last executing test programs: 18.240957435s ago: executing program 0 (id=752): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, r1, &(0x7f00000001c0)='.request_key_auth\x00', &(0x7f0000000300)='*\x00') sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)={r3}) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000300)={{}, {{@in6=@private1}, 0x0, @in=@broadcast}}, &(0x7f0000000180)=0xe8) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) 18.033369674s ago: executing program 3 (id=754): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f0000000140)={0x0, 0xffa5}) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x20000045, &(0x7f0000000300)={0xa, 0x2, 0x9, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='illinois\x00', 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_clone(0x0, &(0x7f00000003c0)="756595f3d646b23fdf7fba837d23a1bec48cb45b0dfa74a3091cfbcaa38100333f2c8968c8b9db18c5aa34f4f7b0dc5992401144c34a1cfecb3daa2febdd67f9365f4a380ae4480f3cd16fbd4a0b8eb6a0fcd7c339b1aa1776a15b47fe77154aaba609eb3287b34b0c3e9bb4a05d79da69db798da45e39a6fdf7e92ade82bb77601d009c7bc71bd3a88e89ddf455e0c08a05e43268a193f750517a08c20d66c76aafbd05be9a7f837a026e00702449c485d2a503a13ed7f527a6eb3b8667994576e48c7541aa43131a47c159f399f88b4be8ad59dcf449cc0f0ace0b4b21", 0xde, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000500)="5830ec3f611d5a55f96a048c6fe912ea000db3ddd67a4fca73e5375c27c36517d224ab0dea89f059d5ff5b43fd921aaf0c6b3908f229987c719ef4d963eb571c64dd6dad61a178ae5e675cb80be53560bac2602a8ba6642f2903352c7ae26b951a16b649e68d20c2c0ea493eaf4a1486cd8f51f5cebe446e4a88346c1aa61cd1832b7b177286f78bf179ca67c1520522f5115b0040a567b440bb9cf313b9d1ef9a3d266c2e5af52a33f06f25d1a4280438e915432cb7c9c795224e7bd47f4d1a830db081e257e596cfe591f2a1526475a76f7849400c9798be10c5fe9853f5bd5afbc5742e264acb6959bd1eaad8222eca75ce5a") prctl$PR_SCHED_CORE(0x3e, 0x3, r2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) shutdown(r0, 0x1) 16.984813992s ago: executing program 0 (id=757): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r1, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x10000}) ioctl(r4, 0x8b22, &(0x7f0000000040)) r5 = socket$inet(0x2, 0x802, 0x1) connect$inet(r5, &(0x7f0000002780)={0x2, 0x4e22, @remote}, 0x10) setsockopt$inet_int(r5, 0x0, 0xc, &(0x7f0000000000)=0x1, 0x4) write(r5, &(0x7f0000000440)="08008edf773c8000", 0x8) socketpair$unix(0x1, 0x3, 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$hid(0x5, 0x3f, 0x0, 0x0) 15.200139844s ago: executing program 3 (id=760): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000200)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000900)={0x0, 0x2, 0x1, [0xffff, 0x13a0000000000, 0x0, 0x88, 0x5], [0xffffffffffffff63, 0x8, 0xffffffffffffff4a, 0xfffffffffffffff8, 0x10000, 0x2, 0x2d9, 0x4, 0x3, 0xc7, 0x8001, 0x9, 0x4, 0x7e, 0x7d, 0x3ae7, 0x8, 0x101, 0x80, 0xffffffffffff8000, 0x3, 0x9, 0x7f, 0x6, 0x1, 0xc, 0x5, 0xff800000000000, 0x401, 0x7fffffff, 0xc333, 0x9, 0x6, 0x8001, 0x1, 0xd5d, 0x8, 0x1, 0x2, 0x5, 0x6cf2, 0x2, 0x9, 0xa, 0x0, 0xffffffff00000001, 0x7fffffffffffffff, 0x2, 0x5, 0x4cc2, 0xfffffffffffffff7, 0x6, 0x0, 0x3a67, 0x7f, 0x0, 0xfff, 0xffffffffffffffff, 0x8, 0x3, 0x706, 0x2, 0x5b4, 0x8, 0xfffffffffffffffb, 0xb, 0xb88a, 0x6, 0x3, 0x6, 0x2, 0x77, 0x8, 0x346, 0x0, 0xfffffffffffffff9, 0x8, 0xffff800000000000, 0x7, 0x6, 0x7, 0xffffffffffffff92, 0x7, 0x5, 0xe36, 0x3, 0x9, 0x5, 0x8, 0x6, 0x40000000000000, 0x6, 0x684, 0x2, 0x401, 0x34, 0x6fc, 0xc90, 0xfff, 0xfffffffffffffeff, 0x72, 0x3, 0x6, 0x28, 0x3, 0x1, 0x8d45, 0x100000000, 0x3ff, 0xf2, 0x800, 0x8, 0x8, 0x8001, 0x5, 0x9, 0xa, 0x1ff, 0x2, 0x6b, 0x334]}) chdir(&(0x7f0000000140)='./bus\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r1, 0x0) r2 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1) ioctl$FS_IOC_SETFLAGS(r1, 0xc0189436, &(0x7f0000000140)) 14.2054307s ago: executing program 3 (id=764): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$hid(r1, &(0x7f0000001280)={0x24, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f0000000080)=ANY=[@ANYBLOB="545e9a", @ANYBLOB="4f0cff66dac50e65f4944faabbeb020c8e57572456bec593e0d2ecf32e6dddf38e8aff27f9a893cb516339027ad68134cc76951dd7b7ef951b95e92f41e5a68772e12edfe4c5eeb8cd72677beed3d4ff11"]) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000100000000000000", @ANYRES32=0x1], 0x50) r2 = socket$kcm(0xa, 0x5, 0x0) r3 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0x2, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x64) setsockopt$sock_attach_bpf(r3, 0x84, 0x1e, &(0x7f0000000000), 0x10) r4 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8916, &(0x7f0000000000)={r4}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8936, &(0x7f0000000000)={r4}) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 13.31197266s ago: executing program 4 (id=766): syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000200), 0x4) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000002480)='./binderfs/binder0\x00', 0x800, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r3, 0x8915, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f00000003c0)=""/102392, 0x18ff8) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000080)) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080), 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000000)={0x1}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r6, &(0x7f0000000240)="b49c94ff975bd39612ed38f69c1b597dc257c5116712f685a52423b8ad3d812ab758a853251f1b7a8c0c6762c3a323beabb5aa7c3b9beaef6ff21da8", &(0x7f00000004c0)=""/232}, 0x20) 12.416148427s ago: executing program 4 (id=769): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) r0 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=0x0, &(0x7f00000007c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x38}, {0x0}], 0x2}) io_uring_enter(r0, 0x4d10, 0x2, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r6 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r5, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x8000) io_uring_enter(r6, 0x3516, 0x0, 0x15, 0x0, 0x0) 11.834692912s ago: executing program 0 (id=770): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f0000000140)={0x0, 0xffa5}) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x20000045, &(0x7f0000000300)={0xa, 0x2, 0x9, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='illinois\x00', 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_clone(0x0, &(0x7f00000003c0)="756595f3d646b23fdf7fba837d23a1bec48cb45b0dfa74a3091cfbcaa38100333f2c8968c8b9db18c5aa34f4f7b0dc5992401144c34a1cfecb3daa2febdd67f9365f4a380ae4480f3cd16fbd4a0b8eb6a0fcd7c339b1aa1776a15b47fe77154aaba609eb3287b34b0c3e9bb4a05d79da69db798da45e39a6fdf7e92ade82bb77601d009c7bc71bd3a88e89ddf455e0c08a05e43268a193f750517a08c20d66c76aafbd05be9a7f837a026e00702449c485d2a503a13ed7f527a6eb3b8667994576e48c7541aa43131a47c159f399f88b4be8ad59dcf449cc0f0ace0b4b21", 0xde, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000500)="5830ec3f611d5a55f96a048c6fe912ea000db3ddd67a4fca73e5375c27c36517d224ab0dea89f059d5ff5b43fd921aaf0c6b3908f229987c719ef4d963eb571c64dd6dad61a178ae5e675cb80be53560bac2602a8ba6642f2903352c7ae26b951a16b649e68d20c2c0ea493eaf4a1486cd8f51f5cebe446e4a88346c1aa61cd1832b7b177286f78bf179ca67c1520522f5115b0040a567b440bb9cf313b9d1ef9a3d266c2e5af52a33f06f25d1a4280438e915432cb7c9c795224e7bd47f4d1a830db081e257e596cfe591f2a1526475a76f7849400c9798be10c5fe9853f5bd5afbc5742e264acb6959bd1eaad8222eca75ce5a") prctl$PR_SCHED_CORE(0x3e, 0x3, r2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) shutdown(r0, 0x1) 11.79856969s ago: executing program 1 (id=771): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f00000003c0)=""/102392, 0x18ff8) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="e8ffffff914faeb21253", 0xa) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000000)={0x1}) r2 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x80800) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0x2098f907, 0x1}) sendmmsg$alg(r3, &(0x7f0000003780)=[{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000940)="a6baa2c67c6c4f6f1fac61f63f9f1a4d", 0x10}], 0x1, &(0x7f0000001b00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x200008c0}], 0x1, 0x44840) recvmsg$can_j1939(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000280)=""/3, 0x3}, {&(0x7f0000000540)=""/128, 0x80}], 0x2}, 0x1) 11.609449257s ago: executing program 0 (id=772): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000300)={0x4f, 0x7, 0x8, {0x9, 0x1}, {0x9, 0x2}, @rumble={0x4, 0x9}}) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'netpci0\x00', 0x400}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x4004}, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r6}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400}) close(r7) 10.77720534s ago: executing program 2 (id=773): epoll_create(0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c000280080001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 10.727962416s ago: executing program 1 (id=774): socket$nl_route(0x10, 0x3, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x14, 0x28b}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) syz_io_uring_setup(0x241d, &(0x7f0000000380)={0x0, 0x0, 0x13090}, &(0x7f0000000100), 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff4000/0xc000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 8.497501144s ago: executing program 2 (id=775): mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket(0x10, 0x80002, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0) ioctl$CEC_DQEVENT(r2, 0xc0506107, 0x0) ioctl$CEC_DQEVENT(r2, 0xc0506107, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) 6.906185416s ago: executing program 1 (id=776): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) r2 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x2, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4300000003080102000a0000070c0004800800014000000010050003002f00"/40], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000785000/0x1000)=nil, 0x1000}, 0x3}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 6.587657359s ago: executing program 3 (id=777): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r4, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000440)="7d717c1f8428280ab55a04c6325d699064905ef93ebd77e2efec9f53dda482c9ee2e65a7f14fb8c8ba86e1a48d2b6b6afa2f0b4ec3e4f1113ef51e3ee2e89096948f4605cb79bde9e3c35e2e8c5656e7f4e2839f750dbc54845ec35a6540a0ac354fc844277715dc45a624629d82528a3e868dc2152570c88ba2157e21a3fd45974bfeb026194d440b5318f8bc08da0d365fd550f1ddb920ad905618a7289482f74bc2e81ec9c0abf25663403ca2ad939860eef39a36235f55b27706f0bbf4a7596f3c713b3b5e96c8186e508bac854c98bcae2a79234c8f125fd1199bcc52695fe06ba43c32a91f2cabaec6291285220c54819496843f", 0xf7}, {&(0x7f0000002c40)="a8cd2d813f93de411347b7e95837c2aabffe0b7b65d0e0b26f745be5e6d0b3922693df6cc0cebc6876df2ecaa9526da6fceb40d3e1bea9965161b1e791dfe31f3866993e88c67caca52292d312a39b062ac94e28acaad6860caa052f97a18e7efba653088adfc2c92903b2f074e394bf677df822e1f77fed4df7546c3b3786a047d9b08b42aca4ce1e0b084f40eb5fc21f9117b8b1a6c1fa488d599ac611955a6c02dbf23746d52330a3b8490c96ba007278d501d1d6ebe1c5404604cb08435d7de624ca034f8ac6a84ac9f69afea2d691b501c94b84d39b86b94f92601ee47e6d42c0d72991536e907151f9bfcfe92b53ffae33e352f973b1e6ef28e7892fbe24630571fe96c7a044e3d811c2737fe07985b00e0c4e1408123e705c6ed21ece20f5323205955f653000920ca1c46a0c191e457d70f0ae4b78f28455e22ad565a1715f0c88f43aa27a4e975af860d88b63bccd9ebdfb6c1270a734cb7545b01ca5f84c1d202a1c53a590d22e394cfb93452d04bd99ef6f21c267c02ad364cf341344217aeccf25e4953e470d34f5be6844d4041cf63ddcb01de1f0f9617fe17d00017aa74e4636080013071783a9d5f388f85931da2b2958c3a6b1759e91f57e5ad8b876ad0726b325ecb75be010af67bf1b68775542d61888be703abf26a1b755b259fe0fe3d0d24cacd29cd76b71fc76294b9be460f029be814f0b196d604044fb2742b6db9dbb5bd0b0b0d4d9df92ff6006b30597f7b593de19fb701726f7e66a40a4b566be51794e79cff337ea8c1eaca1b77f9e510e8faa23de9cb3233c26b4eb98e7d0d019efb4242e750fd6832cca83e52e9549bb3711d2d6a0ae758058903d0d319b3c7f5927908d0337ef6f1ab073b2ed00dc8bc70076b9ffecdf2226249ac58b5657e600f032697c400acc2054180239956576464626d9ec1714f7cede138de272ea81d2b0b5029dfd850c474f2a275225cc42b306429eb81228d19adb01e4109cf5525b7596265932515cfb53fa9a6d2cf573ab7a58f39367b1f64170a6ab24f911f423900eb0251ee8c0496d6a0ba5d1dd1860a64698ae6cc5deff511c83e1ba8421cd77cb5ca1d46ed2b819fcf919a2bc63fca2d47bb817375d79232b0903905d9f005dd4b4fa12edb7ade8338c298901440ac9e1d9edd7b558cfdf83cb48d30ce280e1a3e2ae85df773bd4e8ceeae0438200dfdd0cb7a4cdfae7323c827bf6358d9f0f22954a208eee06089e4a5c46a34fbdca84ff5f210510644ce379484d660d8b590c177e69f9f8406ca20bb639a1cfd88546159452a6ab3e7f61a1f77338e0c4dda01f39c5a278b39c7cd0894e845a28077c2a484d1a2a04946c4a516e7871d286347bebb4a56dff9e999ad380bdb7ba1ba0698a286765a11ccde66a92118ab2f3888de951cff6cb458d9de900a92ed6148a702f079ce9c2c414b951dbdade2b67bdc942835f4dd75983f6af0b1247c77eec69ee9752c9ab7190aa004056e24fb3fdb48c687ff778e29a804cdaa8e65e709793da9bca436a07e6436ff95b4ef0dd65b8455ed42c821b7a682b39fccb64cfecbc4f0fc5237362179faa889c9f52b08fb1e69637cc5bede6421972acc96bb90b92ac7017755847ad54b01a971d9d379977364aae24bc050462179a5bf6b7ae38a8cba2a51fad2c0489db86539184fdb3bc246ad6d276c2648f36412f70f197b441cdae46fb09f1a9ae6cc5cede82b9947f6237bc34db78475a4b2efa3f7249403368cbd6cc91996424f12a66bea8ed851da994f587b9ba1f077cd00957d1d8cc75a4fd489ed4dfd36f0fd3817bdf8c16276db413e438eceb67de1e1e8de46d0675dc6a55fa29d83d9493a45d6dbd5ea4459c3ff44d1ca50bfdd7f6b4015da8a7901b3d5fc0671f8ebe7a5dcecc776c21bdb2c35c14b0d4128c144d11bbf4377513240a3dd47e9f9e5c22af5ac9422f2c8e90bee27e3d6f5b314166ec9841272c48c91df4b1f086f7e9d27712ad27406d05a59a27c55d8cd4d7ddb25fa2e77e10864feba27e0440d04c35237ddbd75b91e72eab1ae1f396fbef691e09537062096b60f265bd04b344e0866ccecf7f132cff615b9c4c04a83b05f410158ba806b8f3a168482081bef190a7b13b85997e61be9d62c4173933a41a5e92fa3f43ef02196f4f4033071b5b177ab5b0ce3572f7053b4776fc3a51b05cbe942da9825bb75f7487df1779a4373cd5568ff11319e9f12981d75499c3731115505c18895dc82e6e03a5966aea8c7690e88066f4e53590e2eb332a06f5bc77be238ca5e001dc50c44fac1ed8c58e6468ee2c3d22b101b8978458142e01964d6734f622472e991a25e2878defce195c7198483b4c3edcb8b149146c938a0743c37a5d701ebed448a170dd91cc44cf43d13800507f4c3756e5241725997ea8fc8632eee1abc318e1f6f3cf8d430b35a57806bd5b040014ef0298bfc1abeaf55e5232363a888ba5d97079d0f593b1fceb208b2eb3c2417eef3e4f8d04268621082a02a7f334d2272d60428172433dbd7fa1b2237f3cf7ab26844522b6f56caa9158aa25a166eab3c5b481437fede3ff1c228d73b06317da199630bcba8fc0ff826ad096023a534c52bdff4e69edfde8643c7c0e05050f7a72c3638b5f5089f109469a40523ec15bda8e2b89080ad965cc4b3f9f6b32f7284a05d734e40bc32c6d82867b10aa2827dd22ec7f82ed6c9629f1c5a2b381ec73355a1930a332fbccf0522599a5e4f3cff8f610097c8b214881a19247d4dd3f7c870bfd848d66dfd0e391e2f3f487f55f5c6022f895c437dbcbace0fb3111d751a89fd8710dfc9f3c770b649efe823048dd0df649af48a2d4c7d665df5d7af6904b73983e2d816788d99d7f2d1531d3c8cddae1ce9145f7d3572ca7de7f4fc5ba55d87a2375083f2d279eaa0594e146620c19ea03276a3a4c31fe2779a5b493ea142051cd472728e9f32d37181bb61c0a7c82df513e798050a634a65530809c11e9b48217879d911747f736bb52f40729eac20397927aaba16cbef66975c436c696220427c359ba36246078e922c7e9569cd2e5eead89420002c312778f29941a515ff9411845617dab7a4edd2c11491be139ffb09a8ebf715cd9d38b8e8b1a83b2e32a3b1071479807a52d3828d6ba9040d6b71c5d53f54338d2be2016a689adf7e1b93727975a854300a302435faaf1778b276661db16fbae0f54a0eb3d5ee9f9272263dc3a4fe6984234d6fe1c4f3f32bb512a0b7150ab5a119ecfad616929adf1f2066710eef359891b88894267a7b149a70767803de4a52d5c060a94f53665a4d8abae125f989f64346102305a6c5a8df04661f82313097f5beadb5d340b49cc0fe478c49b897ba9dc998a03a8c9722c35f45ac55a11b9f91bb6f849a02eae30e5ba8cfe253dfa16e498cf6077fb7b17658314a759d758b1d3294d39a203edcd8e9f7e6d88c56ad25a14b2e276e6d851ad632e152ec6b9278953e33b8cbcde45c55f00247fc9b7f71925ca4fe6f411dd6c3245ead614e34745996a20fe0495180b9c28217f62c6bf4dcfca3fce66cfe3603c24932d847608a2568430d3e04c91bbca995ca7064ed3a9f984df0d56e00a319eeefe83d1872a8a08b43d98d64a3040df90ea42343d3d059357a2c1c58acfea88cb9febb9a039844c9961940f4789bbb40406bdb5f00acc5a883bdcd3435bee88f451e6276f044491dcf9c1a6e0f2cc1ec7c881fdb189ad711cae2502e62a9aa0296f97f2b522885be850bdfea2ec50aafc9af282af63ffaf973eacac4898330c24c64b563b21908a4d624a8b1ccce4acab3c914c0490c9efdf69441e85cd1ecd19ffbe2ffa11288b954ef4609a5a683500c02d75bef0e3db48eb65767ee2dc57d9acc5eb88ae618fe901167c171604308b0020fa745c31676053779bd77a07b8256b228126d837ddf85e591fc6c92578828610d9fec4e6cf68cd4bb5194b41565958cd04df215f38859e62bf3a0a45411036968a77b562b2df6ecdd9ad024d9e32862d7b06fb5d1c3ae04fb9a64306111f26242eb9433cc8ac44530b9b6ef01c901a026bc445aab798e724d6fb66becac243377e69a3db42ad2c38f461311cd7901874db0e50595ad386d8d2f4d83002b01763f07bd0ab129e4ff76e474af4b82b3a7f98af0b6909438d7511512144e21f835feaba708393baa8cfa5190c1245a5ce509bcc607ba44d14748dea94b19792b48839d9d6aab28e3d18678dd04ec3fa5bd1e66ed9a6db25e81913a6639c6956ffeabf026c4630ef61fc91937d9918d8e5d779ac48857ea103566468661a8525ae308d5480edeac06f453270742c538db04cca008718c90bf4892afadeab417ad82284fbf9472a876b93749ca63c8b2ce74a7ad2bc4fcdd2dd7363f1b89e75bfb1e8f43a54ca275b08471e9d06802ba54daa9b375c9ac0f87f249f9c573989783721503f6e3f2f96a53e05e12c04adc84515bfa9f3ac8f7f46028324a211adc2d24cb21814e3b0fd954b62a1de60fca19bd0032a001d4573325f3ef803fef8bfe8f070a27c66f2442061b96d3fa9383405abcfefff015f8d7c4eaf98e52bda0e27cb02247ad2985372175ab78534da0629a63e5c613293024b3cba54dd7a4b5decdd80496d893d1ad29562acda70c130a15526e193f693933aec185e782944556932dc0a753865e7e521db3187333485e4dd2b9e7c0c8238b5d0df8cd9a92c14bb250bbae46360b5706a080cd73684ee40c4aa325c88302b9ee7ab8aa0d7c88b4de2bfd70323af2149794adef870c4e0e1330ecc7231c386b4270de7c27e02b1b527a9601d2b028e43343eebddad92e1453b01729ea6c4cef965790f266e15e35fd08c750ca68bfd4d1fb08671404333f04d52ad76301d914c4ef2a6a8f08022c6ca8a4667c8c98ac73efaace81f8f13c153b5b54c33ffda69f65c1f2c0a6c7c6c841472ca41af8bc570afe1b4bdbbf28303da527ed5a51e2b450b33e887e4f26a1a220f0774d0e3fab983044896a686dc858c8cb377cccb8fe3e783f1bd8f458f8c10966426b13b63e0062570becf13a504fe3c861a857a5c730c6fe31ec5e90d1db701482f9ac0511c5dafdb9ca387e5a194e460bf8848cf83116ca9408d83d800c617798d789127307b2824b9afad63c68e085d81c5b377aee1b0f97e9672116e888fb95cf233cbe7988113150cb2fe80283178e736f7186e2f1d961f286b03ca37fab9c82e2f626e011f4cb29afc2edaa249c4d9796970b0116825e600f51ce488a7789d8b26d86bebf826d395cecd6101e6e128c048ae66da51e67197c634129223f47ccaa4196ed78823d9d3b2922b2e081e59c0f68e499451f362808e3f351cef362fd23a6a8de6e994e42980c26d45222c4de8034239b1870341558e764c2708f2a5bbec2c4851272d29f195f05f7b0f98c4b32d8a13", 0xf0a}], 0x2}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f00000002c0)="80", 0x1}], 0x1}}], 0x2, 0x0) splice(r3, 0x0, r2, 0x0, 0x10000008ebc, 0x0) splice(r1, 0x0, r4, 0x0, 0x25a5, 0x0) syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}}, 0x0) bind$nfc_llcp(r2, &(0x7f0000000240)={0x27, r8, 0x1, 0x1, 0x2, 0xf2, "78d19bae832f94d8d2999c7a0450c752e6a941cf298ed50494113ef06095811c06f1aef953b75780df655df0cd2b204959c15faa3743a9fc0cc9601250b7f1", 0x21}, 0x60) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20040800) r9 = socket$unix(0x1, 0x1, 0x0) sendto$inet(r2, &(0x7f00000001c0)="81181da80f980414835a17a29e560651c8", 0x11, 0x4, &(0x7f0000000200)={0x2, 0x4e22, @broadcast}, 0x10) bind$unix(r9, &(0x7f0000003000)=@file={0x1}, 0x6e) socket$unix(0x1, 0x1, 0x0) r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') pread64(r10, &(0x7f0000000480)=""/177, 0xb1, 0xe0) 6.586740104s ago: executing program 4 (id=778): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000600)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x48, r3, 0x615, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x48}, 0x1, 0x2000000, 0x0, 0x801}, 0xc040) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x24, r3, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_CCA_ED_LEVEL={0x8}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x80) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x3, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r5 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r0, &(0x7f0000000040)={0x4}) epoll_pwait(r5, &(0x7f0000002500)=[{}], 0x1, 0x30, 0x0, 0x0) 6.080644198s ago: executing program 0 (id=779): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_sock_diag(0x10, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$key(0xf, 0x3, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e000000050000000800000002000100000000002a067d14defa95b106ec45ffcabea5c322d33b24fe0b20edb3bdf3312b65f49bb4d98cad28f917bfb56c3e050e5f155171aa5f0c00331d020d3cc1775eb45b0cec671475cc1b2f7704aa16dc786b01a636bcbecf21be9b59159906eb760702671a6c3b366852d3a871218d58ee9bc17b04c55efe824ed7b9f7b54f16b867234d7d72d062c9d7654075a43b849fb6a2b25587378614338d907ab90b06817fda4137cb9bc58c4be08654f9c27a162a7f9a9b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$key(r4, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000000000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fdff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r6 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x36}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000007c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000000000080000000000000000ff020000000000000000000000000001210000000000f3ffffff0000000000000000"], 0x0) r7 = signalfd4(r6, &(0x7f00000000c0)={[0xff]}, 0x8, 0x80800) io_uring_enter(r7, 0x43d0, 0x4add, 0x1, &(0x7f0000000140)={[0x8]}, 0x8) 5.972454837s ago: executing program 2 (id=780): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x10000}) ioctl(r4, 0x8b22, &(0x7f0000000040)) r5 = socket$inet(0x2, 0x802, 0x1) connect$inet(r5, &(0x7f0000002780)={0x2, 0x4e22, @remote}, 0x10) setsockopt$inet_int(r5, 0x0, 0xc, &(0x7f0000000000)=0x1, 0x4) write(r5, &(0x7f0000000440)="08008edf773c8000", 0x8) socketpair$unix(0x1, 0x3, 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$hid(0x5, 0x3f, 0x0, 0x0) 4.809077777s ago: executing program 0 (id=781): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$clear(0x7, r3) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x21, 0x3, 0x580, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x4b0, 0xffffffff, 0xffffffff, 0x4b0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private2, @private2, [], [], 'netdevsim0\x00', 'syzkaller1\x00', {0xff}}, 0x0, 0x220, 0x248, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'sit0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x5}}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@ipv6={@empty, @mcast1, [], [], 'veth1_to_hsr\x00', 'veth1\x00', {}, {}, 0x0, 0x0, 0x2}, 0x0, 0x200, 0x268, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private1, [], @ipv4=@remote, [], 0x0, 0xfffffffe}, {@ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@ipv4=@multicast2, [], @ipv6=@loopback}, {@ipv6=@rand_addr=' \x01\x00', [], @ipv4=@local}]}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00', {0x100000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5e0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x2000, 0x0, 0x0, 0x0, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x8581, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000000)='./file0\x00', r4, 0x4000, r1}, 0x18) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f6, &(0x7f0000000080)={'syztnl2\x00', 0x0}) r5 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000100)=0x10000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) madvise(&(0x7f0000647000/0x1000)=nil, 0x1000, 0x9) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) (async) keyctl$clear(0x7, r3) (async) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x21, 0x3, 0x580, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x4b0, 0xffffffff, 0xffffffff, 0x4b0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private2, @private2, [], [], 'netdevsim0\x00', 'syzkaller1\x00', {0xff}}, 0x0, 0x220, 0x248, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'sit0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x5}}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@ipv6={@empty, @mcast1, [], [], 'veth1_to_hsr\x00', 'veth1\x00', {}, {}, 0x0, 0x0, 0x2}, 0x0, 0x200, 0x268, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private1, [], @ipv4=@remote, [], 0x0, 0xfffffffe}, {@ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@ipv4=@multicast2, [], @ipv6=@loopback}, {@ipv6=@rand_addr=' \x01\x00', [], @ipv4=@local}]}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00', {0x100000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5e0) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x2000, 0x0, 0x0, 0x0, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}) (async) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x8581, 0x0) (async) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000000)='./file0\x00', r4, 0x4000, r1}, 0x18) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f6, &(0x7f0000000080)={'syztnl2\x00', 0x0}) (async) dup(r0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0) (async) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000100)=0x10000) (async) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) madvise(&(0x7f0000647000/0x1000)=nil, 0x1000, 0x9) (async) 4.289530952s ago: executing program 1 (id=782): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 4.039688272s ago: executing program 1 (id=783): r0 = syz_usb_connect(0xc2d0ecdcad6b587a, 0x2d, &(0x7f0000000040)=ANY=[], 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) syz_usb_control_io$uac1(r0, 0x0, 0x0) 3.980576518s ago: executing program 3 (id=784): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f00000003c0)=""/102392, 0x18ff8) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="e8ffffff914faeb21253", 0xa) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000000)={0x1}) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0x2098f907, 0x1}) sendmmsg$alg(r2, &(0x7f0000003780)=[{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000940)="a6baa2c67c6c4f6f1fac61f63f9f1a4d", 0x10}], 0x1, &(0x7f0000001b00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x200008c0}], 0x1, 0x44840) recvmsg$can_j1939(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000280)=""/3, 0x3}, {&(0x7f0000000540)=""/128, 0x80}], 0x2}, 0x1) 3.931372289s ago: executing program 4 (id=785): epoll_create(0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x240008c4) 3.727871931s ago: executing program 4 (id=786): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fanotify_init(0x2, 0x101000) fanotify_mark(r3, 0x21, 0x20, r2, 0x0) write(r2, &(0x7f0000000240)="e6", 0x1) tee(r1, r0, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711226000000000095"], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) sendmmsg$inet6(r4, 0x0, 0x0, 0x40048d1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) socket$inet_smc(0x2b, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x1c, r7, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x84) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r8}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000780)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x3, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x7, 0x6, 0x200000}, 0x2}}, @TCA_MPLS_LABEL={0x8}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) 2.658544142s ago: executing program 2 (id=787): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kvm_mmio\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r0, 0x0, 0x0, 0x80000) recvmsg$can_raw(r5, &(0x7f0000000480)={&(0x7f0000000240)=@generic, 0x80, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/193, 0xc1}, {&(0x7f0000000500)=""/192, 0xc0}, {&(0x7f0000000000)=""/13, 0xd}], 0x3, &(0x7f0000000700)=""/202, 0xca}, 0x20) recvmsg(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000207c0)=""/39, 0x27}], 0x1}, 0x61) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x50}}, 0x8000) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f00000004c0), 0x4) ioctl$VIDIOC_DQBUF(r7, 0xc0585611, &(0x7f0000000040)=@mmap={0x9, 0x7, 0x4, 0x10000, 0x2, {0x0, 0x2710}, {0x4, 0x1, 0x6, 0x7, 0x8, 0x9, "9b9a7244"}, 0x7f80000, 0x1, {}, 0x3}) 2.517265809s ago: executing program 1 (id=788): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TCSETS2(r2, 0x402c542b, &(0x7f00000000c0)={0x9, 0x35d, 0x2, 0x4, 0x6, "f61cc4a21fb3b5821c2e507af640405cf8ee80", 0x9, 0x3ff}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x123f41, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x14) pipe2$9p(0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) membarrier(0x40, 0x0) membarrier(0x20, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8, 0x100010, r5, 0xeabd1000) sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="5000000001010101000000000000000002000004300002802c00018014000300ff0100000000000000000000000000011400040000000000000000040000000000010c0019800800020022000000"], 0x50}, 0x1, 0x0, 0x0, 0x2000011}, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r6, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000100)={'team_slave_1\x00', 0x9}) recvmmsg(r6, &(0x7f00000002c0), 0x220, 0x100, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_BROADCAST={0xa, 0x2, @broadcast}]}, 0x50}, 0x1, 0xba01, 0x0, 0x4811}, 0x0) 2.391943109s ago: executing program 3 (id=789): syz_pidfd_open(0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r3, 0x0, 0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, 0x0}) syz_emit_ethernet(0x32, &(0x7f00000009c0)=ANY=[@ANYBLOB="0180c200000145000024000000020011ff010000000000000000000000000000000500"], 0x0) r8 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) r9 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$FUSE(0xffffffffffffffff, &(0x7f0000000a00)={0x2020, 0x0, 0x0, 0x0}, 0x2020) r11 = fsopen(&(0x7f0000000000)='msdos\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r11, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006300)="afe28a28263ffd9dbc5af980196765a3c1f82c4a1fae7a322fdf0f6eec50303f6104db417704a701a8d6c5e7f5c99a5cf3eed4e0e1c82545122d6933469933ec605aaf61a5b8b1f8aacbafca498796976da62837e4a0d818ea71474d0412cfe162a7260456c425f2604cbd262e2aef92d09d6d2e105b7e7d377c95ccfe1d0f9af9f7e6a6d85d4a8ebee6fa703efd8c4a106793205a405938d47f97266eaa5fda88f11a03a8305399889ccc48f85c4b6a7747f489dc76c93b06be84635190224018e13954cd2fe714fec88f6aac3c57d5fec99307b8c8327e8854000e81d781e2f5bc37e96bbc3077555f696c6fadd199d9bfbf0997e76925fe17923ac5976e32f52ee407c43070cd8a709a2326ac96b94051cd0cc8f29b43edbc4ed850ae7a30b45db7e72114aeb46bd3a91775582c9206a638456a0e3da847a7be2e21620df89ea7e2da53f77f39cf0eb2d0b601d507d4dd57a534b5c77076052cdb03dd0c241f75f442fdb07624ad9d9fcbba92a4f20b20b424e3c9c92f2831e5efe0be454f3b4dbb9dbe6152bb152206ff0451edeffdbaba54deb39f00e74297c676effb60950dce7a847031ca85a1b3690f573bc31094d6e7d95f5821c0eae6a2685958619d94108eefcbc0dc5dda47ca509878dd8caa875d69af6c88997b5d67e5c67bf9daf89547a55061eb0cc55e2c696b71c7384ba16928fa81f7394a048329c467ef813df172236464f9d1418e5d5386b0eb6d5c4f765d0246ee91ab39c07310b61680788e3a57dab96d1eabe1a0efc2b6c882aed50d993d15f8561bc1f6bde7e79b711bb206685344aae196c1c4b97cd515911341cd60c6ad108e0013f87d063385ea5f057de4315284cb6f8545436981ce1c4bbf13f178e3a504bc0c8b1bead105f7e7622c288aca7206ee18dbb97b1b393d102d9c65e3a765e87f554d98383e4e49ad1c600d8fac4acb970ce04e0c866806bd44b21b5c891c3bccefb87bdf389d6a36992cacfe52b96e7e1014cc58ec29fe0ac221ea6d49f759f2a746e7603272d572515fbbb33d2b6f94eb9c6571118b606e18ef88ff88366aa3ecccd6c845f9b8534f49997c940a930693fcdf742fde3676c6cee9eda06ab856a4dfee75c7c9cda6b11da6441644b62116e6fdcae5b5e0148047028a5842c21fb9637771a5ac84ba9740c9c9b56b58c08730a48e81c05b312449edd27843c173d1875c28aeca43761a06fed193378129243aa514bf74d6b76ccd70807440401948d6f3bd9a352cd432e1289f2d4e78add381e4477dd8ac2f2ccd3b6533121ac51c393dc773b9e120ea8194e51d76749b4f0c4e6e40132ba1535015d5ff224ff77310be5a31a6defa004262918136b9db98a94a1fd244be1f5a7cf6762e7bea536df1d312a72776baa881833d295f1a60f2ac98d54f302d8fc72f135ab3256d065a618b60d2a6982ee89c60bac90dd81e0cfc24118c568e8e3a29a9f29e55f479a8fb5638d6cd724605b69aaacafd440020f4776652537454041acc13cdb0bf1489fbac78c4bfae755b259764756407204b22cfe838ddf82523c03b4bc1eeb55c43b1f50b7d03fd4da448ae51cc4a844fd0240e0d131c2693ed770844bf25e3bbea974a5c2a40ed65f1c3a729ed93ec22b93899aa861ce301e1cc1f3e98846a39a49169cbe3eef35e3595207f1014a8dc89d6b512dc05cd23ed4b4741f6ac778794cd1282f42a72301f37816859cb92d53db6793f294df19d0ef1bb453685f3c666b3941c25c92b204c8307c0e83469032f276cef4ce538a4570d652aa212de6fae8ae4d62399de49f0d4bfc0a47fbd79e7a86e12c9d863dde004f9e9d605dac7d688dc5daff78c27bbe727fbab0cd3058e75544261d5d83468ef23e3a224f0ec460855aad927c5c5b3bfce0a3e3c45abb0ee6dbd04242ec765e324209bdf07f4ed21eb15e2f030476fbc3cd05554f54858232625e9b37ac41b8e354ebc85a0282fbf9ad5d6e0c2d7b093bc1f887646faa1e7622f110b546dadf44eff6bafb2a58631a93e560bd67b42ab96d4a9f044f26a481feb8b3f2018a7236799c2d1877a63e5fe64dd207be729eb1cda7977d59bc139e1d2f6cae1defe90b8f6a99ae4dbac317413745521247f3691e894af33c7484afb11f4d2f858ee87e93ad202f9853c6ceee0a92e052225ebf283a017ae2e7cfcf924ea4e3b319a05a9bfe3f476308aa5039fb8a7d3642043957a2090e0727120a7aea16d16e7a4b15d5676966041f76188fb69d89080b6eb2d4d42bc84e298dedda4db06b78df5c7198230ab439f0c3b4f3f649d531664c59eee2d73fe14f01133776b717f6b7118afdb264ace9e44af5bfdf35bfa7f7ab538004c0085c11da725ed284a34c7f27da78acf488bd0f54e6026efbf81af934558c36473d0fdc85519e11b4f30fa3b7ef757c35f4c88a360549def898cc460557433e44621589e71f3118003b4695f3130dc005d32c0330b950c12e430d2a2a6b9a68995bc9e1345dcfa30585603f09e74296cffe8d758b216de00e8302eed0e06f94e7bdf835cf27fcbe57651f36d6d2de82f179f42fc8e7fed4f5c7f5b691c6e038a76cab3e604e42ceda945e155db89cc0013564726053ccd77cd8e626bac72468ae0998f686450d5e0a17ce88e1b15d05f212c336d7cb5013eb94fa861b588be01ed252b487b4d1918c87a341b5daf74f3083bd49ccc6ee26ff8993b5398145ae7f9505c1398f1bdd2cb90636f9e99da243cedccc97252fe15ee10e886c187e5c614f33bbf630c654b1d87e693b765f3a36b67bd1fb46afcd24c96a0b7784e4cabb8a8a5abca853d51694da85296a430b8856f51173946c9f143db65fd1b51b9534657d3a7953ba7186651ddc6f0a625563c3b43cfbc83330507d399ae87731e1ab1f15320779da21d2000d85155a8c9cbd6f642695a565dec615d7bdf8a47a76005b3607cde6176b8303b7eeb2212179d6f5176e45b1759810fcec418e6c41e7b33da9f92211631a070257cea55e644498466d5fc5744f903e6c4a2d3809eb6e70d50a82f66a1a05079ebe9ae0b756bb2781dafd14b1a06c0eb2c9b77b0d8d005d47aacf5447a104f85df3decb0ef8bf1483b47be9c945b95634c474f9cebdc97a91f85aba7172d05cd7b06afa043b8900ab400770fa270029e34ebab31a69367a18057ce532cd66e52b807b8665475977a56ec5407c778994ce9c85e8b96f1313e468cf83d266f14250acee2a4a52001de174d2208bc2a679916e4231fb30a99263a0398e99e9f8236010f17a5de367d673a95b374158d2baae4612ec6898d0fec2f95b45c6bd760a0cabcac1067470492c5e66c11ea745ae803dd24a5c89cac5a0d64bcc15648b1d812be638d10311d640b3251a8001619d09f138bf04e35c02807c2c87c222a6f54da320f0169cece864f4d37af54f0fdcfd455051c0effe17d2c04b3b67807af05cd8176017cd8e35c1ca1b13112f2dddde84be95ef67a6c8ad8a4ab0e7175fd124bda62656c4afec4dc8c0261a855e75575ddbb375e45a5b635fc7bc528ba387dd24f485ba69a9ba2761c243d359bce078d0ba0cdc13b6ee7d66a8546c49a4429af5866f866ba2e1e0a10ff4a3c3b5e240d918f6a896c35f51ad7b02e6d0747ee80a99c8812577600e359b703e571ec18d6b88866f28aef250de65f39b266f6795237f7d3f741127f3d47cefb255d1b3c06c7d8fec9bb8e5c666d7ca7b803dbabc6cacecbca1ed8e89ddc2140f45c4f8572c146d7ab2be20eb72baaee4b1d371aa9f06833ba1a0cb66b701c1fd90e8bcdcfb9bd57a8cad381e7cb2b99250d21384ebf771833ac6f32f4115fcb0ffa177dcae6673b1ff80cbefbaec2c863b263035ad2a0d0a340fed260d4fbf008745bc1b51e5b011b54584f6c0cf3a401f8cfd23f23e830a311bec365064895cbe8a664184aff212bac6f164f6b619e4d8521ae447abc8f59b284aa2e94061aa15afd9070fef452d4fd644da4b6b716784109d92abd31d3221a76eaf592e6529e70a67bd92cdb431c7af9f658b2ace3d954c4a5208f1edcdb8a04461262ed26b24bb3df41b1c28ec42880590b3685f56a3982250ae96c7e1fcb9aa6a9887639d2209cf190e9ea82d5634513eb36c5c0e0769250948967240e29921da36aa0c07c76c81c7bd8b7f1c1c9063b4b1fcd88f63aaf568a7cc9249fad5c996853dd160d80f5251673643fb5e0067c97b0d2b513c1d22a3c2e73786c3c5c17f14c57c2df7c830216e5c3ef066468069428501e1a78c935f4c520c5cfe9daa89ca4bb4895fec8a328453ff630848eeac719bcc09d7bee73e58f4b7cf90f098bb7019c73912b630af92ed9b309c53c5c4edaa3788f9e6d486bd363619cd2c140d9a7175f6c5f977eb6e6f58f18c8d0ace671570e0dd6ed78ca228782ddb71c6f137cf0e27fa85b52b1c15ddf184a72dab098a8b1c1f6746238a8a92848f2478b690b80c131c85e90b69953f5eb54c0b47d59b7e440190e1c9b2d72fdd94c64296ca33aab32cc8f69091df05aaefd4ea00303a3522672f01b5373abae33d34844831a1af2e51276b61e637a93e02e09c306e5fb9619e82bbcf0e43e2f5e8ec8a458b9f1c612634645eb82051fa34f4b13439c3ba2e016972df37f197d09121bd377b1472a2da64698efb11cc88fa36ac173c83ee155b73716639f5d73a29fb783fb27e5ccbab5f9b95a4dca6a7406cd053a7ac9ff25f42ebddd9afe7df308979c314acaacecea602267c6d57fb5f5222e4ccd4b18573b32d6a19f1798a1d78b36b32f0723f7b33b06c2ca43b22e4cce6cda741b3e68a056a0cd6d51b6929cf4a16fb7b2490cbe87e5612dfa7d26ad40ec412021f9033aa2884ee86c7610623fb64663ac5554e694e84877708e77d243bcdb198714fff672b0f927f9cbe5b2436002f02a559dda5232cc150170d7b32d547a080f852c6838809f8ae1995e7ad4b24c7d1ecdb6b5dabca5da671493a3a1b4da1e7ad13ca4b4dbcf53a71348366cef7ee45cb719a8321205aa70da47104e66f344393e64dcfcd015b9d6bc75ec3dd31551de4b614bdc4d89c8de1254a91c4f33cdddf98d8ddf36e8cdc537a7d11dbf51913ca87ca9f644a2a08905e15c0f2bc58168e425b52055e7878ba468909dbed30815e01720df5a1be196471d30c1525070efa59fe62720960e473dc237d7866d77e8ac69cbaa50cea6205b7ccef9437b132f41e87906f3b9c48e9750e7ed1993597f8e599ab8596f4378853ee10e26289e72b92c425f5f0ad0f94d4694415739ccfc06bc5a49237157071116578df4f8aaa1eb4c123c8ada753e4a631f3f9660fbc9404d8af9ef1af380ccee1f2e520c03615fe7c5d276e917d84061f8cc0e5814caac9ecb0ebdf8bfae551197d66ff22236832a0ac38586b059a4ae9054d1810d361f50da921b33904cb6ea7faf44b811e7f7348d07cd32c8f83da01d4d74092493ef5cd3d2cbb9eeed6986f3e4615b8d341cbe13d6eac3bc1e9217fc2f86dd0cab958a6b4e0f0604501b48d352118611e96a974e3642fa785538e7d5b3bc7a363ca95a98a0816e6179bb438f3c110036770da0978987ebcd241464136b2a8d45bf1c2b499b6dba8e44448c73163ae7df71d7c98b705af886dc195cc918c2552fc1696d6749222a4e83279a14001ccb540a64a713fa1691c30e99ae0bf8fdacaaf4aea9d4f89db7d4f364f7a30c80b782f5cd7af01347d78769902f2ed675b6b859b5467cad1bed59a64f13a4b5a827e029c9a3107b08e5f18b930855f7d85f1d78d45d7d3c909b87213158dbe5cfda90936388885a32a61529ab30bf31fcc1d6df9ead0f49ada899dc8be042d2289383f6d09411aea11e6002359ff2e36345b8454ec5f126db94349666a3666323ca164a0f72873b63c9dcc0c60785a66862655d4ab5749bc00bd98ba9e20325e78a572fc93739ce884f3398218c614f8ea33cdff4b797dc2c2874d20670733f30acf52ae4d14c9e83f54533acd42931ea42fcbf89f7a8e68c3c8ecefa4a1e1c693244d4604f9488df30718c455f719a6d93b30173305264c9bdb21e8a68a74e7310dbecdc27afc7b162466c444ce4bda0d937104e683349828a4f0ca8723d54fe13287286f7a6dbb8ece6a7ece355fbee7424e7e524ec33ed5fed03a1ea964af0830108c5e69a071606d9d28450977245cba4d0e1ed8177752526e218cb5e113dff2236c663808533c580da3d83ad502a3d5d30949ca2cea660ccb613cc7661d6857b3b70588976ac8ceed944f7f738e43101369bea05a26ff31692ab45b6c95f794a5c92d8bd42ce8803162cc730782e0c1e468c9d090488763d9d1f1471c2ab1cd8599e078d81a0e84707ea02a0f91c3d588bb54f1f5ba58845617b80263ab8fb2c6757d72eebe00591c7b6cffddb969f6fee2ef9f016f641aa2ccfd59c839ba40ac1a10bb9d94f96e1c6829dd4d2dcb9d0f71726c31d813fa78af8b7621fa47f4b0ed9d9d98e4209676969728a00a92dd592dfee41c806076f0e4100e371c7427f888ef91f03c5b16d87b2ade294f69b77afb199de38bfebfa3ec9285d1829c7c0714bd100c84efc8eb71146a1d4c7f659d77c42119b738d6bcfede23855780a6627d4a417aab498ec60bf69c44fc1f3fd4f99ed941a1234ad1f3120dcc71275c464be23453749841dc1c36a76b28b3659e809a1216aea67658ff76e99580cb202eedb9d4cab23e879723d11f8d4086362271f8f2e6816d47eaeaa5066c3c4338868fd3c8b832581490b6801278e9d1d59771dcc73eef6b9903ba9b9f5e565eece392568c878662ad9cbb931242a27d883fe7839e7e502c368e736f5dc057ed2e4b5c963c54712c772535e22e94c61a13ed50682c065cad0d861b3888ef332ed0236e2747720f97793b46eb39b51057b44f2b9e05de8c077cff7ef5afb56a5d28754d76161909a05573f8aaee5fdf260d80eda7e1b83539e09362a4f9aa0e8f069e0cf221eca87593457b342de27c99cf14c4bc0d8050aa19c8e4a56b3b5d2c3fcc23633f5ab20ec063270c9922292b645a5523f9bba5c6f66368c227bb4b2ad6c1f4c8927552f6b41a312a4bec49669e2968a7d6bf30cf09f8d3fb473ce5a839ed27fa906dbf504aec3a5a2884bf4c569235202dffa763b14f4501ecb8608e77aeb4fda0e4177fad0bc02da3224f183355ad62f6c50efa3c8f8e02bf3cf47ff31210606bb87ce4acb53ead7eff942d65d9905e9bf6acf5829eed4855da2488e0896ad346da16a5c988e31b0632592a2dc3030d28b6d62a3a4638a0a3736f5103ce5fe72baac7fa23d5295c42cd81075ca9f7a9a7fe3cf418f50f7eccd8a7c3e6fb1e8b30c5d8dbb0772a8b44f44cebd8249ce10eb24d1f668765796b4a56a482580456ac49db677284f3b2deaa9514973ad5c156bb4961b2ad05bcde1bcea522790765208eab6eb27777c2ef643ab0c85e9625d259ae29a3b2e864bf936cefd90b63ba2281f8bf8505ef6040335c258d338c014c31810a324dfe382699ac0b92a2747973a297e94fcd75ec7d156bd61cf848d7144f9a9dd89c72b9c323ed6f37110f722da90396816050ad800fb33a92651b0356fd15c4cf876a3509ab32cca3f5bd6906ce5ec186391effb13fac0a10525622023645bfb9742472695c81461db0298f84af1983b6e5e94ae355e0e790fb51fe558bd70e889744872c9ababf42b930340e192ab4295ee72e1392f2bbb137533a919d72e651cbafa37a88232d0f464bd4531e49c65abd629f3e8b920ae3bde61a3538514866f18a937848f7bd99e4a0fbea506b9ee5ab47e41cad31dc261020f91d65c88bf2251c617cfde3314ec540c8128adf417f1ee716473c3d3c049dc7714a832c128869bb4a9bad6f8be1b0a6bb5c0e40417d594a876a5fb50055e7c67e2519698e5ca89fada7c84032a811b0eb5c67364ea809c6be960c9a7b98afc8e6315e780d8f556b97ea65b7fd27ca6fab61164d60a109d182b9b8f7995ee915eb68be320000db4b0bb821ce13a8d55ff70629a5f2bb89a1c7a4b874b49bcb13105493a9560344f89877e7c5e409a15bcda6d27073c3b744b386b0b82098d307dc3aab1ead4306a73cf8382bd3451c0aaa14a8333c6f34e6b5e5d3b240e01243749b3938840c835e16129ddca5d9439511b4fd22752d904dcd60f9405467918e48fa17547493e51a14ccb47128c7449b51cef63178f32cb06155b9e9cb65dba65f8a6f9a45d8d49852609dd0cf8418f463cb15eaaea77c1c89f530c1f6c6c7820d66957ff2fe731628a328f4e7896d5cf6fcc0782c05c47b8f01d28908913e379334fa90ea01906e865202fc6386fc69fb683a1dfd037ec5bbdb368b3530a3cbbbecf2107faeaf32081c65b48a3bd352998df0a781dd86c7c8112407db1bf1ac6446a0c77e8f2e3374fb8217abd59b3d40c9582a3ab663f278a83b22685914b4b2bacc973ffb2dec5e6eb98d6c16463c1e9a896ca4e65206687ca4423c359b4e1ce06a57ecb083b750026719dff109a1d823b4ccff79e5ce416bf3756d913b31faad8c0bab1c62276a581ba8830da7c59c5224db7dd38b032db7cf7022502a8f3cef31dc8344a2d02af978d6f901b1b0097dc425f4f34b73c6ee02a8b48d7a23299c1c6e5190221f84c2ecfe5bdb67b36c5dc23455ae466722c5e4f52b07aa667a6cb55c6a411225e88cf513c7cdd2065a1e044c0008f8b6a5b28f3f00f14e7da47e944ca666cec951593ac26ce5e75f17ca2d438dd8f926ac57d1761a72024187a2f77ef42a7d246f906166afecdcdcf8db8cef6f8855ecd97185fda05bae717eaf3165b99021fbdcee50384a22c8c025c8f82d4839dcb0a6075642dc453c21a4dcdc997d70315dce9a3ac7eb0185924436965d1376624b5c08772ba59b142a066bcd0ad044628e463921d78f1efcf8e8cd1e0fcf525115ae2b104c31561574003770c21e847ab80b65d3a2b53e6ad4a3d5227e3bc82b58b5feabc9c70b55264b32b658227851518664baa871f8128bd826ce818be1edef708e033155ed69a0bd83b246d83ac85b33d7370dcc7f930c25609e2e5f86f1738ba266b079a3743180b9b84a24e4915b1743834ec319e5b238ba6942e4128348be821b21892477e4c5ad3a2031f0ef11d9d54cc90f87cf093e582b1384c8960c36421969f7ee247001f37c66f10ff6dc3edc7de984acb599e9b8bd3e792855ddc703698578edfe74bd27e967dbe77bd4cd0bcbe08ebfa7c5bf95745e670438097ee29215d3ecbde9e8e50e14ec41a9d746de20230140d854e36e95f7c13446db26715b9a30a3d3afa3a5645e0afd3eaf8457a87c528792241e99a415b8709ae334bfa81fd8508c77b50e3d1f2ecf8f7b6b1d187bbac0bd3d49f00fb5c21836a2bd79ea2839bd3a1d396422699dfe0958479c36964efdb2f602d25f202a534df612f347696de6fecffb673d2162f2572c6d04895fc22b638dbf54dfad4d6058683919ec47cc3d3d1f5e4528bae31632081b9b80770ce0e7d44287e18fde786801e7beda77c0b9ee3965f3a4956496fe8e892b65e137d9e47e8e164f7c6fe9c6ac9ece1b7eead32a5a188df5539537e1b736f1c5d67b604d064eda6b6730c51e182cae81e65290f12f68a7146888e438a799d04931f2a0b9b6c565d47d9d322e7358ccdbc08eafc2470414c44f97e33013b976b995bcf96409789bc2bc97d7add4b6eaaa84c18ea936f0eb332185f9de597d6f7793215df2c0be4b5b4085910adb83d248be16deeac399070ad00a24a67cebef51694726a612ea5763f1bbff03a77357d867ec5461c33d73a47db4a51b496be6960ca7c8cb92a51dd578f99e4b1d2b18ce406b2751aeb065ad0225aeb1eedce3b26e3feec915361cd6b4acc105a2962edcd6547691a557f4deb9ca96d39bd92ebc96e763b6139a0421f42c561a7a20ffebef94bc0b7538466064610134ede0221cde98d085531471c0e9761880904952234f0ae34502b3790aad682fe6e7fd7977816e21aa3f7793ca99312ee07ef9b34a31102710bbaa31dcd57d941e6d5fd6b6607d3449bbffb1434d67edc10727230c3283ab7e212152039e9403bc7ae082cb3934794468dc7549aa35cdf35d3c0f754b7fdf47dbb5bc5047923f6841b9a4054a0eef23de222f0ecc04410fccfe3779820d2ac659b84ea56eeefaae980f1bd43aef8e78705ce1995cee4f88400903f66e6d24307090e23d04387909a62a3394890118549baec01b6f2a5c416f68b71bfc2b7a0bf289587664a2b6194d4eccb51bd4177c9487b724f91d088ce68f20882a8dd633b17ad73584e68382877eba4fae1af839baca07f3adc4c9796e07dc69e90bd5efe3a84d3ca40fa8209c2bc9c9303ff2c7979a9508d925c021cea6c7f1483b5c5b00232c292f302fad79aa5fa4820b04a5aed1f9be4cbf4430bd2b6b559133979e5239f514e87559950808fd098792c0b1bd0b9cb94463b22be92962692dca35a8bd0fe0edc28e7e759d2d753177fc29860d419a29fd89c0a2c11e957483f9c13637e2f66e96bf3454b943b7dd368b71243ef58b0b3d469cdf5572a990a5c998c5796b80031f56bc98f5bf70a717cc5ff4febbfc32b29543548d8862f1ab57fbdbeda2a9901593c0d92d4eca205312c18ce649ed5a3263b66d8ca52734a16035daaa182c24e9ae2851e8dd153d2fe34978e8df50402f133190ada04cfaaac56ca6fa20771a195c76a84651ca4aa9c7c4eb16007ef1e965055ab6cb08a02db6c1a82f8c695ec370095c0afd535ed8abf17ff514451055854a99de69863f393e1679ddf5326e1f4de42220df3839ee71c8fab2c3faee9af0f5e9ee5a3c4c146ae7d36536064a11644a9a195290f3d75f64652050ca8a1ef17eed6f5077a651af1ce5304f2e6fa781a83df2a7c4f5e1c8337d35f93633d684803b7bec4fea60e1f9925580f9199f40f307bfd84de2d51f1df191eeb52a48ed4a19c4f524cc26f7043bbabb1c43c4f20d950e218dbcf09a8bda0e1ca1759466938dd764c85c3d8de92b3534ff5c492d024e6ca87952243fe8b6379ba189032926685afcd3839a4423ba19cb0c5488982ce7cad134c60bc329f855ba4be63475ade6110d6db66613c3c7647e76e3949f8e5299738014743523662fd6b1626bcc0cffdb3b757ddcbeefa2facc49da06d907d21888b9344a3167d143e5f8e022d8c75229fd491145c451ac92f000aeee43219215a8136c7c17327f6e0a3eef7fe1861930d143d92f33aa74984c89f9ba3e9ee887bef4f9b16654cbc739fd6b2eebb255596dfd6639896685b72b0e1ea92019884468f5c78d21a3a69df24a3d8d517cec2122417bad0ac7db0182cc87b8b752e7474a36acb8508d118d44d509cd8594dea3a3a611a6c1c0b3bcf48b4834d8bb5cd18f420ed7aea21810c0303ca2d5fc67b116491f1bbd055221c79ec0dfcfc22c17cba3eb4fea49127615fdcef9cbecba603dd2e01e07af17ab0f4a6179f54edb34db2dc0c937a0aa1151c8a9474afd1af7c0a83174aa1fdd8e4bfb9b10841df5ccf068a5612627c8724b1c68fd3879a57265836409a6d851f1baf0023ca", 0x2000, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x78, 0x0, 0x3, {0x0, 0x0, 0x0, {0x4, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x7, 0x3, 0x0, 0x0, 0x4000, 0x25daa903, 0xffffffffffffffff, 0x0, 0xffffffff, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, 0x0, &(0x7f0000000340), 0x888000, &(0x7f0000000400)=ANY=[@ANYBLOB='\x00\x00\x00', @ANYRESHEX=r9, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=r10, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,max_read=0x0000000000000e5a,allow_other,blksize=0x0000000000000400,\x00']) shmctl$IPC_RMID(r8, 0x0) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0) 1.31635329s ago: executing program 2 (id=790): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f0000000140)={0x0, 0xffa5}) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x20000045, &(0x7f0000000300)={0xa, 0x2, 0x9, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='illinois\x00', 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) r2 = syz_clone(0x0, &(0x7f00000003c0)="756595f3d646b23fdf7fba837d23a1bec48cb45b0dfa74a3091cfbcaa38100333f2c8968c8b9db18c5aa34f4f7b0dc5992401144c34a1cfecb3daa2febdd67f9365f4a380ae4480f3cd16fbd4a0b8eb6a0fcd7c339b1aa1776a15b47fe77154aaba609eb3287b34b0c3e9bb4a05d79da69db798da45e39a6fdf7e92ade82bb77601d009c7bc71bd3a88e89ddf455e0c08a05e43268a193f750517a08c20d66c76aafbd05be9a7f837a026e00702449c485d2a503a13ed7f527a6eb3b8667994576e48c7541aa43131a47c159f399f88b4be8ad59dcf449cc0f0ace0b4b21", 0xde, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000500)="5830ec3f611d5a55f96a048c6fe912ea000db3ddd67a4fca73e5375c27c36517d224ab0dea89f059d5ff5b43fd921aaf0c6b3908f229987c719ef4d963eb571c64dd6dad61a178ae5e675cb80be53560bac2602a8ba6642f2903352c7ae26b951a16b649e68d20c2c0ea493eaf4a1486cd8f51f5cebe446e4a88346c1aa61cd1832b7b177286f78bf179ca67c1520522f5115b0040a567b440bb9cf313b9d1ef9a3d266c2e5af52a33f06f25d1a4280438e915432cb7c9c795224e7bd47f4d1a830db081e257e596cfe591f2a1526475a76f7849400c9798be10c5fe9853f5bd5afbc5742e264acb6959bd1eaad8222eca75ce5a") prctl$PR_SCHED_CORE(0x3e, 0x3, r2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) shutdown(r0, 0x1) 1.024290096s ago: executing program 4 (id=791): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_sock_diag(0x10, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$key(0xf, 0x3, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e000000050000000800000002000100000000002a067d14defa95b106ec45ffcabea5c322d33b24fe0b20edb3bdf3312b65f49bb4d98cad28f917bfb56c3e050e5f155171aa5f0c00331d020d3cc1775eb45b0cec671475cc1b2f7704aa16dc786b01a636bcbecf21be9b59159906eb760702671a6c3b366852d3a871218d58ee9bc17b04c55efe824ed7b9f7b54f16b867234d7d72d062c9d7654075a43b849fb6a2b25587378614338d907ab90b06817fda4137cb9bc58c4be08654f9c27a162a7f9a9b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$key(r4, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000000000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fdff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r6 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x36}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000007c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000000000080000000000000000ff020000000000000000000000000001210000000000f3ffffff0000000000000000"], 0x0) r7 = signalfd4(r6, &(0x7f00000000c0)={[0xff]}, 0x8, 0x80800) io_uring_enter(r7, 0x43d0, 0x4add, 0x1, &(0x7f0000000140)={[0x8]}, 0x8) 0s ago: executing program 2 (id=792): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) r2 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xc95e}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x2, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4300000003080102000a0000070c0004800800014000000010050003002f00"/40], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x4) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000785000/0x1000)=nil, 0x1000}, 0x3}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) kernel console output (not intermixed with test programs): /0x420 [ 174.738572][ T6750] ? __fget_files+0x2a/0x420 [ 174.738594][ T6750] ? __fget_files+0x3a0/0x420 [ 174.738615][ T6750] ? __fget_files+0x2a/0x420 [ 174.738642][ T6750] security_file_ioctl+0xcb/0x2d0 [ 174.738668][ T6750] __se_sys_ioctl+0x47/0x170 [ 174.738691][ T6750] do_syscall_64+0xfa/0x3b0 [ 174.738715][ T6750] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.738740][ T6750] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.738758][ T6750] ? clear_bhb_loop+0x60/0xb0 [ 174.738782][ T6750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.738799][ T6750] RIP: 0033:0x7fb2e218e929 [ 174.738817][ T6750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.738831][ T6750] RSP: 002b:00007fb2dfff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 174.738852][ T6750] RAX: ffffffffffffffda RBX: 00007fb2e23b5fa0 RCX: 00007fb2e218e929 [ 174.738864][ T6750] RDX: 0000200000000300 RSI: 00000000401c5820 RDI: 0000000000000003 [ 174.738876][ T6750] RBP: 00007fb2dfff6090 R08: 0000000000000000 R09: 0000000000000000 [ 174.738887][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.738897][ T6750] R13: 0000000000000000 R14: 00007fb2e23b5fa0 R15: 00007ffd4e880ee8 [ 174.738929][ T6750] [ 175.002132][ T6753] FAULT_INJECTION: forcing a failure. [ 175.002132][ T6753] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 175.023065][ T6753] CPU: 0 UID: 0 PID: 6753 Comm: syz.3.222 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 175.023092][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.023102][ T6753] Call Trace: [ 175.023110][ T6753] [ 175.023119][ T6753] dump_stack_lvl+0x189/0x250 [ 175.023151][ T6753] ? __pfx____ratelimit+0x10/0x10 [ 175.023176][ T6753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.023201][ T6753] ? __pfx__printk+0x10/0x10 [ 175.023220][ T6753] ? __might_fault+0xb0/0x130 [ 175.023253][ T6753] should_fail_ex+0x414/0x560 [ 175.023280][ T6753] _copy_from_user+0x2d/0xb0 [ 175.023299][ T6753] cec_ioctl+0x32e/0x2f20 [ 175.023334][ T6753] ? __pfx_cec_ioctl+0x10/0x10 [ 175.023366][ T6753] ? do_vfs_ioctl+0xf37/0x1990 [ 175.023388][ T6753] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 175.023414][ T6753] ? kasan_quarantine_put+0xdd/0x220 [ 175.023445][ T6753] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 175.023468][ T6753] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 175.023489][ T6753] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 175.023509][ T6753] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 175.023531][ T6753] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 175.023550][ T6753] ? smack_log+0xef/0x3f0 [ 175.023570][ T6753] ? __pfx_smack_log+0x10/0x10 [ 175.023587][ T6753] ? smk_access+0x14c/0x4e0 [ 175.023611][ T6753] ? smk_tskacc+0x2fc/0x370 [ 175.023633][ T6753] ? smack_file_ioctl+0x24a/0x340 [ 175.023657][ T6753] ? __pfx_smack_file_ioctl+0x10/0x10 [ 175.023688][ T6753] ? __fget_files+0x2a/0x420 [ 175.023710][ T6753] ? __fget_files+0x3a0/0x420 [ 175.023732][ T6753] ? __fget_files+0x2a/0x420 [ 175.023758][ T6753] ? bpf_lsm_file_ioctl+0x9/0x20 [ 175.023781][ T6753] ? __pfx_cec_ioctl+0x10/0x10 [ 175.023804][ T6753] __se_sys_ioctl+0xf9/0x170 [ 175.023825][ T6753] do_syscall_64+0xfa/0x3b0 [ 175.023855][ T6753] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.023878][ T6753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.023896][ T6753] ? clear_bhb_loop+0x60/0xb0 [ 175.023918][ T6753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.023935][ T6753] RIP: 0033:0x7f0abf38e929 [ 175.023952][ T6753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.023967][ T6753] RSP: 002b:00007f0ac0267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 175.023987][ T6753] RAX: ffffffffffffffda RBX: 00007f0abf5b5fa0 RCX: 00007f0abf38e929 [ 175.023999][ T6753] RDX: 0000200000000040 RSI: 0000000040046109 RDI: 0000000000000003 [ 175.024010][ T6753] RBP: 00007f0ac0267090 R08: 0000000000000000 R09: 0000000000000000 [ 175.024021][ T6753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.024032][ T6753] R13: 0000000000000000 R14: 00007f0abf5b5fa0 R15: 00007ffd743a8fa8 [ 175.024062][ T6753] [ 175.296630][ C0] vkms_vblank_simulate: vblank timer overrun [ 175.297172][ T6750] ERROR: Out of memory at tomoyo_realpath_from_path. [ 176.347217][ T30] audit: type=1326 audit(1750924888.360:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.449476][ T30] audit: type=1326 audit(1750924888.390:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.470900][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.481439][ T30] audit: type=1326 audit(1750924888.390:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.502834][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.512784][ T30] audit: type=1326 audit(1750924888.410:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.534306][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.721260][ T30] audit: type=1326 audit(1750924888.410:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.743690][ T30] audit: type=1326 audit(1750924888.410:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.780630][ T30] audit: type=1326 audit(1750924888.410:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb2e218d290 code=0x7ffc0000 [ 176.821667][ T30] audit: type=1326 audit(1750924888.410:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.936220][ T30] audit: type=1326 audit(1750924888.410:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 176.960754][ T30] audit: type=1326 audit(1750924888.410:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6761 comm="syz.4.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 177.036671][ T5831] IPVS: starting estimator thread 0... [ 177.146313][ T6779] IPVS: using max 26 ests per chain, 62400 per kthread [ 177.836254][ T5828] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 178.042967][ T5828] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 178.064975][ T5828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.095789][ T5828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.120860][ T5828] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 178.202761][ T5828] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 178.225980][ T5828] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 178.254658][ T5828] usb 2-1: Manufacturer: syz [ 178.274150][ T5828] usb 2-1: config 0 descriptor?? [ 178.813249][ T5828] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 178.853174][ T5828] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 178.878427][ T5828] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 179.155749][ T5831] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 179.408371][ T5831] usb 4-1: Using ep0 maxpacket: 16 [ 179.431229][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 179.452195][ T5831] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 180.276094][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.284768][ T5831] usb 4-1: Product: syz [ 180.296403][ T5831] usb 4-1: Manufacturer: syz [ 180.301496][ T5831] usb 4-1: SerialNumber: syz [ 180.321206][ T5831] usb 4-1: config 0 descriptor?? [ 180.332327][ T5831] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 180.344775][ T5831] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 180.436510][ T6810] affs: No valid root block on device nullb0 [ 180.452482][ T6810] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.239'. [ 181.480722][ T9] usb 2-1: USB disconnect, device number 4 [ 181.649185][ T6819] netlink: 'syz.2.241': attribute type 3 has an invalid length. [ 181.668184][ T6819] netlink: 'syz.2.241': attribute type 1 has an invalid length. [ 181.683444][ T6819] netlink: 191152 bytes leftover after parsing attributes in process `syz.2.241'. [ 181.762002][ T5831] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 182.221217][ T5831] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 182.256927][ T5831] em28xx 4-1:0.0: board has no eeprom [ 182.565720][ T5831] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 182.674510][ T5831] em28xx 4-1:0.0: dvb set to bulk mode. [ 182.704207][ T1174] em28xx 4-1:0.0: Binding DVB extension [ 182.743123][ T5831] usb 4-1: USB disconnect, device number 7 [ 182.796823][ T5831] em28xx 4-1:0.0: Disconnecting em28xx [ 182.854238][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 182.854256][ T30] audit: type=1326 audit(1750924894.870:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 182.902352][ T30] audit: type=1326 audit(1750924894.870:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 182.924577][ T30] audit: type=1326 audit(1750924894.900:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 182.949490][ T1174] em28xx 4-1:0.0: Registering input extension [ 182.965081][ T30] audit: type=1326 audit(1750924894.910:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 182.987723][ T5831] em28xx 4-1:0.0: Closing input extension [ 183.008746][ T5831] em28xx 4-1:0.0: Freeing device [ 183.040982][ T6844] unsupported nlmsg_type 40 [ 183.129652][ T30] audit: type=1326 audit(1750924894.910:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 183.163586][ T6846] fuse: Unknown parameter 'Pd' [ 183.439804][ T30] audit: type=1326 audit(1750924894.910:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 183.485163][ T5831] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 183.532756][ T30] audit: type=1326 audit(1750924894.910:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 183.610364][ T30] audit: type=1326 audit(1750924894.910:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6c9f8d290 code=0x7ffc0000 [ 183.634101][ T30] audit: type=1326 audit(1750924894.910:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 183.675055][ T30] audit: type=1326 audit(1750924894.910:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6839 comm="syz.0.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 183.717430][ T1174] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 183.737429][ T5831] usb 4-1: unable to get BOS descriptor or descriptor too short [ 183.767456][ T5831] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 183.858434][ T5831] usb 4-1: can't read configurations, error -61 [ 183.948984][ T1174] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 183.971018][ T1174] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.982343][ T1174] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.992484][ T1174] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 184.012325][ T5831] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 184.032320][ T1174] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 184.042010][ T1174] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 184.050361][ T1174] usb 5-1: Manufacturer: syz [ 184.074590][ T1174] usb 5-1: config 0 descriptor?? [ 184.180659][ T5831] usb 4-1: unable to get BOS descriptor or descriptor too short [ 184.212441][ T5831] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 184.222096][ T5831] usb 4-1: can't read configurations, error -61 [ 184.238252][ T5831] usb usb4-port1: attempt power cycle [ 184.365784][ T5918] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 184.518399][ T5918] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.542718][ T1174] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 184.549964][ T5918] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 184.567724][ T1174] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 184.575435][ T5918] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 184.585813][ T5831] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 184.609456][ T5918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.626517][ T1174] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 184.647258][ T5831] usb 4-1: unable to get BOS descriptor or descriptor too short [ 184.656595][ T5918] usb 3-1: config 0 descriptor?? [ 184.665843][ T5831] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 184.673490][ T5831] usb 4-1: can't read configurations, error -61 [ 184.686555][ T5918] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 184.694855][ T5918] dvb-usb: bulk message failed: -22 (3/0) [ 184.705756][ T5918] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 184.716668][ T5918] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 184.725163][ T5918] usb 3-1: media controller created [ 184.734661][ T5918] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 184.757209][ T5918] dvb-usb: bulk message failed: -22 (6/0) [ 184.763663][ T5918] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 184.776997][ T5918] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9 [ 184.783537][ T5828] usb 5-1: USB disconnect, device number 4 [ 184.794477][ T5918] dvb-usb: schedule remote query interval to 150 msecs. [ 184.805755][ T5918] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 184.815729][ T5831] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 184.848721][ T5831] usb 4-1: unable to get BOS descriptor or descriptor too short [ 184.870733][ T5918] usb 3-1: USB disconnect, device number 5 [ 184.883108][ T5831] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 184.901721][ T5831] usb 4-1: can't read configurations, error -61 [ 184.922346][ T5831] usb usb4-port1: unable to enumerate USB device [ 184.935820][ T5918] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 185.540028][ T6869] geneve2: entered allmulticast mode [ 186.503888][ T6882] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 186.529252][ T6882] cramfs: wrong magic [ 190.746369][ T6895] warning: `syz.2.262' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 194.385853][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 194.385872][ T30] audit: type=1326 audit(1750924906.390:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 194.588752][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.595125][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.608603][ T30] audit: type=1326 audit(1750924906.400:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 194.751974][ T30] audit: type=1326 audit(1750924906.400:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 194.835849][ T30] audit: type=1326 audit(1750924906.410:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 194.966337][ T30] audit: type=1326 audit(1750924906.650:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 195.071504][ T6913] binder: 6912:6913 ioctl c0306201 2000000003c0 returned -14 [ 195.125845][ T30] audit: type=1326 audit(1750924906.650:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 195.193024][ T30] audit: type=1326 audit(1750924906.650:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb2e218d290 code=0x7ffc0000 [ 195.282824][ T30] audit: type=1326 audit(1750924906.650:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 195.307894][ T30] audit: type=1326 audit(1750924906.650:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 195.329439][ T30] audit: type=1326 audit(1750924906.650:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6904 comm="syz.4.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 195.418578][ T6923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.270'. [ 195.747658][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 195.771827][ T6921] veth1_macvtap: left promiscuous mode [ 195.787656][ T6921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.945173][ T9] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 195.999392][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.097011][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.155856][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 196.220846][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 196.240302][ T9] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 196.255629][ T9] usb 1-1: Manufacturer: syz [ 196.271701][ T9] usb 1-1: config 0 descriptor?? [ 197.157377][ T9] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 197.326676][ T9] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 197.370611][ T6929] geneve2: entered allmulticast mode [ 197.372316][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.272'. [ 197.398211][ T9] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 197.481913][ T9] usb 1-1: USB disconnect, device number 4 [ 197.973634][ T6941] FAULT_INJECTION: forcing a failure. [ 197.973634][ T6941] name failslab, interval 1, probability 0, space 0, times 0 [ 198.315705][ T6941] CPU: 0 UID: 0 PID: 6941 Comm: syz.2.276 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 198.315734][ T6941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.315744][ T6941] Call Trace: [ 198.315752][ T6941] [ 198.315759][ T6941] dump_stack_lvl+0x189/0x250 [ 198.315790][ T6941] ? __pfx____ratelimit+0x10/0x10 [ 198.315814][ T6941] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.315837][ T6941] ? __pfx__printk+0x10/0x10 [ 198.315858][ T6941] ? __pfx___might_resched+0x10/0x10 [ 198.315883][ T6941] ? fs_reclaim_acquire+0x7d/0x100 [ 198.315912][ T6941] should_fail_ex+0x414/0x560 [ 198.315938][ T6941] should_failslab+0xa8/0x100 [ 198.315962][ T6941] kmem_cache_alloc_noprof+0x73/0x3c0 [ 198.315981][ T6941] ? security_file_alloc+0x34/0x330 [ 198.316017][ T6941] security_file_alloc+0x34/0x330 [ 198.316040][ T6941] init_file+0x93/0x2f0 [ 198.316069][ T6941] alloc_empty_file+0x6e/0x1d0 [ 198.316092][ T6941] path_openat+0x107/0x3830 [ 198.316107][ T6941] ? arch_stack_walk+0xfc/0x150 [ 198.316160][ T6941] ? kasan_save_track+0x4f/0x80 [ 198.316176][ T6941] ? kasan_save_track+0x3e/0x80 [ 198.316189][ T6941] ? __kasan_slab_alloc+0x6c/0x80 [ 198.316207][ T6941] ? getname_flags+0xb8/0x540 [ 198.316228][ T6941] ? __pfx_path_openat+0x10/0x10 [ 198.316244][ T6941] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.316284][ T6941] do_filp_open+0x1fa/0x410 [ 198.316300][ T6941] ? __lock_acquire+0xab9/0xd20 [ 198.316326][ T6941] ? __pfx_do_filp_open+0x10/0x10 [ 198.316369][ T6941] ? _raw_spin_unlock+0x28/0x50 [ 198.316391][ T6941] ? alloc_fd+0x64c/0x6c0 [ 198.316426][ T6941] do_sys_openat2+0x121/0x1c0 [ 198.316457][ T6941] ? __pfx_do_sys_openat2+0x10/0x10 [ 198.316483][ T6941] ? ksys_write+0x22a/0x250 [ 198.316506][ T6941] ? __pfx_ksys_write+0x10/0x10 [ 198.316531][ T6941] __x64_sys_open+0x11e/0x150 [ 198.316561][ T6941] do_syscall_64+0xfa/0x3b0 [ 198.316585][ T6941] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.316609][ T6941] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.316626][ T6941] ? clear_bhb_loop+0x60/0xb0 [ 198.316648][ T6941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.316665][ T6941] RIP: 0033:0x7f556478e929 [ 198.316683][ T6941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.316698][ T6941] RSP: 002b:00007f55625f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 198.316719][ T6941] RAX: ffffffffffffffda RBX: 00007f55649b5fa0 RCX: 00007f556478e929 [ 198.316732][ T6941] RDX: 000000000000050f RSI: 0000000000591002 RDI: 0000200000000100 [ 198.316744][ T6941] RBP: 00007f55625f6090 R08: 0000000000000000 R09: 0000000000000000 [ 198.316754][ T6941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.316764][ T6941] R13: 0000000000000000 R14: 00007f55649b5fa0 R15: 00007ffca24dda18 [ 198.316794][ T6941] [ 200.069926][ T6963] FAULT_INJECTION: forcing a failure. [ 200.069926][ T6963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.083159][ T6963] CPU: 1 UID: 0 PID: 6963 Comm: syz.4.282 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 200.083182][ T6963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 200.083192][ T6963] Call Trace: [ 200.083201][ T6963] [ 200.083209][ T6963] dump_stack_lvl+0x189/0x250 [ 200.083239][ T6963] ? __pfx____ratelimit+0x10/0x10 [ 200.083265][ T6963] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.083290][ T6963] ? __pfx__printk+0x10/0x10 [ 200.083323][ T6963] should_fail_ex+0x414/0x560 [ 200.083351][ T6963] _copy_from_user+0x2d/0xb0 [ 200.083369][ T6963] copy_from_sockptr_offset+0x66/0xa0 [ 200.083392][ T6963] do_ipt_set_ctl+0x8ae/0xcd0 [ 200.083419][ T6963] ? rcu_is_watching+0x15/0xb0 [ 200.083444][ T6963] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 200.083484][ T6963] ? __pfx___mutex_lock+0x10/0x10 [ 200.083510][ T6963] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 200.083556][ T6963] nf_setsockopt+0x26f/0x290 [ 200.083581][ T6963] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 200.083610][ T6963] do_sock_setsockopt+0x25a/0x3e0 [ 200.083634][ T6963] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 200.083659][ T6963] ? __fget_files+0x2a/0x420 [ 200.083691][ T6963] __x64_sys_setsockopt+0x18b/0x220 [ 200.083718][ T6963] do_syscall_64+0xfa/0x3b0 [ 200.083742][ T6963] ? lockdep_hardirqs_on+0x9c/0x150 [ 200.083766][ T6963] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.083783][ T6963] ? clear_bhb_loop+0x60/0xb0 [ 200.083805][ T6963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.083822][ T6963] RIP: 0033:0x7fb2e218e929 [ 200.083838][ T6963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.083851][ T6963] RSP: 002b:00007fb2dffb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 200.083871][ T6963] RAX: ffffffffffffffda RBX: 00007fb2e23b6160 RCX: 00007fb2e218e929 [ 200.083884][ T6963] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 000000000000000d [ 200.083895][ T6963] RBP: 00007fb2dffb4090 R08: 0000000000000468 R09: 0000000000000000 [ 200.083906][ T6963] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 200.083917][ T6963] R13: 0000000000000000 R14: 00007fb2e23b6160 R15: 00007ffd4e880ee8 [ 200.083947][ T6963] [ 200.201307][ T6961] binder: 6956:6961 ioctl c0306201 2000000003c0 returned -14 [ 201.046183][ T6975] block device autoloading is deprecated and will be removed. [ 201.735914][ T5918] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 201.937201][ T5918] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 201.967661][ T9] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 202.410113][ T5918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.459481][ T5918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.497153][ T5918] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 202.560616][ T5918] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 202.583565][ T5918] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 202.637260][ T5918] usb 1-1: Manufacturer: syz [ 202.648923][ T5918] usb 1-1: config 0 descriptor?? [ 202.689358][ T9] usb 2-1: device descriptor read/64, error -71 [ 202.985997][ T9] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 203.087687][ T5918] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 203.136472][ T5918] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 203.207480][ T5918] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 203.303807][ T5918] usb 1-1: USB disconnect, device number 5 [ 203.745826][ T9] usb 2-1: device descriptor read/64, error -71 [ 203.861628][ T9] usb usb2-port1: attempt power cycle [ 204.082174][ T7004] misc userio: Invalid payload size [ 204.089826][ T7004] misc userio: No port type given on /dev/userio [ 204.101483][ T7004] misc userio: The device must be registered before sending interrupts [ 204.122663][ T7004] Bluetooth: MGMT ver 1.23 [ 204.935893][ T7006] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 205.515733][ T1174] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 206.101360][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 206.332421][ T1174] usb 5-1: config 0 has no interfaces? [ 206.362860][ T1174] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 206.394564][ T1174] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.484644][ T9] usb 2-1: config 0 has no interfaces? [ 206.492657][ T9] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 206.512037][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.522057][ T1174] usb 5-1: Product: syz [ 206.528556][ T9] usb 2-1: Product: syz [ 206.543093][ T1174] usb 5-1: Manufacturer: syz [ 206.545655][ T9] usb 2-1: Manufacturer: syz [ 206.548011][ T1174] usb 5-1: SerialNumber: syz [ 206.563809][ T9] usb 2-1: SerialNumber: syz [ 206.593163][ T9] usb 2-1: config 0 descriptor?? [ 206.611862][ T1174] usb 5-1: config 0 descriptor?? [ 207.217743][ T5918] usb 2-1: USB disconnect, device number 8 [ 207.304585][ T7032] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 207.532308][ T5918] usb 5-1: USB disconnect, device number 5 [ 207.979904][ T7033] vlan2: entered allmulticast mode [ 207.987278][ T7033] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 208.365253][ T7035] 9pnet_fd: Insufficient options for proto=fd [ 208.652654][ T7050] C: renamed from team_slave_0 (while UP) [ 208.870324][ T7050] netlink: 164 bytes leftover after parsing attributes in process `syz.1.308'. [ 209.519529][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 209.519548][ T30] audit: type=1326 audit(2000000004.230:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 209.840571][ T30] audit: type=1326 audit(2000000004.230:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 209.864041][ T30] audit: type=1326 audit(2000000004.260:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 209.886478][ T30] audit: type=1326 audit(2000000004.280:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 209.908588][ T30] audit: type=1326 audit(2000000004.280:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 209.931710][ T30] audit: type=1326 audit(2000000004.280:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 210.256056][ T30] audit: type=1326 audit(2000000004.280:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6c9f8d290 code=0x7ffc0000 [ 210.732910][ T30] audit: type=1326 audit(2000000004.280:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 210.834860][ T30] audit: type=1326 audit(2000000004.280:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 210.875879][ T30] audit: type=1326 audit(2000000004.280:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7055 comm="syz.0.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 211.867962][ T5830] Bluetooth: hci3: command 0x0406 tx timeout [ 211.867974][ T5143] Bluetooth: hci1: command 0x0406 tx timeout [ 211.868018][ T5143] Bluetooth: hci4: command 0x0406 tx timeout [ 211.874082][ T5830] Bluetooth: hci0: command 0x0406 tx timeout [ 211.887739][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 213.364726][ T7098] netlink: 20 bytes leftover after parsing attributes in process `syz.3.317'. [ 213.373934][ T7098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.317'. [ 215.495480][ T7107] dummy0: entered promiscuous mode [ 216.259616][ T5905] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 216.662185][ T5905] usb 1-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=cd.35 [ 216.675870][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.697293][ T5905] usb 1-1: config 0 descriptor?? [ 216.709453][ T5905] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 217.268286][ T5905] dw2102: su3000_power_ctrl: 1, initialized 0 [ 217.280797][ T5905] dvb-usb: bulk message failed: -22 (2/0) [ 217.291436][ T5905] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 217.307369][ T5905] dvb-usb: TeVii S482 (tuner 2) error while loading driver (-19) [ 217.398638][ T7119] syz_tun: entered allmulticast mode [ 217.513697][ T7115] syz_tun: left allmulticast mode [ 217.995879][ T1174] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 218.165716][ T1174] usb 3-1: Using ep0 maxpacket: 32 [ 218.180771][ T1174] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 218.193169][ T1174] usb 3-1: config 0 has no interface number 0 [ 218.219098][ T1174] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 218.247409][ T5905] usb 1-1: USB disconnect, device number 6 [ 218.284036][ T1174] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.331481][ T1174] usb 3-1: Product: syz [ 218.373489][ T1174] usb 3-1: Manufacturer: syz [ 218.393165][ T1174] usb 3-1: SerialNumber: syz [ 218.553277][ T7132] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 218.567173][ T7132] cramfs: wrong magic [ 218.738654][ T1174] usb 3-1: config 0 descriptor?? [ 219.208869][ T1174] smsc95xx v2.0.0 [ 220.094326][ T7123] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 220.115717][ T7123] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 220.473303][ T1174] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 220.501418][ T1174] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 220.644333][ T1174] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 220.659644][ T1174] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 221.091016][ T1174] usb 3-1: USB disconnect, device number 6 [ 222.167783][ T7174] 9pnet_fd: Insufficient options for proto=fd [ 222.191597][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.341'. [ 222.214727][ T7174] veth0_virt_wifi: entered promiscuous mode [ 226.633419][ T7225] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 227.621056][ T7230] netlink: 12 bytes leftover after parsing attributes in process `syz.1.363'. [ 227.653546][ T7230] netlink: 31 bytes leftover after parsing attributes in process `syz.1.363'. [ 227.664286][ T7231] random: crng reseeded on system resumption [ 227.686900][ T7230] netlink: 'syz.1.363': attribute type 3 has an invalid length. [ 227.714579][ T7230] netlink: 'syz.1.363': attribute type 2 has an invalid length. [ 227.739632][ T7230] netlink: 31 bytes leftover after parsing attributes in process `syz.1.363'. [ 227.918393][ T1174] IPVS: starting estimator thread 0... [ 227.981632][ T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 228.015830][ T7241] IPVS: using max 24 ests per chain, 57600 per kthread [ 228.145736][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 228.171137][ T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 228.199325][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.228968][ T24] usb 2-1: Product: syz [ 228.244980][ T24] usb 2-1: Manufacturer: syz [ 228.270007][ T24] usb 2-1: SerialNumber: syz [ 228.443154][ T24] r8152-cfgselector 2-1: Unknown version 0x0000 [ 228.486850][ T24] r8152-cfgselector 2-1: config 0 descriptor?? [ 230.398215][ T7262] overlayfs: missing 'lowerdir' [ 230.442472][ T7266] IPVS: length: 129 != 8 [ 230.776586][ T5913] r8152-cfgselector 2-1: USB disconnect, device number 9 [ 231.643481][ T7283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.380'. [ 231.697771][ T7283] bridge0: port 3(vlan3) entered blocking state [ 231.704414][ T7283] bridge0: port 3(vlan3) entered disabled state [ 231.713170][ T7283] vlan3: entered allmulticast mode [ 231.718879][ T7283] dummy0: entered allmulticast mode [ 231.721071][ T7283] vlan3: entered promiscuous mode [ 231.731839][ T7283] dummy0: entered promiscuous mode [ 231.760466][ T7287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.382'. [ 233.076828][ T7313] FAULT_INJECTION: forcing a failure. [ 233.076828][ T7313] name failslab, interval 1, probability 0, space 0, times 0 [ 233.089761][ T7313] CPU: 1 UID: 0 PID: 7313 Comm: syz.3.387 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 233.089777][ T7313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.089783][ T7313] Call Trace: [ 233.089790][ T7313] [ 233.089796][ T7313] dump_stack_lvl+0x189/0x250 [ 233.089818][ T7313] ? __pfx____ratelimit+0x10/0x10 [ 233.089834][ T7313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.089850][ T7313] ? __pfx__printk+0x10/0x10 [ 233.089865][ T7313] ? __pfx___might_resched+0x10/0x10 [ 233.089881][ T7313] ? fs_reclaim_acquire+0x7d/0x100 [ 233.089899][ T7313] should_fail_ex+0x414/0x560 [ 233.089916][ T7313] should_failslab+0xa8/0x100 [ 233.089931][ T7313] __kmalloc_cache_noprof+0x70/0x3d0 [ 233.089945][ T7313] ? disk_seqf_start+0x6d/0x120 [ 233.089954][ T7313] ? __kvmalloc_node_noprof+0x331/0x5f0 [ 233.089970][ T7313] disk_seqf_start+0x6d/0x120 [ 233.089981][ T7313] seq_read_iter+0x3ef/0xe10 [ 233.089997][ T7313] ? set_page_refcounted+0x76/0x160 [ 233.090019][ T7313] proc_reg_read_iter+0x1b4/0x280 [ 233.090038][ T7313] copy_splice_read+0x552/0x9b0 [ 233.090059][ T7313] ? __pfx_copy_splice_read+0x10/0x10 [ 233.090071][ T7313] ? look_up_lock_class+0x74/0x170 [ 233.090087][ T7313] ? register_lock_class+0x51/0x320 [ 233.090108][ T7313] ? alloc_pipe_info+0x374/0x4d0 [ 233.090122][ T7313] ? __pfx_copy_splice_read+0x10/0x10 [ 233.090133][ T7313] splice_direct_to_actor+0x4a6/0xcc0 [ 233.090159][ T7313] ? __pfx_direct_splice_actor+0x10/0x10 [ 233.090172][ T7313] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 233.090193][ T7313] do_splice_direct+0x181/0x270 [ 233.090208][ T7313] ? __pfx_do_splice_direct+0x10/0x10 [ 233.090222][ T7313] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 233.090241][ T7313] ? rw_verify_area+0x258/0x650 [ 233.090255][ T7313] do_sendfile+0x4da/0x7e0 [ 233.090270][ T7313] ? __pfx_vfs_write+0x10/0x10 [ 233.090286][ T7313] ? __pfx_do_sendfile+0x10/0x10 [ 233.090301][ T7313] ? __fget_files+0x3a0/0x420 [ 233.090322][ T7313] __se_sys_sendfile64+0x13e/0x190 [ 233.090339][ T7313] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 233.090357][ T7313] ? do_syscall_64+0xbe/0x3b0 [ 233.090375][ T7313] do_syscall_64+0xfa/0x3b0 [ 233.090397][ T7313] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.090412][ T7313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.090423][ T7313] ? clear_bhb_loop+0x60/0xb0 [ 233.090436][ T7313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.090446][ T7313] RIP: 0033:0x7f0abf38e929 [ 233.090458][ T7313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.090466][ T7313] RSP: 002b:00007f0ac0267038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 233.090479][ T7313] RAX: ffffffffffffffda RBX: 00007f0abf5b5fa0 RCX: 00007f0abf38e929 [ 233.090487][ T7313] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 233.090493][ T7313] RBP: 00007f0ac0267090 R08: 0000000000000000 R09: 0000000000000000 [ 233.090500][ T7313] R10: 000000000000106f R11: 0000000000000246 R12: 0000000000000001 [ 233.090506][ T7313] R13: 0000000000000000 R14: 00007f0abf5b5fa0 R15: 00007ffd743a8fa8 [ 233.090523][ T7313] [ 233.991016][ T7323] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 234.002592][ T7323] cramfs: wrong magic [ 235.231072][ T7334] process 'syz.3.390' launched '/dev/fd/3' with NULL argv: empty string added [ 237.487615][ T7351] 9pnet_fd: Insufficient options for proto=fd [ 237.925303][ T7365] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 237.937779][ T7365] cramfs: wrong magic [ 239.523137][ T7375] binder: 7374:7375 ioctl c0306201 2000000003c0 returned -14 [ 243.229409][ T7422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.418'. [ 243.645721][ T5884] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 244.059449][ T5884] usb 4-1: config index 0 descriptor too short (expected 65529, got 18) [ 244.100712][ T5884] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 244.135061][ T7431] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 244.154150][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 244.164860][ T7433] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 244.181796][ T5884] usb 4-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 244.191218][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.203103][ T5884] usb 4-1: config 0 descriptor?? [ 244.525996][ T7430] kvm: kvm [7421]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0xfff902090100 [ 244.586898][ T7441] FAULT_INJECTION: forcing a failure. [ 244.586898][ T7441] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.651240][ T7441] CPU: 1 UID: 0 PID: 7441 Comm: syz.4.421 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 244.651268][ T7441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.651278][ T7441] Call Trace: [ 244.651285][ T7441] [ 244.651293][ T7441] dump_stack_lvl+0x189/0x250 [ 244.651326][ T7441] ? __pfx____ratelimit+0x10/0x10 [ 244.651348][ T7441] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.651370][ T7441] ? __pfx__printk+0x10/0x10 [ 244.651387][ T7441] ? __might_fault+0xb0/0x130 [ 244.651418][ T7441] should_fail_ex+0x414/0x560 [ 244.651447][ T7441] _copy_from_user+0x2d/0xb0 [ 244.651466][ T7441] generic_map_update_batch+0x572/0x7f0 [ 244.651500][ T7441] ? __pfx_generic_map_update_batch+0x10/0x10 [ 244.651518][ T7441] ? __fget_files+0x2a/0x420 [ 244.651555][ T7441] ? __pfx_generic_map_update_batch+0x10/0x10 [ 244.651571][ T7441] bpf_map_do_batch+0x36c/0x5f0 [ 244.651599][ T7441] __sys_bpf+0x384/0x860 [ 244.651623][ T7441] ? __pfx___sys_bpf+0x10/0x10 [ 244.651657][ T7441] ? ksys_write+0x22a/0x250 [ 244.651681][ T7441] ? __pfx_ksys_write+0x10/0x10 [ 244.651697][ T7441] ? rcu_is_watching+0x15/0xb0 [ 244.651729][ T7441] __x64_sys_bpf+0x7c/0x90 [ 244.651751][ T7441] do_syscall_64+0xfa/0x3b0 [ 244.651774][ T7441] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.651798][ T7441] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.651814][ T7441] ? clear_bhb_loop+0x60/0xb0 [ 244.651836][ T7441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.651850][ T7441] RIP: 0033:0x7fb2e218e929 [ 244.651867][ T7441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.651880][ T7441] RSP: 002b:00007fb2dfff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 244.651899][ T7441] RAX: ffffffffffffffda RBX: 00007fb2e23b5fa0 RCX: 00007fb2e218e929 [ 244.651912][ T7441] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 244.651922][ T7441] RBP: 00007fb2dfff6090 R08: 0000000000000000 R09: 0000000000000000 [ 244.651933][ T7441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 244.651942][ T7441] R13: 0000000000000000 R14: 00007fb2e23b5fa0 R15: 00007ffd4e880ee8 [ 244.651972][ T7441] [ 245.106907][ T7444] syzkaller1: entered promiscuous mode [ 245.118204][ T5884] usb 4-1: string descriptor 0 read error: -71 [ 245.159884][ T7444] syzkaller1: entered allmulticast mode [ 245.166317][ T5884] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input12 [ 245.373690][ T5178] bcm5974 4-1:0.0: could not read from device [ 245.465939][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 245.534461][ T5884] usb 4-1: USB disconnect, device number 12 [ 245.535415][ T5178] bcm5974 4-1:0.0: could not read from device [ 245.601547][ T5178] bcm5974 4-1:0.0: could not read from device [ 247.595605][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 247.708910][ T7474] binder: 7471:7474 ioctl c0306201 2000000003c0 returned -14 [ 248.237602][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 248.237620][ T30] audit: type=1326 audit(2000000042.950:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.390606][ T30] audit: type=1326 audit(2000000042.980:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.433257][ T30] audit: type=1326 audit(2000000042.980:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.508126][ T30] audit: type=1326 audit(2000000042.980:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.525027][ T7493] netlink: 36 bytes leftover after parsing attributes in process `syz.0.435'. [ 248.539641][ T30] audit: type=1326 audit(2000000042.980:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.539693][ T30] audit: type=1326 audit(2000000042.980:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.539737][ T30] audit: type=1326 audit(2000000042.980:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f556478d290 code=0x7ffc0000 [ 248.539780][ T30] audit: type=1326 audit(2000000042.980:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.539823][ T30] audit: type=1326 audit(2000000042.980:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.539949][ T30] audit: type=1326 audit(2000000042.980:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7485 comm="syz.2.433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 248.715973][ T5884] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 248.875868][ T5884] usb 4-1: Using ep0 maxpacket: 8 [ 248.884822][ T5884] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 248.925166][ T5884] usb 4-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 248.934739][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.951873][ T5884] usb 4-1: Product: syz [ 248.961024][ T5884] usb 4-1: Manufacturer: syz [ 248.976826][ T5884] usb 4-1: SerialNumber: syz [ 249.002041][ T5884] usb 4-1: config 0 descriptor?? [ 249.030480][ T5884] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 249.047868][ T5884] usb 4-1: selecting invalid altsetting 1 [ 249.179107][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 249.235349][ T5884] gspca_stk014: init reg: 0x00 [ 249.240924][ T5884] stk014 4-1:0.0: probe with driver stk014 failed with error -5 [ 249.504834][ T5828] usb 4-1: USB disconnect, device number 13 [ 250.534445][ T9] usb 2-1: config 6 has an invalid interface number: 108 but max is 0 [ 250.557184][ T9] usb 2-1: config 6 has no interface number 0 [ 251.500571][ T9] usb 2-1: config 6 interface 108 has no altsetting 0 [ 251.531739][ T9] usb 2-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=d2.1d [ 252.511869][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.761042][ T9] usb 2-1: Product: syz [ 252.765283][ T9] usb 2-1: Manufacturer: syz [ 252.774587][ T9] usb 2-1: SerialNumber: syz [ 252.886822][ T9] usb 2-1: can't set config #6, error -71 [ 252.956223][ T9] usb 2-1: USB disconnect, device number 10 [ 253.558289][ T7535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.441'. [ 253.567388][ T7535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.441'. [ 253.576591][ T7535] netlink: 'syz.0.441': attribute type 6 has an invalid length. [ 253.952602][ T7523] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 254.741800][ T7541] ======================================================= [ 254.741800][ T7541] WARNING: The mand mount option has been deprecated and [ 254.741800][ T7541] and is ignored by this kernel. Remove the mand [ 254.741800][ T7541] option from the mount to silence this warning. [ 254.741800][ T7541] ======================================================= [ 254.852814][ T7541] FAULT_INJECTION: forcing a failure. [ 254.852814][ T7541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.912823][ T7541] CPU: 0 UID: 0 PID: 7541 Comm: syz.3.447 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 254.912851][ T7541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.912861][ T7541] Call Trace: [ 254.912870][ T7541] [ 254.912880][ T7541] dump_stack_lvl+0x189/0x250 [ 254.912911][ T7541] ? __pfx____ratelimit+0x10/0x10 [ 254.912937][ T7541] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.912963][ T7541] ? __pfx__printk+0x10/0x10 [ 254.912997][ T7541] should_fail_ex+0x414/0x560 [ 254.913026][ T7541] _copy_to_user+0x31/0xb0 [ 254.913048][ T7541] simple_read_from_buffer+0xe1/0x170 [ 254.913077][ T7541] proc_fail_nth_read+0x1df/0x250 [ 254.913107][ T7541] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 254.913136][ T7541] ? rw_verify_area+0x258/0x650 [ 254.913156][ T7541] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 254.913182][ T7541] vfs_read+0x1fd/0x980 [ 254.913208][ T7541] ? __pfx___mutex_lock+0x10/0x10 [ 254.913235][ T7541] ? __pfx_vfs_read+0x10/0x10 [ 254.913258][ T7541] ? __fget_files+0x2a/0x420 [ 254.913286][ T7541] ? __fget_files+0x3a0/0x420 [ 254.913307][ T7541] ? __fget_files+0x2a/0x420 [ 254.913340][ T7541] ksys_read+0x145/0x250 [ 254.913369][ T7541] ? __pfx_ksys_read+0x10/0x10 [ 254.913386][ T7541] ? rcu_is_watching+0x15/0xb0 [ 254.913418][ T7541] ? do_syscall_64+0xbe/0x3b0 [ 254.913458][ T7541] do_syscall_64+0xfa/0x3b0 [ 254.913482][ T7541] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.913506][ T7541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.913524][ T7541] ? clear_bhb_loop+0x60/0xb0 [ 254.913547][ T7541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.913565][ T7541] RIP: 0033:0x7f0abf38d33c [ 254.913582][ T7541] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 254.913596][ T7541] RSP: 002b:00007f0ac0267030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 254.913617][ T7541] RAX: ffffffffffffffda RBX: 00007f0abf5b5fa0 RCX: 00007f0abf38d33c [ 254.913629][ T7541] RDX: 000000000000000f RSI: 00007f0ac02670a0 RDI: 0000000000000003 [ 254.913640][ T7541] RBP: 00007f0ac0267090 R08: 0000000000000000 R09: 0000000000000000 [ 254.913651][ T7541] R10: 0000000002800060 R11: 0000000000000246 R12: 0000000000000002 [ 254.913661][ T7541] R13: 0000000000000000 R14: 00007f0abf5b5fa0 R15: 00007ffd743a8fa8 [ 254.913694][ T7541] [ 255.955967][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.962390][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.213508][ T7549] netlink: 36 bytes leftover after parsing attributes in process `syz.0.448'. [ 256.360756][ T7552] 9pnet_fd: Insufficient options for proto=fd [ 257.429185][ T7566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.455'. [ 258.050365][ T7584] netlink: 36 bytes leftover after parsing attributes in process `syz.2.462'. [ 260.095782][ T7599] netlink: 28 bytes leftover after parsing attributes in process `syz.3.464'. [ 260.132563][ T7599] netlink: 16 bytes leftover after parsing attributes in process `syz.3.464'. [ 260.851519][ T7611] FAULT_INJECTION: forcing a failure. [ 260.851519][ T7611] name failslab, interval 1, probability 0, space 0, times 0 [ 260.865784][ T7611] CPU: 0 UID: 0 PID: 7611 Comm: syz.4.469 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 260.865811][ T7611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.865822][ T7611] Call Trace: [ 260.865829][ T7611] [ 260.865836][ T7611] dump_stack_lvl+0x189/0x250 [ 260.865865][ T7611] ? __pfx____ratelimit+0x10/0x10 [ 260.865890][ T7611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.865914][ T7611] ? __pfx__printk+0x10/0x10 [ 260.865936][ T7611] ? __pfx___might_resched+0x10/0x10 [ 260.865961][ T7611] ? fs_reclaim_acquire+0x7d/0x100 [ 260.865992][ T7611] should_fail_ex+0x414/0x560 [ 260.866020][ T7611] should_failslab+0xa8/0x100 [ 260.866043][ T7611] __kmalloc_noprof+0xcb/0x4f0 [ 260.866063][ T7611] ? tomoyo_encode+0x28b/0x550 [ 260.866093][ T7611] tomoyo_encode+0x28b/0x550 [ 260.866122][ T7611] tomoyo_realpath_from_path+0x58d/0x5d0 [ 260.866156][ T7611] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 260.866177][ T7611] tomoyo_path_number_perm+0x1e8/0x5a0 [ 260.866201][ T7611] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 260.866242][ T7611] ? __lock_acquire+0xab9/0xd20 [ 260.866286][ T7611] ? __fget_files+0x2a/0x420 [ 260.866327][ T7611] ? __fget_files+0x2a/0x420 [ 260.866347][ T7611] ? __fget_files+0x3a0/0x420 [ 260.866368][ T7611] ? __fget_files+0x2a/0x420 [ 260.866396][ T7611] security_file_ioctl+0xcb/0x2d0 [ 260.866421][ T7611] __se_sys_ioctl+0x47/0x170 [ 260.866442][ T7611] do_syscall_64+0xfa/0x3b0 [ 260.866464][ T7611] ? lockdep_hardirqs_on+0x9c/0x150 [ 260.866487][ T7611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.866505][ T7611] ? clear_bhb_loop+0x60/0xb0 [ 260.866527][ T7611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.866543][ T7611] RIP: 0033:0x7fb2e218e929 [ 260.866561][ T7611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.866576][ T7611] RSP: 002b:00007fb2dfff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.866595][ T7611] RAX: ffffffffffffffda RBX: 00007fb2e23b5fa0 RCX: 00007fb2e218e929 [ 260.866607][ T7611] RDX: 00002000000001c0 RSI: 00000000c008561b RDI: 0000000000000003 [ 260.866618][ T7611] RBP: 00007fb2dfff6090 R08: 0000000000000000 R09: 0000000000000000 [ 260.866629][ T7611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.866640][ T7611] R13: 0000000000000000 R14: 00007fb2e23b5fa0 R15: 00007ffd4e880ee8 [ 260.866670][ T7611] [ 260.866772][ T7611] ERROR: Out of memory at tomoyo_realpath_from_path. [ 260.943901][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 260.943918][ T30] audit: type=1326 audit(2000000055.620:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.161613][ T30] audit: type=1326 audit(2000000055.620:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.183755][ T30] audit: type=1326 audit(2000000055.620:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.251403][ T7624] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 261.271514][ T30] audit: type=1326 audit(2000000055.630:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.333553][ T30] audit: type=1326 audit(2000000055.630:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.415763][ T1174] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 261.551159][ T30] audit: type=1326 audit(2000000055.630:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.580674][ T30] audit: type=1326 audit(2000000055.630:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0abf38d290 code=0x7ffc0000 [ 261.606831][ T30] audit: type=1326 audit(2000000055.630:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.628227][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.679684][ T30] audit: type=1326 audit(2000000055.630:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 261.775421][ T30] audit: type=1326 audit(2000000055.630:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 262.541299][ T7633] xt_CT: You must specify a L4 protocol and not use inversions on it [ 262.576397][ T1174] usb 1-1: Using ep0 maxpacket: 16 [ 262.597028][ T1174] usb 1-1: unable to get BOS descriptor or descriptor too short [ 263.014650][ T1174] usb 1-1: config 1 has an invalid interface number: 26 but max is 1 [ 263.031906][ T1174] usb 1-1: config 1 has an invalid interface number: 89 but max is 1 [ 263.058495][ T1174] usb 1-1: config 1 has an invalid descriptor of length 11, skipping remainder of the config [ 263.093849][ T1174] usb 1-1: config 1 has no interface number 0 [ 263.229336][ T1174] usb 1-1: config 1 has no interface number 1 [ 263.236344][ T1174] usb 1-1: config 1 interface 26 altsetting 213 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 263.252571][ T1174] usb 1-1: config 1 interface 89 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 263.273956][ T1174] usb 1-1: config 1 interface 26 has no altsetting 0 [ 263.290927][ T1174] usb 1-1: config 1 interface 89 has no altsetting 0 [ 263.324321][ T1174] usb 1-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=29.ec [ 263.355810][ T1174] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.363888][ T1174] usb 1-1: Product: syz [ 263.408740][ T1174] usb 1-1: Manufacturer: syz [ 263.414314][ T1174] usb 1-1: SerialNumber: syz [ 263.664264][ T1174] usb 1-1: unknown interface protocol 0x7d, assuming v1 [ 263.671748][ T1174] usb 1-1: 26:2 : does not exist [ 263.710952][ T1174] usb 1-1: unknown interface protocol 0x13, assuming v1 [ 264.756327][ T1174] usb 1-1: 89:2 : does not exist [ 265.389318][ T1174] usb 1-1: USB disconnect, device number 7 [ 265.627584][ T7660] netlink: 12 bytes leftover after parsing attributes in process `syz.4.484'. [ 267.465729][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 267.465751][ T30] audit: type=1326 audit(2000000061.990:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 267.706395][ T30] audit: type=1326 audit(2000000061.990:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 267.767635][ T30] audit: type=1326 audit(2000000062.000:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 267.822991][ T30] audit: type=1326 audit(2000000062.000:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 268.039701][ T30] audit: type=1326 audit(2000000062.000:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 268.061829][ T30] audit: type=1326 audit(2000000062.000:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 268.084298][ T30] audit: type=1326 audit(2000000062.000:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb2e218d290 code=0x7ffc0000 [ 268.506759][ T30] audit: type=1326 audit(2000000062.000:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 268.771476][ T30] audit: type=1326 audit(2000000062.000:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 268.795034][ T30] audit: type=1326 audit(2000000062.000:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.4.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e218e929 code=0x7ffc0000 [ 271.169089][ T7727] netlink: 104 bytes leftover after parsing attributes in process `syz.0.501'. [ 272.706423][ T1174] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 272.775936][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 272.775958][ T30] audit: type=1326 audit(2000000067.480:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 273.069953][ T1174] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 273.336415][ T1174] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 273.721644][ T30] audit: type=1326 audit(2000000067.480:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 273.744203][ T30] audit: type=1326 audit(2000000067.480:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 273.765653][ C0] vkms_vblank_simulate: vblank timer overrun [ 273.778617][ T1174] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.792383][ T30] audit: type=1326 audit(2000000067.480:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 273.814031][ C0] vkms_vblank_simulate: vblank timer overrun [ 273.873356][ T1174] usb 4-1: Product: syz [ 273.897065][ T1174] usb 4-1: Manufacturer: syz [ 273.904291][ T30] audit: type=1326 audit(2000000067.520:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 273.969426][ T1174] usb 4-1: SerialNumber: syz [ 274.036343][ T1174] usb 4-1: config 0 descriptor?? [ 274.051717][ T30] audit: type=1326 audit(2000000067.520:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 274.066633][ T1174] hub 4-1:0.0: bad descriptor, ignoring hub [ 274.153537][ T30] audit: type=1326 audit(2000000067.520:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 274.175373][ T1174] hub 4-1:0.0: probe with driver hub failed with error -5 [ 274.225686][ T5884] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 274.233593][ T30] audit: type=1326 audit(2000000067.620:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c1878d290 code=0x7ffc0000 [ 274.309644][ T1174] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 274.361344][ T30] audit: type=1326 audit(2000000067.690:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 274.387196][ T30] audit: type=1326 audit(2000000067.690:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7746 comm="syz.1.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 274.418360][ T5884] usb 3-1: Using ep0 maxpacket: 8 [ 274.420284][ T1174] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 274.439094][ T5884] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 274.461991][ T5884] usb 3-1: config 2 has no interface number 0 [ 274.551774][ T5884] usb 3-1: config 2 interface 31 has no altsetting 0 [ 274.583426][ T5884] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 274.614181][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.644301][ T5884] usb 3-1: Product: syz [ 274.662527][ T5884] usb 3-1: Manufacturer: syz [ 274.679469][ T5884] usb 3-1: SerialNumber: syz [ 275.360076][ T7777] blktrace: Concurrent blktraces are not allowed on sg0 [ 276.163421][ T5884] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22 [ 276.246659][ T1174] usb 4-1: USB disconnect, device number 14 [ 276.274344][ T7782] virtio-fs: tag not found [ 276.488147][ T5884] usb 3-1: USB disconnect, device number 7 [ 279.331114][ T7802] FAULT_INJECTION: forcing a failure. [ 279.331114][ T7802] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.345130][ T7802] CPU: 0 UID: 0 PID: 7802 Comm: syz.3.522 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 279.345158][ T7802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 279.345169][ T7802] Call Trace: [ 279.345177][ T7802] [ 279.345185][ T7802] dump_stack_lvl+0x189/0x250 [ 279.345218][ T7802] ? __pfx____ratelimit+0x10/0x10 [ 279.345245][ T7802] ? __pfx_dump_stack_lvl+0x10/0x10 [ 279.345271][ T7802] ? __pfx__printk+0x10/0x10 [ 279.345290][ T7802] ? __might_fault+0xb0/0x130 [ 279.345324][ T7802] should_fail_ex+0x414/0x560 [ 279.345353][ T7802] _copy_from_iter+0x1db/0x16f0 [ 279.345383][ T7802] ? rcu_is_watching+0x15/0xb0 [ 279.345411][ T7802] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 279.345436][ T7802] ? __pfx__copy_from_iter+0x10/0x10 [ 279.345464][ T7802] ? __build_skb_around+0x257/0x3e0 [ 279.345488][ T7802] ? netlink_sendmsg+0x642/0xb30 [ 279.345507][ T7802] ? skb_put+0x11b/0x210 [ 279.345537][ T7802] netlink_sendmsg+0x6b2/0xb30 [ 279.345568][ T7802] ? __pfx_netlink_sendmsg+0x10/0x10 [ 279.345596][ T7802] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 279.345617][ T7802] ? __pfx_netlink_sendmsg+0x10/0x10 [ 279.345638][ T7802] __sock_sendmsg+0x219/0x270 [ 279.345668][ T7802] ____sys_sendmsg+0x505/0x830 [ 279.345695][ T7802] ? __pfx_____sys_sendmsg+0x10/0x10 [ 279.345727][ T7802] ? import_iovec+0x74/0xa0 [ 279.345748][ T7802] ___sys_sendmsg+0x21f/0x2a0 [ 279.345772][ T7802] ? __pfx____sys_sendmsg+0x10/0x10 [ 279.345834][ T7802] ? __fget_files+0x2a/0x420 [ 279.345856][ T7802] ? __fget_files+0x3a0/0x420 [ 279.345901][ T7802] __x64_sys_sendmsg+0x19b/0x260 [ 279.345926][ T7802] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 279.345958][ T7802] ? __pfx_ksys_write+0x10/0x10 [ 279.345976][ T7802] ? rcu_is_watching+0x15/0xb0 [ 279.346007][ T7802] ? do_syscall_64+0xbe/0x3b0 [ 279.346036][ T7802] do_syscall_64+0xfa/0x3b0 [ 279.346060][ T7802] ? lockdep_hardirqs_on+0x9c/0x150 [ 279.346085][ T7802] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.346103][ T7802] ? clear_bhb_loop+0x60/0xb0 [ 279.346126][ T7802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.346142][ T7802] RIP: 0033:0x7f0abf38e929 [ 279.346160][ T7802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.346176][ T7802] RSP: 002b:00007f0ac0267038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 279.346196][ T7802] RAX: ffffffffffffffda RBX: 00007f0abf5b5fa0 RCX: 00007f0abf38e929 [ 279.346208][ T7802] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 279.346219][ T7802] RBP: 00007f0ac0267090 R08: 0000000000000000 R09: 0000000000000000 [ 279.346230][ T7802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.346240][ T7802] R13: 0000000000000000 R14: 00007f0abf5b5fa0 R15: 00007ffd743a8fa8 [ 279.346271][ T7802] [ 279.624009][ C0] vkms_vblank_simulate: vblank timer overrun [ 282.261014][ T7815] blktrace: Concurrent blktraces are not allowed on sg0 [ 282.753464][ T7821] netlink: 20 bytes leftover after parsing attributes in process `syz.3.528'. [ 282.802798][ T7819] trusted_key: syz.0.527 sent an empty control message without MSG_MORE. [ 282.978448][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 282.980845][ T30] audit: type=1326 audit(2000000077.690:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 283.011332][ T30] audit: type=1326 audit(2000000077.720:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 283.278259][ T30] audit: type=1326 audit(2000000077.740:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 284.157357][ T30] audit: type=1326 audit(2000000077.750:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 284.173538][ C0] vcan0: j1939_tp_rxtimer: 0xffff888058a61c00: rx timeout, send abort [ 284.189652][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888058a61c00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 284.253356][ T30] audit: type=1326 audit(2000000077.750:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 284.285217][ T30] audit: type=1326 audit(2000000077.750:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f556478d290 code=0x7ffc0000 [ 284.351610][ T30] audit: type=1326 audit(2000000077.750:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 284.420673][ T30] audit: type=1326 audit(2000000077.750:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 284.535107][ T30] audit: type=1326 audit(2000000077.750:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 284.642053][ T30] audit: type=1326 audit(2000000077.750:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7824 comm="syz.2.523" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 286.376728][ T7852] IPv6: addrconf: prefix option has invalid lifetime [ 287.763004][ T7866] netlink: 2 bytes leftover after parsing attributes in process `syz.3.540'. [ 287.938787][ T7870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.953057][ T7867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.538'. [ 288.587073][ T7870] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.645199][ T7875] netlink: 'syz.2.541': attribute type 10 has an invalid length. [ 288.809553][ T5884] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 289.055887][ T7875] netlink: 36 bytes leftover after parsing attributes in process `syz.2.541'. [ 289.150374][ T7875] loop4: detected capacity change from 0 to 7 [ 289.256042][ T7875] Dev loop4: unable to read RDB block 7 [ 289.263410][ T7875] loop4: unable to read partition table [ 289.275656][ T7875] loop4: partition table beyond EOD, truncated [ 289.282132][ T7875] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 289.314481][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 289.502460][ T5884] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 289.512236][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.532338][ T5884] usb 4-1: config 0 descriptor?? [ 289.539427][ T7869] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 289.589238][ T7886] fuse: Unknown parameter 'fd}þ9ôÈFúñ §‚fòÖkMëj0çv!”Ì%ôƃdSì' [ 289.753396][ T5884] usbhid 4-1:0.0: can't add hid device: -71 [ 289.765730][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 289.774324][ T5884] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 289.800330][ T5884] usb 4-1: USB disconnect, device number 15 [ 289.895774][ T9] usb 3-1: device descriptor read/64, error -71 [ 290.181069][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 290.839096][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 290.839116][ T30] audit: type=1326 audit(2000000085.550:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 290.946635][ T9] usb 3-1: device descriptor read/64, error -71 [ 290.956149][ T30] audit: type=1326 audit(2000000085.590:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 290.979255][ T30] audit: type=1326 audit(2000000085.590:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 291.015801][ T30] audit: type=1326 audit(2000000085.600:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 291.029443][ T5913] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 291.436269][ T9] usb usb3-port1: attempt power cycle [ 291.515695][ T30] audit: type=1326 audit(2000000085.600:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 291.570785][ T30] audit: type=1326 audit(2000000085.600:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c1878d290 code=0x7ffc0000 [ 291.694247][ T30] audit: type=1326 audit(2000000085.610:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 291.750861][ T5913] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 291.766040][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.774104][ T5913] usb 5-1: Product: syz [ 291.785217][ T5913] usb 5-1: Manufacturer: syz [ 291.791787][ T5913] usb 5-1: SerialNumber: syz [ 291.800385][ T5913] usb 5-1: config 0 descriptor?? [ 291.808678][ T30] audit: type=1326 audit(2000000085.610:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 291.833350][ T5913] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 291.839980][ T30] audit: type=1326 audit(2000000085.610:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 291.912986][ T30] audit: type=1326 audit(2000000085.610:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c1878e929 code=0x7ffc0000 [ 292.185846][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 292.277016][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 292.334493][ T9] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 292.410214][ T9] usb 3-1: config 0 has no interface number 0 [ 292.470566][ T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 292.512971][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.543003][ T9] usb 3-1: Product: syz [ 292.573679][ T9] usb 3-1: Manufacturer: syz [ 292.598357][ T9] usb 3-1: SerialNumber: syz [ 292.626778][ T9] usb 3-1: config 0 descriptor?? [ 292.643189][ T9] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 292.768741][ T24] usb 5-1: USB disconnect, device number 6 [ 293.696184][ T7908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.847030][ T7908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.880638][ T7908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.941998][ T7908] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.017302][ T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 294.089877][ T7920] FAULT_INJECTION: forcing a failure. [ 294.089877][ T7920] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 294.093556][ T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 294.202622][ T7920] CPU: 0 UID: 0 PID: 7920 Comm: syz.0.557 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 294.202658][ T7920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.202670][ T7920] Call Trace: [ 294.202690][ T7920] [ 294.202698][ T7920] dump_stack_lvl+0x189/0x250 [ 294.202730][ T7920] ? __pfx____ratelimit+0x10/0x10 [ 294.202757][ T7920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.202783][ T7920] ? __pfx__printk+0x10/0x10 [ 294.202816][ T7920] should_fail_ex+0x414/0x560 [ 294.202845][ T7920] _copy_to_user+0x31/0xb0 [ 294.202865][ T7920] bpf_test_finish+0x24e/0x700 [ 294.202896][ T7920] ? __pfx_bpf_test_finish+0x10/0x10 [ 294.202920][ T7920] ? rep_movs_alternative+0x4a/0x90 [ 294.202944][ T7920] bpf_prog_test_run_xdp+0x79a/0x1000 [ 294.202983][ T7920] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 294.203008][ T7920] ? __fget_files+0x2a/0x420 [ 294.203037][ T7920] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 294.203057][ T7920] bpf_prog_test_run+0x2c7/0x340 [ 294.203083][ T7920] __sys_bpf+0x4a4/0x860 [ 294.203105][ T7920] ? __pfx___sys_bpf+0x10/0x10 [ 294.203140][ T7920] ? ksys_write+0x22a/0x250 [ 294.203164][ T7920] ? __pfx_ksys_write+0x10/0x10 [ 294.203179][ T7920] ? rcu_is_watching+0x15/0xb0 [ 294.203214][ T7920] __x64_sys_bpf+0x7c/0x90 [ 294.203236][ T7920] do_syscall_64+0xfa/0x3b0 [ 294.203259][ T7920] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.203281][ T7920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.203297][ T7920] ? clear_bhb_loop+0x60/0xb0 [ 294.203318][ T7920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.203335][ T7920] RIP: 0033:0x7fc6c9f8e929 [ 294.203352][ T7920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.203369][ T7920] RSP: 002b:00007fc6caeb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 294.203388][ T7920] RAX: ffffffffffffffda RBX: 00007fc6ca1b5fa0 RCX: 00007fc6c9f8e929 [ 294.203401][ T7920] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 294.203412][ T7920] RBP: 00007fc6caeb3090 R08: 0000000000000000 R09: 0000000000000000 [ 294.203423][ T7920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 294.203433][ T7920] R13: 0000000000000000 R14: 00007fc6ca1b5fa0 R15: 00007ffc7e8a1668 [ 294.203462][ T7920] [ 295.165457][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 295.167146][ T1174] usb 3-1: USB disconnect, device number 10 [ 295.270831][ T1174] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 295.366411][ T1174] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 295.405060][ T1174] quatech2 3-1:0.51: device disconnected [ 298.730157][ T7956] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 298.742741][ T7956] cramfs: wrong magic [ 300.603869][ T7967] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 300.614105][ T7967] cramfs: wrong magic [ 301.252679][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 301.252701][ T30] audit: type=1326 audit(2000000095.960:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.283667][ T30] audit: type=1326 audit(2000000095.960:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.305724][ T30] audit: type=1326 audit(2000000095.980:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.328231][ T30] audit: type=1326 audit(2000000095.980:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.350714][ T30] audit: type=1326 audit(2000000095.980:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.372934][ T30] audit: type=1326 audit(2000000095.980:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6c9f8d290 code=0x7ffc0000 [ 301.414654][ T30] audit: type=1326 audit(2000000095.990:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.437213][ T30] audit: type=1326 audit(2000000095.990:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.464832][ T30] audit: type=1326 audit(2000000096.000:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 301.504864][ T30] audit: type=1326 audit(2000000096.000:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7971 comm="syz.0.567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 302.225908][ T5905] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 302.420713][ T5905] usb 5-1: device descriptor read/64, error -71 [ 302.561643][ T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 303.026788][ T5905] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 303.071465][ T9] usb 3-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 303.089063][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.105776][ T9] usb 3-1: Product: syz [ 303.110024][ T9] usb 3-1: Manufacturer: syz [ 303.605137][ T5905] usb 5-1: device descriptor read/64, error -71 [ 303.612211][ T9] usb 3-1: SerialNumber: syz [ 303.636010][ T9] usb 3-1: config 0 descriptor?? [ 303.647162][ T9] cypress_m8 3-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 304.261663][ T7983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.270603][ T7983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.280284][ T7983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.289198][ T7983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.300073][ T5905] usb usb5-port1: attempt power cycle [ 304.312275][ T9] nokiaca42v2 ttyUSB0: required endpoint is missing [ 304.630353][ T5828] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 305.097699][ T5905] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 305.592325][ T9] usb 3-1: USB disconnect, device number 11 [ 305.640737][ T5828] usb 4-1: Using ep0 maxpacket: 16 [ 305.648387][ T9] cypress_m8 3-1:0.0: device disconnected [ 305.692064][ T5828] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 305.741050][ T5828] usb 4-1: config 0 has no interface number 0 [ 305.741271][ T5905] usb 5-1: device descriptor read/8, error -71 [ 305.770472][ T5828] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 305.912328][ T5828] usb 4-1: config 0 interface 251 altsetting 0 endpoint 0x82 has invalid maxpacket 46912, setting to 1024 [ 305.924176][ T5828] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 305.996711][ T8015] netlink: 32 bytes leftover after parsing attributes in process `syz.1.578'. [ 306.005754][ T8015] netlink: 216 bytes leftover after parsing attributes in process `syz.1.578'. [ 306.014982][ T8015] netlink: 216 bytes leftover after parsing attributes in process `syz.1.578'. [ 306.027479][ T8015] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 306.082134][ T5828] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 306.105873][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.771701][ T5828] usb 4-1: config 0 descriptor?? [ 306.812781][ T5828] usb 4-1: can't set config #0, error -71 [ 306.920816][ T8026] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 306.932358][ T8026] cramfs: wrong magic [ 307.195687][ T5828] usb 4-1: USB disconnect, device number 16 [ 307.757671][ T30] kauditd_printk_skb: 75 callbacks suppressed [ 307.757692][ T30] audit: type=1326 audit(2000000102.470:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8035 comm="syz.3.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 308.027430][ T30] audit: type=1326 audit(2000000102.500:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8035 comm="syz.3.585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 308.221502][ T30] audit: type=1326 audit(2000000102.710:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 308.254820][ T30] audit: type=1326 audit(2000000102.710:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 308.311079][ T30] audit: type=1326 audit(2000000102.710:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 308.350166][ T30] audit: type=1326 audit(2000000102.730:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 308.372048][ T30] audit: type=1326 audit(2000000102.730:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 308.395475][ T30] audit: type=1326 audit(2000000102.730:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 308.419113][ T30] audit: type=1326 audit(2000000102.730:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f556478d290 code=0x7ffc0000 [ 308.465940][ T30] audit: type=1326 audit(2000000102.730:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.2.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556478e929 code=0x7ffc0000 [ 310.403581][ T8062] 9pnet_fd: Insufficient options for proto=fd [ 315.035801][ T5828] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 315.165826][ T5828] usb 5-1: device descriptor read/64, error -71 [ 315.245661][ T5905] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 315.339780][ T8111] 9pnet_fd: Insufficient options for proto=fd [ 315.397544][ T5905] usb 2-1: config 7 interface 0 has no altsetting 0 [ 315.426287][ T5828] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 315.445085][ T5905] usb 2-1: string descriptor 0 read error: -22 [ 315.453594][ T5905] usb 2-1: New USB device found, idVendor=0ace, idProduct=13a1, bcdDevice= 4.44 [ 315.470561][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.549742][ T5905] usb 2-1: dvb_usb_v2: found a 'ZyDAS ZD1301 reference design' in warm state [ 315.572250][ T5905] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 315.586241][ T5828] usb 5-1: device descriptor read/64, error -71 [ 315.612569][ T5905] dvbdev: DVB: registering new adapter (ZyDAS ZD1301 reference design) [ 315.635492][ T5905] usb 2-1: media controller created [ 315.700096][ T5828] usb usb5-port1: attempt power cycle [ 315.775622][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 315.942858][ T5905] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 316.068921][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 316.093904][ T5828] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 316.486162][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 316.523273][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 316.660561][ T5828] usb 5-1: device descriptor read/8, error -71 [ 317.055634][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 317.116477][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 317.137710][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 317.169919][ T8127] netlink: 136 bytes leftover after parsing attributes in process `syz.3.606'. [ 317.193286][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 317.211961][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 317.211980][ T30] audit: type=1326 audit(2000000111.910:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 317.241708][ T8127] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 317.251679][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.262094][ T30] audit: type=1326 audit(2000000111.910:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 317.279250][ T5828] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 317.303072][ T30] audit: type=1326 audit(2000000111.910:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 317.455756][ T5913] usb 2-1: USB disconnect, device number 11 [ 317.462576][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.469137][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.479455][ T9] usb 3-1: config 0 descriptor?? [ 317.481432][ T30] audit: type=1326 audit(2000000111.920:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 317.487636][ T5828] usb 5-1: device descriptor read/8, error -71 [ 317.508070][ T30] audit: type=1326 audit(2000000111.920:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 317.888688][ T30] audit: type=1326 audit(2000000111.920:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 318.156436][ T51] Bluetooth: hci5: urb ffff88814c4a6d00 submission failed (90) [ 318.173867][ T9] usb 3-1: USB disconnect, device number 12 [ 318.198153][ T30] audit: type=1326 audit(2000000111.920:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 318.222061][ T30] audit: type=1326 audit(2000000111.920:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6c9f8d290 code=0x7ffc0000 [ 318.243881][ T30] audit: type=1326 audit(2000000111.920:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 318.400515][ T5828] usb usb5-port1: unable to enumerate USB device [ 318.408792][ T30] audit: type=1326 audit(2000000111.920:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8128 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc6c9f8e929 code=0x7ffc0000 [ 318.501770][ T8140] netlink: 16 bytes leftover after parsing attributes in process `syz.0.609'. [ 321.485075][ T8166] netlink: 40 bytes leftover after parsing attributes in process `syz.0.616'. [ 321.494274][ T8166] netlink: 40 bytes leftover after parsing attributes in process `syz.0.616'. [ 323.226336][ T5884] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 323.490050][ T5884] usb 2-1: device descriptor read/64, error -71 [ 323.646114][ T8186] netlink: 'syz.3.622': attribute type 1 has an invalid length. [ 323.789073][ T8190] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 323.858169][ T5884] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 323.995950][ T5884] usb 2-1: device descriptor read/64, error -71 [ 324.106990][ T5884] usb usb2-port1: attempt power cycle [ 324.463967][ T5884] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 324.475951][ T8186] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 324.493675][ T8186] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 324.573954][ T5884] usb 2-1: device descriptor read/8, error -71 [ 324.588610][ T8186] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 324.634471][ T8186] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 324.915669][ T8186] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 324.941392][ T8186] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 324.947829][ T5884] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 325.123156][ T8186] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 325.195598][ T5884] usb 2-1: device not accepting address 15, error -71 [ 325.202660][ T5884] usb usb2-port1: unable to enumerate USB device [ 325.220009][ T8186] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 325.351833][ T8203] netlink: 28 bytes leftover after parsing attributes in process `syz.0.625'. [ 326.158233][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 326.167209][ T8186] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 326.195840][ T8186] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 326.348249][ T8213] Illegal XDP return value 4294967294 on prog (id 213) dev N/A, expect packet loss! [ 326.555779][ T5913] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 326.577418][ T8215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.629'. [ 326.667626][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 326.740824][ T5913] usb 1-1: config 7 interface 0 has no altsetting 0 [ 326.771842][ T5913] usb 1-1: string descriptor 0 read error: -22 [ 326.784157][ T5913] usb 1-1: New USB device found, idVendor=0ace, idProduct=13a1, bcdDevice= 4.44 [ 326.795574][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.822878][ T5913] usb 1-1: dvb_usb_v2: found a 'ZyDAS ZD1301 reference design' in warm state [ 326.832244][ T5913] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 326.851489][ T5913] dvbdev: DVB: registering new adapter (ZyDAS ZD1301 reference design) [ 327.127191][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 327.148061][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 327.354717][ T5913] usb 1-1: media controller created [ 327.406192][ T8215] hsr_slave_1 (unregistering): left promiscuous mode [ 327.662327][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 327.731654][ T8217] FAULT_INJECTION: forcing a failure. [ 327.731654][ T8217] name failslab, interval 1, probability 0, space 0, times 0 [ 327.787344][ T8217] CPU: 0 UID: 0 PID: 8217 Comm: syz.4.630 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 327.787376][ T8217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.787386][ T8217] Call Trace: [ 327.787393][ T8217] [ 327.787401][ T8217] dump_stack_lvl+0x189/0x250 [ 327.787432][ T8217] ? __pfx____ratelimit+0x10/0x10 [ 327.787459][ T8217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.787484][ T8217] ? __pfx__printk+0x10/0x10 [ 327.787506][ T8217] ? __pfx___schedule+0x10/0x10 [ 327.787542][ T8217] should_fail_ex+0x414/0x560 [ 327.787582][ T8217] should_failslab+0xa8/0x100 [ 327.787608][ T8217] kmem_cache_alloc_noprof+0x73/0x3c0 [ 327.787628][ T8217] ? skb_clone+0x212/0x3a0 [ 327.787658][ T8217] skb_clone+0x212/0x3a0 [ 327.787685][ T8217] __netlink_deliver_tap+0x404/0x850 [ 327.787722][ T8217] ? netlink_deliver_tap+0x2e/0x1b0 [ 327.787744][ T8217] netlink_deliver_tap+0x19c/0x1b0 [ 327.787767][ T8217] netlink_sendskb+0x68/0x140 [ 327.787798][ T8217] netlink_rcv_skb+0x28c/0x470 [ 327.787816][ T8217] ? rcu_is_watching+0x15/0xb0 [ 327.787843][ T8217] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 327.787864][ T8217] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 327.787900][ T8217] ? netlink_deliver_tap+0x2e/0x1b0 [ 327.787930][ T8217] netlink_unicast+0x75b/0x8d0 [ 327.787977][ T8217] netlink_sendmsg+0x805/0xb30 [ 327.787999][ T8217] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 327.788032][ T8217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 327.788063][ T8217] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 327.788084][ T8217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 327.788106][ T8217] __sock_sendmsg+0x219/0x270 [ 327.788138][ T8217] ____sys_sendmsg+0x505/0x830 [ 327.788167][ T8217] ? __pfx_____sys_sendmsg+0x10/0x10 [ 327.788201][ T8217] ? import_iovec+0x74/0xa0 [ 327.788224][ T8217] ___sys_sendmsg+0x21f/0x2a0 [ 327.788249][ T8217] ? __pfx____sys_sendmsg+0x10/0x10 [ 327.788314][ T8217] ? __fget_files+0x2a/0x420 [ 327.788337][ T8217] ? __fget_files+0x3a0/0x420 [ 327.788373][ T8217] __x64_sys_sendmsg+0x19b/0x260 [ 327.788399][ T8217] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 327.788433][ T8217] ? __pfx_ksys_write+0x10/0x10 [ 327.788451][ T8217] ? rcu_is_watching+0x15/0xb0 [ 327.788483][ T8217] ? do_syscall_64+0xbe/0x3b0 [ 327.788514][ T8217] do_syscall_64+0xfa/0x3b0 [ 327.788539][ T8217] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.788572][ T8217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.788591][ T8217] ? clear_bhb_loop+0x60/0xb0 [ 327.788614][ T8217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.788632][ T8217] RIP: 0033:0x7fb2e218e929 [ 327.788650][ T8217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.788666][ T8217] RSP: 002b:00007fb2dfff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 327.788689][ T8217] RAX: ffffffffffffffda RBX: 00007fb2e23b5fa0 RCX: 00007fb2e218e929 [ 327.788702][ T8217] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 327.788715][ T8217] RBP: 00007fb2dfff6090 R08: 0000000000000000 R09: 0000000000000000 [ 327.788726][ T8217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 327.788738][ T8217] R13: 0000000000000000 R14: 00007fb2e23b5fa0 R15: 00007ffd4e880ee8 [ 327.788771][ T8217] [ 328.270477][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 328.285583][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 328.653611][ T8232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.632'. [ 328.746213][ T5913] usb 1-1: USB disconnect, device number 8 [ 328.746300][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 328.765651][ T5828] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 329.155886][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 329.225687][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 329.251755][ T5828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 329.321705][ T5828] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 329.348608][ T5828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 329.368503][ T5828] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 329.386943][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.409664][ T5828] usb 5-1: Product: syz [ 329.424161][ T5828] usb 5-1: Manufacturer: syz [ 329.449675][ T5828] usb 5-1: SerialNumber: syz [ 329.467099][ T5828] usb 5-1: config 0 descriptor?? [ 329.472989][ T8230] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 329.481179][ T8230] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 329.491753][ T5828] usb 5-1: ucan: probing device on interface #0 [ 329.685661][ T5884] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 329.858552][ T5884] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.885657][ T5884] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 329.955911][ T5884] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 330.010148][ T5884] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 330.075182][ T5828] ucan 5-1:0.0 can0: registered device [ 330.109754][ T5884] usb 4-1: Manufacturer: syz [ 330.178407][ T5828] ucan 5-1:0.0 can0: firmware string: unknown [ 330.341540][ T5884] usb 4-1: config 0 descriptor?? [ 330.386358][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 330.587336][ T8252] overlayfs: failed to resolve './file0': -2 [ 330.616792][ T5828] usb 5-1: USB disconnect, device number 15 [ 333.300787][ T1174] usb 4-1: USB disconnect, device number 17 [ 333.722238][ T8282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.645'. [ 333.805914][ T5831] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 334.088198][ T5831] usb 2-1: config 0 has an invalid interface number: 45 but max is 0 [ 334.096569][ T5831] usb 2-1: config 0 has no interface number 0 [ 334.102766][ T5831] usb 2-1: config 0 interface 45 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 334.143339][ T5831] usb 2-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=60.16 [ 334.152721][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.167436][ T5831] usb 2-1: Product: syz [ 334.183562][ T5831] usb 2-1: Manufacturer: syz [ 334.196767][ T5831] usb 2-1: SerialNumber: syz [ 334.343539][ T5831] usb 2-1: config 0 descriptor?? [ 336.214936][ T8305] FAULT_INJECTION: forcing a failure. [ 336.214936][ T8305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.232680][ T8305] CPU: 0 UID: 0 PID: 8305 Comm: syz.0.651 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 336.232708][ T8305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.232718][ T8305] Call Trace: [ 336.232726][ T8305] [ 336.232735][ T8305] dump_stack_lvl+0x189/0x250 [ 336.232768][ T8305] ? __pfx____ratelimit+0x10/0x10 [ 336.232796][ T8305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.232826][ T8305] ? __pfx__printk+0x10/0x10 [ 336.232859][ T8305] should_fail_ex+0x414/0x560 [ 336.232889][ T8305] _copy_to_user+0x31/0xb0 [ 336.232910][ T8305] simple_read_from_buffer+0xe1/0x170 [ 336.232940][ T8305] proc_fail_nth_read+0x1df/0x250 [ 336.232969][ T8305] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.232998][ T8305] ? rw_verify_area+0x258/0x650 [ 336.233018][ T8305] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 336.233045][ T8305] vfs_read+0x1fd/0x980 [ 336.233073][ T8305] ? __pfx___mutex_lock+0x10/0x10 [ 336.233101][ T8305] ? __pfx_vfs_read+0x10/0x10 [ 336.233122][ T8305] ? __fget_files+0x2a/0x420 [ 336.233150][ T8305] ? __fget_files+0x3a0/0x420 [ 336.233172][ T8305] ? __fget_files+0x2a/0x420 [ 336.233207][ T8305] ksys_read+0x145/0x250 [ 336.233227][ T8305] ? __fget_files+0x3a0/0x420 [ 336.233261][ T8305] ? __pfx_ksys_read+0x10/0x10 [ 336.233288][ T8305] ? do_syscall_64+0xbe/0x3b0 [ 336.233319][ T8305] do_syscall_64+0xfa/0x3b0 [ 336.233343][ T8305] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.233368][ T8305] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.233386][ T8305] ? clear_bhb_loop+0x60/0xb0 [ 336.233407][ T8305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.233424][ T8305] RIP: 0033:0x7fc6c9f8d33c [ 336.233442][ T8305] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 336.233459][ T8305] RSP: 002b:00007fc6caeb3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 336.233480][ T8305] RAX: ffffffffffffffda RBX: 00007fc6ca1b5fa0 RCX: 00007fc6c9f8d33c [ 336.233494][ T8305] RDX: 000000000000000f RSI: 00007fc6caeb30a0 RDI: 0000000000000004 [ 336.233505][ T8305] RBP: 00007fc6caeb3090 R08: 0000000000000000 R09: 0000000000000000 [ 336.233516][ T8305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.233527][ T8305] R13: 0000000000000000 R14: 00007fc6ca1b5fa0 R15: 00007ffc7e8a1668 [ 336.233557][ T8305] [ 337.425771][ T8316] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 337.433137][ T8316] cramfs: wrong magic [ 337.478614][ T5831] esd_usb 2-1:0.45: sending version message failed [ 338.109570][ T5831] esd_usb 2-1:0.45: probe with driver esd_usb failed with error -8 [ 338.151038][ T5831] usb 2-1: USB disconnect, device number 16 [ 339.615217][ T8328] binder: 8327:8328 ioctl c0306201 2000000003c0 returned -14 [ 340.092116][ T8339] Cannot find del_set index 2 as target [ 345.492638][ T8372] tmpfs: Bad value for 'mpol' [ 345.499031][ T8372] usb usb8: usbfs: process 8372 (syz.3.666) did not claim interface 0 before use [ 346.268364][ T8375] netlink: 12 bytes leftover after parsing attributes in process `syz.4.668'. [ 346.280869][ T8376] netlink: 4 bytes leftover after parsing attributes in process `syz.3.669'. [ 346.675784][ T8383] input: syz1 as /devices/virtual/input/input15 [ 348.035252][ T5913] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 348.185837][ T5913] usb 3-1: device descriptor read/64, error -71 [ 348.286217][ T8404] 9pnet_fd: Insufficient options for proto=fd [ 348.451602][ T8408] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore [ 348.481130][ T8408] overlayfs: missing 'lowerdir' [ 349.185688][ T5828] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 349.354865][ T5828] usb 4-1: config 0 has an invalid interface number: 25 but max is 0 [ 349.370306][ T5913] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 349.383471][ T5828] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.439906][ T5828] usb 4-1: config 0 has no interface number 0 [ 349.471615][ T5828] usb 4-1: config 0 interface 25 altsetting 205 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 349.525629][ T5828] usb 4-1: config 0 interface 25 has no altsetting 0 [ 349.529266][ T5913] usb 3-1: device descriptor read/64, error -71 [ 349.555408][ T5828] usb 4-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=9e.ee [ 349.565774][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.584525][ T5828] usb 4-1: Product: syz [ 349.594384][ T5828] usb 4-1: Manufacturer: syz [ 349.607567][ T5828] usb 4-1: SerialNumber: syz [ 349.643734][ T5828] usb 4-1: config 0 descriptor?? [ 349.656397][ T5913] usb usb3-port1: attempt power cycle [ 349.921035][ T5828] usb 4-1: Found UVC 0.00 device syz (1b3b:2951) [ 349.942343][ T5828] usb 4-1: No valid video chain found. [ 350.711620][ T5828] usb 4-1: USB disconnect, device number 18 [ 351.342352][ T8434] blktrace: Concurrent blktraces are not allowed on sg0 [ 351.785867][ T8436] netlink: 68 bytes leftover after parsing attributes in process `syz.4.687'. [ 352.680447][ T8438] 9pnet_fd: Insufficient options for proto=fd [ 354.606003][ T5913] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 354.608503][ T8472] netlink: 84 bytes leftover after parsing attributes in process `syz.4.700'. [ 354.775794][ T5913] usb 1-1: Using ep0 maxpacket: 16 [ 355.155913][ T5913] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 355.175821][ T5913] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 355.190297][ T5913] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 355.257776][ T5913] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 355.349734][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.424353][ T5913] usb 1-1: Product: syz [ 355.468949][ T5913] usb 1-1: Manufacturer: syz [ 355.513318][ T5913] usb 1-1: SerialNumber: syz [ 356.652665][ T5913] usb 1-1: 0:2 : does not exist [ 356.686727][ T5913] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1) [ 356.761898][ T5913] usb 1-1: USB disconnect, device number 9 [ 357.934093][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 357.934112][ T30] audit: type=1326 audit(2000000152.640:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 358.127340][ T30] audit: type=1326 audit(2000000152.640:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 358.175336][ T30] audit: type=1326 audit(2000000152.680:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 358.283308][ T30] audit: type=1326 audit(2000000152.700:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 358.461857][ T30] audit: type=1326 audit(2000000152.700:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 358.492774][ T30] audit: type=1326 audit(2000000152.700:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 358.943897][ T30] audit: type=1326 audit(2000000152.700:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0abf38d290 code=0x7ffc0000 [ 358.966219][ T30] audit: type=1326 audit(2000000152.700:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 359.168657][ T30] audit: type=1326 audit(2000000152.700:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 359.568840][ T30] audit: type=1326 audit(2000000152.710:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8516 comm="syz.3.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abf38e929 code=0x7ffc0000 [ 359.590584][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.399271][ T8543] netlink: 'syz.0.722': attribute type 25 has an invalid length. [ 360.407190][ T8543] netlink: 'syz.0.722': attribute type 7 has an invalid length. [ 361.535907][ T5913] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 362.201364][ T5913] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 362.212578][ T5913] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.573579][ T5913] usb 1-1: config 0 interface 0 has no altsetting 0 [ 362.580369][ T5913] usb 1-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00 [ 362.590835][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.603006][ T5913] usb 1-1: config 0 descriptor?? [ 363.014701][ T8571] 9pnet_fd: Insufficient options for proto=fd [ 363.112163][ T5913] usbhid 1-1:0.0: can't add hid device: -71 [ 363.118369][ T5913] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 363.140045][ T5913] usb 1-1: USB disconnect, device number 10 [ 364.158055][ T8573] netlink: 'syz.4.728': attribute type 1 has an invalid length. [ 364.210869][ T8583] binder: 8582:8583 ioctl c0306201 2000000003c0 returned -14 [ 364.385222][ T8573] 8021q: adding VLAN 0 to HW filter on device bond1 [ 370.395635][ T5905] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 370.625623][ T5905] usb 3-1: Using ep0 maxpacket: 8 [ 370.865724][ T5905] usb 3-1: config index 0 descriptor too short (expected 74, got 45) [ 370.935057][ T5913] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 371.225644][ T5905] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 371.247378][ T5905] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 371.315639][ T5905] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 371.357825][ T5905] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 371.595886][ T5905] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 371.635833][ T5905] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 371.644940][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.676495][ T5913] usb 2-1: config 0 has an invalid interface number: 109 but max is 0 [ 371.684750][ T5913] usb 2-1: config 0 has no interface number 0 [ 371.747202][ T5913] usb 2-1: config 0 interface 109 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 371.838164][ T5913] usb 2-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=84.d1 [ 371.885972][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=11 [ 371.905572][ T8636] binder: 8635:8636 ioctl c0306201 2000000003c0 returned -14 [ 371.924468][ T5913] usb 2-1: SerialNumber: syz [ 371.963147][ T5905] usb 3-1: GET_CAPABILITIES returned 0 [ 371.969601][ T5913] usb 2-1: config 0 descriptor?? [ 371.979165][ T5905] usbtmc 3-1:16.0: can't read capabilities [ 372.013823][ T5913] cxacru 2-1:0.109: cxacru_bind: interface has incorrect endpoints [ 372.083472][ T5913] cxacru 2-1:0.109: usbatm_usb_probe: bind failed: -19! [ 372.169858][ T8630] netlink: 'syz.2.745': attribute type 12 has an invalid length. [ 372.319282][ T8644] overlay: Unknown parameter '/dev/cpu/#/msr' [ 374.118267][ T5828] usb 3-1: USB disconnect, device number 16 [ 374.188091][ T1174] usb 2-1: USB disconnect, device number 17 [ 377.079524][ T8681] binder: 8680:8681 ioctl c0306201 2000000003c0 returned -14 [ 378.766368][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.778754][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.085994][ T1174] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 379.345646][ T1174] usb 4-1: Using ep0 maxpacket: 16 [ 379.418722][ T1174] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.468276][ T1174] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 379.491497][ T8711] binder: 8710:8711 ioctl c0306201 2000000003c0 returned -14 [ 379.526433][ T8708] binder: 8707:8708 ioctl c018620c 200000000000 returned -1 [ 379.533959][ T1174] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 379.583673][ T1174] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 379.653748][ T1174] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 379.756670][ T1174] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 379.789923][ T1174] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 379.831778][ T1174] usb 4-1: Manufacturer: syz [ 380.160937][ T1174] usb 4-1: config 0 descriptor?? [ 381.487260][ T1174] rc_core: IR keymap rc-hauppauge not found [ 381.515752][ T1174] Registered IR keymap rc-empty [ 381.536981][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 381.595231][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 381.622369][ T1174] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 381.650311][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'. [ 382.021949][ T1174] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input16 [ 384.077428][ T8734] hsr_slave_1 (unregistering): left promiscuous mode [ 385.366598][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.385739][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.415674][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.435659][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.455886][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.475789][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.511430][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.552859][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.597900][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.647875][ T1174] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 385.717317][ T1174] mceusb 4-1:0.0: Registered  with mce emulator interface version 1 [ 385.892875][ T1174] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 386.003700][ T1174] usb 4-1: USB disconnect, device number 19 [ 387.777788][ T8771] xt_policy: neither incoming nor outgoing policy selected [ 388.065988][ T8770] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x314e4 [ 388.094825][ T8770] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 388.127075][ T8770] memcg:ffff88801cee0c80 [ 388.142317][ T8770] flags: 0xfff00000000041(locked|head|node=0|zone=1|lastcpupid=0x7ff) [ 388.199430][ T8770] raw: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 388.230385][ T8770] raw: 000000000000001c 0000000000000000 00000001ffffffff ffff88801cee0c80 [ 388.297579][ T8770] head: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 388.343866][ T8770] head: 000000000000001c 0000000000000000 00000001ffffffff ffff88801cee0c80 [ 388.373506][ T8770] head: 00fff00000000202 ffffea0000c53901 00000000ffffffff 00000000ffffffff [ 388.407505][ T8770] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 388.434524][ T8770] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 388.464437][ T8770] page_owner tracks the page as allocated [ 388.553761][ T8770] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 8770, tgid 8770 (syz.0.781), ts 388065956155, free_ts 388053325017 [ 389.131989][ T8770] post_alloc_hook+0x240/0x2a0 [ 389.306164][ T8770] get_page_from_freelist+0x21d5/0x22b0 [ 389.586135][ T8770] __alloc_frozen_pages_noprof+0x181/0x370 [ 389.766030][ T8770] alloc_pages_mpol+0x232/0x4a0 [ 389.785589][ T8770] alloc_pages_noprof+0xa9/0x190 [ 389.802654][ T8770] folio_alloc_noprof+0x1e/0x30 [ 389.864653][ T8770] filemap_alloc_folio_noprof+0xdf/0x470 [ 391.005194][ T8770] page_cache_ra_order+0x5e5/0xc70 [ 391.005390][ T8791] netlink: 12 bytes leftover after parsing attributes in process `syz.1.788'. [ 391.156175][ T8770] do_sync_mmap_readahead+0x4b5/0x5f0 [ 391.166869][ T8770] filemap_fault+0x62a/0x1200 [ 391.175648][ T8770] __do_fault+0x135/0x390 [ 391.186562][ T8770] __handle_mm_fault+0x198b/0x5620 [ 391.223492][ T8793] vlan3: entered allmulticast mode [ 391.230091][ T8770] handle_mm_fault+0x2d5/0x7f0 [ 391.240299][ T8793] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 391.241872][ T8770] do_user_addr_fault+0xa81/0x1390 [ 391.272065][ T8770] exc_page_fault+0x76/0xf0 [ 391.289805][ T8770] asm_exc_page_fault+0x26/0x30 [ 391.294904][ T8770] page last free pid 8771 tgid 8770 stack trace: [ 391.301532][ T8770] free_unref_folios+0xcd2/0x1570 [ 392.151023][ T8804] /dev/nullb0: Can't open blockdev [ 392.187797][ T8770] folios_put_refs+0x559/0x640 [ 392.192665][ T8770] truncate_inode_pages_range+0x346/0xda0 [ 392.247813][ T8770] set_blocksize+0x32a/0x500 [ 392.258402][ T8770] blkdev_bszset+0x1ac/0x220 [ 392.267854][ T8770] blkdev_ioctl+0x430/0x6d0 [ 392.278073][ T8770] __se_sys_ioctl+0xf9/0x170 [ 392.287288][ T8770] do_syscall_64+0xfa/0x3b0 [ 392.297098][ T8770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.311933][ T8770] ------------[ cut here ]------------ [ 392.317618][ T8770] kernel BUG at mm/filemap.c:868! [ 392.469021][ T8770] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 392.475348][ T8770] CPU: 1 UID: 0 PID: 8770 Comm: syz.0.781 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 392.487264][ T8770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.497327][ T8770] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 392.503401][ T8770] Code: fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 4b 99 0e 00 90 0f 0b e8 53 fe c8 ff 4c 89 e7 48 c7 c6 80 2e 94 8b e8 34 99 0e 00 90 <0f> 0b e8 3c fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 1d 99 0e 00 [ 392.523032][ T8770] RSP: 0018:ffffc9000c08f680 EFLAGS: 00010246 [ 392.529118][ T8770] RAX: 289fb3a997398200 RBX: 0000000000000002 RCX: 0000000000000000 [ 392.537094][ T8770] RDX: 0000000000000007 RSI: ffffffff8d96ea60 RDI: 00000000ffffffff [ 392.545073][ T8770] RBP: ffffc9000c08f7e8 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e [ 392.553078][ T8770] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: ffffea0000c53900 [ 392.561056][ T8770] R13: dffffc0000000000 R14: ffffea0000c53908 R15: 0000000000000004 [ 392.569033][ T8770] FS: 0000555575c31500(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000 [ 392.577983][ T8770] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 392.584586][ T8770] CR2: 00007f55654e56c0 CR3: 00000000310c4000 CR4: 00000000003526f0 [ 392.592569][ T8770] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 392.600548][ T8770] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 392.608537][ T8770] Call Trace: [ 392.611826][ T8770] [ 392.614769][ T8770] ? percpu_ref_put+0x19/0x180 [ 392.619546][ T8770] ? __pfx___filemap_add_folio+0x10/0x10 [ 392.625183][ T8770] ? percpu_ref_put+0xf9/0x180 [ 392.629957][ T8770] filemap_add_folio+0xd5/0x270 [ 392.634809][ T8770] page_cache_ra_order+0x74c/0xc70 [ 392.639930][ T8770] do_sync_mmap_readahead+0x4b5/0x5f0 [ 392.645314][ T8770] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 392.651216][ T8770] ? count_memcg_event_mm+0x1d/0x250 [ 392.656502][ T8770] ? count_memcg_event_mm+0x1d/0x250 [ 392.661791][ T8770] filemap_fault+0x62a/0x1200 [ 392.666470][ T8770] ? __pagetable_ctor+0x253/0x340 [ 392.671495][ T8770] ? __pfx_filemap_fault+0x10/0x10 [ 392.676610][ T8770] ? rcu_is_watching+0x15/0xb0 [ 392.681387][ T8770] ? __raw_spin_lock_init+0x45/0x100 [ 392.686682][ T8770] __do_fault+0x135/0x390 [ 392.691026][ T8770] __handle_mm_fault+0x198b/0x5620 [ 392.696141][ T8770] ? __lock_acquire+0xab9/0xd20 [ 392.701000][ T8770] ? __pfx___handle_mm_fault+0x10/0x10 [ 392.706460][ T8770] ? lock_vma_under_rcu+0xf8/0x710 [ 392.711577][ T8770] ? lock_vma_under_rcu+0xf8/0x710 [ 392.716695][ T8770] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 392.722247][ T8770] handle_mm_fault+0x2d5/0x7f0 [ 392.727022][ T8770] do_user_addr_fault+0xa81/0x1390 [ 392.732139][ T8770] ? rcu_is_watching+0x15/0xb0 [ 392.736913][ T8770] ? trace_page_fault_user+0x84/0x1e0 [ 392.742292][ T8770] exc_page_fault+0x76/0xf0 [ 392.746804][ T8770] asm_exc_page_fault+0x26/0x30 [ 392.751656][ T8770] RIP: 0033:0x7fc6c9e54e53 [ 392.756083][ T8770] Code: 48 85 c0 74 1b 48 83 f8 01 0f 85 3b 03 00 00 0f b7 44 24 18 66 c1 c0 08 0f b7 c0 48 89 44 24 18 48 8b 44 24 10 0f b7 54 24 18 <66> 89 10 e9 82 fe ff ff 48 83 3c 24 08 0f 85 a1 02 00 00 48 8b 44 [ 392.775702][ T8770] RSP: 002b:00007ffc7e8a1790 EFLAGS: 00010246 [ 392.781779][ T8770] RAX: 000020000057eff8 RBX: 0000000000000002 RCX: 0000000000000000 [ 392.789754][ T8770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555575c313c8 [ 392.797729][ T8770] RBP: 00007ffc7e8a1898 R08: 0000000000000000 R09: 0000000000000000 [ 392.805700][ T8770] R10: 0000000000000000 R11: 0000000000000000 R12: 00007fc6ca1b5fac [ 392.813677][ T8770] R13: 00007ffc7e8a18c0 R14: fffffffffffffffe R15: 00007ffc7e8a18e0 [ 392.821659][ T8770] [ 392.824775][ T8770] Modules linked in: [ 392.830356][ T8770] ---[ end trace 0000000000000000 ]--- [ 392.840741][ T8770] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 392.846937][ T8770] Code: fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 4b 99 0e 00 90 0f 0b e8 53 fe c8 ff 4c 89 e7 48 c7 c6 80 2e 94 8b e8 34 99 0e 00 90 <0f> 0b e8 3c fe c8 ff 4c 89 e7 48 c7 c6 a0 37 94 8b e8 1d 99 0e 00 [ 392.868895][ T8770] RSP: 0018:ffffc9000c08f680 EFLAGS: 00010246 [ 392.882025][ T8770] RAX: 289fb3a997398200 RBX: 0000000000000002 RCX: 0000000000000000 [ 392.914003][ T8770] RDX: 0000000000000007 RSI: ffffffff8d96ea60 RDI: 00000000ffffffff [ 392.947691][ T8770] RBP: ffffc9000c08f7e8 R08: ffffffff8f9fe1f7 R09: 1ffffffff1f3fc3e [ 392.967797][ T8770] R10: dffffc0000000000 R11: fffffbfff1f3fc3f R12: ffffea0000c53900 [ 392.997107][ T8770] R13: dffffc0000000000 R14: ffffea0000c53908 R15: 0000000000000004 [ 393.019216][ T8770] FS: 0000555575c31500(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000 [ 393.127938][ T8770] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 393.208450][ T8770] CR2: 0000200000003030 CR3: 00000000310c4000 CR4: 00000000003526f0 [ 393.270646][ T8770] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 393.296065][ T8770] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 393.332901][ T8770] Kernel panic - not syncing: Fatal exception [ 393.339309][ T8770] Kernel Offset: disabled [ 393.343636][ T8770] Rebooting in 86400 seconds..