080060001000200000008000200ac1e00010500030000000000060001000a00000014000200fe8800000000000000000000000000010500030003000000060001000200000008000200000000000500030002000000060001000200000008000200ffffffff0500030000000000060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000a00000014000200200100000000000000000000000000010500030003000000060001000200000008000200e000000105000300000000000600010002000000080002007f00000105000300020000000600010002000000080002000a010100050003000000000064000080060001000200000008000200ac1414aa0500030000000000060001000a00000014000200fe8000000000000000000000000000aa0500030000000000060001000a000000140002002001000000000000000000000000000205000300010000001c000080060001000200000008000200ac141416050003000100000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e08000100", @ANYRES32=r8, @ANYBLOB="240003"], 0xa44}, 0x1, 0x0, 0x0, 0x4000}, 0x40) r9 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_IPV6_RTHDR(r9, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) connect$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x5}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) 9.088899113s ago: executing program 0 (id=4330): syz_open_dev$video(&(0x7f0000000000), 0x9, 0x40400) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000000)={0x38, r5, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x4}]}]}]}, 0x38}}, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000004b80)) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0xfffffffc, @private2={0xfc, 0x2, '\x00', 0x41}, 0x8}], 0x1c) statfs(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000140)=""/98) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}], 0x10) recvmsg$can_raw(0xffffffffffffffff, &(0x7f00000004c0)={0xfffffffffffffffd, 0x0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/62, 0x3e}], 0x1, &(0x7f00000003c0)=""/243, 0xf3}, 0x2003) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) mount(&(0x7f0000000180)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='romfs\x00', 0x208090, 0x0) 7.699433786s ago: executing program 2 (id=4333): r0 = getgid() lsetxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000010000000000000002000100d2b527e6838ee71f5ecfb1dc", @ANYRES32=0x0, @ANYBLOB="040004000000000008", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="1000"], 0x3c, 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x2c}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x305) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x0) fsopen(0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x9}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) connect$can_j1939(r3, &(0x7f0000000140), 0x18) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r4, &(0x7f0000000040)=""/148, 0xffffff96) 7.230909973s ago: executing program 1 (id=4334): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000300)=""/51, 0x0, 0xd000}) socket$packet(0x11, 0x3, 0x300) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x100000001, 0x40000) ioctl$VIDIOC_QUERYCAP(r4, 0x80685600, &(0x7f0000000380)) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000340)) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f00000001c0)=0x304008000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0xd0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) 7.059246004s ago: executing program 3 (id=4335): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x14) request_key(&(0x7f00000001c0)='trusted\x00', 0x0, &(0x7f0000000380)='#\xd8.([\x00', 0xfffffffffffffffe) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000002000000000005000000"], 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x0) connect$inet(r4, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r7, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB="00020000203f0000140012800b00010067726574617004000400028008000a00", @ANYRES32, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40488c5}, 0x40000) socket$inet_smc(0x2b, 0x1, 0x0) r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r9, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {}, {0x0, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 7.012237675s ago: executing program 0 (id=4336): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) r0 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) io_uring_enter(r0, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 6.968596371s ago: executing program 4 (id=4337): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 5.798299823s ago: executing program 1 (id=4338): socket$nl_route(0x10, 0x3, 0x0) fchmodat(0xffffffffffffff9c, 0x0, 0x20) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45fd629100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db220100002600000000000080622e"], 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r1}, 0x38) 5.736674924s ago: executing program 0 (id=4339): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair(0x9, 0x6, 0x7, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmmsg$inet(r4, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)}, {&(0x7f0000000200)}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f00000002c0)}}], 0x2, 0x4048841) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) 5.280704933s ago: executing program 4 (id=4340): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)=""/133, 0x85}], 0x1, 0x6, 0x2e58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)=0x6) read$dsp(r3, &(0x7f00000011c0)=""/4117, 0x200021d5) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=r4, @ANYRES8=r5, @ANYRES64=r1], 0x1c}}, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_pidfd_open(r6, 0x0) ioctl$EXT4_IOC_MIGRATE(r7, 0xff09) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) r8 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r8, 0x119, 0x1, &(0x7f0000000040)=0x8, 0x4) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r9) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="6e87ca31cc915bb854000000000000", @ANYRES16=r10, @ANYBLOB="010025bd7000ffdbdf25170000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000d00000008000b00f2ffffff06001600000000000500120001000000"], 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x80) setsockopt$kcm_KCM_RECV_DISABLE(r8, 0x119, 0x1, &(0x7f0000000000)=0x9, 0x4) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x4, 0x6, 0x80, 0x42}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000080), 0x619, r11}, 0x38) 4.791700783s ago: executing program 3 (id=4341): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000000c0)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x3}) io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, 0x50) r9 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10c}}, 0x40) keyctl$read(0xb, r9, 0x0, 0x0) syz_fuse_handle_req(r7, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) write$FUSE_CREATE_OPEN(r10, 0x0, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x10000, 0x0, 0xcb6}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x3a, 0x1c, 0x65, 0x0, 0x7, 0x1, 0x0, @remote, @local}, "884a66c6d153b786"}}}}, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x2, 0x80, 0x6, 0x0, 0x8}) add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000003c0)={'fscrypt:', @desc1}, &(0x7f0000000500)={0x0, "9ac67699685a384f2b9a42d156dba03146c22981302ce8f5b7b51ecb7a1f990dbd3bfe00b48769bdef7a815a42ddc860b0312c03039e6be3c49654801ecfd06f", 0x30}, 0x48, r9) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 4.308615022s ago: executing program 0 (id=4342): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x8090}, 0x4040000) 4.30704575s ago: executing program 2 (id=4343): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair(0x9, 0x6, 0x7, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r4, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)}, {&(0x7f0000000200)}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f00000002c0)}}], 0x2, 0x4048841) 4.280666475s ago: executing program 1 (id=4344): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = add_key$keyring(&(0x7f0000001180), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix_mp={0x7ff, 0xb, 0x38415262, 0x9, 0x1, [{0x8, 0x1}, {0x200, 0x7f}, {0xffffffff, 0x6}, {0x80, 0x8}, {0x5, 0xa}, {0xb6f, 0x8}, {0x6, 0x2}, {0xc, 0x1}], 0x9, 0xfc, 0x3, 0x1, 0x7}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='fscache_acquire\x00', r2, 0x0, 0x1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_submit(0x0, 0x0, 0x0) readahead(0xffffffffffffffff, 0x1de, 0x6) r6 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r6, 0xffffffffffffffff, r6, 0x0) getsockopt$sock_buf(r1, 0x1, 0x19, &(0x7f0000002f80)=""/217, &(0x7f0000003080)=0xd9) keyctl$describe(0x6, r0, &(0x7f0000001200)=""/14, 0xe) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x8000, '\x00', @string=&(0x7f00000000c0)}}) 3.062444224s ago: executing program 0 (id=4345): syz_io_uring_setup(0x10d4, &(0x7f00000003c0)={0x0, 0x7734, 0x80, 0x0, 0x377}, &(0x7f00000000c0), &(0x7f0000000080)) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) epoll_create(0x10001) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x0, 0x77c8, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x9, 0x0, 0x2, 0x7}, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xbb1, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x23}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x6}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x6}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x80}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x2}, {0x7, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x7}, {0x18, 0x6, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.900907276s ago: executing program 2 (id=4346): syz_open_dev$video(&(0x7f0000000000), 0x9, 0x40400) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000000)={0x38, r5, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x4}]}]}]}, 0x38}}, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000004b80)) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0xfffffffc, @private2={0xfc, 0x2, '\x00', 0x41}, 0x8}], 0x1c) statfs(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000140)=""/98) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}], 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}], 0x10) recvmsg$can_raw(0xffffffffffffffff, &(0x7f00000004c0)={0xfffffffffffffffd, 0x0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/62, 0x3e}], 0x1, &(0x7f00000003c0)=""/243, 0xf3}, 0x2003) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) mount(&(0x7f0000000180)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='romfs\x00', 0x208090, 0x0) 2.870725804s ago: executing program 4 (id=4347): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x39) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)={0x50, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xd100}, {0x6, 0x11, 0x800}, {0x8, 0x15, 0x71}}]}, 0x50}, 0x1, 0x0, 0x0, 0x48000}, 0xc845) read$alg(r4, 0x0, 0x0) 2.125425676s ago: executing program 1 (id=4348): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1b, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @rand_addr, {[@timestamp={0x44, 0x1c, 0xff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@multicast2}, {@empty}, {@broadcast, 0x10001}, {@multicast1}, {@private}]}, @rr={0x7, 0xf, 0xfe, [@remote, @empty, @multicast1]}]}}}}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='2'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd_index=0x1}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.95714199s ago: executing program 3 (id=4349): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x20040000}) io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 1.853562036s ago: executing program 3 (id=4350): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.801206063s ago: executing program 1 (id=4351): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0xa721) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x300122ae5827e69e, 0x0, '\x00', @p_u32=0x0}}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) close_range(r4, r4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x18, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) mlock2(&(0x7f0000549000/0x1000)=nil, 0x1000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000280), 0x208e24b) ioctl$FS_IOC_SETFLAGS(r5, 0xc0189436, &(0x7f0000000140)) 1.726338219s ago: executing program 2 (id=4352): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc0100000000000000000000000000000000000004"], 0xfc}}, 0x0) listen(r1, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x640100fd, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0x0, 0x0, 0x7ff}}}}}}, 0x0) 1.648435664s ago: executing program 0 (id=4353): r0 = getgid() lsetxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000010000000000000002000100d2b527e6838ee71f5ecfb1dc", @ANYRES32=0x0, @ANYBLOB="040004000000000008", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r0, @ANYBLOB="1000"], 0x3c, 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x2c}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0) fsopen(0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x9}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) connect$can_j1939(r4, &(0x7f0000000140), 0x18) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r5, &(0x7f0000000040)=""/148, 0xffffff96) 1.600806008s ago: executing program 3 (id=4354): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000300)=""/51, 0x0, 0xd000}) socket$packet(0x11, 0x3, 0x300) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x100000001, 0x40000) ioctl$VIDIOC_QUERYCAP(r4, 0x80685600, &(0x7f0000000380)) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000340)) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f00000001c0)=0x304008000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0xd0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) 632.562635ms ago: executing program 2 (id=4355): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r4, 0x0, 0x0, 0x20004041, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) pread64(r5, &(0x7f0000000200)=""/174, 0xae, 0x3b11) 0s ago: executing program 1 (id=4356): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair(0x9, 0x6, 0x7, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r4, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)}, {&(0x7f0000000200)}, {0x0}, {&(0x7f0000000140)}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f00000002c0)}}], 0x2, 0x4048841) kernel console output (not intermixed with test programs): 5-1: unable to read config index 0 descriptor/start: -71 [ 1240.919093][ T5884] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1240.931728][T10288] usb 5-1: can't read configurations, error -71 [ 1240.938782][ T5884] ath9k_htc: Failed to initialize the device [ 1240.945869][T17424] usb 1-1: ath9k_htc: USB layer deinitialized [ 1240.957571][ T5868] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 1240.991034][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.009175][ T5868] usb 3-1: Product: syz [ 1241.014899][ T5868] usb 3-1: Manufacturer: syz [ 1241.019837][ T5868] usb 3-1: SerialNumber: syz [ 1241.039721][ T5868] usb 3-1: config 0 descriptor?? [ 1241.049679][ T5868] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 1241.148583][ T30] audit: type=1800 audit(1751322967.896:470): pid=19035 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.3579" name="bus" dev="overlay" ino=781 res=0 errno=0 [ 1241.849940][T17424] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 1243.222415][T17424] usb 3-1: USB disconnect, device number 90 [ 1243.458239][T19065] tipc: Enabling of bearer rejected, failed to enable media [ 1243.639434][T19075] hub 8-0:1.0: USB hub found [ 1243.659990][T19075] hub 8-0:1.0: 1 port detected [ 1243.762377][T17424] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1243.931010][ T5868] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1244.292994][T17424] usb 5-1: Using ep0 maxpacket: 32 [ 1244.304714][ T30] audit: type=1800 audit(1751322970.656:471): pid=19081 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3592" name="bus" dev="overlay" ino=454 res=0 errno=0 [ 1244.666940][T17424] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1244.682931][T17424] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1244.690638][T17424] usb 5-1: can't read configurations, error -71 [ 1244.914538][ T5868] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1245.069953][ T5868] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1245.109793][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1245.124445][ T5868] usb 2-1: Product: syz [ 1245.128658][ T5868] usb 2-1: Manufacturer: syz [ 1245.158654][ T5868] usb 2-1: SerialNumber: syz [ 1245.506213][ T5868] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 86 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1246.039461][ T43] usb 2-1: USB disconnect, device number 86 [ 1246.116878][ T43] usblp0: removed [ 1246.887312][T19107] syz.2.3599: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1246.971125][T19107] CPU: 0 UID: 0 PID: 19107 Comm: syz.2.3599 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1246.971155][T19107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1246.971166][T19107] Call Trace: [ 1246.971172][T19107] [ 1246.971177][T19107] dump_stack_lvl+0x16c/0x1f0 [ 1246.971197][T19107] warn_alloc+0x248/0x3a0 [ 1246.971214][T19107] ? __pfx_warn_alloc+0x10/0x10 [ 1246.971227][T19107] ? __pfx_stack_trace_save+0x10/0x10 [ 1246.971244][T19107] ? stack_depot_save_flags+0x28/0xa40 [ 1246.971264][T19107] ? kasan_save_stack+0x42/0x60 [ 1246.971277][T19107] ? kasan_save_stack+0x33/0x60 [ 1246.971290][T19107] ? kasan_save_track+0x14/0x30 [ 1246.971304][T19107] ? xskq_create+0x52/0x1d0 [ 1246.971316][T19107] ? xsk_setsockopt+0x640/0x840 [ 1246.971327][T19107] ? do_sock_setsockopt+0x221/0x470 [ 1246.971345][T19107] ? xskq_create+0xfb/0x1d0 [ 1246.971359][T19107] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 1246.971376][T19107] ? xskq_create+0xfb/0x1d0 [ 1246.971392][T19107] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1246.971408][T19107] ? xskq_create+0xfb/0x1d0 [ 1246.971421][T19107] vmalloc_user_noprof+0x9e/0xe0 [ 1246.971432][T19107] ? xskq_create+0xfb/0x1d0 [ 1246.971446][T19107] xskq_create+0xfb/0x1d0 [ 1246.971461][T19107] xsk_setsockopt+0x640/0x840 [ 1246.971476][T19107] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1246.971489][T19107] ? __lock_acquire+0x622/0x1c90 [ 1246.971508][T19107] ? selinux_socket_setsockopt+0x6a/0x80 [ 1246.971525][T19107] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1246.971537][T19107] do_sock_setsockopt+0x221/0x470 [ 1246.971554][T19107] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1246.971579][T19107] __sys_setsockopt+0x1a0/0x230 [ 1246.971601][T19107] __x64_sys_setsockopt+0xbd/0x160 [ 1246.971620][T19107] ? do_syscall_64+0x91/0x4c0 [ 1246.971643][T19107] ? lockdep_hardirqs_on+0x7c/0x110 [ 1246.971664][T19107] do_syscall_64+0xcd/0x4c0 [ 1246.971689][T19107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1246.971707][T19107] RIP: 0033:0x7fbbd0b8e929 [ 1246.971722][T19107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1246.971739][T19107] RSP: 002b:00007fbbd1984038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1246.971765][T19107] RAX: ffffffffffffffda RBX: 00007fbbd0db5fa0 RCX: 00007fbbd0b8e929 [ 1246.971778][T19107] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 1246.971790][T19107] RBP: 00007fbbd0c10b39 R08: 0000000000000004 R09: 0000000000000000 [ 1246.971802][T19107] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1246.971815][T19107] R13: 0000000000000000 R14: 00007fbbd0db5fa0 R15: 00007ffde7c6cd38 [ 1246.971841][T19107] [ 1247.235339][T19107] Mem-Info: [ 1247.239289][T19107] active_anon:12873 inactive_anon:0 isolated_anon:0 [ 1247.239289][T19107] active_file:19758 inactive_file:41561 isolated_file:0 [ 1247.239289][T19107] unevictable:768 dirty:291 writeback:0 [ 1247.239289][T19107] slab_reclaimable:11670 slab_unreclaimable:101392 [ 1247.239289][T19107] mapped:35711 shmem:6944 pagetables:1231 [ 1247.239289][T19107] sec_pagetables:0 bounce:0 [ 1247.239289][T19107] kernel_misc_reclaimable:0 [ 1247.239289][T19107] free:1295527 free_pcp:11393 free_cma:0 [ 1247.291139][T19107] Node 0 active_anon:51492kB inactive_anon:0kB active_file:79032kB inactive_file:166040kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142844kB dirty:1164kB writeback:0kB shmem:26240kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12056kB pagetables:4800kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1247.325735][T19107] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1247.361750][T19107] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1247.504911][T19107] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 1247.521231][T19107] Node 0 DMA32 free:1248816kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:63564kB inactive_anon:0kB active_file:79032kB inactive_file:164716kB unevictable:1536kB writepending:1164kB present:3129332kB managed:2540584kB mlocked:0kB bounce:0kB free_pcp:30708kB local_pcp:11012kB free_cma:0kB [ 1248.098849][T19107] lowmem_reserve[]: 0 0 1 1 1 [ 1248.111158][T19107] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB [ 1248.202198][T19107] lowmem_reserve[]: 0 0 0 0 0 [ 1248.296258][T19107] Node 1 Normal free:3902124kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18924kB local_pcp:9848kB free_cma:0kB [ 1248.311320][T19121] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3603'. [ 1248.675965][T19107] lowmem_reserve[]: 0 0 0 0 0 [ 1248.681580][T19107] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1248.702104][T19123] delete_channel: no stack [ 1248.706683][T19107] Node 0 DMA32: 1440*4kB (UM) 626*8kB (UME) 788*16kB (UME) 777*32kB (UME) 373*64kB (UME) 150*128kB (UME) 82*256kB (ME) 29*512kB (ME) 41*1024kB (UM) 13*2048kB (UME) 257*4096kB (UM) = 1248432kB [ 1249.562833][ T30] audit: type=1800 audit(1751322975.546:472): pid=19127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3604" name="bus" dev="overlay" ino=520 res=0 errno=0 [ 1250.538228][T19107] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1250.550187][T19107] Node 1 Normal: 195*4kB (UE) 52*8kB (UME) 40*16kB (UME) 80*32kB (UME) 16*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3902124kB [ 1250.578091][T19107] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1250.591782][T19107] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1250.602867][T19107] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1250.614889][T19107] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1250.619321][ T30] audit: type=1326 audit(1751322976.426:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19129 comm="syz.1.3606" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c0058e929 code=0x0 [ 1250.631754][T19107] 65538 total pagecache pages [ 1250.652308][T19107] 0 pages in swap cache [ 1250.656452][T19107] Free swap = 124996kB [ 1250.661116][T19107] Total swap = 124996kB [ 1250.782030][T19107] 2097051 pages RAM [ 1250.791223][T19107] 0 pages HighMem/MovableOnly [ 1250.802927][T19107] 429927 pages reserved [ 1250.814966][T19107] 0 pages cma reserved [ 1250.973983][T10288] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1251.642608][T10288] usb 5-1: Using ep0 maxpacket: 32 [ 1251.649647][T10288] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1251.658940][T10288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1251.694488][T10288] usb 5-1: language id specifier not provided by device, defaulting to English [ 1251.714326][T10288] usb 5-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 1251.725846][T10288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.744920][T10288] usb 5-1: Product: syz [ 1251.749131][T10288] usb 5-1: Manufacturer: syz [ 1251.751769][T17424] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1251.762362][T10288] usb 5-1: SerialNumber: syz [ 1251.780701][T10288] usb 5-1: config 0 descriptor?? [ 1251.921921][T17424] usb 3-1: Using ep0 maxpacket: 8 [ 1251.934157][T17424] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1251.947854][T17424] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1251.957209][T17424] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.971648][T17424] usb 3-1: Product: syz [ 1251.977316][T17424] usb 3-1: Manufacturer: syz [ 1251.986364][T17424] usb 3-1: SerialNumber: syz [ 1252.002454][T17424] usb 3-1: config 0 descriptor?? [ 1252.008564][T10288] usb 5-1: USB disconnect, device number 93 [ 1252.009881][T17424] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1252.884781][T19170] netlink: 'syz.4.3614': attribute type 1 has an invalid length. [ 1253.485276][ T5868] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1253.754931][ T5868] usb 4-1: config index 0 descriptor too short (expected 65183, got 72) [ 1253.801068][ T5868] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1253.817732][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1253.828897][ T5868] usb 4-1: Product: syz [ 1253.836364][ T5868] usb 4-1: Manufacturer: syz [ 1253.841391][ T5868] usb 4-1: SerialNumber: syz [ 1253.859949][ T5868] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1253.877424][T17607] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1254.186455][ T30] audit: type=1800 audit(1751322980.946:474): pid=19184 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3619" name="bus" dev="overlay" ino=549 res=0 errno=0 [ 1254.208111][ C1] vkms_vblank_simulate: vblank timer overrun [ 1255.033204][T17607] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1255.053075][T17607] ath9k_htc: Failed to initialize the device [ 1255.063136][T19168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1255.078502][T19168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1255.082824][T17607] usb 4-1: ath9k_htc: USB layer deinitialized [ 1255.142038][T19168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1255.166949][T19168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1255.218144][T19168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1255.239310][T19168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1255.430822][ T5883] usb 4-1: USB disconnect, device number 82 [ 1255.821932][ T5883] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1256.051692][ T5883] usb 4-1: Using ep0 maxpacket: 32 [ 1256.061132][ T5883] usb 4-1: config index 0 descriptor too short (expected 241, got 72) [ 1256.072421][ T5883] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 1256.098607][ T5883] usb 4-1: config 0 interface 0 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5 [ 1256.198746][ T5883] usb 4-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da [ 1256.238990][ T30] audit: type=1400 audit(1751322982.996:475): avc: denied { write } for pid=19199 comm="syz.0.3623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 1256.258306][ C1] vkms_vblank_simulate: vblank timer overrun [ 1256.266539][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1256.294251][ T5883] usb 4-1: config 0 descriptor?? [ 1256.303526][ T5883] mos7840 4-1:0.0: missing endpoints [ 1256.398601][T17424] gspca_zc3xx: reg_r err -32 [ 1256.403424][T17424] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -32 [ 1256.425991][T17424] usb 3-1: USB disconnect, device number 91 [ 1256.524265][ T5883] usb 4-1: USB disconnect, device number 83 [ 1260.942025][T17424] IPVS: starting estimator thread 0... [ 1261.071822][T19245] IPVS: using max 38 ests per chain, 91200 per kthread [ 1261.591715][T10288] usb 2-1: new full-speed USB device number 87 using dummy_hcd [ 1261.637816][T19252] netlink: 'syz.4.3632': attribute type 1 has an invalid length. [ 1261.783865][T10288] usb 2-1: config 0 has an invalid interface number: 176 but max is 2 [ 1261.822649][T10288] usb 2-1: config 0 has an invalid interface number: 36 but max is 2 [ 1261.864942][ T5883] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1261.901842][T10288] usb 2-1: config 0 has no interface number 0 [ 1261.908853][T10288] usb 2-1: config 0 has no interface number 1 [ 1261.928866][T10288] usb 2-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1261.959133][T10288] usb 2-1: config 0 interface 36 has no altsetting 0 [ 1261.993446][T10288] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1262.002811][T10288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1262.038030][T10288] usb 2-1: config 0 descriptor?? [ 1262.071690][ T5883] usb 4-1: Using ep0 maxpacket: 32 [ 1262.081854][ T5883] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1262.120017][ T5883] usb 4-1: config 0 has no interface number 0 [ 1262.189040][ T5883] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1262.318691][ T5883] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1262.387716][ T5883] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3 [ 1262.472515][ T5883] usb 4-1: Product: syz [ 1262.507826][ T5883] usb 4-1: Manufacturer: syz [ 1262.522860][T10288] qcserial 2-1:0.2: Qualcomm USB modem converter detected [ 1262.561319][ T5883] usb 4-1: SerialNumber: syz [ 1262.683824][ T5883] usb 4-1: config 0 descriptor?? [ 1263.153305][ T5883] smsc75xx v1.0.0 [ 1263.821749][ T5883] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1264.372272][ T5883] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1264.740689][ T5883] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1265.327005][ T5883] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 1265.336878][ T5883] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 1265.347175][ T5883] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 1265.356872][ T5883] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32 [ 1265.795843][T17424] usb 4-1: USB disconnect, device number 84 [ 1265.943645][T17607] usb 2-1: USB disconnect, device number 87 [ 1265.951508][T17607] qcserial 2-1:0.2: device disconnected [ 1267.461683][ T5883] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 1268.204198][ T5883] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1268.241381][ T5883] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1268.273959][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1268.319258][ T5883] usb 1-1: Product: syz [ 1268.340840][ T5883] usb 1-1: Manufacturer: syz [ 1268.371129][ T5883] usb 1-1: SerialNumber: syz [ 1268.865675][ T5883] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 93 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1269.042855][ T30] audit: type=1400 audit(1751322995.806:476): avc: denied { read write } for pid=19323 comm="syz.0.3653" name="lp0" dev="devtmpfs" ino=3784 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 1269.186473][T19343] fuse: Bad value for 'fd' [ 1269.869912][T19344] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 1269.881713][ T30] audit: type=1400 audit(1751322995.806:477): avc: denied { open } for pid=19323 comm="syz.0.3653" path="/dev/usb/lp0" dev="devtmpfs" ino=3784 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 1269.971175][ T43] usb 1-1: USB disconnect, device number 93 [ 1269.997914][ T43] usblp0: removed [ 1271.396243][T19375] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3666'. [ 1272.222669][T19388] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1272.601723][T19393] hub 8-0:1.0: USB hub found [ 1272.629255][T19393] hub 8-0:1.0: 1 port detected [ 1273.362859][T19390] netlink: 'syz.2.3663': attribute type 1 has an invalid length. [ 1273.416500][T19397] fuse: Unknown parameter 'group_id00000000000000000000' [ 1273.791489][T19404] fuse: Invalid rootmode [ 1274.962641][T17607] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1275.140669][T19419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3678'. [ 1275.248823][T17607] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1275.442215][T17607] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1275.451520][T17607] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1275.473539][T17607] usb 5-1: Product: syz [ 1275.486398][T17607] usb 5-1: Manufacturer: syz [ 1275.491030][T17607] usb 5-1: SerialNumber: syz [ 1276.308209][T17607] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 94 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1276.320758][T19430] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1276.423078][ T43] usb 5-1: USB disconnect, device number 94 [ 1276.484082][T19436] fuse: Unknown parameter 'group_id00000000000000000000' [ 1276.500763][ T43] usblp0: removed [ 1276.625427][T19429] team0: No ports can be present during mode change [ 1276.637910][T19429] netlink: 'syz.3.3682': attribute type 10 has an invalid length. [ 1276.664556][T19429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1276.688768][T19433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3682'. [ 1276.699331][T19429] team0: Port device bond0 added [ 1276.811739][T10288] usb 2-1: new full-speed USB device number 88 using dummy_hcd [ 1276.957795][T19444] fuse: Invalid rootmode [ 1277.636469][T19453] netlink: 5364 bytes leftover after parsing attributes in process `syz.4.3686'. [ 1277.647701][T10288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1277.668978][T10288] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1277.691663][T10288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1277.710043][T10288] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1277.728223][T10288] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1277.784085][T10288] usb 2-1: Product: syz [ 1277.820431][T10288] usb 2-1: Manufacturer: syz [ 1277.834161][T10288] usb 2-1: SerialNumber: syz [ 1277.882983][T10288] usb 2-1: config 0 descriptor?? [ 1277.889597][T19439] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1277.899216][T19439] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1277.928197][T19433] team0 (unregistering): Port device team_slave_0 removed [ 1277.936508][T10288] usb 2-1: ucan: probing device on interface #0 [ 1277.963800][T19433] team0 (unregistering): Port device team_slave_1 removed [ 1277.990876][T19433] team0 (unregistering): Port device bond0 removed [ 1278.275022][T19467] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3690'. [ 1278.375792][T10288] usb 2-1: ucan: device reported invalid tx-fifo size [ 1278.382776][T10288] usb 2-1: ucan: probe failed; try to update the device firmware [ 1279.105038][T19477] overlayfs: missing 'lowerdir' [ 1279.570174][T17607] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1280.030493][T19481] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1280.052053][T17607] usb 5-1: Using ep0 maxpacket: 32 [ 1280.083918][T17607] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1280.106147][T17607] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 256, setting to 64 [ 1280.107315][ T5883] usb 2-1: USB disconnect, device number 88 [ 1280.253194][T17607] usb 5-1: language id specifier not provided by device, defaulting to English [ 1280.289054][T17607] usb 5-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe [ 1281.156865][T17607] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1281.165031][T17607] usb 5-1: Product: syz [ 1281.169208][T17607] usb 5-1: Manufacturer: ⮢즑芀㻪䃓吡⋬纘猝ퟃ䷽芙廟잆朰諞紳ࣜ뻇喎ዮ垊リ齭燘邰Ꮠ䘜遧땗䢿⹨쀙쳳븼㧤镆綵䱡᛽ [ 1281.185641][T17607] usb 5-1: SerialNumber: syz [ 1281.195102][T17607] usb 5-1: config 0 descriptor?? [ 1281.250536][T19487] fuse: Unknown parameter 'group_id00000000000000000000' [ 1281.365581][T19494] ptrace attach of "./syz-executor exec"[16445] was attempted by ""[19494] [ 1281.642217][T17607] usbtouchscreen 5-1:0.0: probe with driver usbtouchscreen failed with error -71 [ 1281.921903][T17607] usb 5-1: USB disconnect, device number 95 [ 1282.343334][T17424] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 1282.629023][T17424] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1282.719664][T17424] usb 1-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1282.777990][T17607] usb 2-1: new full-speed USB device number 89 using dummy_hcd [ 1282.807556][T17424] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1283.016978][T17607] usb 2-1: config 0 has an invalid interface number: 176 but max is 2 [ 1283.412959][T17424] usb 1-1: config 0 descriptor?? [ 1283.457011][T17607] usb 2-1: config 0 has an invalid interface number: 36 but max is 2 [ 1283.479753][T17607] usb 2-1: config 0 has no interface number 0 [ 1283.519131][T17607] usb 2-1: config 0 has no interface number 1 [ 1283.890991][ T30] audit: type=1400 audit(1751323010.306:478): avc: denied { read write } for pid=19512 comm="syz.4.3705" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1284.002630][T17607] usb 2-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1284.025917][T17607] usb 2-1: config 0 interface 36 has no altsetting 0 [ 1284.187104][T17607] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1284.214070][ T30] audit: type=1400 audit(1751323010.306:479): avc: denied { open } for pid=19512 comm="syz.4.3705" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1284.335321][T19527] syz0: rxe_newlink: already configured on lo [ 1284.801583][T19530] overlayfs: missing 'lowerdir' [ 1285.022638][T17607] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1285.045803][T17607] usb 2-1: config 0 descriptor?? [ 1285.051364][ T30] audit: type=1400 audit(1751323010.316:480): avc: denied { map } for pid=19512 comm="syz.4.3705" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1286.008108][T17424] usbhid 1-1:0.0: can't add hid device: -71 [ 1286.050570][T17424] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1286.180897][T19537] syz.3.3709: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1286.195779][T19537] CPU: 0 UID: 0 PID: 19537 Comm: syz.3.3709 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1286.195806][T19537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1286.195818][T19537] Call Trace: [ 1286.195825][T19537] [ 1286.195833][T19537] dump_stack_lvl+0x16c/0x1f0 [ 1286.195871][T19537] warn_alloc+0x248/0x3a0 [ 1286.195897][T19537] ? __pfx_warn_alloc+0x10/0x10 [ 1286.195920][T19537] ? __pfx_stack_trace_save+0x10/0x10 [ 1286.195947][T19537] ? stack_depot_save_flags+0x28/0xa40 [ 1286.195972][T19537] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 1286.196002][T19537] ? kasan_save_stack+0x42/0x60 [ 1286.196024][T19537] ? kasan_save_stack+0x33/0x60 [ 1286.196044][T19537] ? kasan_save_track+0x14/0x30 [ 1286.196068][T19537] ? xskq_create+0x52/0x1d0 [ 1286.196090][T19537] ? xsk_setsockopt+0x640/0x840 [ 1286.196110][T19537] ? do_sock_setsockopt+0x221/0x470 [ 1286.196143][T19537] ? xskq_create+0xfb/0x1d0 [ 1286.196167][T19537] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 1286.196197][T19537] ? xskq_create+0xfb/0x1d0 [ 1286.196227][T19537] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1286.196256][T19537] ? xskq_create+0xfb/0x1d0 [ 1286.196280][T19537] vmalloc_user_noprof+0x9e/0xe0 [ 1286.196301][T19537] ? xskq_create+0xfb/0x1d0 [ 1286.196325][T19537] xskq_create+0xfb/0x1d0 [ 1286.196351][T19537] xsk_setsockopt+0x640/0x840 [ 1286.196374][T19537] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1286.196393][T19537] ? __lock_acquire+0x622/0x1c90 [ 1286.196428][T19537] ? selinux_socket_setsockopt+0x6a/0x80 [ 1286.196453][T19537] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1286.196475][T19537] do_sock_setsockopt+0x221/0x470 [ 1286.196505][T19537] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1286.196551][T19537] __sys_setsockopt+0x1a0/0x230 [ 1286.196581][T19537] __x64_sys_setsockopt+0xbd/0x160 [ 1286.196605][T19537] ? do_syscall_64+0x91/0x4c0 [ 1286.196647][T19537] ? lockdep_hardirqs_on+0x7c/0x110 [ 1286.196676][T19537] do_syscall_64+0xcd/0x4c0 [ 1286.196707][T19537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.196728][T19537] RIP: 0033:0x7f7fbbf8e929 [ 1286.196745][T19537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1286.196764][T19537] RSP: 002b:00007f7fbce6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1286.196784][T19537] RAX: ffffffffffffffda RBX: 00007f7fbc1b6080 RCX: 00007f7fbbf8e929 [ 1286.196797][T19537] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 1286.196808][T19537] RBP: 00007f7fbc010b39 R08: 0000000000000004 R09: 0000000000000000 [ 1286.196819][T19537] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1286.196830][T19537] R13: 0000000000000000 R14: 00007f7fbc1b6080 R15: 00007ffdee0e7ff8 [ 1286.196856][T19537] [ 1286.196892][T19537] Mem-Info: [ 1286.470043][T19537] active_anon:6967 inactive_anon:0 isolated_anon:0 [ 1286.470043][T19537] active_file:19822 inactive_file:42538 isolated_file:0 [ 1286.470043][T19537] unevictable:768 dirty:1172 writeback:75 [ 1286.470043][T19537] slab_reclaimable:11663 slab_unreclaimable:101451 [ 1286.470043][T19537] mapped:31045 shmem:1366 pagetables:1212 [ 1286.470043][T19537] sec_pagetables:0 bounce:0 [ 1286.470043][T19537] kernel_misc_reclaimable:0 [ 1286.470043][T19537] free:1295957 free_pcp:15884 free_cma:0 [ 1286.515752][T19537] Node 0 active_anon:27900kB inactive_anon:0kB active_file:79288kB inactive_file:169960kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124232kB dirty:4728kB writeback:300kB shmem:3852kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11724kB pagetables:4684kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1286.549478][T19537] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1286.581162][T19537] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1286.610213][T19537] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 1286.616279][T19537] Node 0 DMA32 free:1266336kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27872kB inactive_anon:0kB active_file:79288kB inactive_file:168636kB unevictable:1536kB writepending:5028kB present:3129332kB managed:2540584kB mlocked:0kB bounce:0kB free_pcp:44552kB local_pcp:15336kB free_cma:0kB [ 1286.648751][T19537] lowmem_reserve[]: 0 0 1 1 1 [ 1286.653696][T19537] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB [ 1286.683121][T19537] lowmem_reserve[]: 0 0 0 0 0 [ 1286.687966][T19537] Node 1 Normal free:3902124kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18956kB local_pcp:9880kB free_cma:0kB [ 1286.719372][T19537] lowmem_reserve[]: 0 0 0 0 0 [ 1286.724590][T19537] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1286.737784][T19537] Node 0 DMA32: 558*4kB (UME) 369*8kB (UME) 1264*16kB (UME) 1187*32kB (UME) 574*64kB (UME) 171*128kB (UME) 86*256kB (UME) 36*512kB (UME) 42*1024kB (UM) 10*2048kB (UME) 254*4096kB (UM) = 1266336kB [ 1286.757836][T19537] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1286.770351][T19537] Node 1 Normal: 195*4kB (UE) 52*8kB (UME) 40*16kB (UME) 80*32kB (UME) 16*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3902124kB [ 1286.789024][T19537] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1286.798653][T19537] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1286.808005][T19537] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1286.817706][T19537] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1286.827120][T19537] 63711 total pagecache pages [ 1286.831858][T19537] 0 pages in swap cache [ 1286.836022][T19537] Free swap = 124996kB [ 1286.840184][T19537] Total swap = 124996kB [ 1286.844384][T19537] 2097051 pages RAM [ 1286.848208][T19537] 0 pages HighMem/MovableOnly [ 1286.852908][T19537] 429927 pages reserved [ 1286.857116][T19537] 0 pages cma reserved [ 1287.290070][T17607] usb 2-1: Could not set interface, error -71 [ 1287.326148][T17424] usb 1-1: USB disconnect, device number 94 [ 1287.349855][T17607] usb 2-1: USB disconnect, device number 89 [ 1287.585265][T19549] random: crng reseeded on system resumption [ 1288.541797][T17424] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 1288.998673][T17424] usb 1-1: Using ep0 maxpacket: 32 [ 1289.006186][T17424] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1289.137790][T17424] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 1289.202089][T17424] usb 1-1: can't read configurations, error -71 [ 1289.665306][T19562] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3716'. [ 1290.739157][T17424] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1290.911793][T17424] usb 3-1: Using ep0 maxpacket: 8 [ 1291.109891][ T5819] IPVS: starting estimator thread 0... [ 1291.125066][T17424] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1291.145044][T17424] usb 3-1: config 10 has an invalid interface number: 81 but max is 0 [ 1291.227313][T19580] syz.0.3721: attempt to access beyond end of device [ 1291.227313][T19580] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1291.271843][T19576] IPVS: using max 45 ests per chain, 108000 per kthread [ 1291.540957][T17424] usb 3-1: config 10 has no interface number 0 [ 1291.595777][T17424] usb 3-1: config 10 interface 81 has no altsetting 0 [ 1291.605682][T17424] usb 3-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 1291.777677][T17424] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1291.861691][T17424] usb 3-1: Product: syz [ 1291.865896][T17424] usb 3-1: Manufacturer: syz [ 1291.870504][T17424] usb 3-1: SerialNumber: syz [ 1292.613300][T19593] overlayfs: missing 'lowerdir' [ 1293.220152][T17424] ums-jumpshot 3-1:10.81: USB Mass Storage device detected [ 1293.237026][T17424] ums-jumpshot 3-1:10.81: Quirks match for vid 05dc pid 0001: 2 [ 1293.295878][T17424] usb 3-1: USB disconnect, device number 92 [ 1293.426355][T19604] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1293.542205][ T43] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1293.886346][T19609] fuse: Bad value for 'user_id' [ 1293.891356][T19609] fuse: Bad value for 'user_id' [ 1293.903989][ T43] usb 5-1: Using ep0 maxpacket: 8 [ 1293.920998][ T43] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1294.008145][ T43] usb 5-1: config 10 has an invalid interface number: 81 but max is 0 [ 1294.151238][ T43] usb 5-1: config 10 has no interface number 0 [ 1294.263251][ T43] usb 5-1: config 10 interface 81 has no altsetting 0 [ 1294.369036][ T43] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 1294.396668][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1295.364869][ T43] usb 5-1: Product: syz [ 1295.374971][ T43] usb 5-1: Manufacturer: syz [ 1295.379614][ T43] usb 5-1: SerialNumber: syz [ 1295.658732][ T43] ums-jumpshot 5-1:10.81: USB Mass Storage device detected [ 1295.713064][ T43] ums-jumpshot 5-1:10.81: Quirks match for vid 05dc pid 0001: 2 [ 1295.804327][ T43] usb 5-1: USB disconnect, device number 96 [ 1296.381703][ T43] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1296.611688][T17424] usb 1-1: new full-speed USB device number 97 using dummy_hcd [ 1296.656883][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 1296.791693][T17424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1296.809730][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1296.831756][ T43] usb 4-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 1296.840954][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1296.848000][T17424] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1296.865220][ T43] usb 4-1: config 0 descriptor?? [ 1297.352035][T17424] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1297.367740][ T43] hso 4-1:0.0: Can't find BULK IN endpoint [ 1297.386177][T17424] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1297.399597][T17424] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.415583][T17424] usb 1-1: Product: syz [ 1297.419791][T17424] usb 1-1: Manufacturer: syz [ 1297.428436][T17424] usb 1-1: SerialNumber: syz [ 1297.442454][T17424] usb 1-1: config 0 descriptor?? [ 1297.448065][T19629] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1297.455886][T19629] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1297.468854][T17424] usb 1-1: ucan: probing device on interface #0 [ 1297.667655][T19646] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1297.681773][T17607] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1297.709177][T19646] kvm: pic: single mode not supported [ 1297.709228][T19646] kvm: pic: non byte read [ 1297.721243][T19646] kvm: pic: level sensitive irq not supported [ 1297.721382][T19646] kvm: pic: non byte read [ 1297.732913][T19646] kvm: pic: level sensitive irq not supported [ 1297.733013][T19646] kvm: pic: non byte read [ 1297.744417][T19646] kvm: pic: level sensitive irq not supported [ 1297.744596][T19646] kvm: pic: non byte read [ 1297.869032][T19652] fuse: Bad value for 'fd' [ 1297.890906][T17424] usb 1-1: ucan: device reported invalid tx-fifo size [ 1297.899243][T17607] usb 3-1: config index 0 descriptor too short (expected 65183, got 72) [ 1297.920494][T17424] usb 1-1: ucan: probe failed; try to update the device firmware [ 1297.930996][T17607] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1297.940244][T17607] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.961139][T17607] usb 3-1: Product: syz [ 1297.969081][T17607] usb 3-1: Manufacturer: syz [ 1297.980070][T17607] usb 3-1: SerialNumber: syz [ 1297.999856][T17607] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1298.015479][T17424] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1298.824997][T19644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1298.879240][T17607] usb 4-1: USB disconnect, device number 85 [ 1299.077616][T19644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1299.109652][T17424] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1299.215048][T17424] ath9k_htc: Failed to initialize the device [ 1299.226104][T10288] usb 1-1: USB disconnect, device number 97 [ 1299.304666][T19644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1299.322274][T19644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1299.623087][T17424] usb 3-1: ath9k_htc: USB layer deinitialized [ 1299.692863][T19644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1299.713364][T19644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1299.748844][T17424] usb 3-1: USB disconnect, device number 93 [ 1299.874459][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1303.026185][T19692] fuse: Bad value for 'fd' [ 1303.271808][ T5819] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1303.511692][ T5819] usb 3-1: Using ep0 maxpacket: 16 [ 1303.720604][T17424] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1303.969387][ T5819] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1303.981671][ T5819] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1304.001662][ T5819] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1304.029261][ T5819] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1304.046364][ T5819] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1304.054738][ T5819] usb 3-1: Product: syz [ 1304.058921][ T5819] usb 3-1: Manufacturer: syz [ 1304.063729][ T5819] usb 3-1: SerialNumber: syz [ 1304.121673][T17424] usb 4-1: Using ep0 maxpacket: 8 [ 1304.128583][T17424] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1304.138682][T17424] usb 4-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 1304.148133][T17424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1304.171462][T17424] usb 4-1: config 0 descriptor?? [ 1304.194869][T17424] hso 4-1:0.0: Can't find BULK IN endpoint [ 1304.292998][T10288] usb 1-1: new full-speed USB device number 98 using dummy_hcd [ 1304.453136][T10288] usb 1-1: config 0 has an invalid interface number: 176 but max is 2 [ 1304.461398][T10288] usb 1-1: config 0 has no interface number 1 [ 1304.469465][T10288] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1304.479913][T10288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1304.487029][ T5819] usb 3-1: 0:2 : does not exist [ 1304.493973][T10288] usb 1-1: config 0 descriptor?? [ 1304.704375][T10288] qcserial 1-1:0.2: Qualcomm USB modem converter detected [ 1304.811705][T17424] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1304.973733][T17424] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1305.002455][T17424] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1305.011899][T17424] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1305.020058][T17424] usb 5-1: Product: syz [ 1305.024459][T17424] usb 5-1: Manufacturer: syz [ 1305.029152][T17424] usb 5-1: SerialNumber: syz [ 1305.253908][T17424] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 97 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1305.625903][T17424] usb 5-1: USB disconnect, device number 97 [ 1305.697618][T19730] syz.1.3763: attempt to access beyond end of device [ 1305.697618][T19730] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1305.756328][T17424] usblp0: removed [ 1306.099574][ T5868] usb 4-1: USB disconnect, device number 86 [ 1306.194285][ T5819] usb 3-1: 1:0: cannot get min/max values for control 6 (id 1) [ 1306.371081][ T5819] usb 3-1: USB disconnect, device number 94 [ 1306.435953][T19708] udevd[19708]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1306.696227][ T30] audit: type=1400 audit(1751323033.446:481): avc: denied { read } for pid=19733 comm="syz.1.3765" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1306.730914][ T30] audit: type=1400 audit(1751323033.446:482): avc: denied { open } for pid=19733 comm="syz.1.3765" path="/184/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1306.822764][T19748] syz.4.3768: attempt to access beyond end of device [ 1306.822764][T19748] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1307.228114][T19746] block device autoloading is deprecated and will be removed. [ 1307.255769][ T5819] usb 1-1: USB disconnect, device number 98 [ 1307.268203][ T5819] qcserial 1-1:0.2: device disconnected [ 1307.791685][ T5819] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 1308.281734][ T5819] usb 1-1: Using ep0 maxpacket: 16 [ 1308.452325][ T5819] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 1308.460650][ T5819] usb 1-1: config 1 has no interface number 0 [ 1308.470991][ T5819] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1308.515349][ T5819] usb 1-1: config 1 interface 105 has no altsetting 0 [ 1308.542268][ T5819] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1308.652096][ T5819] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1308.660133][ T5819] usb 1-1: Product: syz [ 1308.678729][ T5819] usb 1-1: Manufacturer: syz [ 1308.687183][ T5819] usb 1-1: SerialNumber: syz [ 1308.772441][T19757] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1309.621998][ T5868] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1309.971385][ T5819] aqc111 1-1:1.105: probe with driver aqc111 failed with error -22 [ 1309.997737][T19781] tipc: Started in network mode [ 1310.002744][T19781] tipc: Node identity 7f000001, cluster identity 4711 [ 1310.013036][T19781] tipc: Enabled bearer , priority 10 [ 1310.161383][ T5868] usb 4-1: config 0 has too many interfaces: 132, using maximum allowed: 32 [ 1310.170501][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1310.473165][ T5868] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 132 [ 1310.491695][ T5868] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1310.544491][ T5868] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 1310.557047][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1310.565546][ T5868] usb 4-1: Product: syz [ 1310.570478][ T5868] usb 4-1: Manufacturer: syz [ 1310.575314][ T5868] usb 4-1: SerialNumber: syz [ 1310.584010][ T5868] usb 4-1: config 0 descriptor?? [ 1310.920602][T19793] syz.2.3783: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1310.944533][T19793] CPU: 1 UID: 0 PID: 19793 Comm: syz.2.3783 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1310.944562][T19793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1310.944576][T19793] Call Trace: [ 1310.944583][T19793] [ 1310.944592][T19793] dump_stack_lvl+0x16c/0x1f0 [ 1310.944626][T19793] warn_alloc+0x248/0x3a0 [ 1310.944652][T19793] ? __pfx_warn_alloc+0x10/0x10 [ 1310.944675][T19793] ? __pfx_stack_trace_save+0x10/0x10 [ 1310.944702][T19793] ? stack_depot_save_flags+0x28/0xa40 [ 1310.944735][T19793] ? kasan_save_stack+0x42/0x60 [ 1310.944758][T19793] ? kasan_save_stack+0x33/0x60 [ 1310.944780][T19793] ? kasan_save_track+0x14/0x30 [ 1310.944803][T19793] ? xskq_create+0x52/0x1d0 [ 1310.944825][T19793] ? xsk_setsockopt+0x640/0x840 [ 1310.944844][T19793] ? do_sock_setsockopt+0x221/0x470 [ 1310.944877][T19793] ? xskq_create+0xfb/0x1d0 [ 1310.944901][T19793] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 1310.944932][T19793] ? xskq_create+0xfb/0x1d0 [ 1310.944962][T19793] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1310.944991][T19793] ? xskq_create+0xfb/0x1d0 [ 1310.945015][T19793] vmalloc_user_noprof+0x9e/0xe0 [ 1310.945035][T19793] ? xskq_create+0xfb/0x1d0 [ 1310.945074][T19793] xskq_create+0xfb/0x1d0 [ 1310.945099][T19793] xsk_setsockopt+0x640/0x840 [ 1310.945123][T19793] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1310.945143][T19793] ? __lock_acquire+0x622/0x1c90 [ 1310.945178][T19793] ? selinux_socket_setsockopt+0x6a/0x80 [ 1310.945203][T19793] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1310.945223][T19793] do_sock_setsockopt+0x221/0x470 [ 1310.945252][T19793] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1310.945298][T19793] __sys_setsockopt+0x1a0/0x230 [ 1310.945328][T19793] __x64_sys_setsockopt+0xbd/0x160 [ 1310.945352][T19793] ? do_syscall_64+0x91/0x4c0 [ 1310.945378][T19793] ? lockdep_hardirqs_on+0x7c/0x110 [ 1310.945404][T19793] do_syscall_64+0xcd/0x4c0 [ 1310.945440][T19793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.945459][T19793] RIP: 0033:0x7fbbd0b8e929 [ 1310.945476][T19793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1310.945495][T19793] RSP: 002b:00007fbbd1963038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1310.945513][T19793] RAX: ffffffffffffffda RBX: 00007fbbd0db6080 RCX: 00007fbbd0b8e929 [ 1310.945526][T19793] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 1310.945538][T19793] RBP: 00007fbbd0c10b39 R08: 0000000000000004 R09: 0000000000000000 [ 1310.945550][T19793] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1310.945562][T19793] R13: 0000000000000000 R14: 00007fbbd0db6080 R15: 00007ffde7c6cd38 [ 1310.945589][T19793] [ 1311.041677][ T5868] tipc: Node number set to 2130706433 [ 1311.089823][ T5883] usb 4-1: USB disconnect, device number 87 [ 1311.221463][T10288] usb 2-1: new full-speed USB device number 90 using dummy_hcd [ 1311.246334][T19793] Mem-Info: [ 1311.249626][T19793] active_anon:7119 inactive_anon:0 isolated_anon:0 [ 1311.249626][T19793] active_file:19758 inactive_file:41586 isolated_file:0 [ 1311.249626][T19793] unevictable:768 dirty:305 writeback:0 [ 1311.249626][T19793] slab_reclaimable:11644 slab_unreclaimable:101198 [ 1311.249626][T19793] mapped:30062 shmem:1361 pagetables:1225 [ 1311.249626][T19793] sec_pagetables:0 bounce:0 [ 1311.249626][T19793] kernel_misc_reclaimable:0 [ 1311.249626][T19793] free:1291994 free_pcp:20314 free_cma:0 [ 1311.295323][T19793] Node 0 active_anon:28476kB inactive_anon:0kB active_file:79032kB inactive_file:166140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120248kB dirty:1220kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11908kB pagetables:4776kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1311.329050][T19793] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1311.361462][T19793] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1311.391033][T19793] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 1311.397148][T19793] Node 0 DMA32 free:1250484kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28448kB inactive_anon:0kB active_file:79032kB inactive_file:164816kB unevictable:1536kB writepending:1220kB present:3129332kB managed:2540584kB mlocked:0kB bounce:0kB free_pcp:62240kB local_pcp:32596kB free_cma:0kB [ 1311.431245][T19793] lowmem_reserve[]: 0 0 1 1 1 [ 1311.436271][T19793] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB [ 1311.466115][T19793] lowmem_reserve[]: 0 0 0 0 0 [ 1311.471772][T19793] Node 1 Normal free:3902124kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18988kB local_pcp:9076kB free_cma:0kB [ 1311.503330][T19793] lowmem_reserve[]: 0 0 0 0 0 [ 1311.508285][T19793] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1311.521566][T19793] Node 0 DMA32: 1384*4kB (UME) 927*8kB (UME) 488*16kB (UME) 1089*32kB (UME) 586*64kB (UME) 172*128kB (UME) 89*256kB (UME) 37*512kB (UME) 42*1024kB (UM) 5*2048kB (UME) 254*4096kB (UM) = 1250488kB [ 1311.541719][T19793] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1311.555473][T19793] Node 1 Normal: 195*4kB (UE) 52*8kB (UME) 40*16kB (UME) 80*32kB (UME) 16*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3902124kB [ 1311.575038][T19793] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1311.585097][T19793] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1311.594765][T19793] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1311.604633][T19793] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1311.890637][ T5884] usb 1-1: USB disconnect, device number 99 [ 1312.019363][T19793] 65538 total pagecache pages [ 1312.025981][T10288] usb 2-1: config 0 has an invalid interface number: 176 but max is 2 [ 1312.035096][T10288] usb 2-1: config 0 has no interface number 1 [ 1312.041202][T10288] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1312.050448][T10288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1312.060740][T10288] usb 2-1: config 0 descriptor?? [ 1312.502612][T10288] qcserial 2-1:0.2: Qualcomm USB modem converter detected [ 1312.526399][T19793] 0 pages in swap cache [ 1312.564947][T19793] Free swap = 124996kB [ 1312.573930][T19793] Total swap = 124996kB [ 1312.578164][T19793] 2097051 pages RAM [ 1312.584794][T19793] 0 pages HighMem/MovableOnly [ 1312.589580][T19793] 429927 pages reserved [ 1312.595480][T19793] 0 pages cma reserved [ 1312.831920][ T5884] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1313.471794][ T5884] usb 4-1: Using ep0 maxpacket: 8 [ 1313.502052][ T5884] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1313.528045][ T5884] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1313.551855][ T5884] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1313.564116][ T5884] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1313.576068][ T5884] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1313.591435][ T5884] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1313.601961][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1313.837495][ T5884] usb 4-1: usb_control_msg returned -32 [ 1313.844256][T19805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1313.873092][ T5884] usbtmc 4-1:16.0: can't read capabilities [ 1313.924216][T19825] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1313.952946][T19805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1314.331657][ T5819] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 1314.928725][ T5883] usb 4-1: USB disconnect, device number 88 [ 1314.931789][T19833] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3794'. [ 1314.941133][T19805] usbtmc 4-1:16.0: usb_control_msg returned -71 [ 1314.955770][T19830] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -19 [ 1315.001920][ T5819] usb 1-1: Using ep0 maxpacket: 16 [ 1315.011030][ T5819] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1315.049778][ T5819] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 1315.061772][ T5819] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1315.069800][ T5819] usb 1-1: Product: syz [ 1315.091653][ T5819] usb 1-1: Manufacturer: syz [ 1315.096386][ T5819] usb 1-1: SerialNumber: syz [ 1315.112866][ T5819] usb 1-1: config 0 descriptor?? [ 1315.124121][T17607] usb 2-1: USB disconnect, device number 90 [ 1315.131503][T17607] qcserial 2-1:0.2: device disconnected [ 1317.918064][T19845] syz.2.3796: attempt to access beyond end of device [ 1317.918064][T19845] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1318.903455][ T5884] usb 1-1: USB disconnect, device number 100 [ 1320.452506][T19871] fuse: Unknown parameter 'use00000000000000000000' [ 1322.187976][T19895] netlink: 'syz.0.3806': attribute type 1 has an invalid length. [ 1322.199208][T19895] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3806'. [ 1322.229966][T19894] can0: slcan on ttyS3. [ 1322.827627][T19898] can0 (unregistered): slcan off ttyS3. [ 1323.145953][T19915] can0: slcan on ttyS3. [ 1323.424312][T19921] can0 (unregistered): slcan off ttyS3. [ 1324.510203][T19940] fuse: Unknown parameter 'user_i00000000000000000000' [ 1325.115468][T19942] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1325.866732][ T5819] usb 3-1: new full-speed USB device number 95 using dummy_hcd [ 1326.240730][ T5819] usb 3-1: config 0 has an invalid interface number: 176 but max is 2 [ 1326.250150][ T5819] usb 3-1: config 0 has an invalid interface number: 36 but max is 2 [ 1326.283757][ T5819] usb 3-1: config 0 has no interface number 0 [ 1326.300663][ T5819] usb 3-1: config 0 has no interface number 1 [ 1326.310147][ T5819] usb 3-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1326.358595][ T5819] usb 3-1: config 0 interface 36 has no altsetting 0 [ 1326.375182][ T5819] usb 3-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1326.404834][ T5819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1326.447802][ T5819] usb 3-1: config 0 descriptor?? [ 1326.923102][T19978] netlink: 'syz.3.3824': attribute type 1 has an invalid length. [ 1327.397857][ T5819] qcserial 3-1:0.2: Qualcomm USB modem converter detected [ 1327.687151][T19987] overlay: Bad value for 'upperdir' [ 1328.051815][ T5819] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1328.609051][ T5819] usb 4-1: Using ep0 maxpacket: 32 [ 1328.763601][ T5819] usb 4-1: config 1 has an invalid interface number: 236 but max is 0 [ 1328.830484][ T5819] usb 4-1: config 1 has no interface number 0 [ 1328.897138][ T5819] usb 4-1: config 1 interface 236 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1328.967724][ T5819] usb 4-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 0 [ 1329.015644][ T5819] usb 4-1: config 1 interface 236 has no altsetting 0 [ 1329.123939][ T5819] usb 4-1: config 1 has an invalid interface number: 236 but max is 0 [ 1329.186711][T20007] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1329.212939][ T5819] usb 4-1: config 1 has no interface number 0 [ 1329.219707][T17424] usb 3-1: USB disconnect, device number 95 [ 1329.227242][ T5819] usb 4-1: config 1 interface 236 altsetting 2 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1329.258320][T17424] qcserial 3-1:0.2: device disconnected [ 1329.365080][T17607] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 1329.460548][ T5819] usb 4-1: config 1 interface 236 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 0 [ 1329.545292][ T5819] usb 4-1: config 1 interface 236 has no altsetting 0 [ 1329.562369][T20010] fuse: Unknown parameter 'user_i00000000000000000000' [ 1329.596498][T17607] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1330.153177][T20010] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1330.168844][T17607] usb 5-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1330.201544][ T5819] usb 4-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=aa.6a [ 1330.312143][ T5819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1330.331634][ T5819] usb 4-1: Product: syz [ 1330.335848][ T5819] usb 4-1: Manufacturer: syz [ 1330.340486][ T5819] usb 4-1: SerialNumber: syz [ 1330.349096][T17607] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.386573][ T5819] ti_usb_3410_5052 4-1:1.236: TI USB 5052 2 port adapter converter detected [ 1330.894680][T17607] usb 5-1: config 0 descriptor?? [ 1330.899149][T20005] kAFS: No cell specified [ 1330.944385][ T5819] usb 4-1: USB disconnect, device number 89 [ 1331.514616][T20028] rdma_rxe: rxe_newlink: failed to add lo [ 1333.020168][T17607] usbhid 5-1:0.0: can't add hid device: -71 [ 1333.051501][T17607] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1333.104898][T17607] usb 5-1: USB disconnect, device number 98 [ 1333.336811][T20031] delete_channel: no stack [ 1333.574327][T20054] kAFS: No cell specified [ 1333.601504][T20051] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1333.830679][T20057] can0: slcan on ttyS3. [ 1333.939778][T20059] can0 (unregistered): slcan off ttyS3. [ 1333.966466][T20061] can0: slcan on ttyS3. [ 1334.198088][T20068] fuse: Unknown parameter 'user_i00000000000000000000' [ 1334.825943][T20070] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1334.928829][T20075] syz.2.3845: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1334.953038][T20075] CPU: 0 UID: 0 PID: 20075 Comm: syz.2.3845 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1334.953073][T20075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1334.953085][T20075] Call Trace: [ 1334.953096][T20075] [ 1334.953105][T20075] dump_stack_lvl+0x16c/0x1f0 [ 1334.953139][T20075] warn_alloc+0x248/0x3a0 [ 1334.953167][T20075] ? __pfx_warn_alloc+0x10/0x10 [ 1334.953190][T20075] ? __pfx_stack_trace_save+0x10/0x10 [ 1334.953215][T20075] ? stack_depot_save_flags+0x28/0xa40 [ 1334.953247][T20075] ? kasan_save_stack+0x42/0x60 [ 1334.953271][T20075] ? kasan_save_stack+0x33/0x60 [ 1334.953294][T20075] ? kasan_save_track+0x14/0x30 [ 1334.953317][T20075] ? xskq_create+0x52/0x1d0 [ 1334.953339][T20075] ? xsk_setsockopt+0x640/0x840 [ 1334.953358][T20075] ? do_sock_setsockopt+0x221/0x470 [ 1334.953391][T20075] ? xskq_create+0xfb/0x1d0 [ 1334.953415][T20075] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 1334.953446][T20075] ? xskq_create+0xfb/0x1d0 [ 1334.953475][T20075] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1334.953505][T20075] ? xskq_create+0xfb/0x1d0 [ 1334.953529][T20075] vmalloc_user_noprof+0x9e/0xe0 [ 1334.953549][T20075] ? xskq_create+0xfb/0x1d0 [ 1334.953572][T20075] xskq_create+0xfb/0x1d0 [ 1334.953598][T20075] xsk_setsockopt+0x640/0x840 [ 1334.953622][T20075] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1334.953642][T20075] ? __lock_acquire+0x622/0x1c90 [ 1334.953678][T20075] ? selinux_socket_setsockopt+0x6a/0x80 [ 1334.953703][T20075] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1334.953725][T20075] do_sock_setsockopt+0x221/0x470 [ 1334.953755][T20075] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1334.953801][T20075] __sys_setsockopt+0x1a0/0x230 [ 1334.953831][T20075] __x64_sys_setsockopt+0xbd/0x160 [ 1334.953854][T20075] ? do_syscall_64+0x91/0x4c0 [ 1334.953881][T20075] ? lockdep_hardirqs_on+0x7c/0x110 [ 1334.953906][T20075] do_syscall_64+0xcd/0x4c0 [ 1334.953936][T20075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1334.953956][T20075] RIP: 0033:0x7fbbd0b8e929 [ 1334.953973][T20075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1334.953990][T20075] RSP: 002b:00007fbbd1963038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1334.954009][T20075] RAX: ffffffffffffffda RBX: 00007fbbd0db6080 RCX: 00007fbbd0b8e929 [ 1334.954022][T20075] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 1334.954034][T20075] RBP: 00007fbbd0c10b39 R08: 0000000000000004 R09: 0000000000000000 [ 1334.954046][T20075] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1334.954058][T20075] R13: 0000000000000000 R14: 00007fbbd0db6080 R15: 00007ffde7c6cd38 [ 1334.954091][T20075] [ 1334.954103][T20075] Mem-Info: [ 1335.220946][T20075] active_anon:6627 inactive_anon:0 isolated_anon:0 [ 1335.220946][T20075] active_file:19758 inactive_file:41594 isolated_file:0 [ 1335.220946][T20075] unevictable:768 dirty:378 writeback:0 [ 1335.220946][T20075] slab_reclaimable:11612 slab_unreclaimable:101325 [ 1335.220946][T20075] mapped:31088 shmem:1345 pagetables:1198 [ 1335.220946][T20075] sec_pagetables:0 bounce:0 [ 1335.220946][T20075] kernel_misc_reclaimable:0 [ 1335.220946][T20075] free:1292710 free_pcp:16512 free_cma:0 [ 1335.266413][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.272567][T20075] Node 0 active_anon:26508kB inactive_anon:0kB active_file:79032kB inactive_file:166172kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124352kB dirty:1512kB writeback:0kB shmem:3844kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11912kB pagetables:4668kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1335.305921][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.313755][T20075] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1335.345162][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.351782][T20075] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1335.381206][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.387588][T20075] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 1335.393661][T20075] Node 0 DMA32 free:1253348kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26480kB inactive_anon:0kB active_file:79032kB inactive_file:164848kB unevictable:1536kB writepending:1512kB present:3129332kB managed:2540584kB mlocked:0kB bounce:0kB free_pcp:47192kB local_pcp:24348kB free_cma:0kB [ 1335.426064][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.432601][T20075] lowmem_reserve[]: 0 0 1 1 1 [ 1335.439088][T20075] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB [ 1335.468330][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.474399][T20075] lowmem_reserve[]: 0 0 0 0 0 [ 1335.479318][T20075] Node 1 Normal free:3902124kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19020kB local_pcp:9944kB free_cma:0kB [ 1335.510471][ C0] vkms_vblank_simulate: vblank timer overrun [ 1335.516997][T20075] lowmem_reserve[]: 0 0 0 0 0 [ 1335.522020][T20075] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1335.535122][T20075] Node 0 DMA32: 1389*4kB (UME) 880*8kB (UME) 1073*16kB (UME) 905*32kB (UME) 648*64kB (UME) 183*128kB (UME) 99*256kB (UME) 47*512kB (UME) 45*1024kB (UM) 11*2048kB (UME) 247*4096kB (M) = 1253348kB [ 1335.555213][T20075] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1335.567456][T20075] Node 1 Normal: 195*4kB (UE) 52*8kB (UME) 40*16kB (UME) 80*32kB (UME) 16*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3902124kB [ 1335.586081][T20075] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1335.595666][T20075] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1335.605025][T20075] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1335.614932][T20075] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1335.624401][T20075] 62693 total pagecache pages [ 1335.629121][T20075] 0 pages in swap cache [ 1335.633374][T20075] Free swap = 124996kB [ 1335.637579][T20075] Total swap = 124996kB [ 1335.641811][T20075] 2097051 pages RAM [ 1335.645658][T20075] 0 pages HighMem/MovableOnly [ 1335.650442][T20075] 429927 pages reserved [ 1335.654654][T20075] 0 pages cma reserved [ 1336.445448][T20060] can0 (unregistered): slcan off ttyS3. [ 1338.181750][ T5884] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1338.411928][ T5884] usb 5-1: Using ep0 maxpacket: 16 [ 1338.424310][ T5884] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1338.461693][ T5884] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1338.476931][ T5884] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1338.488344][ T5884] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1338.511726][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1338.525546][ T5884] usb 5-1: Product: syz [ 1338.529751][ T5884] usb 5-1: Manufacturer: syz [ 1338.551122][ T5884] usb 5-1: SerialNumber: syz [ 1339.056171][ T5884] usb 5-1: 0:2 : does not exist [ 1340.352663][T10288] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1340.541838][T10288] usb 4-1: Using ep0 maxpacket: 32 [ 1340.564542][T10288] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1340.641459][T10288] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1340.740292][T10288] usb 4-1: Product: syz [ 1340.745957][T10288] usb 4-1: Manufacturer: syz [ 1340.788435][T10288] usb 4-1: SerialNumber: syz [ 1340.810885][T10288] usb 4-1: config 0 descriptor?? [ 1340.830784][T10288] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1341.274614][ T5884] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 1341.487994][ T5884] usb 5-1: USB disconnect, device number 99 [ 1342.733862][T10288] gspca_ov534_9: reg_w failed -71 [ 1342.871338][T20161] fuse: Unknown parameter 'user_id00000000000000000000' [ 1343.021634][T10288] gspca_ov534_9: Unknown sensor 0000 [ 1343.021689][T10288] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 1344.124316][T10288] usb 4-1: USB disconnect, device number 90 [ 1346.042563][T17607] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1346.148005][ T5868] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 1346.218117][T17607] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1346.235212][T17607] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1346.266550][T17607] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1346.322775][ T5868] usb 1-1: Using ep0 maxpacket: 16 [ 1346.342172][T20195] warn_alloc: 1 callbacks suppressed [ 1346.342193][T20195] syz.3.3868: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1346.363735][T20195] CPU: 0 UID: 0 PID: 20195 Comm: syz.3.3868 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1346.363764][T20195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1346.363777][T20195] Call Trace: [ 1346.363783][T20195] [ 1346.363791][T20195] dump_stack_lvl+0x16c/0x1f0 [ 1346.363825][T20195] warn_alloc+0x248/0x3a0 [ 1346.363852][T20195] ? __pfx_warn_alloc+0x10/0x10 [ 1346.363876][T20195] ? __pfx_stack_trace_save+0x10/0x10 [ 1346.363902][T20195] ? stack_depot_save_flags+0x28/0xa40 [ 1346.363935][T20195] ? kasan_save_stack+0x42/0x60 [ 1346.363959][T20195] ? kasan_save_stack+0x33/0x60 [ 1346.363981][T20195] ? kasan_save_track+0x14/0x30 [ 1346.364002][T20195] ? xskq_create+0x52/0x1d0 [ 1346.364024][T20195] ? xsk_setsockopt+0x640/0x840 [ 1346.364044][T20195] ? do_sock_setsockopt+0x221/0x470 [ 1346.364076][T20195] ? xskq_create+0xfb/0x1d0 [ 1346.364100][T20195] __vmalloc_node_range_noprof+0xff5/0x14b0 [ 1346.364128][T20195] ? xskq_create+0xfb/0x1d0 [ 1346.364158][T20195] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1346.364188][T20195] ? xskq_create+0xfb/0x1d0 [ 1346.364212][T20195] vmalloc_user_noprof+0x9e/0xe0 [ 1346.364232][T20195] ? xskq_create+0xfb/0x1d0 [ 1346.364256][T20195] xskq_create+0xfb/0x1d0 [ 1346.364281][T20195] xsk_setsockopt+0x640/0x840 [ 1346.364305][T20195] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1346.364326][T20195] ? __lock_acquire+0x622/0x1c90 [ 1346.364366][T20195] ? selinux_socket_setsockopt+0x6a/0x80 [ 1346.364392][T20195] ? __pfx_xsk_setsockopt+0x10/0x10 [ 1346.364414][T20195] do_sock_setsockopt+0x221/0x470 [ 1346.364445][T20195] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1346.364491][T20195] __sys_setsockopt+0x1a0/0x230 [ 1346.364522][T20195] __x64_sys_setsockopt+0xbd/0x160 [ 1346.364547][T20195] ? do_syscall_64+0x91/0x4c0 [ 1346.364576][T20195] ? lockdep_hardirqs_on+0x7c/0x110 [ 1346.364602][T20195] do_syscall_64+0xcd/0x4c0 [ 1346.364632][T20195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1346.364651][T20195] RIP: 0033:0x7f7fbbf8e929 [ 1346.364667][T20195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1346.364686][T20195] RSP: 002b:00007f7fbce6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1346.364704][T20195] RAX: ffffffffffffffda RBX: 00007f7fbc1b6080 RCX: 00007f7fbbf8e929 [ 1346.364717][T20195] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 1346.364728][T20195] RBP: 00007f7fbc010b39 R08: 0000000000000004 R09: 0000000000000000 [ 1346.364740][T20195] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1346.364752][T20195] R13: 0000000000000000 R14: 00007f7fbc1b6080 R15: 00007ffdee0e7ff8 [ 1346.364778][T20195] [ 1346.364813][T20195] Mem-Info: [ 1346.631407][T20195] active_anon:12508 inactive_anon:0 isolated_anon:0 [ 1346.631407][T20195] active_file:19758 inactive_file:41598 isolated_file:0 [ 1346.631407][T20195] unevictable:768 dirty:296 writeback:0 [ 1346.631407][T20195] slab_reclaimable:11632 slab_unreclaimable:101461 [ 1346.631407][T20195] mapped:34508 shmem:6364 pagetables:1203 [ 1346.631407][T20195] sec_pagetables:0 bounce:0 [ 1346.631407][T20195] kernel_misc_reclaimable:0 [ 1346.631407][T20195] free:1290065 free_pcp:17138 free_cma:0 [ 1346.676888][ C0] vkms_vblank_simulate: vblank timer overrun [ 1346.683446][T20195] Node 0 active_anon:50032kB inactive_anon:0kB active_file:79032kB inactive_file:166188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138032kB dirty:1184kB writeback:0kB shmem:23920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11736kB pagetables:4688kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1346.716890][ C0] vkms_vblank_simulate: vblank timer overrun [ 1346.723000][T20195] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1346.754422][ C0] vkms_vblank_simulate: vblank timer overrun [ 1346.760504][T20195] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1346.789321][ C0] vkms_vblank_simulate: vblank timer overrun [ 1346.796850][T20195] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 1346.802931][T20195] Node 0 DMA32 free:1243552kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:50004kB inactive_anon:0kB active_file:79032kB inactive_file:164864kB unevictable:1536kB writepending:1184kB present:3129332kB managed:2540584kB mlocked:0kB bounce:0kB free_pcp:49004kB local_pcp:28176kB free_cma:0kB [ 1346.835336][ C0] vkms_vblank_simulate: vblank timer overrun [ 1346.841399][T20195] lowmem_reserve[]: 0 0 1 1 1 [ 1346.846567][T20195] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB [ 1346.875653][ C0] vkms_vblank_simulate: vblank timer overrun [ 1346.882104][T20195] lowmem_reserve[]: 0 0 0 0 0 [ 1346.887085][T20195] Node 1 Normal free:3902124kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19052kB local_pcp:9944kB free_cma:0kB [ 1346.918416][T20195] lowmem_reserve[]: 0 0 0 0 0 [ 1346.923382][T20195] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1346.936521][T20195] Node 0 DMA32: 1670*4kB (UM) 715*8kB (UME) 811*16kB (UME) 953*32kB (UME) 656*64kB (UME) 195*128kB (UME) 108*256kB (UME) 49*512kB (UME) 51*1024kB (UM) 6*2048kB (UME) 245*4096kB (M) = 1243584kB [ 1346.956838][T20195] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1346.969220][T20195] Node 1 Normal: 195*4kB (UE) 52*8kB (UME) 40*16kB (UME) 80*32kB (UME) 16*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (ME) 4*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3902124kB [ 1346.988314][T20195] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1346.998031][T20195] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1347.007413][T20195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1347.017021][T20195] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1347.026396][T20195] 67719 total pagecache pages [ 1347.031097][T20195] 3 pages in swap cache [ 1347.035325][T20195] Free swap = 124996kB [ 1347.039504][T20195] Total swap = 124996kB [ 1347.043679][T20195] 2097051 pages RAM [ 1347.047508][T20195] 0 pages HighMem/MovableOnly [ 1347.052243][T20195] 429927 pages reserved [ 1347.056423][T20195] 0 pages cma reserved [ 1347.061318][T17607] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1347.136290][T17607] usb 5-1: Product: syz [ 1347.171530][T17607] usb 5-1: Manufacturer: syz [ 1347.196290][T17607] usb 5-1: SerialNumber: syz [ 1347.463206][T17607] usb 5-1: config 0 descriptor?? [ 1347.548479][ T5868] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1347.572327][ T5868] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1347.612288][ T5868] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1348.304851][ T5868] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1348.325718][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1348.401996][ T5819] usb 5-1: USB disconnect, device number 100 [ 1348.425685][ T5868] usb 1-1: Product: syz [ 1348.429893][ T5868] usb 1-1: Manufacturer: syz [ 1348.436261][ T5868] usb 1-1: SerialNumber: syz [ 1348.963829][T20211] fuse: Unknown parameter 'user_id00000000000000000000' [ 1349.019069][ T5868] usb 1-1: 0:2 : does not exist [ 1350.784666][ T5868] usb 1-1: USB disconnect, device number 101 [ 1351.090304][ T5819] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1353.093674][ T5819] usb 2-1: config index 0 descriptor too short (expected 65183, got 72) [ 1353.109296][ T5819] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1353.128058][ T5819] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1353.146537][ T5819] usb 2-1: Product: syz [ 1354.137134][ T5819] usb 2-1: Manufacturer: syz [ 1354.142389][ T5819] usb 2-1: SerialNumber: syz [ 1354.159494][ T5819] usb 2-1: can't set config #1, error -71 [ 1354.172862][ T5819] usb 2-1: USB disconnect, device number 91 [ 1355.583770][T20274] netlink: 'syz.3.3885': attribute type 1 has an invalid length. [ 1356.276445][T20281] syz.2.3888: attempt to access beyond end of device [ 1356.276445][T20281] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1359.671318][T20300] tipc: Started in network mode [ 1359.676484][T20300] tipc: Node identity 7f000001, cluster identity 4711 [ 1359.683561][T20300] tipc: Enabled bearer , priority 10 [ 1360.802117][ T5884] tipc: Node number set to 2130706433 [ 1360.871093][T20323] tipc: Enabling of bearer rejected, failed to enable media [ 1361.314874][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.315812][ T5884] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1361.481785][ T5884] usb 4-1: Using ep0 maxpacket: 16 [ 1361.486390][ T30] audit: type=1400 audit(1751323088.246:483): avc: denied { ioctl } for pid=20334 comm="syz.2.3905" path="/169/file0/file0" dev="fuse" ino=64 ioctlcmd=0x92b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1361.553704][T20341] md2: using deprecated bitmap file support [ 1362.423580][ T5884] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 1362.438706][ T5884] usb 4-1: config 1 has no interface number 0 [ 1362.452294][ T5884] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1362.471683][ T5884] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1362.483411][ T5884] usb 4-1: config 1 interface 105 has no altsetting 0 [ 1362.514405][ T5884] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1362.548851][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1362.557780][ T5884] usb 4-1: Product: syz [ 1362.562545][ T5884] usb 4-1: Manufacturer: syz [ 1362.567164][ T5884] usb 4-1: SerialNumber: syz [ 1362.579406][T20330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1362.592590][T20330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1362.905738][ T43] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 1363.131788][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 1363.205152][ T43] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1363.328453][T20330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1363.337256][ T43] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1363.342176][T20330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1363.348135][ T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1363.365048][ T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1363.375294][ T43] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1363.388802][ T43] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1363.398389][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1363.607098][T20367] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1363.635576][T20368] syz.1.3911: attempt to access beyond end of device [ 1363.635576][T20368] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1364.362456][ T5884] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: 0 [ 1364.374223][ T5884] aqc111 4-1:1.105: probe with driver aqc111 failed with error -61 [ 1364.682255][ T43] usb 1-1: usb_control_msg returned -32 [ 1364.691293][T20352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1364.699829][ T43] usbtmc 1-1:16.0: can't read capabilities [ 1365.173364][T20352] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1365.313444][ T43] usb 4-1: USB disconnect, device number 91 [ 1365.833273][T20394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1365.942744][T20394] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1365.956581][ T5868] usb 1-1: USB disconnect, device number 102 [ 1365.963173][T20352] usbtmc 1-1:16.0: usb_control_msg returned -71 [ 1366.084060][T20396] can0: slcan on ttyS3. [ 1366.416763][T20393] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -19 [ 1366.682353][T20396] can0 (unregistered): slcan off ttyS3. [ 1366.965550][T20400] tipc: Enabling of bearer rejected, already enabled [ 1367.316318][T20407] random: crng reseeded on system resumption [ 1370.351240][T20421] overlayfs: missing 'lowerdir' [ 1371.415647][T20435] block device autoloading is deprecated and will be removed. [ 1372.782090][T20455] syz.4.3933: attempt to access beyond end of device [ 1372.782090][T20455] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1373.731644][T10288] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1373.891911][T10288] usb 5-1: device descriptor read/64, error -71 [ 1374.212021][T10288] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1374.332130][T20475] random: crng reseeded on system resumption [ 1374.521822][T17607] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1374.711856][T17607] usb 3-1: Using ep0 maxpacket: 16 [ 1374.795078][T17607] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1374.899518][T17607] usb 3-1: config 1 has no interface number 0 [ 1374.977109][T17607] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1375.268492][T17607] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1375.272369][T10288] usb 5-1: device descriptor read/64, error -71 [ 1375.308841][T17607] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1375.323807][T17607] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1375.355638][T17607] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1375.372425][T17607] usb 3-1: Product: syz [ 1375.384983][T17607] usb 3-1: Manufacturer: syz [ 1375.389941][T17607] usb 3-1: SerialNumber: syz [ 1375.411502][T20471] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1375.429256][T20471] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1375.800555][T10288] usb usb5-port1: attempt power cycle [ 1376.167296][T20488] random: crng reseeded on system resumption [ 1377.101797][T10288] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1377.954520][T20490] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1377.981923][T10288] usb 5-1: device descriptor read/8, error -71 [ 1378.019614][T20490] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1379.556533][T17607] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 1380.114459][T17607] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71 [ 1380.133206][T17607] usb 3-1: USB disconnect, device number 96 [ 1381.691645][T17607] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1381.821923][T17607] usb 2-1: device descriptor read/64, error -71 [ 1382.237729][T17607] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1382.362048][ T5819] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1382.402177][T17607] usb 2-1: device descriptor read/64, error -71 [ 1382.523423][T17607] usb usb2-port1: attempt power cycle [ 1382.547322][ T5819] usb 5-1: Using ep0 maxpacket: 16 [ 1382.565253][ T5819] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1382.768535][ T5819] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1382.924577][ T5819] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1383.088824][T17607] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1383.391259][T17607] usb 2-1: device descriptor read/8, error -71 [ 1383.419786][ T5819] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1383.429495][ T5819] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1383.438138][ T5819] usb 5-1: Product: syz [ 1383.444592][ T5819] usb 5-1: Manufacturer: syz [ 1383.450282][ T5819] usb 5-1: SerialNumber: syz [ 1383.642235][T17607] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1383.667621][T17607] usb 2-1: device descriptor read/8, error -71 [ 1383.784352][T17607] usb usb2-port1: unable to enumerate USB device [ 1383.831913][ T43] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1383.869053][ T5819] usb 5-1: 0:2 : does not exist [ 1384.031784][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 1384.048915][ T43] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1384.125778][ T43] usb 3-1: config 1 has no interface number 0 [ 1384.135302][ T43] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1384.148572][ T43] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1384.161270][ T43] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1384.352320][ T43] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1384.361748][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1384.369740][ T43] usb 3-1: Product: syz [ 1384.374326][ T43] usb 3-1: Manufacturer: syz [ 1384.379024][ T43] usb 3-1: SerialNumber: syz [ 1384.402050][T20555] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1384.409858][T20555] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1384.467251][T20568] netlink: 'syz.0.3966': attribute type 1 has an invalid length. [ 1385.066763][T20571] syz.3.3968: attempt to access beyond end of device [ 1385.066763][T20571] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1385.080746][T20571] (syz.3.3968,20571,0):ocfs2_get_sector:1714 ERROR: status = -5 [ 1385.088989][T20571] (syz.3.3968,20571,0):ocfs2_sb_probe:753 ERROR: status = -5 [ 1385.096811][T20571] (syz.3.3968,20571,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 1385.105821][T20571] (syz.3.3968,20571,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 1385.315419][T20555] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1385.348411][T20555] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1385.592354][ T43] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -32 [ 1385.661945][ T5819] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 1385.693066][ T5819] usb 5-1: USB disconnect, device number 105 [ 1385.694630][ T43] aqc111 3-1:1.105: probe with driver aqc111 failed with error -32 [ 1385.776856][T20584] syz.3.3971: attempt to access beyond end of device [ 1385.776856][T20584] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1386.178247][T20431] udevd[20431]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1386.226794][T20583] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1386.541816][T20593] random: crng reseeded on system resumption [ 1387.202114][ T5819] usb 3-1: USB disconnect, device number 97 [ 1388.645720][T20610] random: crng reseeded on system resumption [ 1391.271875][T10288] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1392.065438][T20628] fuse: Unknown parameter '0x000000000000000a' [ 1392.835796][T20629] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1393.191680][T10288] usb 4-1: device descriptor read/64, error -71 [ 1393.552098][T10288] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1394.341933][ T5884] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1394.502116][ T5884] usb 3-1: Using ep0 maxpacket: 16 [ 1394.532897][ T5884] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1394.587437][ T5884] usb 3-1: config 1 has no interface number 0 [ 1394.629036][ T5884] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1394.640747][ T5884] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1394.899179][ T5884] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1394.928778][ T5884] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1394.960076][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1394.987282][ T5884] usb 3-1: Product: syz [ 1394.991504][ T5884] usb 3-1: Manufacturer: syz [ 1396.154211][ T5884] usb 3-1: SerialNumber: syz [ 1396.165994][T20644] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1396.184269][T20644] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1396.708729][T20677] syz.3.3993: attempt to access beyond end of device [ 1396.708729][T20677] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1397.390052][T20678] netlink: 'syz.4.3995': attribute type 1 has an invalid length. [ 1397.526298][ T5884] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71 [ 1397.564176][ T5884] usb 3-1: USB disconnect, device number 98 [ 1397.684165][T20691] random: crng reseeded on system resumption [ 1398.381717][ T5819] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1398.551766][ T5819] usb 4-1: device descriptor read/64, error -71 [ 1398.861774][ T5819] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1398.935325][T20703] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4000'. [ 1399.645329][ T5819] usb 4-1: device descriptor read/64, error -71 [ 1399.963410][ T5819] usb usb4-port1: attempt power cycle [ 1400.481629][ T5819] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1400.909275][ T5819] usb 4-1: device descriptor read/8, error -71 [ 1401.091771][T20722] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1401.113622][T20723] netlink: 'syz.1.4006': attribute type 1 has an invalid length. [ 1401.184583][T20723] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4006'. [ 1401.207970][T20722] kvm: pic: non byte read [ 1401.371676][ T5819] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 1401.632485][ T5819] usb 4-1: Using ep0 maxpacket: 16 [ 1401.728028][ T5819] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 1401.736311][ T5819] usb 4-1: config 1 has no interface number 0 [ 1401.742495][ T5819] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1401.753055][ T5819] usb 4-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1401.763465][ T5819] usb 4-1: config 1 interface 105 has no altsetting 0 [ 1401.776777][ T5819] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1402.224548][T20738] syz.2.4008: attempt to access beyond end of device [ 1402.224548][T20738] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1402.276548][ T5819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1402.286436][ T5819] usb 4-1: Product: syz [ 1402.290696][ T5819] usb 4-1: Manufacturer: syz [ 1402.295398][ T5819] usb 4-1: SerialNumber: syz [ 1403.019360][T20719] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1403.035518][T20719] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1403.394979][T20749] netlink: 'syz.1.4011': attribute type 1 has an invalid length. [ 1404.120363][T20719] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1404.237377][T20719] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1404.278833][ T5819] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: 0 [ 1404.311877][ T5819] aqc111 4-1:1.105: probe with driver aqc111 failed with error -61 [ 1405.573328][ T5819] usb 4-1: USB disconnect, device number 97 [ 1405.860018][T20775] netlink: 'syz.0.4017': attribute type 1 has an invalid length. [ 1406.391633][T17424] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 1407.031685][T17424] usb 3-1: Using ep0 maxpacket: 16 [ 1407.675660][T17424] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 1407.683920][T17424] usb 3-1: config 1 has no interface number 0 [ 1407.690034][T17424] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1407.700722][T17424] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1407.711034][T17424] usb 3-1: config 1 interface 105 has no altsetting 0 [ 1407.785530][T17424] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1407.878460][T17424] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1407.920417][T17424] usb 3-1: Product: syz [ 1407.928800][T17424] usb 3-1: Manufacturer: syz [ 1407.938127][T17424] usb 3-1: SerialNumber: syz [ 1407.948750][T20772] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1407.957967][T20772] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1408.514278][T20772] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1408.584271][T20797] syz.3.4024: attempt to access beyond end of device [ 1408.584271][T20797] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1408.927935][T20772] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1408.941131][T17424] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: 3 [ 1408.952405][T17424] aqc111 3-1:1.105: probe with driver aqc111 failed with error -61 [ 1410.979576][T17424] usb 3-1: USB disconnect, device number 99 [ 1411.180606][T20819] random: crng reseeded on system resumption [ 1413.793785][ T5819] lo speed is unknown, defaulting to 1000 [ 1417.944224][T20886] random: crng reseeded on system resumption [ 1418.132035][T17424] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 1419.395067][T17424] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 1420.124515][T20896] netlink: 'syz.1.4049': attribute type 1 has an invalid length. [ 1420.648282][T17424] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.750383][T17424] usb 4-1: Product: syz [ 1420.766540][T17424] usb 4-1: Manufacturer: syz [ 1420.771280][T17424] usb 4-1: SerialNumber: syz [ 1420.807184][T17424] usb 4-1: config 0 descriptor?? [ 1420.940453][T20903] netlink: 'syz.1.4053': attribute type 1 has an invalid length. [ 1420.972251][T17424] usb 4-1: can't set config #0, error -71 [ 1420.985995][T17424] usb 4-1: USB disconnect, device number 98 [ 1421.828223][T20906] md2: using deprecated bitmap file support [ 1421.846389][T20906] md2: error: bitmap file is already in use [ 1422.757228][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1424.703503][T10288] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1424.713794][T20940] overlay: Bad value for 'upperdir' [ 1424.932567][T10288] usb 5-1: config index 0 descriptor too short (expected 65183, got 72) [ 1424.951160][T10288] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1424.960698][T10288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1424.981056][T10288] usb 5-1: Product: syz [ 1424.991017][T10288] usb 5-1: Manufacturer: syz [ 1425.000947][T10288] usb 5-1: SerialNumber: syz [ 1425.021235][T10288] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1425.036605][ T43] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1425.244999][T17424] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1425.373154][T20931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1425.406766][T20931] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1425.434452][T17424] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1425.442335][T20931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1425.448815][T17424] usb 3-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1425.460679][T20931] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1425.467571][T17424] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1425.521478][T20931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1425.539051][T17424] usb 3-1: config 0 descriptor?? [ 1425.570702][T20931] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1425.601261][ T5819] usb 5-1: USB disconnect, device number 106 [ 1426.111654][ T43] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1426.118765][ T43] ath9k_htc: Failed to initialize the device [ 1426.866427][ T5819] usb 5-1: ath9k_htc: USB layer deinitialized [ 1427.237781][T20963] rdma_rxe: rxe_newlink: failed to add lo [ 1428.378201][T20982] overlay: Bad value for 'upperdir' [ 1428.662481][T17424] usbhid 3-1:0.0: can't add hid device: -71 [ 1428.668965][T17424] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1428.713481][T17424] usb 3-1: USB disconnect, device number 100 [ 1429.976294][T21004] random: crng reseeded on system resumption [ 1431.629745][T21012] syz.0.4081: attempt to access beyond end of device [ 1431.629745][T21012] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1433.040817][T21032] overlay: Bad value for 'upperdir' [ 1433.357107][T10288] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1433.721773][T10288] usb 2-1: Using ep0 maxpacket: 8 [ 1433.766906][T10288] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1434.222386][T10288] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 1434.255291][T10288] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1434.288041][T10288] usb 2-1: config 0 descriptor?? [ 1434.303150][T10288] hso 2-1:0.0: Can't find BULK IN endpoint [ 1435.017070][T21055] netlink: 'syz.0.4090': attribute type 1 has an invalid length. [ 1436.177437][T17424] usb 2-1: USB disconnect, device number 96 [ 1436.536975][T21068] random: crng reseeded on system resumption [ 1441.495379][ T5884] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1441.652148][T21115] netlink: 'syz.2.4107': attribute type 1 has an invalid length. [ 1441.701863][ T5884] usb 2-1: Using ep0 maxpacket: 8 [ 1442.169204][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1442.214739][ T5884] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 1442.236280][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1442.314172][ T5884] usb 2-1: config 0 descriptor?? [ 1442.331341][ T5884] hso 2-1:0.0: Can't find BULK IN endpoint [ 1442.342143][T17424] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1442.550772][T17424] usb 5-1: Using ep0 maxpacket: 16 [ 1442.577915][T17424] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1442.590483][T17424] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1442.657104][T17424] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1442.700051][T17424] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1442.719238][T17424] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1442.842880][T17424] usb 5-1: Product: syz [ 1442.848248][T17424] usb 5-1: Manufacturer: syz [ 1442.854984][T17424] usb 5-1: SerialNumber: syz [ 1443.607142][ T5884] usb 2-1: USB disconnect, device number 97 [ 1443.687447][T17424] usb 5-1: 0:2 : does not exist [ 1445.296690][ T5884] usb 2-1: new full-speed USB device number 98 using dummy_hcd [ 1445.517726][ T5884] usb 2-1: config 0 has an invalid interface number: 176 but max is 2 [ 1445.537207][ T5884] usb 2-1: config 0 has an invalid interface number: 36 but max is 2 [ 1445.840272][T17424] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 1445.864155][ T5884] usb 2-1: config 0 has no interface number 0 [ 1445.874170][ T5884] usb 2-1: config 0 has no interface number 1 [ 1445.881216][ T5884] usb 2-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1445.886841][T17424] usb 5-1: USB disconnect, device number 107 [ 1445.896409][ T5884] usb 2-1: config 0 interface 36 has no altsetting 0 [ 1445.909181][ T5884] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1445.924030][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1445.938215][ T5884] usb 2-1: config 0 descriptor?? [ 1446.008131][T21016] udevd[21016]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1446.171187][ T5884] qcserial 2-1:0.2: Qualcomm USB modem converter detected [ 1450.162282][T17424] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 1450.805202][ T5819] usb 2-1: USB disconnect, device number 98 [ 1450.814010][ T5819] qcserial 2-1:0.2: device disconnected [ 1450.881674][T17424] usb 4-1: Using ep0 maxpacket: 16 [ 1451.028898][T17424] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1451.060398][T17424] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1451.753820][T17424] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1451.794449][T17424] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 1452.130355][T17424] usb 4-1: New USB device found, idVendor=056a, idProduct=00d3, bcdDevice= 0.40 [ 1452.151606][T17424] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1452.164101][T17424] usb 4-1: Product: syz [ 1452.168294][T17424] usb 4-1: Manufacturer: syz [ 1452.198696][T17424] usb 4-1: SerialNumber: syz [ 1454.605425][T17424] usb 4-1: USB disconnect, device number 99 [ 1454.746076][T21238] team0: No ports can be present during mode change [ 1454.761795][T21238] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4140'. [ 1455.280485][T21252] syz.2.4144: attempt to access beyond end of device [ 1455.280485][T21252] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1456.548160][T21238] team0 (unregistering): Port device team_slave_0 removed [ 1456.618345][T21238] team0 (unregistering): Port device team_slave_1 removed [ 1458.985300][T21288] random: crng reseeded on system resumption [ 1459.191778][ T5819] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1459.438415][ T5819] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1460.006422][ T5819] usb 4-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1460.631768][ T5819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1460.649445][ T5819] usb 4-1: config 0 descriptor?? [ 1462.008235][T21311] rdma_rxe: rxe_newlink: failed to add lo [ 1464.017266][ T5819] usbhid 4-1:0.0: can't add hid device: -71 [ 1464.023415][ T5819] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1464.073687][ T5819] usb 4-1: USB disconnect, device number 100 [ 1464.239130][T21317] team0: No ports can be present during mode change [ 1464.248242][T21317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4160'. [ 1465.951602][T10288] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1466.794084][T10288] usb 2-1: device descriptor read/64, error -71 [ 1467.219302][T21317] team0 (unregistering): Port device team_slave_0 removed [ 1467.221754][T10288] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1467.258842][T21317] team0 (unregistering): Port device team_slave_1 removed [ 1467.546729][T10288] usb 2-1: device descriptor read/64, error -71 [ 1467.763664][T10288] usb usb2-port1: attempt power cycle [ 1468.191680][T10288] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1468.232375][T10288] usb 2-1: device descriptor read/8, error -71 [ 1468.421832][ T5868] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 1468.491742][T10288] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1468.532183][T10288] usb 2-1: device descriptor read/8, error -71 [ 1468.760486][T10288] usb usb2-port1: unable to enumerate USB device [ 1468.829050][ T5868] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1468.951373][ T5868] usb 1-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1468.993751][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1469.026038][ T5868] usb 1-1: config 0 descriptor?? [ 1470.269014][T21378] syz0: rxe_newlink: already configured on lo [ 1471.992581][T21392] tipc: Disabling bearer [ 1472.185454][ T5868] usbhid 1-1:0.0: can't add hid device: -71 [ 1472.195908][ T5868] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1472.235880][T21388] team0: No ports can be present during mode change [ 1472.302730][T21388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4181'. [ 1472.334778][ T5868] usb 1-1: USB disconnect, device number 103 [ 1472.550620][T21409] netlink: 'syz.3.4185': attribute type 1 has an invalid length. [ 1473.113398][T21414] random: crng reseeded on system resumption [ 1474.375960][T21388] team0 (unregistering): Port device team_slave_0 removed [ 1475.216404][T21388] team0 (unregistering): Port device team_slave_1 removed [ 1476.133877][T21434] netlink: 'syz.0.4189': attribute type 1 has an invalid length. [ 1477.760097][T21451] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1478.381769][ T43] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 1478.555890][ T43] usb 5-1: Using ep0 maxpacket: 8 [ 1478.601385][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1478.618069][T10288] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 1478.665580][ T43] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 1478.840539][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1478.878142][ T43] usb 5-1: config 0 descriptor?? [ 1478.903868][ T43] hso 5-1:0.0: Can't find BULK IN endpoint [ 1479.899209][T10288] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1479.914031][T10288] usb 1-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1479.923690][T10288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1479.939055][T10288] usb 1-1: config 0 descriptor?? [ 1479.980709][T21454] delete_channel: no stack [ 1480.512127][T21477] syz0: rxe_newlink: already configured on lo [ 1480.888528][T17424] usb 5-1: USB disconnect, device number 108 [ 1481.798746][T10288] usbhid 1-1:0.0: can't add hid device: -71 [ 1481.804881][T10288] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1481.975273][T10288] usb 1-1: USB disconnect, device number 104 [ 1482.779922][T21494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4204'. [ 1482.804409][T21491] o2cb: This node has not been configured. [ 1482.822172][T21491] o2cb: Cluster check failed. Fix errors before retrying. [ 1482.861796][T21491] (syz.3.4201,21491,1):user_dlm_register:674 ERROR: status = -22 [ 1482.870732][T21491] (syz.3.4201,21491,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file1" [ 1484.234693][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.967323][ T43] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 1485.801613][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 1485.832324][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1485.851867][ T43] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 1485.860944][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1485.972761][ T43] usb 1-1: config 0 descriptor?? [ 1485.994967][ T43] hso 1-1:0.0: Can't find BULK IN endpoint [ 1487.289178][ T43] usb 1-1: USB disconnect, device number 105 [ 1487.374026][T21546] syz.1.4219: attempt to access beyond end of device [ 1487.374026][T21546] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1487.387141][T21546] hpfs: hpfs_map_sector(): read error [ 1487.449634][T21547] o2cb: This node has not been configured. [ 1487.455594][T21547] o2cb: Cluster check failed. Fix errors before retrying. [ 1487.462863][T21547] (syz.1.4219,21547,1):user_dlm_register:674 ERROR: status = -22 [ 1487.471073][T21547] (syz.1.4219,21547,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file1" [ 1488.259256][T21559] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4221'. [ 1489.932954][ T5868] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1489.992715][ T9] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1490.107039][ T5868] usb 4-1: Using ep0 maxpacket: 16 [ 1490.155471][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1490.166209][ T9] usb 2-1: device descriptor read/64, error -71 [ 1490.349934][ T5868] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 1490.399940][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.408269][ T5868] usb 4-1: Product: syz [ 1490.413590][ T5868] usb 4-1: Manufacturer: syz [ 1490.418207][ T5868] usb 4-1: SerialNumber: syz [ 1490.433717][ T5868] usb 4-1: config 0 descriptor?? [ 1490.618494][ T9] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1490.867470][T21585] tipc: Disabling bearer [ 1491.008597][ T9] usb 2-1: device descriptor read/64, error -71 [ 1491.227337][ T9] usb usb2-port1: attempt power cycle [ 1492.360896][ T5868] usb 4-1: USB disconnect, device number 101 [ 1492.416215][ T9] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1492.590231][ T9] usb 2-1: device descriptor read/8, error -71 [ 1493.070534][T21601] bridge0: port 3(netdevsim0) entered blocking state [ 1493.079036][T21601] bridge0: port 3(netdevsim0) entered disabled state [ 1493.086760][T21601] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 1493.106139][T21601] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1497.079596][T21638] random: crng reseeded on system resumption [ 1497.283382][T21639] bridge0: port 3(netdevsim0) entered blocking state [ 1497.290155][T21639] bridge0: port 3(netdevsim0) entered disabled state [ 1497.298677][T21639] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1497.315071][T21639] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1497.337444][T21639] bridge0: port 3(netdevsim0) entered blocking state [ 1497.344243][T21639] bridge0: port 3(netdevsim0) entered forwarding state [ 1499.053702][ T43] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1499.472504][ T43] usb 2-1: device descriptor read/64, error -71 [ 1499.914172][ T43] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1500.510590][ T43] usb 2-1: device descriptor read/64, error -71 [ 1500.861880][ T43] usb usb2-port1: attempt power cycle [ 1501.341013][T10288] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 1501.393425][ T9] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1501.558468][ T43] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1501.582505][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 1501.607380][ T43] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1501.651574][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1501.742813][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1501.754803][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1502.067675][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1502.076336][ T43] usb 2-1: Product: syz [ 1502.088399][ T9] usb 3-1: Product: syz [ 1502.092850][ T9] usb 3-1: Manufacturer: syz [ 1502.097658][ T9] usb 3-1: SerialNumber: syz [ 1502.104195][ T43] usb 2-1: Manufacturer: syz [ 1502.113563][ T43] usb 2-1: SerialNumber: syz [ 1502.142857][T10288] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1502.157224][ T43] usb 2-1: config 0 descriptor?? [ 1502.175759][ T43] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1502.210676][T10288] usb 1-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1502.225097][T10288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.291965][T10288] usb 1-1: config 0 descriptor?? [ 1502.389638][ T9] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 101 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1503.316116][ T43] gspca_ov534_9: reg_w failed -110 [ 1503.568162][ T9] usb 3-1: USB disconnect, device number 101 [ 1503.635164][T21689] syz0: rxe_newlink: already configured on lo [ 1504.632061][ T9] usblp0: removed [ 1505.935163][T10288] usbhid 1-1:0.0: can't add hid device: -71 [ 1505.941426][T10288] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1505.951708][T10288] usb 1-1: USB disconnect, device number 106 [ 1506.334645][T21700] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1506.391611][ T43] gspca_ov534_9: Unknown sensor 0000 [ 1506.392054][ T43] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 1506.661677][ T5819] usb 3-1: new full-speed USB device number 102 using dummy_hcd [ 1506.894155][ T5819] usb 3-1: config 0 has an invalid interface number: 176 but max is 2 [ 1507.131267][ T5819] usb 3-1: config 0 has an invalid interface number: 36 but max is 2 [ 1507.171590][ T5819] usb 3-1: config 0 has no interface number 0 [ 1507.183742][ T5819] usb 3-1: config 0 has no interface number 1 [ 1507.201755][ T5819] usb 3-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1507.248967][T21701] delete_channel: no stack [ 1507.253551][ T5819] usb 3-1: config 0 interface 36 has no altsetting 0 [ 1507.260321][ T5819] usb 3-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1507.278738][ T5819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.306222][ T5819] usb 3-1: config 0 descriptor?? [ 1507.636638][ T5819] qcserial 3-1:0.2: Qualcomm USB modem converter detected [ 1508.357509][ T43] usb 2-1: USB disconnect, device number 109 [ 1509.380345][T21725] bridge0: port 3(netdevsim0) entered blocking state [ 1509.387209][T21725] bridge0: port 3(netdevsim0) entered disabled state [ 1509.394183][T21725] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 1509.403184][T21725] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1509.410953][T21725] bridge0: port 3(netdevsim0) entered blocking state [ 1509.417735][T21725] bridge0: port 3(netdevsim0) entered forwarding state [ 1510.087716][T21737] overlayfs: missing 'workdir' [ 1511.623589][ T5819] usb 3-1: USB disconnect, device number 102 [ 1511.630727][ T5819] qcserial 3-1:0.2: device disconnected [ 1511.851193][T21759] netlink: 'syz.1.4273': attribute type 1 has an invalid length. [ 1512.439271][T21760] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4271'. [ 1515.694457][T21810] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1517.737635][ T5819] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1518.011619][T21828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4290'. [ 1518.125124][ T5819] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1518.139046][ T5819] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1518.150390][ T5819] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1518.209191][T21844] bridge0: port 3(netdevsim0) entered blocking state [ 1518.216412][T21844] bridge0: port 3(netdevsim0) entered disabled state [ 1518.223934][T21844] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 1518.240370][T21844] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 1518.581491][ T5819] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1518.590640][ T5819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1519.036137][ T5819] usb 4-1: Product: syz [ 1519.044938][ T5819] usb 4-1: Manufacturer: syz [ 1519.059928][ T5819] usb 4-1: SerialNumber: syz [ 1520.305301][ T5819] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 102 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1520.330814][T21856] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1520.522676][ T5819] usb 4-1: USB disconnect, device number 102 [ 1521.108230][ T5819] usblp0: removed [ 1521.454116][T21875] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1522.231826][ T5819] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1522.870231][ T5819] usb 2-1: Using ep0 maxpacket: 32 [ 1522.904333][ T5819] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1522.957426][ T5819] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1522.993299][ T5819] usb 2-1: Product: syz [ 1523.028294][ T5819] usb 2-1: Manufacturer: syz [ 1523.067481][ T5819] usb 2-1: SerialNumber: syz [ 1523.153539][ T5819] usb 2-1: config 0 descriptor?? [ 1523.444878][ T5819] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1524.135283][ T5819] gspca_ov534_9: reg_w failed -110 [ 1524.789271][T21903] bridge0: port 3(netdevsim0) entered disabled state [ 1524.796227][T21903] bridge0: port 2(bridge_slave_1) entered disabled state [ 1524.803766][T21903] bridge0: port 1(bridge_slave_0) entered disabled state [ 1524.846649][ T5819] gspca_ov534_9: Unknown sensor 0000 [ 1524.846728][ T5819] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 1524.875756][T21903] bridge0: entered allmulticast mode [ 1525.760092][T21914] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1526.538674][T10288] usb 2-1: USB disconnect, device number 110 [ 1526.939191][T21930] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1528.542443][T21943] overlay: Bad value for 'upperdir' [ 1529.025767][T21950] syz.2.4319: attempt to access beyond end of device [ 1529.025767][T21950] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1530.161849][T10288] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 1530.313160][T10288] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1530.337746][T10288] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1530.366833][T10288] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1530.376740][T10288] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1530.395591][T10288] usb 3-1: Product: syz [ 1530.399819][T10288] usb 3-1: Manufacturer: syz [ 1530.521698][ T5868] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1530.561964][T10288] usb 3-1: SerialNumber: syz [ 1530.572237][T10288] usb 3-1: config 0 descriptor?? [ 1531.111839][T10288] usb 3-1: USB disconnect, device number 103 [ 1531.161582][ T5868] usb 4-1: Using ep0 maxpacket: 16 [ 1531.172419][ T5868] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1531.181488][ T5868] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1531.211590][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1531.225111][ T5868] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1531.242364][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1531.250410][ T5868] usb 4-1: Product: syz [ 1531.271926][ T5868] usb 4-1: Manufacturer: syz [ 1531.276556][ T5868] usb 4-1: SerialNumber: syz [ 1532.612221][T21978] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1532.621698][ T5868] usb 4-1: 0:2 : does not exist [ 1533.682452][ T5868] usb 4-1: 1:0: failed to get current value for ch 0 (-22) [ 1533.713572][ T5868] usb 4-1: USB disconnect, device number 103 [ 1533.747127][T21686] udevd[21686]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1535.300950][T21999] syz.0.4330: attempt to access beyond end of device [ 1535.300950][T21999] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1536.612506][T22016] netlink: 'syz.3.4335': attribute type 1 has an invalid length. [ 1540.476695][T22061] syz.2.4346: attempt to access beyond end of device [ 1540.476695][T22061] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1541.242232][T22078] random: crng reseeded on system resumption [ 1543.045624][ T3530] ================================================================== [ 1543.053720][ T3530] BUG: KASAN: use-after-free in __linkwatch_run_queue+0x883/0x8a0 [ 1543.061530][ T3530] Read of size 8 at addr ffff8880403d8008 by task kworker/u8:10/3530 [ 1543.069590][ T3530] [ 1543.071908][ T3530] CPU: 0 UID: 0 PID: 3530 Comm: kworker/u8:10 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1543.071930][ T3530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1543.071943][ T3530] Workqueue: events_unbound linkwatch_event [ 1543.071965][ T3530] Call Trace: [ 1543.071972][ T3530] [ 1543.071979][ T3530] dump_stack_lvl+0x116/0x1f0 [ 1543.072006][ T3530] print_report+0xcd/0x680 [ 1543.072029][ T3530] ? __virt_addr_valid+0x81/0x610 [ 1543.072049][ T3530] ? __phys_addr+0xe8/0x180 [ 1543.072068][ T3530] ? __linkwatch_run_queue+0x883/0x8a0 [ 1543.072086][ T3530] kasan_report+0xe0/0x110 [ 1543.072109][ T3530] ? __linkwatch_run_queue+0x883/0x8a0 [ 1543.072131][ T3530] __linkwatch_run_queue+0x883/0x8a0 [ 1543.072150][ T3530] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 1543.072173][ T3530] linkwatch_event+0x8f/0xc0 [ 1543.072190][ T3530] ? __pfx_linkwatch_event+0x10/0x10 [ 1543.072209][ T3530] ? rcu_is_watching+0x12/0xc0 [ 1543.072230][ T3530] process_one_work+0x9cf/0x1b70 [ 1543.072253][ T3530] ? __pfx_process_one_work+0x10/0x10 [ 1543.072279][ T3530] ? assign_work+0x1a0/0x250 [ 1543.072306][ T3530] worker_thread+0x6c8/0xf10 [ 1543.072329][ T3530] ? __pfx_worker_thread+0x10/0x10 [ 1543.072347][ T3530] kthread+0x3c2/0x780 [ 1543.072363][ T3530] ? __pfx_kthread+0x10/0x10 [ 1543.072380][ T3530] ? rcu_is_watching+0x12/0xc0 [ 1543.072401][ T3530] ? __pfx_kthread+0x10/0x10 [ 1543.072417][ T3530] ret_from_fork+0x5d4/0x6f0 [ 1543.072441][ T3530] ? __pfx_kthread+0x10/0x10 [ 1543.072457][ T3530] ret_from_fork_asm+0x1a/0x30 [ 1543.072481][ T3530] [ 1543.072488][ T3530] [ 1543.226105][ T3530] The buggy address belongs to the physical page: [ 1543.232496][ T3530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403d8 [ 1543.241236][ T3530] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1543.248334][ T3530] raw: 00fff00000000000 ffffea0001000908 ffff8880b8440100 0000000000000000 [ 1543.256900][ T3530] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1543.265458][ T3530] page dumped because: kasan: bad access detected [ 1543.271844][ T3530] page_owner tracks the page as freed [ 1543.277196][ T3530] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 22081, tgid 22079 (syz.0.4353), ts 1542289855063, free_ts 1543035153300 [ 1543.299056][ T3530] post_alloc_hook+0x1c0/0x230 [ 1543.303807][ T3530] get_page_from_freelist+0x1321/0x3890 [ 1543.309351][ T3530] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1543.315225][ T3530] __alloc_pages_noprof+0xb/0x1b0 [ 1543.320242][ T3530] ___kmalloc_large_node+0x84/0x1e0 [ 1543.325422][ T3530] __kmalloc_large_node_noprof+0x1c/0x70 [ 1543.331032][ T3530] __kvmalloc_node_noprof.cold+0xb/0x65 [ 1543.336574][ T3530] alloc_netdev_mqs+0xd2/0x1570 [ 1543.341411][ T3530] __tun_chr_ioctl+0x19d9/0x47a0 [ 1543.346337][ T3530] __x64_sys_ioctl+0x18b/0x210 [ 1543.351081][ T3530] do_syscall_64+0xcd/0x4c0 [ 1543.355569][ T3530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1543.361443][ T3530] page last free pid 22079 tgid 22079 stack trace: [ 1543.367920][ T3530] __free_frozen_pages+0x7fe/0x1180 [ 1543.373101][ T3530] __folio_put+0x329/0x450 [ 1543.377512][ T3530] device_release+0xa1/0x240 [ 1543.382083][ T3530] kobject_put+0x1e7/0x5a0 [ 1543.386498][ T3530] netdev_run_todo+0x7e9/0x1320 [ 1543.391334][ T3530] tun_chr_close+0xea/0x230 [ 1543.395831][ T3530] __fput+0x402/0xb70 [ 1543.399799][ T3530] task_work_run+0x150/0x240 [ 1543.404372][ T3530] exit_to_user_mode_loop+0xeb/0x110 [ 1543.409637][ T3530] do_syscall_64+0x3f6/0x4c0 [ 1543.414217][ T3530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1543.420088][ T3530] [ 1543.422390][ T3530] Memory state around the buggy address: [ 1543.427998][ T3530] ffff8880403d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1543.436041][ T3530] ffff8880403d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1543.444082][ T3530] >ffff8880403d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1543.452121][ T3530] ^ [ 1543.456422][ T3530] ffff8880403d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1543.464460][ T3530] ffff8880403d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1543.472499][ T3530] ================================================================== [ 1543.480546][ C0] vkms_vblank_simulate: vblank timer overrun [ 1543.964293][ T3530] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1543.971520][ T3530] CPU: 0 UID: 0 PID: 3530 Comm: kworker/u8:10 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 1543.982042][ T3530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1543.992087][ T3530] Workqueue: events_unbound linkwatch_event [ 1543.997975][ T3530] Call Trace: [ 1544.001235][ T3530] [ 1544.004147][ T3530] dump_stack_lvl+0x3d/0x1f0 [ 1544.008727][ T3530] panic+0x71c/0x800 [ 1544.012612][ T3530] ? __pfx_panic+0x10/0x10 [ 1544.017014][ T3530] ? mark_held_locks+0x49/0x80 [ 1544.021766][ T3530] ? preempt_schedule_thunk+0x16/0x30 [ 1544.027121][ T3530] ? __linkwatch_run_queue+0x883/0x8a0 [ 1544.032562][ T3530] ? preempt_schedule_common+0x44/0xc0 [ 1544.038011][ T3530] ? check_panic_on_warn+0x1f/0xb0 [ 1544.043110][ T3530] ? __linkwatch_run_queue+0x883/0x8a0 [ 1544.048547][ T3530] check_panic_on_warn+0xab/0xb0 [ 1544.053471][ T3530] end_report+0x107/0x170 [ 1544.057786][ T3530] kasan_report+0xee/0x110 [ 1544.062186][ T3530] ? __linkwatch_run_queue+0x883/0x8a0 [ 1544.067628][ T3530] __linkwatch_run_queue+0x883/0x8a0 [ 1544.072895][ T3530] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 1544.078687][ T3530] linkwatch_event+0x8f/0xc0 [ 1544.083276][ T3530] ? __pfx_linkwatch_event+0x10/0x10 [ 1544.088557][ T3530] ? rcu_is_watching+0x12/0xc0 [ 1544.093320][ T3530] process_one_work+0x9cf/0x1b70 [ 1544.098269][ T3530] ? __pfx_process_one_work+0x10/0x10 [ 1544.103628][ T3530] ? assign_work+0x1a0/0x250 [ 1544.108223][ T3530] worker_thread+0x6c8/0xf10 [ 1544.112828][ T3530] ? __pfx_worker_thread+0x10/0x10 [ 1544.117938][ T3530] kthread+0x3c2/0x780 [ 1544.122071][ T3530] ? __pfx_kthread+0x10/0x10 [ 1544.126667][ T3530] ? rcu_is_watching+0x12/0xc0 [ 1544.131434][ T3530] ? __pfx_kthread+0x10/0x10 [ 1544.136033][ T3530] ret_from_fork+0x5d4/0x6f0 [ 1544.140617][ T3530] ? __pfx_kthread+0x10/0x10 [ 1544.145189][ T3530] ret_from_fork_asm+0x1a/0x30 [ 1544.149941][ T3530] [ 1544.153154][ T3530] Kernel Offset: disabled [ 1544.157466][ T3530] Rebooting in 86400 seconds..