last executing test programs: 9.066909149s ago: executing program 1 (id=463): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000200)="ddd3", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000006c0)='\f', 0x1}], 0x1}}], 0x2, 0x4000000) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={r1, 0x2}, 0x8) 8.738847448s ago: executing program 1 (id=465): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288763"], 0xffdd) 8.338841211s ago: executing program 0 (id=468): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)}], 0x1}, 0x4048081) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x69, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x0, 0x10d000}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000140)={0x18, 0x0, 0x20, 0x0, &(0x7f0000000100)=[{0xe26, 0x7fffffffffffffff}, {0x9, 0xb}]}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0xffffffffffffffff, {0x2, 0x0, 0x4}, 0xff}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000005000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xfffd, 0x89c77fb34cc3db7f}, {0xa, 0x1}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 6.157637014s ago: executing program 2 (id=476): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x6, 0x2}) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002640)=@newtaction={0xe68, 0x30, 0x3f, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x0, 0x0, 0x20000000}, 0x2}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xfffffffc, 0x0, 0x0, 0x5, 0x100, 0x81}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x5943}, {0x0, 0x800000, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {0x0, 0xa2}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1cbe}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, {0x8}, {0x0, 0x10000000}, {0x0, 0xfffffffe, 0x400000}, {0x40000000, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0xffffffff, 0x6}, {0xd, 0x0, 0x0, 0x0, 0x4, 0xffffff6a}, {0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x6}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x800000}, {}, {}, {}, {0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0xfffff12e, 0xffffffc, 0x0, 0x0, 0x8}, {0x0, 0x7fffffff}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x27a}, {0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x200}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0xa, 0x0, 0x200}, {0x0, 0x0, 0x1, 0x2, 0x0, 0xf3}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0xc}, {}, {0x0, 0x0, 0x2b7f}, {0x3ff, 0x0, 0x0, 0x0, 0x8}, {0x0, 0xc}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0xcfc, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x4}, {0x4}, {0x0, 0x0, 0x0, 0x0, 0x800}, {0xfffffffd, 0x0, 0x0, 0x0, 0xa92}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x40000000, 0x5, 0x0, 0x10001}, {0x0, 0x0, 0x20}, {}, {0x80000, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {0xfffffffc}, {0x4, 0x0, 0x0, 0x0, 0x2}, {}, {}, {0x0, 0xa, 0xfffffffc}, {0x0, 0x0, 0x0, 0x8}, {0x7, 0xfffffffe}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x40, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1, 0x2}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x2}, {0x5}, {}, {}, {0x0, 0x1}, {}, {}, {0x7, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) sendmsg$NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="10002abd7000fedb"], 0x64}, 0x1, 0x0, 0x0, 0x20000041}, 0x44) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.949468089s ago: executing program 2 (id=477): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xa73}}}]}, 0x38}}, 0x24000098) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x44, 0x2c, 0x53d, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0xfff2, 0xb}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8100}, @TCA_FLOWER_KEY_VLAN_ETH_TYPE={0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000885d}, 0x20000800) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0xf2ff, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x48c0}, 0x20001880) 4.674773898s ago: executing program 3 (id=478): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback, 0x580d5476}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbffbf3a, &(0x7f0000000140)={0xa, 0x4e20, 0xffffffff, @loopback}, 0x1c) sendmsg$inet(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="98", 0x1}], 0x1}, 0x8001) sendto(r0, &(0x7f0000000640)="a8", 0x1, 0x20000800, 0x0, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/62, 0x3e, 0x0, 0x0, 0x0) 4.457832298s ago: executing program 0 (id=479): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socket$pppoe(0x18, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000c, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 4.399302303s ago: executing program 1 (id=480): unshare(0x22020600) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c0002800800034000000016080001"], 0x110}}, 0x0) 4.326323553s ago: executing program 2 (id=481): mlockall(0x2) r0 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) io_setup(0x10000, &(0x7f0000000180)) shmat(r0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000003c0)={0x0, 0x0, 0x602, {0x1, 0x1}, {0x45, 0x8}, @rumble={0x844, 0xbb4}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) 4.316785186s ago: executing program 0 (id=482): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @local, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x82680027}) 4.280763763s ago: executing program 1 (id=483): write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {0x20, '/dev/kvm\x00'}]}, 0x1f) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) quotactl_fd$Q_QUOTAOFF(r2, 0xffffffff80000300, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x18, 0x5, 0x84, 0xfc, 0x3, 0x2, 0x0, 0x70, 0x4, 0x5}], 0xffffffff}) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = socket(0x2b, 0x80801, 0x1) connect$inet6(r3, &(0x7f00000005c0)={0xa, 0x4e23, 0xa, @loopback, 0x7}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x20040600) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0x2, &(0x7f0000000000)=0x8, 0x4) 4.214162959s ago: executing program 0 (id=484): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000540)="0000000100000004ff6943b80000000800000028f2000000008607000000ebb01f63dd65dd530700a28f2cbf86f474fad8cb594ed9fabe9ec277bb8d0000009c238532dd", 0x44, r0) 4.078702744s ago: executing program 0 (id=485): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fspick(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) r3 = dup(r2) r4 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r4, 0x200004) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000004c0)={0x3, 0x5, 0xffff1000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CAP_X2APIC_API(r7, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3}) ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x4, 0x44, 0x1, 0x80000003}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$MRT6(r4, 0x29, 0xcf, &(0x7f0000000200), &(0x7f0000000500)=0x4) sendmsg$nl_generic(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x41, 0x107, 0x0, 0x7, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x4, 0x90}]}]}, 0x28}}, 0x4010) r9 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r9, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000000c0)={0x0, 0x13, 0x6, "fc19d02303f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendfile(r3, r4, 0x0, 0x80001d00c0d1) 4.023290446s ago: executing program 1 (id=486): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x6) read$dsp(r0, &(0x7f00000011c0)=""/4117, 0x200021d5) (fail_nth: 38) 3.875307289s ago: executing program 2 (id=487): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20, 0x73493c29db5af376}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x30}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r1) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000100)={0x400, 0x33e, 0x30, 0x0, 0x0, 0x4db, 0x8, 0x0, {0x4, 0x40}, {0x0, 0x1}, {0x0, 0xfffffffe}, {0x3, 0x0, 0x1}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffc00, 0x0, 0x404, 0x0, 0x0, 0x21, 0x0, 0x0, 0x7}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x1000, 0x10000, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000, 0x800, 0xfffffffd], [0x0, 0x1001000, 0xfffffffc], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x1, [r7, 0x0, 0x0, r8], [0x2b8]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffff5b}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r10 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x10000000, 0x404, 0xfffffffe}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x0) 3.515875253s ago: executing program 1 (id=488): socket$inet6_udp(0xa, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a000000020000", 0x7) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, 0x0, 0x9) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10) write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) socket(0x2, 0x80805, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) pipe2$watch_queue(0x0, 0x80) add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x52b281, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 3.514997504s ago: executing program 3 (id=489): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)}], 0x1}, 0x4048081) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x69, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x0, 0x10d000}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000140)={0x18, 0x0, 0x20, 0x0, &(0x7f0000000100)=[{0xe26, 0x7fffffffffffffff}, {0x9, 0xb}]}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0xffffffffffffffff, {0x2, 0x0, 0x4}, 0xff}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000005000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x74, r6, {0xfffd, 0x89c77fb34cc3db7f}, {0xa, 0x1}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 3.01886782s ago: executing program 4 (id=490): keyctl$dh_compute(0x17, &(0x7f0000000400), 0x0, 0x0, &(0x7f00000003c0)={0x0, &(0x7f0000000280)="708803449262dd9da315bcc77984faa6f32831aa941ab5bda92158536f78c39060", 0x21}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = gettid() rt_sigqueueinfo(r2, 0x21, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) sendmmsg$inet6(r1, 0x0, 0x0, 0x8000) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r6, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x1}) fcntl$lock(r6, 0x26, &(0x7f0000000080)={0x0, 0x2}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000500)={0xc}) setitimer(0x1, &(0x7f0000000000)={{}, {0x77359400}}, 0x0) getitimer(0x1, &(0x7f00000001c0)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x20004080) fcntl$setlease(r3, 0x400, 0x2) 2.87991889s ago: executing program 2 (id=491): ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000340)={0xe, 0x3, {0x7, @struct={0x1, 0xd}, 0x0, 0x7db, 0x7, 0x4, 0x2, 0x9, 0x50, @struct={0x8761, 0x5}, 0x9, 0x49, [0x4, 0x0, 0x4, 0x2, 0x602, 0x8]}, {0x401, @struct={0x7ff, 0x7f}, 0x0, 0x5e, 0x2, 0x5, 0x8, 0x100000000, 0x6c, @struct={0x2, 0x9}, 0x7, 0x4, [0x4165, 0xd, 0x0, 0x6, 0xffffffffffffff19, 0x8]}, {0x1, @struct={0x2, 0x1}, 0x0, 0x8, 0x101, 0x0, 0x9, 0x7, 0x0, @struct={0x6, 0x9}, 0x0, 0x200, [0xe, 0x5, 0x200000000000000, 0x7, 0xffffffffffffffff, 0x55]}, {0x2, 0x0, 0x57fe}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0) syz_usb_connect$uac1(0x0, 0xa3, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x91, 0x3, 0x1, 0x10, 0x10, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8001}, [@extension_unit={0x7, 0x24, 0x8, 0x4, 0x1, 0x5}, @processing_unit={0xc, 0x24, 0x7, 0x3, 0x0, 0x0, "d885700585"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x2, 0x3, 0x3, 0x1, 'b'}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x14, 0x4, 0xcc, {0x7, 0x25, 0x1, 0x1, 0x7f, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x1, 0x5, 0x1002}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x6896, 0x2, 0x0, "78f4cd9535ca"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x7, 0x4, 0x3, {0x7, 0x25, 0x1, 0x2, 0xf4}}}}}}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r1, 0x4068aea3, &(0x7f0000000080)={0xc5, 0x0, r1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r3, &(0x7f0000000740)={&(0x7f0000000180), 0xc, &(0x7f0000000300)={&(0x7f0000000780)={0x64, 0x6, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4048011}, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x4) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xf9, 0x3, 0x3, '\x00', 0x8}) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8983, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.962680222s ago: executing program 3 (id=492): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) socket$pppoe(0x18, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000c, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 1.609191752s ago: executing program 4 (id=493): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c0002800800034000000016080001"], 0x110}}, 0x0) 1.589194849s ago: executing program 3 (id=494): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00'}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, 0x0) 1.383684381s ago: executing program 4 (id=495): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x3, 0xfe, "0062ba7d9dd00014fbb36d9df98c4038096304"}) r1 = syz_open_pts(r0, 0x900) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000000)={0x8, 0x4, 0x6, 0x9e, 0x8, "7ee9721abf818eac"}) 1.278262247s ago: executing program 3 (id=496): write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}, {0x20, '/dev/kvm\x00'}]}, 0x1f) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) quotactl_fd$Q_QUOTAOFF(r2, 0xffffffff80000300, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x18, 0x5, 0x84, 0xfc, 0x3, 0x2, 0x0, 0x70, 0x4, 0x5}], 0xffffffff}) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) socket(0x2b, 0x80801, 0x1) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x20040600) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000000)=0x8, 0x4) 1.066899581s ago: executing program 4 (id=497): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x300000000000000, 0x80000}, &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) 996.521333ms ago: executing program 4 (id=498): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0) (async) r1 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x28002) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000001c0)={"0400", 0x100, 0x5, 0x4, 0x800, 0x1, "000019b1cf000012b09882ffbf2000", '\x00', "0300", '\x00', ["8b59b494c1cbd6e4af000700", "ca8cacfffffffff4550400", "000000ff0000000000000020", "0000000000000000001000"]}) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async) ioctl$CEC_TRANSMIT(r2, 0xc0386105, &(0x7f0000000000)={0x7, 0x4, 0xf, 0xa937, 0x5, 0x3, "ded91413a1389b35bd6def19e4487973", 0xa, 0x2, 0x5, 0x9, 0x81, 0x2, 0xa}) (async) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000001680)={r2, 0x3, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x2a, "8f4c6c1ee008e6b7fb0000e60080b8785de0000100000000000000000000000000000000002100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f400000000010000001cbf61ae00", [0x18000000000000, 0x22000000000002]}}) 792.663702ms ago: executing program 4 (id=499): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x2239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) io_uring_enter(r2, 0x7866, 0x4000, 0x0, 0x0, 0x0) clock_nanosleep(0x5, 0x1, &(0x7f0000000000)={0x0, 0x3938700}, 0x0) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12011001daa18c4089612d1873010102030109021200"], 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0xd, 0x5, 0x800004, 0x4, {0x12, 0x5, 0x5, 0xa, 0xa, 0x9, 0x22, 0x5, 0x8001, 0xd25, 0x9, 0x60b, 0x2, 0x10001, "6f4f1b1330d057b30bd15586b7445443c528a97436419c2cd5ae7297dceeb0be"}}) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0) syz_usb_control_io$printer(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000840)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc082, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xf, 0x60, 0xe4, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x2, 0x3, {0x9, 0x21, 0x6, 0xf6, 0x1, {0x22, 0xa72}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x3, 0x1, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x9, 0x3, 0x5}}]}}}]}}]}}, &(0x7f0000000a40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0xd4, 0xa, 0x11, 0xc90abd2d25bd8337, 0xb4}, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x3001}}, {0x61, &(0x7f00000009c0)=@string={0x61, 0x3, "6878f58c4c1b50b3887acaa23dcfcede5d46e99b80c20fffcc89d1cc4cbed7a0ea1c83ba2156edc3e7b144203708fe4dbe6aadb9775fbbfec0be916c88dc09609868c668296114864c149c3fc56ab998386eb3bd4c3a1923cf222290fcc108"}}]}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e23, @private=0xa010101}]}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0xfe6}, 0x8) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a700000000000905"], 0x0) 726.520627ms ago: executing program 3 (id=500): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fspick(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) r3 = dup(r2) r4 = open(0x0, 0x1850c2, 0x14c) ftruncate(r4, 0x200004) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000004c0)={0x3, 0x5, 0xffff1000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CAP_X2APIC_API(r7, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3}) ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x4, 0x44, 0x1, 0x80000003}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$MRT6(r4, 0x29, 0xcf, &(0x7f0000000200), &(0x7f0000000500)=0x4) sendmsg$nl_generic(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x41, 0x107, 0x0, 0x7, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x4, 0x90}]}]}, 0x28}}, 0x4010) r9 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r9, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000000c0)={0x0, 0x13, 0x6, "fc19d02303f6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendfile(r3, r4, 0x0, 0x80001d00c0d1) 357.997177ms ago: executing program 2 (id=501): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20, 0x73493c29db5af376}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x30}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r1) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000100)={0x400, 0x33e, 0x30, 0x0, 0x0, 0x4db, 0x8, 0x0, {0x4, 0x40}, {0x0, 0x1}, {0x0, 0xfffffffe}, {0x3, 0x0, 0x1}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffc00, 0x0, 0x404, 0x0, 0x0, 0x21, 0x0, 0x0, 0x7}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x1000, 0x10000, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000, 0x800, 0xfffffffd], [0x0, 0x1001000, 0xfffffffc], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x1, [r7, 0x0, 0x0, r8], [0x2b8]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffff5b}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r10 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x10000000, 0x404, 0xfffffffe}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x0) 0s ago: executing program 0 (id=502): ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0) lseek(0xffffffffffffffff, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) write$dsp(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 6_finish_output2+0x10/0x10 [ 99.050473][ T5999] ? ip6_mtu+0x7d/0x3f0 [ 99.050493][ T5999] ? ip6_mtu+0x7d/0x3f0 [ 99.050513][ T5999] ip6_finish_output+0x234/0x7d0 [ 99.050532][ T5999] ? ip6_send_skb+0x10f/0x390 [ 99.050553][ T5999] ip6_send_skb+0x1d5/0x390 [ 99.050585][ T5999] udp_v6_send_skb+0xc17/0x1830 [ 99.050629][ T5999] udp_v6_push_pending_frames+0x133/0x220 [ 99.050661][ T5999] udpv6_sendmsg+0xff8/0x2710 [ 99.050690][ T5999] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 99.050718][ T5999] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 99.050742][ T5999] ? __pfx___might_resched+0x10/0x10 [ 99.050781][ T5999] ? aa_sk_perm+0x81e/0x950 [ 99.050802][ T5999] ? __lock_acquire+0xab9/0xd20 [ 99.050830][ T5999] ? inet_send_prepare+0x5c/0x270 [ 99.050848][ T5999] ? inet6_sendmsg+0xe4/0x120 [ 99.050865][ T5999] __sock_sendmsg+0xe5/0x270 [ 99.050892][ T5999] ____sys_sendmsg+0x52d/0x830 [ 99.050916][ T5999] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.050943][ T5999] ? import_iovec+0x74/0xa0 [ 99.050962][ T5999] ___sys_sendmsg+0x21f/0x2a0 [ 99.050983][ T5999] ? __pfx____sys_sendmsg+0x10/0x10 [ 99.051037][ T5999] ? __fget_files+0x2a/0x420 [ 99.051053][ T5999] ? __fget_files+0x3a0/0x420 [ 99.051078][ T5999] __sys_sendmmsg+0x227/0x430 [ 99.051102][ T5999] ? __pfx___sys_sendmmsg+0x10/0x10 [ 99.051120][ T5999] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 99.051155][ T5999] ? ksys_write+0x22a/0x250 [ 99.051171][ T5999] ? __pfx_ksys_write+0x10/0x10 [ 99.051190][ T5999] __x64_sys_sendmmsg+0xa0/0xc0 [ 99.051212][ T5999] do_syscall_64+0xfa/0x3b0 [ 99.051225][ T5999] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.051248][ T5999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.051263][ T5999] ? clear_bhb_loop+0x60/0xb0 [ 99.051282][ T5999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.051296][ T5999] RIP: 0033:0x7f6e8318e929 [ 99.051310][ T5999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.051323][ T5999] RSP: 002b:00007f6e84026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 99.051339][ T5999] RAX: ffffffffffffffda RBX: 00007f6e833b6080 RCX: 00007f6e8318e929 [ 99.051350][ T5999] RDX: 0000000000000001 RSI: 0000200000003640 RDI: 0000000000000003 [ 99.051359][ T5999] RBP: 00007f6e84026090 R08: 0000000000000000 R09: 0000000000000000 [ 99.051368][ T5999] R10: 0000000004040005 R11: 0000000000000246 R12: 0000000000000001 [ 99.051377][ T5999] R13: 0000000000000001 R14: 00007f6e833b6080 R15: 00007f6e834dfa28 [ 99.051400][ T5999] [ 100.069312][ T24] usb 3-1: USB disconnect, device number 2 [ 100.199355][ T6009] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.284664][ T6013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.22'. [ 100.314138][ T6013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.22'. [ 100.336860][ T6013] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 100.348072][ T6013] bridge0: entered promiscuous mode [ 100.608782][ T6021] FAULT_INJECTION: forcing a failure. [ 100.608782][ T6021] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 100.630157][ T6021] CPU: 0 UID: 0 PID: 6021 Comm: syz.3.26 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 100.630190][ T6021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.630203][ T6021] Call Trace: [ 100.630211][ T6021] [ 100.630222][ T6021] dump_stack_lvl+0x189/0x250 [ 100.630261][ T6021] ? __pfx____ratelimit+0x10/0x10 [ 100.630295][ T6021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.630329][ T6021] ? __pfx__printk+0x10/0x10 [ 100.630353][ T6021] ? __might_fault+0xb0/0x130 [ 100.630386][ T6021] should_fail_ex+0x414/0x560 [ 100.630420][ T6021] _copy_from_user+0x2d/0xb0 [ 100.630444][ T6021] ___sys_sendmsg+0x158/0x2a0 [ 100.630475][ T6021] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.630541][ T6021] ? __fget_files+0x2a/0x420 [ 100.630565][ T6021] ? __fget_files+0x3a0/0x420 [ 100.630610][ T6021] __x64_sys_sendmsg+0x19b/0x260 [ 100.630640][ T6021] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 100.630677][ T6021] ? __pfx_ksys_write+0x10/0x10 [ 100.630693][ T6021] ? rcu_is_watching+0x15/0xb0 [ 100.630725][ T6021] ? do_syscall_64+0xbe/0x3b0 [ 100.630744][ T6021] do_syscall_64+0xfa/0x3b0 [ 100.630760][ T6021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.630776][ T6021] ? asm_sysvec_call_function_single+0x1a/0x20 [ 100.630792][ T6021] ? clear_bhb_loop+0x60/0xb0 [ 100.630812][ T6021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.630827][ T6021] RIP: 0033:0x7fb09678e929 [ 100.630842][ T6021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.630857][ T6021] RSP: 002b:00007fb0975c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.630876][ T6021] RAX: ffffffffffffffda RBX: 00007fb0969b5fa0 RCX: 00007fb09678e929 [ 100.630888][ T6021] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003 [ 100.630898][ T6021] RBP: 00007fb0975c7090 R08: 0000000000000000 R09: 0000000000000000 [ 100.630908][ T6021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.630917][ T6021] R13: 0000000000000000 R14: 00007fb0969b5fa0 R15: 00007fb096adfa28 [ 100.630941][ T6021] [ 100.839939][ C0] vkms_vblank_simulate: vblank timer overrun [ 101.000700][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 101.177028][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 101.207233][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.251891][ T9] usb 2-1: config 0 descriptor?? [ 101.302281][ T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5 [ 101.780752][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 101.945570][ T30] audit: type=1326 audit(1749985848.975:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1e78e929 code=0x7ffc0000 [ 101.984750][ T9] usb 5-1: config 0 has no interfaces? [ 101.999539][ T30] audit: type=1326 audit(1749985848.975:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1e72ab19 code=0x7ffc0000 [ 102.033786][ T9] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 102.047165][ T43] usb 2-1: USB disconnect, device number 3 [ 102.067617][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.120681][ T9] usb 5-1: Product: syz [ 102.132954][ T30] audit: type=1326 audit(1749985848.975:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1e72ab19 code=0x7ffc0000 [ 102.165785][ T9] usb 5-1: Manufacturer: syz [ 102.170500][ T9] usb 5-1: SerialNumber: syz [ 102.218207][ T30] audit: type=1326 audit(1749985848.975:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1e72ab19 code=0x7ffc0000 [ 102.252351][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888033a82400: rx timeout, send abort [ 102.265696][ T9] usb 5-1: config 0 descriptor?? [ 102.339492][ T30] audit: type=1326 audit(1749985848.975:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1e78e929 code=0x7ffc0000 [ 102.402431][ T30] audit: type=1326 audit(1749985848.975:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1e78e929 code=0x7ffc0000 [ 102.450854][ T30] audit: type=1326 audit(1749985848.975:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1e72ab19 code=0x7ffc0000 [ 102.472717][ C0] vkms_vblank_simulate: vblank timer overrun [ 102.533997][ T30] audit: type=1326 audit(1749985849.005:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1e72ab19 code=0x7ffc0000 [ 102.555955][ C0] vkms_vblank_simulate: vblank timer overrun [ 102.563077][ T30] audit: type=1326 audit(1749985849.015:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1e72ab19 code=0x7ffc0000 [ 102.690861][ T43] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.753108][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888033a82000: rx timeout, send abort [ 102.761591][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888033a82400: abort rx timeout. Force session deactivation [ 102.880879][ T6055] netlink: zone id is out of range [ 102.934227][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 102.940971][ T43] usb 1-1: device descriptor read/64, error -71 [ 102.943909][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 102.957246][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 102.969053][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.008235][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x2 [ 103.048673][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.127491][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.160708][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.179187][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.186843][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 103.198943][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.204332][ T43] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 103.207508][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.223114][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.234018][ T5921] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 103.249144][ T5921] hid-generic 00A0:0006:0003.0001: hidraw0: HID v0.05 Device [syz1] on syz0 [ 103.261530][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888033a82000: abort rx timeout. Force session deactivation [ 103.300977][ T1214] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 103.350665][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 103.381920][ T43] usb 1-1: device descriptor read/64, error -71 [ 103.446647][ T9] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 103.457019][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.469832][ T9] usb 2-1: Product: syz [ 103.478467][ T9] usb 2-1: Manufacturer: syz [ 103.486514][ T1214] usb 3-1: Using ep0 maxpacket: 32 [ 103.495671][ T1214] usb 3-1: New USB device found, idVendor=2040, idProduct=c602, bcdDevice= 1.8e [ 103.506906][ T1214] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.524554][ T9] usb 2-1: SerialNumber: syz [ 103.531327][ T43] usb usb1-port1: attempt power cycle [ 103.546755][ T1214] usb 3-1: config 0 descriptor?? [ 103.567621][ T9] usb 2-1: config 0 descriptor?? [ 103.583913][ T1214] usb 3-1: dvb_usb_v2: found a 'HCW 126xxx' in warm state [ 103.623222][ T9] gspca_main: sq930x-2.14.0 probing 2770:930c [ 103.665946][ T1214] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 103.678682][ T1214] dvbdev: DVB: registering new adapter (HCW 126xxx) [ 103.703086][ T1214] usb 3-1: media controller created [ 103.830820][ T24] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 103.831277][ T1214] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 103.896297][ T1214] usb 3-1: selecting invalid altsetting 1 [ 103.900847][ T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 103.924807][ T43] usb 1-1: device descriptor read/8, error -71 [ 103.939006][ T1214] set interface failed [ 103.939483][ T1214] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 103.963908][ T1214] error writing reg: 0xff, val: 0x00 [ 104.004536][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 104.024309][ T24] usb 4-1: config 0 has no interfaces? [ 104.030019][ T24] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 104.054634][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.069384][ T24] usb 4-1: config 0 descriptor?? [ 104.094998][ T1214] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 104.148312][ T1214] usb 3-1: USB disconnect, device number 3 [ 104.183276][ T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 104.254660][ T43] usb 1-1: device descriptor read/8, error -71 [ 104.295644][ T24] usb 4-1: USB disconnect, device number 2 [ 104.341626][ T9] gspca_sq930x: ucbus_write failed -110 [ 104.347400][ T9] sq930x 2-1:0.0: probe with driver sq930x failed with error -110 [ 104.373071][ T43] usb usb1-port1: unable to enumerate USB device [ 104.484586][ T9] usb 5-1: USB disconnect, device number 2 [ 105.431658][ T5889] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 105.456571][ T6076] FAULT_INJECTION: forcing a failure. [ 105.456571][ T6076] name failslab, interval 1, probability 0, space 0, times 0 [ 105.470157][ T6076] CPU: 1 UID: 0 PID: 6076 Comm: syz.3.44 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 105.470179][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.470195][ T6076] Call Trace: [ 105.470201][ T6076] [ 105.470209][ T6076] dump_stack_lvl+0x189/0x250 [ 105.470238][ T6076] ? __pfx____ratelimit+0x10/0x10 [ 105.470262][ T6076] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.470286][ T6076] ? __pfx__printk+0x10/0x10 [ 105.470305][ T6076] ? __pfx___might_resched+0x10/0x10 [ 105.470329][ T6076] ? fs_reclaim_acquire+0x7d/0x100 [ 105.470351][ T6076] should_fail_ex+0x414/0x560 [ 105.470375][ T6076] should_failslab+0xa8/0x100 [ 105.470393][ T6076] __kmalloc_noprof+0xcb/0x4f0 [ 105.470407][ T6076] ? tomoyo_encode+0x28b/0x550 [ 105.470433][ T6076] tomoyo_encode+0x28b/0x550 [ 105.470461][ T6076] tomoyo_realpath_from_path+0x58d/0x5d0 [ 105.470485][ T6076] ? tomoyo_domain+0xd9/0x130 [ 105.470524][ T6076] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 105.470542][ T6076] tomoyo_path_number_perm+0x1e8/0x5a0 [ 105.470562][ T6076] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 105.470605][ T6076] ? __lock_acquire+0xab9/0xd20 [ 105.470653][ T6076] ? __fget_files+0x2a/0x420 [ 105.470677][ T6076] ? __fget_files+0x2a/0x420 [ 105.470699][ T6076] ? __fget_files+0x3a0/0x420 [ 105.470720][ T6076] ? __fget_files+0x2a/0x420 [ 105.470746][ T6076] security_file_ioctl+0xcb/0x2d0 [ 105.470772][ T6076] __se_sys_ioctl+0x47/0x170 [ 105.470806][ T6076] do_syscall_64+0xfa/0x3b0 [ 105.470824][ T6076] ? lockdep_hardirqs_on+0x9c/0x150 [ 105.470854][ T6076] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.470874][ T6076] ? clear_bhb_loop+0x60/0xb0 [ 105.470899][ T6076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.470919][ T6076] RIP: 0033:0x7fb09678e929 [ 105.470938][ T6076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.470955][ T6076] RSP: 002b:00007fb0975c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.470976][ T6076] RAX: ffffffffffffffda RBX: 00007fb0969b5fa0 RCX: 00007fb09678e929 [ 105.470991][ T6076] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 105.471003][ T6076] RBP: 00007fb0975c7090 R08: 0000000000000000 R09: 0000000000000000 [ 105.471015][ T6076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.471027][ T6076] R13: 0000000000000000 R14: 00007fb0969b5fa0 R15: 00007fb096adfa28 [ 105.471077][ T6076] [ 105.995955][ T6076] ERROR: Out of memory at tomoyo_realpath_from_path. [ 106.056449][ T6080] FAULT_INJECTION: forcing a failure. [ 106.056449][ T6080] name failslab, interval 1, probability 0, space 0, times 0 [ 106.082333][ T6080] CPU: 1 UID: 0 PID: 6080 Comm: syz.0.45 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 106.082368][ T6080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.082382][ T6080] Call Trace: [ 106.082390][ T6080] [ 106.082400][ T6080] dump_stack_lvl+0x189/0x250 [ 106.082438][ T6080] ? __pfx____ratelimit+0x10/0x10 [ 106.082470][ T6080] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.082502][ T6080] ? __pfx__printk+0x10/0x10 [ 106.082532][ T6080] ? ref_tracker_alloc+0x318/0x460 [ 106.082564][ T6080] should_fail_ex+0x414/0x560 [ 106.082596][ T6080] should_failslab+0xa8/0x100 [ 106.082621][ T6080] kmem_cache_alloc_noprof+0x73/0x3c0 [ 106.082654][ T6080] ? skb_clone+0x212/0x3a0 [ 106.082687][ T6080] skb_clone+0x212/0x3a0 [ 106.082719][ T6080] __netlink_deliver_tap+0x404/0x850 [ 106.082758][ T6080] ? netlink_deliver_tap+0x2e/0x1b0 [ 106.082784][ T6080] netlink_deliver_tap+0x19c/0x1b0 [ 106.082810][ T6080] netlink_unicast+0x72f/0x8d0 [ 106.082843][ T6080] netlink_sendmsg+0x805/0xb30 [ 106.082878][ T6080] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.082920][ T6080] ? aa_sock_msg_perm+0x94/0x160 [ 106.082959][ T6080] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 106.082985][ T6080] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.083011][ T6080] __sock_sendmsg+0x21c/0x270 [ 106.083048][ T6080] ____sys_sendmsg+0x505/0x830 [ 106.083079][ T6080] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.083114][ T6080] ? import_iovec+0x74/0xa0 [ 106.083139][ T6080] ___sys_sendmsg+0x21f/0x2a0 [ 106.083169][ T6080] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.083255][ T6080] ? __fget_files+0x2a/0x420 [ 106.083278][ T6080] ? __fget_files+0x3a0/0x420 [ 106.083314][ T6080] __x64_sys_sendmsg+0x19b/0x260 [ 106.083354][ T6080] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.083394][ T6080] ? __pfx_ksys_write+0x10/0x10 [ 106.083411][ T6080] ? rcu_is_watching+0x15/0xb0 [ 106.083450][ T6080] ? do_syscall_64+0xbe/0x3b0 [ 106.083474][ T6080] do_syscall_64+0xfa/0x3b0 [ 106.083492][ T6080] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.083524][ T6080] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.083545][ T6080] ? clear_bhb_loop+0x60/0xb0 [ 106.083572][ T6080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.083593][ T6080] RIP: 0033:0x7f6e8318e929 [ 106.083612][ T6080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.083630][ T6080] RSP: 002b:00007f6e84047038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.083653][ T6080] RAX: ffffffffffffffda RBX: 00007f6e833b5fa0 RCX: 00007f6e8318e929 [ 106.083669][ T6080] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 106.083682][ T6080] RBP: 00007f6e84047090 R08: 0000000000000000 R09: 0000000000000000 [ 106.083695][ T6080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.083708][ T6080] R13: 0000000000000000 R14: 00007f6e833b5fa0 R15: 00007f6e834dfa28 [ 106.083740][ T6080] [ 106.086837][ T6080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.45'. [ 106.301523][ T5921] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 106.493899][ T5889] usb 5-1: config 0 has no interfaces? [ 106.634801][ T5889] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 106.665718][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.690793][ T5889] usb 5-1: Product: syz [ 106.695038][ T5889] usb 5-1: Manufacturer: syz [ 106.729947][ T5889] usb 5-1: SerialNumber: syz [ 106.814500][ T5889] usb 5-1: config 0 descriptor?? [ 106.874574][ T6082] fuse: Unknown parameter 'allow_other' [ 107.043487][ T5921] usb 3-1: config 0 has no interfaces? [ 107.089328][ T5923] usb 2-1: USB disconnect, device number 4 [ 107.089995][ T5921] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 107.164496][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.196611][ T5921] usb 3-1: Product: syz [ 107.231327][ T5921] usb 3-1: Manufacturer: syz [ 107.249542][ T5921] usb 3-1: SerialNumber: syz [ 107.271218][ T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 107.322240][ T6089] FAULT_INJECTION: forcing a failure. [ 107.322240][ T6089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 107.362089][ T5921] usb 3-1: config 0 descriptor?? [ 107.417744][ T6089] CPU: 0 UID: 0 PID: 6089 Comm: syz.3.48 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 107.417776][ T6089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.417789][ T6089] Call Trace: [ 107.417798][ T6089] [ 107.417807][ T6089] dump_stack_lvl+0x189/0x250 [ 107.417846][ T6089] ? __pfx____ratelimit+0x10/0x10 [ 107.417879][ T6089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.417911][ T6089] ? __pfx__printk+0x10/0x10 [ 107.417935][ T6089] ? __might_fault+0xb0/0x130 [ 107.417967][ T6089] should_fail_ex+0x414/0x560 [ 107.418000][ T6089] _copy_from_iter+0x1db/0x16f0 [ 107.418037][ T6089] ? rcu_is_watching+0x15/0xb0 [ 107.418072][ T6089] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 107.418095][ T6089] ? __pfx__copy_from_iter+0x10/0x10 [ 107.418129][ T6089] ? __build_skb_around+0x257/0x3e0 [ 107.418166][ T6089] ? netlink_sendmsg+0x642/0xb30 [ 107.418190][ T6089] ? skb_put+0x11b/0x210 [ 107.418218][ T6089] netlink_sendmsg+0x6b2/0xb30 [ 107.418255][ T6089] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.418284][ T6089] ? aa_sock_msg_perm+0x94/0x160 [ 107.418313][ T6089] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 107.418340][ T6089] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.418366][ T6089] __sock_sendmsg+0x21c/0x270 [ 107.418403][ T6089] ____sys_sendmsg+0x505/0x830 [ 107.418437][ T6089] ? __pfx_____sys_sendmsg+0x10/0x10 [ 107.418475][ T6089] ? import_iovec+0x74/0xa0 [ 107.418501][ T6089] ___sys_sendmsg+0x21f/0x2a0 [ 107.418530][ T6089] ? __pfx____sys_sendmsg+0x10/0x10 [ 107.418596][ T6089] ? __fget_files+0x2a/0x420 [ 107.418619][ T6089] ? __fget_files+0x3a0/0x420 [ 107.418653][ T6089] __x64_sys_sendmsg+0x19b/0x260 [ 107.418688][ T6089] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 107.418724][ T6089] ? __pfx_ksys_write+0x10/0x10 [ 107.418742][ T6089] ? rcu_is_watching+0x15/0xb0 [ 107.418778][ T6089] ? do_syscall_64+0xbe/0x3b0 [ 107.418802][ T6089] do_syscall_64+0xfa/0x3b0 [ 107.418821][ T6089] ? lockdep_hardirqs_on+0x9c/0x150 [ 107.418852][ T6089] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.418874][ T6089] ? clear_bhb_loop+0x60/0xb0 [ 107.418899][ T6089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.418920][ T6089] RIP: 0033:0x7fb09678e929 [ 107.418938][ T6089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.418956][ T6089] RSP: 002b:00007fb0975c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.418979][ T6089] RAX: ffffffffffffffda RBX: 00007fb0969b5fa0 RCX: 00007fb09678e929 [ 107.418994][ T6089] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 107.419007][ T6089] RBP: 00007fb0975c7090 R08: 0000000000000000 R09: 0000000000000000 [ 107.419020][ T6089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.419032][ T6089] R13: 0000000000000000 R14: 00007fb0969b5fa0 R15: 00007fb096adfa28 [ 107.419063][ T6089] [ 107.430787][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 107.943698][ T6095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.50'. [ 107.950737][ T5926] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 108.011696][ T43] usb 1-1: config 1 has an invalid interface number: 8 but max is 0 [ 108.019976][ T43] usb 1-1: config 1 has no interface number 0 [ 108.043517][ T43] usb 1-1: config 1 interface 8 has no altsetting 0 [ 108.063681][ T43] usb 1-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df [ 108.073142][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.096304][ T43] usb 1-1: Product: syz [ 108.103687][ T43] usb 1-1: Manufacturer: syz [ 108.113024][ T5926] usb 2-1: unable to get BOS descriptor or descriptor too short [ 108.121985][ T5926] usb 2-1: config 3 has an invalid interface number: 221 but max is 0 [ 108.163378][ T43] usb 1-1: SerialNumber: syz [ 108.168088][ T5926] usb 2-1: config 3 has no interface number 0 [ 108.189107][ T5926] usb 2-1: config 3 interface 221 has no altsetting 0 [ 108.263459][ T5926] usb 2-1: New USB device found, idVendor=0921, idProduct=1200, bcdDevice=e7.b4 [ 108.272863][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.285362][ T5926] usb 2-1: Product: syz [ 108.295268][ T5926] usb 2-1: Manufacturer: syz [ 108.306782][ T5926] usb 2-1: SerialNumber: syz [ 108.402628][ T5923] usb 5-1: USB disconnect, device number 3 [ 108.530099][ T5926] belkin_sa 2-1:3.221: Belkin / Peracom / GoHubs USB Serial Adapter converter detected [ 108.563381][ T5926] usb 2-1: bcdDevice: e7b4, bfc: 0 [ 108.581569][ T5926] usb 2-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0 [ 108.687330][ T43] aqc111 1-1:1.8: probe with driver aqc111 failed with error -71 [ 108.783476][ T43] usb 1-1: USB disconnect, device number 6 [ 108.796656][ T5926] usb 2-1: USB disconnect, device number 5 [ 108.825289][ T5926] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0 [ 108.839039][ T5926] belkin_sa 2-1:3.221: device disconnected [ 108.845641][ T5923] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 109.023044][ T5923] usb 5-1: Using ep0 maxpacket: 16 [ 109.187115][ T5923] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 109.199097][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 109.231077][ T5923] usb 5-1: Product: syz [ 109.235306][ T5923] usb 5-1: Manufacturer: syz [ 109.420871][ T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 109.490702][ T5921] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 109.558395][ T5923] usb 5-1: SerialNumber: syz [ 109.624864][ T5923] usb 5-1: config 0 descriptor?? [ 109.763006][ T5921] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 109.774547][ T5921] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.778242][ T43] usb 4-1: config 0 has no interfaces? [ 109.810829][ T5921] usb 1-1: config 0 interface 0 has no altsetting 0 [ 109.817711][ T5921] usb 1-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 109.826969][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.848625][ T5921] usb 1-1: config 0 descriptor?? [ 110.203339][ T6103] netlink: 48 bytes leftover after parsing attributes in process `syz.4.52'. [ 110.283741][ T43] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 110.296295][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.333412][ T43] usb 4-1: Product: syz [ 110.444175][ T6103] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 110.465657][ T43] usb 4-1: Manufacturer: syz [ 110.470353][ T43] usb 4-1: SerialNumber: syz [ 110.608885][ T5921] pantherlord 0003:0810:0002.0002: hidraw0: USB HID v0.00 Device [HID 0810:0002] on usb-dummy_hcd.0-1/input0 [ 110.647255][ T5921] pantherlord 0003:0810:0002.0002: Force feedback for PantherLord/GreenAsia devices by Anssi Hannula [ 110.689685][ T43] usb 4-1: config 0 descriptor?? [ 110.696299][ T5921] usb 1-1: USB disconnect, device number 7 [ 110.777415][ T1214] usb 5-1: USB disconnect, device number 4 [ 110.950102][ T43] usb 3-1: USB disconnect, device number 4 [ 111.049284][ T6129] FAULT_INJECTION: forcing a failure. [ 111.049284][ T6129] name failslab, interval 1, probability 0, space 0, times 0 [ 111.152084][ T6129] CPU: 1 UID: 0 PID: 6129 Comm: syz.4.57 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 111.152117][ T6129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.152131][ T6129] Call Trace: [ 111.152139][ T6129] [ 111.152148][ T6129] dump_stack_lvl+0x189/0x250 [ 111.152188][ T6129] ? __pfx____ratelimit+0x10/0x10 [ 111.152221][ T6129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.152256][ T6129] ? __pfx__printk+0x10/0x10 [ 111.152282][ T6129] ? __pfx___might_resched+0x10/0x10 [ 111.152316][ T6129] ? fs_reclaim_acquire+0x7d/0x100 [ 111.152347][ T6129] should_fail_ex+0x414/0x560 [ 111.152381][ T6129] should_failslab+0xa8/0x100 [ 111.152406][ T6129] __kmalloc_noprof+0xcb/0x4f0 [ 111.152425][ T6129] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 111.152457][ T6129] ? sock_kmalloc+0xd6/0x160 [ 111.152491][ T6129] sock_kmalloc+0xd6/0x160 [ 111.152524][ T6129] hash_recvmsg+0x1d4/0x840 [ 111.152559][ T6129] ? __pfx_hash_recvmsg+0x10/0x10 [ 111.152588][ T6129] sock_recvmsg_nosec+0x183/0x1c0 [ 111.152624][ T6129] ____sys_recvmsg+0x3aa/0x460 [ 111.152662][ T6129] ? __pfx_____sys_recvmsg+0x10/0x10 [ 111.152709][ T6129] ? import_iovec+0x74/0xa0 [ 111.152735][ T6129] ___sys_recvmsg+0x1b5/0x510 [ 111.152771][ T6129] ? __pfx____sys_recvmsg+0x10/0x10 [ 111.152835][ T6129] ? __might_fault+0xb0/0x130 [ 111.152861][ T6129] do_recvmmsg+0x307/0x770 [ 111.152900][ T6129] ? __pfx_do_recvmmsg+0x10/0x10 [ 111.152943][ T6129] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 111.152984][ T6129] __x64_sys_recvmmsg+0x190/0x240 [ 111.153017][ T6129] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 111.153045][ T6129] ? rcu_is_watching+0x15/0xb0 [ 111.153084][ T6129] ? do_syscall_64+0xbe/0x3b0 [ 111.153108][ T6129] do_syscall_64+0xfa/0x3b0 [ 111.153127][ T6129] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.153159][ T6129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.153180][ T6129] ? clear_bhb_loop+0x60/0xb0 [ 111.153207][ T6129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.153227][ T6129] RIP: 0033:0x7f2f14f8e929 [ 111.153246][ T6129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.153264][ T6129] RSP: 002b:00007f2f15dae038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 111.153287][ T6129] RAX: ffffffffffffffda RBX: 00007f2f151b5fa0 RCX: 00007f2f14f8e929 [ 111.153302][ T6129] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004 [ 111.153316][ T6129] RBP: 00007f2f15dae090 R08: 0000000000000000 R09: 0000000000000000 [ 111.153329][ T6129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 111.153341][ T6129] R13: 0000000000000000 R14: 00007f2f151b5fa0 R15: 00007f2f152dfa28 [ 111.153374][ T6129] [ 111.449107][ T6125] fido_id[6125]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 112.489172][ T6146] Invalid logical block size (55998) [ 112.805517][ T1214] usb 4-1: USB disconnect, device number 3 [ 113.857389][ T6164] fuse: Bad value for 'fd' [ 114.070717][ T43] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 114.632784][ T43] usb 2-1: config 0 has no interfaces? [ 114.656432][ T43] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 114.693733][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.982815][ T43] usb 2-1: Product: syz [ 114.987172][ T43] usb 2-1: Manufacturer: syz [ 115.008025][ T43] usb 2-1: SerialNumber: syz [ 115.079494][ T43] usb 2-1: config 0 descriptor?? [ 115.392925][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 115.392948][ T30] audit: type=1326 audit(1749985862.365:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 115.482416][ T30] audit: type=1326 audit(1749985862.365:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8ed2ab19 code=0x7ffc0000 [ 115.584243][ T30] audit: type=1326 audit(1749985862.365:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8ed2ab19 code=0x7ffc0000 [ 115.685086][ T30] audit: type=1326 audit(1749985862.365:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 115.735389][ T6185] netlink: zone id is out of range [ 115.744579][ T6185] netlink: zone id is out of range [ 115.768657][ T6185] netlink: zone id is out of range [ 115.794333][ T30] audit: type=1326 audit(1749985862.365:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8ed2ab19 code=0x7ffc0000 [ 115.829607][ T6185] netlink: zone id is out of range [ 115.835387][ T6185] netlink: zone id is out of range [ 115.853276][ T6185] netlink: zone id is out of range [ 115.863978][ T6185] netlink: zone id is out of range [ 115.868576][ T30] audit: type=1326 audit(1749985862.365:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 115.892896][ T6185] netlink: zone id is out of range [ 115.903070][ T6185] netlink: zone id is out of range [ 115.914852][ T6185] netlink: zone id is out of range [ 115.963632][ T30] audit: type=1326 audit(1749985862.365:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 116.018418][ T30] audit: type=1326 audit(1749985862.365:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8ed2ab19 code=0x7ffc0000 [ 116.083792][ T30] audit: type=1326 audit(1749985862.365:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8ed2ab19 code=0x7ffc0000 [ 116.167532][ T30] audit: type=1326 audit(1749985862.365:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e8ed2ab19 code=0x7ffc0000 [ 116.730711][ T43] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 116.840731][ T5923] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 116.883329][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 116.902991][ T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.964759][ T43] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 117.006931][ T5923] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 117.020779][ T43] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 117.056781][ T5923] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 117.079514][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.213949][ T43] usb 5-1: config 0 descriptor?? [ 117.219179][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 117.237002][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 117.247710][ T5923] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 117.277295][ T5923] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 117.289044][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.308601][ T5923] usb 4-1: Product: syz [ 117.330725][ T5923] usb 4-1: Manufacturer: syz [ 117.338665][ T5923] usb 4-1: SerialNumber: syz [ 117.349219][ T6199] xt_hashlimit: size too large, truncated to 1048576 [ 117.389061][ T5921] usb 2-1: USB disconnect, device number 6 [ 117.405393][ T6201] : renamed from vxcan1 (while UP) [ 117.456772][ T5923] usb 4-1: config 0 descriptor?? [ 117.542758][ T5923] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input6 [ 118.124277][ T6217] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.132073][ T6217] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.251701][ T6220] random: crng reseeded on system resumption [ 118.278007][ T6220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.290803][ T6220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.324330][ T6217] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.371955][ T6217] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.680706][ T5889] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 118.688442][ T5921] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 118.881055][ T5921] usb 2-1: Using ep0 maxpacket: 8 [ 118.896787][ T5889] usb 1-1: config 0 has no interfaces? [ 118.909496][ T5889] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 118.919509][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.927911][ T5889] usb 1-1: Product: syz [ 118.946568][ T5921] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 118.956433][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.972026][ T5889] usb 1-1: Manufacturer: syz [ 118.986189][ T5889] usb 1-1: SerialNumber: syz [ 118.995482][ T5921] usb 2-1: Product: syz [ 119.017339][ T5921] usb 2-1: Manufacturer: syz [ 119.140848][ T5889] usb 1-1: config 0 descriptor?? [ 119.148783][ T5921] usb 2-1: SerialNumber: syz [ 119.172908][ T5921] usb 2-1: config 0 descriptor?? [ 119.187687][ T5921] gspca_main: sq930x-2.14.0 probing 2770:930c [ 119.794627][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.821857][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.898160][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.910534][ T5921] gspca_sq930x: ucbus_write failed -110 [ 119.916556][ T5921] sq930x 2-1:0.0: probe with driver sq930x failed with error -110 [ 120.078386][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.238894][ T5921] usb 2-1: USB disconnect, device number 7 [ 120.544795][ T5921] usb 5-1: USB disconnect, device number 5 [ 120.764401][ T5923] usb 4-1: USB disconnect, device number 4 [ 121.346040][ T6242] input: syz0 as /devices/virtual/input/input7 [ 121.420884][ T43] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 121.698454][ T5921] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 121.753146][ T43] usb 3-1: config index 0 descriptor too short (expected 36584, got 77) [ 121.763106][ T43] usb 3-1: config 143 has too many interfaces: 184, using maximum allowed: 32 [ 121.773556][ T43] usb 3-1: config 143 has an invalid descriptor of length 0, skipping remainder of the config [ 121.784362][ T43] usb 3-1: config 143 has 0 interfaces, different from the descriptor's value: 184 [ 121.842903][ T5921] usb 2-1: device descriptor read/64, error -71 [ 122.043111][ T43] usb 3-1: New USB device found, idVendor=090f, idProduct=0003, bcdDevice=d7.3b [ 122.054496][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.066085][ T43] usb 3-1: Product: syz [ 122.082923][ T43] usb 3-1: Manufacturer: syz [ 122.092782][ T43] usb 3-1: SerialNumber: syz [ 122.130898][ T5921] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 122.270784][ T5921] usb 2-1: device descriptor read/64, error -71 [ 122.338204][ T43] usb 3-1: USB disconnect, device number 5 [ 122.382508][ T5921] usb usb2-port1: attempt power cycle [ 122.501659][ T5923] usb 1-1: USB disconnect, device number 8 [ 122.760915][ T5921] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 122.792956][ T5921] usb 2-1: device descriptor read/8, error -71 [ 122.916845][ T6247] process 'syz.0.86' launched './file2' with NULL argv: empty string added [ 123.043583][ T5921] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 123.101504][ T5921] usb 2-1: device descriptor read/8, error -71 [ 123.182840][ T6251] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 123.231130][ T5921] usb usb2-port1: unable to enumerate USB device [ 123.558542][ T6268] netlink: 8 bytes leftover after parsing attributes in process `syz.4.92'. [ 123.588439][ T6272] fuse: Bad value for 'fd' [ 123.607853][ T6272] fuse: Bad value for 'fd' [ 123.782018][ T6279] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.893773][ T6282] net_ratelimit: 122 callbacks suppressed [ 123.893797][ T6282] netlink: zone id is out of range [ 124.025172][ T5889] IPVS: starting estimator thread 0... [ 124.145711][ T6292] netlink: 'syz.2.100': attribute type 7 has an invalid length. [ 124.170867][ T6287] IPVS: using max 26 ests per chain, 62400 per kthread [ 124.230863][ T5889] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 124.243553][ T6292] netlink: 16 bytes leftover after parsing attributes in process `syz.2.100'. [ 124.480733][ T5889] usb 5-1: Using ep0 maxpacket: 8 [ 124.517085][ T5889] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 124.531721][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.543050][ T5889] usb 5-1: Product: syz [ 124.549600][ T5889] usb 5-1: Manufacturer: syz [ 124.568132][ T5889] usb 5-1: SerialNumber: syz [ 124.584374][ T5889] usb 5-1: config 0 descriptor?? [ 124.609984][ T5889] gspca_main: sq930x-2.14.0 probing 2770:930c [ 125.329985][ T5889] gspca_sq930x: ucbus_write failed -110 [ 125.351372][ T5889] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 126.170710][ T43] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 126.586886][ T43] usb 4-1: config 0 has no interfaces? [ 126.672410][ T43] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 126.722409][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.753371][ T43] usb 4-1: Product: syz [ 126.759193][ T43] usb 4-1: Manufacturer: syz [ 126.772407][ T43] usb 4-1: SerialNumber: syz [ 126.846490][ T43] usb 4-1: config 0 descriptor?? [ 127.538710][ T5923] usb 5-1: USB disconnect, device number 6 [ 128.200296][ T6342] netlink: 12 bytes leftover after parsing attributes in process `syz.4.113'. [ 129.331810][ T6355] syz.2.117 uses obsolete (PF_INET,SOCK_PACKET) [ 129.677776][ T5833] usb 4-1: USB disconnect, device number 5 [ 129.813970][ T6363] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.945301][ T6366] netlink: 12 bytes leftover after parsing attributes in process `syz.1.118'. [ 130.015869][ T6356] syz.4.115 (6356): drop_caches: 2 [ 130.774666][ T5889] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 130.933963][ T5889] usb 3-1: config 0 has no interfaces? [ 130.946565][ T5889] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 130.956360][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.976099][ T5889] usb 3-1: Product: syz [ 130.988700][ T5889] usb 3-1: Manufacturer: syz [ 131.021340][ T5889] usb 3-1: SerialNumber: syz [ 131.135157][ T5889] usb 3-1: config 0 descriptor?? [ 131.219204][ T6396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.127'. [ 131.505315][ T6402] FAULT_INJECTION: forcing a failure. [ 131.505315][ T6402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.520872][ T6402] CPU: 0 UID: 0 PID: 6402 Comm: syz.0.130 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 131.520895][ T6402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.520905][ T6402] Call Trace: [ 131.520912][ T6402] [ 131.520919][ T6402] dump_stack_lvl+0x189/0x250 [ 131.520948][ T6402] ? __pfx____ratelimit+0x10/0x10 [ 131.520972][ T6402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.520996][ T6402] ? __pfx__printk+0x10/0x10 [ 131.521013][ T6402] ? __might_fault+0xb0/0x130 [ 131.521036][ T6402] should_fail_ex+0x414/0x560 [ 131.521060][ T6402] _copy_from_user+0x2d/0xb0 [ 131.521076][ T6402] ___sys_sendmsg+0x158/0x2a0 [ 131.521099][ T6402] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.521145][ T6402] ? __fget_files+0x2a/0x420 [ 131.521161][ T6402] ? __fget_files+0x3a0/0x420 [ 131.521185][ T6402] __x64_sys_sendmsg+0x19b/0x260 [ 131.521207][ T6402] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.521234][ T6402] ? __pfx_ksys_write+0x10/0x10 [ 131.521246][ T6402] ? rcu_is_watching+0x15/0xb0 [ 131.521275][ T6402] ? do_syscall_64+0xbe/0x3b0 [ 131.521292][ T6402] do_syscall_64+0xfa/0x3b0 [ 131.521305][ T6402] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.521328][ T6402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.521343][ T6402] ? clear_bhb_loop+0x60/0xb0 [ 131.521361][ T6402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.521376][ T6402] RIP: 0033:0x7f6e8318e929 [ 131.521389][ T6402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.521405][ T6402] RSP: 002b:00007f6e84047038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.521422][ T6402] RAX: ffffffffffffffda RBX: 00007f6e833b5fa0 RCX: 00007f6e8318e929 [ 131.521433][ T6402] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 131.521442][ T6402] RBP: 00007f6e84047090 R08: 0000000000000000 R09: 0000000000000000 [ 131.521452][ T6402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.521460][ T6402] R13: 0000000000000000 R14: 00007f6e833b5fa0 R15: 00007f6e834dfa28 [ 131.521482][ T6402] [ 131.962963][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.128'. [ 132.061552][ T6410] Zero length message leads to an empty skb [ 132.553804][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.3.128'. [ 132.558809][ T6420] netlink: 44 bytes leftover after parsing attributes in process `syz.1.135'. [ 132.576334][ T6420] netlink: 4 bytes leftover after parsing attributes in process `syz.1.135'. [ 133.670795][ T1214] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 133.832949][ T1214] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 133.877024][ T1214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.960296][ T5833] usb 3-1: USB disconnect, device number 6 [ 134.044789][ T6438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.143'. [ 134.064880][ T1214] usb 4-1: config 0 descriptor?? [ 134.613672][ T1214] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 134.642853][ T1214] [drm:udl_init] *ERROR* Selecting channel failed [ 134.698559][ T1214] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 134.706045][ T1214] [drm] Initialized udl on minor 2 [ 134.726105][ T5833] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 134.740492][ T1214] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 134.765922][ T1214] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 134.827458][ T5889] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 134.838536][ T5889] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 134.850256][ T1214] usb 4-1: USB disconnect, device number 6 [ 134.917124][ T5833] usb 1-1: config 0 has no interfaces? [ 134.967117][ T5833] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 135.012554][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.058126][ T5833] usb 1-1: Product: syz [ 135.066463][ T6450] netlink: 12 bytes leftover after parsing attributes in process `syz.1.146'. [ 135.134566][ T5833] usb 1-1: Manufacturer: syz [ 135.148975][ T5833] usb 1-1: SerialNumber: syz [ 135.259535][ T5833] usb 1-1: config 0 descriptor?? [ 135.313303][ T6457] FAULT_INJECTION: forcing a failure. [ 135.313303][ T6457] name failslab, interval 1, probability 0, space 0, times 0 [ 135.344051][ T6457] CPU: 1 UID: 0 PID: 6457 Comm: syz.1.149 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 135.344083][ T6457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.344096][ T6457] Call Trace: [ 135.344104][ T6457] [ 135.344113][ T6457] dump_stack_lvl+0x189/0x250 [ 135.344151][ T6457] ? __pfx____ratelimit+0x10/0x10 [ 135.344184][ T6457] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.344215][ T6457] ? __pfx__printk+0x10/0x10 [ 135.344243][ T6457] ? __pfx___might_resched+0x10/0x10 [ 135.344273][ T6457] ? fs_reclaim_acquire+0x7d/0x100 [ 135.344302][ T6457] should_fail_ex+0x414/0x560 [ 135.344335][ T6457] should_failslab+0xa8/0x100 [ 135.344360][ T6457] __kmalloc_noprof+0xcb/0x4f0 [ 135.344377][ T6457] ? kfree+0x4d/0x440 [ 135.344415][ T6457] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 135.344451][ T6457] tomoyo_realpath_from_path+0xe3/0x5d0 [ 135.344479][ T6457] ? tomoyo_domain+0xd9/0x130 [ 135.344512][ T6457] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 135.344536][ T6457] tomoyo_path_number_perm+0x1e8/0x5a0 [ 135.344564][ T6457] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 135.344606][ T6457] ? __lock_acquire+0xab9/0xd20 [ 135.344659][ T6457] ? __fget_files+0x2a/0x420 [ 135.344686][ T6457] ? __fget_files+0x2a/0x420 [ 135.344708][ T6457] ? __fget_files+0x3a0/0x420 [ 135.344731][ T6457] ? __fget_files+0x2a/0x420 [ 135.344759][ T6457] security_file_ioctl+0xcb/0x2d0 [ 135.344786][ T6457] __se_sys_ioctl+0x47/0x170 [ 135.344817][ T6457] do_syscall_64+0xfa/0x3b0 [ 135.344835][ T6457] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.344852][ T6457] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 135.344870][ T6457] ? clear_bhb_loop+0x60/0xb0 [ 135.344893][ T6457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.344910][ T6457] RIP: 0033:0x7fde1e78e929 [ 135.344927][ T6457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.344943][ T6457] RSP: 002b:00007fde1c5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.344963][ T6457] RAX: ffffffffffffffda RBX: 00007fde1e9b5fa0 RCX: 00007fde1e78e929 [ 135.344977][ T6457] RDX: 0000200000000240 RSI: 000000004008b100 RDI: 0000000000000004 [ 135.344989][ T6457] RBP: 00007fde1c5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 135.345000][ T6457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.345011][ T6457] R13: 0000000000000000 R14: 00007fde1e9b5fa0 R15: 00007fde1eadfa28 [ 135.345058][ T6457] [ 135.345067][ T6457] ERROR: Out of memory at tomoyo_realpath_from_path. [ 136.063908][ T5923] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 136.366418][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.379095][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.392174][ T5923] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 136.495731][ T5923] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 136.514485][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.530212][ T5923] usb 4-1: config 0 descriptor?? [ 137.129170][ T5923] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 137.171030][ T1214] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 137.272311][ T5923] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 137.359550][ T1214] usb 3-1: config 0 has no interfaces? [ 137.376634][ T1214] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 137.531090][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.659997][ T5923] usb 1-1: USB disconnect, device number 9 [ 137.672249][ T1214] usb 3-1: Product: syz [ 137.676486][ T1214] usb 3-1: Manufacturer: syz [ 137.712336][ T6483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.159'. [ 137.809696][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 137.809711][ T30] audit: type=1326 audit(1749985884.835:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb09672ab19 code=0x7ffc0000 [ 137.840254][ T1214] usb 3-1: SerialNumber: syz [ 137.877304][ T6486] netlink: 'syz.4.158': attribute type 4 has an invalid length. [ 137.886421][ T1214] usb 3-1: config 0 descriptor?? [ 137.893464][ T30] audit: type=1326 audit(1749985884.835:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 137.946452][ T6486] netlink: 'syz.4.158': attribute type 4 has an invalid length. [ 137.956823][ T30] audit: type=1326 audit(1749985884.835:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 138.065419][ T30] audit: type=1326 audit(1749985884.835:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb09672ab19 code=0x7ffc0000 [ 138.221584][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.228168][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.411516][ T30] audit: type=1326 audit(1749985884.835:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb09672ab19 code=0x7ffc0000 [ 138.588519][ T5923] usb 4-1: reset high-speed USB device number 7 using dummy_hcd [ 138.617509][ T30] audit: type=1326 audit(1749985884.835:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 138.642734][ T30] audit: type=1326 audit(1749985884.835:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 138.671256][ T30] audit: type=1326 audit(1749985884.835:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 138.697583][ T30] audit: type=1326 audit(1749985884.835:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 138.798814][ T30] audit: type=1326 audit(1749985884.835:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.3.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09678e929 code=0x7ffc0000 [ 139.807001][ T5921] usb 3-1: USB disconnect, device number 7 [ 139.910738][ T1214] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 139.950868][ T5923] usb 4-1: device descriptor read/64, error -71 [ 140.050055][ T6504] netlink: zone id is out of range [ 140.094591][ T1214] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.105854][ T1214] usb 1-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 140.119988][ T1214] usb 1-1: config 0 interface 0 has no altsetting 0 [ 140.129840][ T1214] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 140.140105][ T1214] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 140.148781][ T1214] usb 1-1: Product: syz [ 140.153275][ T1214] usb 1-1: Manufacturer: syz [ 140.157970][ T1214] usb 1-1: SerialNumber: syz [ 140.167304][ T1214] usb 1-1: config 0 descriptor?? [ 140.190864][ T5923] usb 4-1: reset high-speed USB device number 7 using dummy_hcd [ 140.208574][ T5923] usb 4-1: device reset changed ep0 maxpacket size! [ 140.219759][ T43] usb 4-1: USB disconnect, device number 7 [ 140.226266][ T1214] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 140.283730][ T5887] udevd[5887]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 140.300756][ T5921] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 140.308364][ T5889] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 140.390705][ T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 140.480678][ T5921] usb 3-1: Using ep0 maxpacket: 8 [ 140.485951][ T5889] usb 5-1: Using ep0 maxpacket: 16 [ 140.597142][ T5889] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 140.601127][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 140.608238][ T5889] usb 5-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config [ 140.650911][ T5889] usb 5-1: config 0 has no interface number 0 [ 140.663657][ T5921] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 140.665526][ T43] usb 4-1: config 166 has an invalid interface number: 177 but max is 1 [ 140.672966][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.783442][ T5889] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 140.792799][ T43] usb 4-1: config 166 has an invalid interface number: 34 but max is 1 [ 140.793536][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.802998][ T43] usb 4-1: config 166 has no interface number 0 [ 140.820700][ T5921] usb 3-1: Product: syz [ 140.825279][ T5921] usb 3-1: Manufacturer: syz [ 140.830012][ T5921] usb 3-1: SerialNumber: syz [ 140.837553][ T43] usb 4-1: config 166 has no interface number 1 [ 140.841498][ T5889] usb 5-1: Product: syz [ 140.852327][ T43] usb 4-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 140.853568][ T5921] usb 3-1: config 0 descriptor?? [ 140.863694][ T43] usb 4-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 140.880399][ T5889] usb 5-1: Manufacturer: syz [ 140.889190][ T5889] usb 5-1: SerialNumber: syz [ 140.890857][ T43] usb 4-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 140.905468][ T43] usb 4-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 140.923746][ T43] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 140.927234][ T5921] gspca_main: sq930x-2.14.0 probing 2770:930c [ 140.936615][ T43] usb 4-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 140.953583][ T5889] usb 5-1: config 0 descriptor?? [ 140.955714][ T43] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 140.963480][ T5889] usb 5-1: Found UVC 0.00 device syz (046d:08f3) [ 140.973688][ T43] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 140.987363][ T43] usb 4-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 141.000993][ T5889] usb 5-1: No valid video chain found. [ 141.010003][ T43] usb 4-1: config 166 interface 177 has no altsetting 0 [ 141.018874][ T43] usb 4-1: config 166 interface 34 has no altsetting 0 [ 141.029977][ T43] usb 4-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 141.039689][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.048253][ T43] usb 4-1: Product: syz [ 141.053099][ T43] usb 4-1: Manufacturer: syz [ 141.058136][ T43] usb 4-1: SerialNumber: syz [ 141.168105][ T6506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.185151][ T6506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.220213][ T9] usb 5-1: USB disconnect, device number 7 [ 141.283978][ T43] ums-realtek 4-1:166.177: USB Mass Storage device detected [ 141.541742][ T43] ums-realtek 4-1:166.34: USB Mass Storage device detected [ 141.630859][ T5921] gspca_sq930x: ucbus_write failed -110 [ 141.636579][ T5921] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 141.740375][ T43] ums-realtek 4-1:166.34: probe with driver ums-realtek failed with error -5 [ 141.909407][ T6497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.928461][ T6497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.991197][ T43] usb 4-1: Found UVC 0.00 device syz (0bda:0138) [ 142.018716][ T43] usb 4-1: No valid video chain found. [ 142.035480][ T43] usb 4-1: USB disconnect, device number 8 [ 143.040358][ T6525] netlink: 452 bytes leftover after parsing attributes in process `syz.4.170'. [ 143.122500][ T6507] delete_channel: no stack [ 143.174781][ T5921] usb 3-1: USB disconnect, device number 8 [ 143.401251][ T43] usb 1-1: USB disconnect, device number 10 [ 143.499594][ T6538] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 143.770704][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 143.960875][ T9] usb 4-1: config 0 has no interfaces? [ 143.994114][ T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 144.003564][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.012520][ T9] usb 4-1: Product: syz [ 144.019202][ T9] usb 4-1: Manufacturer: syz [ 144.024465][ T9] usb 4-1: SerialNumber: syz [ 144.034371][ T9] usb 4-1: config 0 descriptor?? [ 144.865979][ T6562] netlink: 548 bytes leftover after parsing attributes in process `syz.0.181'. [ 146.798351][ T5921] usb 4-1: USB disconnect, device number 9 [ 147.034892][ T6578] netlink: zone id is out of range [ 147.050985][ T43] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 147.238172][ T43] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 147.252923][ T43] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 147.358833][ T43] usb 3-1: config 0 has no interface number 0 [ 147.365823][ T5923] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 147.398812][ T43] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 147.422332][ T43] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 147.432891][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.469429][ T43] usb 3-1: config 0 descriptor?? [ 147.589369][ T5923] usb 4-1: Using ep0 maxpacket: 8 [ 147.622709][ T5923] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 147.646066][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.688548][ T5923] usb 4-1: Product: syz [ 147.704632][ T6588] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004 [ 147.745085][ T5923] usb 4-1: Manufacturer: syz [ 147.751732][ T5923] usb 4-1: SerialNumber: syz [ 147.793728][ T5923] usb 4-1: config 0 descriptor?? [ 147.815762][ T5923] gspca_main: sq930x-2.14.0 probing 2770:930c [ 148.520909][ T5923] gspca_sq930x: ucbus_write failed -110 [ 148.526693][ T5923] sq930x 4-1:0.0: probe with driver sq930x failed with error -110 [ 148.798029][ T5921] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 148.962194][ T5921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 148.978355][ T5921] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 149.023644][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.098569][ T5921] usb 5-1: config 0 descriptor?? [ 149.164836][ T5921] pwc: Askey VC010 type 2 USB webcam detected. [ 149.557493][ T5921] pwc: recv_control_msg error -32 req 02 val 2b00 [ 149.623592][ T5921] pwc: recv_control_msg error -32 req 02 val 2700 [ 149.634689][ T5921] pwc: recv_control_msg error -32 req 02 val 2c00 [ 149.642931][ T5921] pwc: recv_control_msg error -32 req 04 val 1000 [ 149.652205][ T5921] pwc: recv_control_msg error -32 req 04 val 1300 [ 149.660919][ T5923] usb 3-1: USB disconnect, device number 9 [ 149.671729][ T5921] pwc: recv_control_msg error -32 req 04 val 1400 [ 149.695262][ T5921] pwc: recv_control_msg error -32 req 02 val 2000 [ 149.722471][ T5921] pwc: recv_control_msg error -32 req 02 val 2100 [ 149.732257][ T5921] pwc: recv_control_msg error -32 req 04 val 1500 [ 149.743529][ T5921] pwc: recv_control_msg error -32 req 02 val 2500 [ 149.751901][ T5921] pwc: recv_control_msg error -32 req 02 val 2400 [ 149.759206][ T5921] pwc: recv_control_msg error -32 req 02 val 2600 [ 149.767132][ T5921] pwc: recv_control_msg error -32 req 02 val 2900 [ 149.775337][ T5921] pwc: recv_control_msg error -32 req 02 val 2800 [ 149.783249][ T5921] pwc: recv_control_msg error -32 req 04 val 1100 [ 149.792441][ T5921] pwc: recv_control_msg error -71 req 04 val 1200 [ 149.803257][ T6610] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.827523][ T6610] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.837377][ T5921] pwc: Registered as video103. [ 149.857929][ T5921] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input11 [ 149.871774][ T6612] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 149.889650][ T6610] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.900526][ T6612] netlink: 16 bytes leftover after parsing attributes in process `syz.2.194'. [ 149.912128][ T6610] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.931360][ T5921] usb 5-1: USB disconnect, device number 8 [ 149.946128][ T6613] netlink: 28 bytes leftover after parsing attributes in process `syz.0.193'. [ 150.081212][ T6617] netlink: 165 bytes leftover after parsing attributes in process `syz.0.193'. [ 150.220506][ T5923] usb 4-1: USB disconnect, device number 10 [ 151.015679][ T6630] xt_CT: You must specify a L4 protocol and not use inversions on it [ 151.350695][ T43] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 151.492870][ T6639] FAULT_INJECTION: forcing a failure. [ 151.492870][ T6639] name failslab, interval 1, probability 0, space 0, times 0 [ 151.509113][ T6639] CPU: 1 UID: 0 PID: 6639 Comm: syz.0.200 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 151.509145][ T6639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.509158][ T6639] Call Trace: [ 151.509167][ T6639] [ 151.509177][ T6639] dump_stack_lvl+0x189/0x250 [ 151.509218][ T6639] ? __pfx____ratelimit+0x10/0x10 [ 151.509252][ T6639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.509288][ T6639] ? __pfx__printk+0x10/0x10 [ 151.509314][ T6639] ? security_file_permission+0x75/0x290 [ 151.509341][ T6639] ? rw_verify_area+0x258/0x650 [ 151.509380][ T6639] should_fail_ex+0x414/0x560 [ 151.509415][ T6639] should_failslab+0xa8/0x100 [ 151.509440][ T6639] __kmalloc_noprof+0xcb/0x4f0 [ 151.509461][ T6639] ? io_cache_alloc_new+0x40/0x100 [ 151.509509][ T6639] io_cache_alloc_new+0x40/0x100 [ 151.509545][ T6639] io_arm_poll_handler+0x537/0xb70 [ 151.509587][ T6639] ? __pfx_io_arm_poll_handler+0x10/0x10 [ 151.509623][ T6639] ? io_file_get_normal+0x101/0x2f0 [ 151.509652][ T6639] ? io_issue_sqe+0x3bb/0xfd0 [ 151.509681][ T6639] io_queue_async+0x79/0x2f0 [ 151.509715][ T6639] io_submit_sqes+0xe22/0x1c50 [ 151.509774][ T6639] __se_sys_io_uring_enter+0x2df/0x2b20 [ 151.509823][ T6639] ? ksys_write+0x1cb/0x250 [ 151.509847][ T6639] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 151.509871][ T6639] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 151.509892][ T6639] ? __pfx_vfs_write+0x10/0x10 [ 151.509928][ T6639] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 151.509954][ T6639] ? __fget_files+0x3a0/0x420 [ 151.509987][ T6639] ? fput+0xa0/0xd0 [ 151.510015][ T6639] ? ksys_write+0x22a/0x250 [ 151.510038][ T6639] ? __pfx_ksys_write+0x10/0x10 [ 151.510056][ T6639] ? rcu_is_watching+0x15/0xb0 [ 151.510096][ T6639] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 151.510127][ T6639] do_syscall_64+0xfa/0x3b0 [ 151.510146][ T6639] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.510179][ T6639] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.510201][ T6639] ? clear_bhb_loop+0x60/0xb0 [ 151.510227][ T6639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.510249][ T6639] RIP: 0033:0x7f6e8318e929 [ 151.510268][ T6639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.510286][ T6639] RSP: 002b:00007f6e84047038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 151.510309][ T6639] RAX: ffffffffffffffda RBX: 00007f6e833b5fa0 RCX: 00007f6e8318e929 [ 151.510325][ T6639] RDX: 0000000000000000 RSI: 00000000100847c0 RDI: 0000000000000005 [ 151.510339][ T6639] RBP: 00007f6e84047090 R08: 0000000000000000 R09: 0000000000000000 [ 151.510353][ T6639] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 151.510366][ T6639] R13: 0000000000000000 R14: 00007f6e833b5fa0 R15: 00007f6e834dfa28 [ 151.510399][ T6639] [ 151.869698][ T43] usb 5-1: config 0 has no interfaces? [ 152.094381][ T43] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 152.103619][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.121572][ T43] usb 5-1: Product: syz [ 152.136002][ T43] usb 5-1: Manufacturer: syz [ 152.148305][ T43] usb 5-1: SerialNumber: syz [ 152.280418][ T43] usb 5-1: config 0 descriptor?? [ 153.521070][ T6657] veth1_to_bond: entered allmulticast mode [ 153.549903][ T6657] veth1_to_bond: entered promiscuous mode [ 153.852489][ T6662] netlink: zone id is out of range [ 153.853032][ T1214] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 153.866190][ T6662] netlink: zone id is out of range [ 153.901004][ T6662] netlink: zone id is out of range [ 153.906203][ T6662] netlink: zone id is out of range [ 153.960810][ T6662] netlink: zone id is out of range [ 153.971286][ T6662] netlink: zone id is out of range [ 153.988188][ T6662] netlink: zone id is out of range [ 153.997978][ T6662] netlink: zone id is out of range [ 154.013833][ T6662] netlink: zone id is out of range [ 154.028975][ T6662] netlink: zone id is out of range [ 154.126555][ T1214] usb 1-1: Using ep0 maxpacket: 8 [ 154.150116][ T1214] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 154.176953][ T1214] usb 1-1: config 179 has no interface number 0 [ 154.203806][ T1214] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 154.235970][ T9] usb 5-1: USB disconnect, device number 9 [ 154.274078][ T1214] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 154.314844][ T1214] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 154.333413][ T1214] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 154.345666][ T1214] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 154.362117][ T1214] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 154.375044][ T1214] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.405989][ T6657] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 154.514067][ T6669] netlink: 28 bytes leftover after parsing attributes in process `syz.4.211'. [ 154.550650][ T6669] netlink: 28 bytes leftover after parsing attributes in process `syz.4.211'. [ 154.588095][ T6669] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 154.660902][ T1214] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input12 [ 154.664056][ T6669] bridge0: entered promiscuous mode [ 154.743710][ T6669] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 154.818887][ T6669] Cannot create hsr debugfs directory [ 155.020293][ T6673] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004 [ 155.224332][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 155.224352][ T30] audit: type=1326 audit(1749985902.255:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6645 comm="syz.1.202" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fde1e78e929 code=0x0 [ 155.470393][ T43] usb 1-1: USB disconnect, device number 11 [ 155.470488][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 155.479605][ T6656] veth1_to_bond: left promiscuous mode [ 155.485290][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 155.498913][ T43] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 155.568531][ T6656] veth1_to_bond: left allmulticast mode [ 155.790546][ T5926] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 155.839593][ T6687] tipc: Started in network mode [ 155.846607][ T6687] tipc: Node identity 7f000001, cluster identity 4711 [ 155.857585][ T6687] tipc: New replicast peer: 0.0.0.0 [ 155.870217][ T6687] tipc: Enabled bearer , priority 10 [ 155.893785][ T6687] netlink: 12 bytes leftover after parsing attributes in process `syz.3.215'. [ 155.987287][ T5926] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 87, changing to 10 [ 156.004965][ T5926] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 156.024405][ T5926] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 156.045000][ T5926] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 156.054847][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.075526][ T5926] usb 5-1: Product: syz [ 156.085948][ T5926] usb 5-1: Manufacturer: syz [ 156.097636][ T5926] usb 5-1: SerialNumber: syz [ 156.390714][ T1214] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 156.545060][ T5926] cdc_ncm 5-1:1.0: bind() failure [ 156.572075][ T1214] usb 2-1: device descriptor read/64, error -71 [ 156.583378][ T5926] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 156.605380][ T5926] cdc_ncm 5-1:1.1: bind() failure [ 156.646775][ T5926] usb 5-1: USB disconnect, device number 10 [ 156.676686][ T6697] netlink: 40 bytes leftover after parsing attributes in process `syz.3.218'. [ 156.717019][ T6697] netlink: 40 bytes leftover after parsing attributes in process `syz.3.218'. [ 156.854827][ T1214] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 157.003065][ T9] tipc: Node number set to 2130706433 [ 157.034688][ T6699] tipc: Enabled bearer , priority 10 [ 157.041338][ T1214] usb 2-1: device descriptor read/64, error -71 [ 157.151753][ T1214] usb usb2-port1: attempt power cycle [ 157.520720][ T1214] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 157.565477][ T1214] usb 2-1: device descriptor read/8, error -71 [ 157.974067][ T1214] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 158.007628][ T1214] usb 2-1: device descriptor read/8, error -71 [ 158.115531][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 158.268844][ T5921] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 158.276543][ T9] usb 1-1: device descriptor read/64, error -71 [ 158.283146][ T1214] usb usb2-port1: unable to enumerate USB device [ 158.546041][ T5921] usb 4-1: Using ep0 maxpacket: 8 [ 158.610866][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 158.705994][ T5921] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 158.763809][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.787225][ T5921] usb 4-1: Product: syz [ 158.791560][ T5921] usb 4-1: Manufacturer: syz [ 158.796213][ T5921] usb 4-1: SerialNumber: syz [ 158.813667][ T5921] usb 4-1: config 0 descriptor?? [ 158.841575][ T9] usb 1-1: device descriptor read/64, error -71 [ 158.875663][ T5921] gspca_main: sq930x-2.14.0 probing 2770:930c [ 158.960855][ T9] usb usb1-port1: attempt power cycle [ 159.590794][ T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 159.612319][ T9] usb 1-1: device descriptor read/8, error -71 [ 159.621841][ T6732] FAULT_INJECTION: forcing a failure. [ 159.621841][ T6732] name failslab, interval 1, probability 0, space 0, times 0 [ 159.635470][ T6732] CPU: 0 UID: 0 PID: 6732 Comm: syz.2.230 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 159.635492][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.635502][ T6732] Call Trace: [ 159.635508][ T6732] [ 159.635515][ T6732] dump_stack_lvl+0x189/0x250 [ 159.635543][ T6732] ? __pfx____ratelimit+0x10/0x10 [ 159.635567][ T6732] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.635595][ T6732] ? __pfx__printk+0x10/0x10 [ 159.635639][ T6732] ? __pfx___might_resched+0x10/0x10 [ 159.635663][ T6732] ? fs_reclaim_acquire+0x7d/0x100 [ 159.635685][ T6732] should_fail_ex+0x414/0x560 [ 159.635709][ T6732] should_failslab+0xa8/0x100 [ 159.635727][ T6732] __kmalloc_cache_noprof+0x70/0x3d0 [ 159.635741][ T6732] ? rtnl_newlink+0xed/0x1c70 [ 159.635757][ T6732] ? kasan_save_free_info+0x46/0x50 [ 159.635779][ T6732] rtnl_newlink+0xed/0x1c70 [ 159.635794][ T6732] ? netlink_sendmsg+0x805/0xb30 [ 159.635811][ T6732] ? __sock_sendmsg+0x21c/0x270 [ 159.635833][ T6732] ? ____sys_sendmsg+0x505/0x830 [ 159.635851][ T6732] ? ___sys_sendmsg+0x21f/0x2a0 [ 159.635870][ T6732] ? __x64_sys_sendmsg+0x19b/0x260 [ 159.635889][ T6732] ? do_syscall_64+0xfa/0x3b0 [ 159.635902][ T6732] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.635928][ T6732] ? __pfx_rtnl_newlink+0x10/0x10 [ 159.635961][ T6732] ? kasan_quarantine_put+0xdd/0x220 [ 159.635984][ T6732] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.636016][ T6732] ? nlmon_xmit+0xb0/0x100 [ 159.636039][ T6732] ? kmem_cache_free+0x18f/0x400 [ 159.636058][ T6732] ? __local_bh_enable_ip+0x12d/0x1c0 [ 159.636082][ T6732] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.636105][ T6732] ? __local_bh_enable_ip+0x12d/0x1c0 [ 159.636128][ T6732] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 159.636154][ T6732] ? __dev_queue_xmit+0x27e/0x3a70 [ 159.636184][ T6732] ? __lock_acquire+0xab9/0xd20 [ 159.636224][ T6732] ? __pfx_rtnl_newlink+0x10/0x10 [ 159.636239][ T6732] rtnetlink_rcv_msg+0x7cf/0xb70 [ 159.636258][ T6732] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 159.636273][ T6732] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 159.636288][ T6732] ? ref_tracker_free+0x63a/0x7d0 [ 159.636308][ T6732] ? __copy_skb_header+0xa7/0x550 [ 159.636329][ T6732] ? __pfx_ref_tracker_free+0x10/0x10 [ 159.636350][ T6732] ? __skb_clone+0x63/0x7a0 [ 159.636375][ T6732] netlink_rcv_skb+0x205/0x470 [ 159.636393][ T6732] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 159.636410][ T6732] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 159.636438][ T6732] ? netlink_deliver_tap+0x2e/0x1b0 [ 159.636455][ T6732] ? netlink_deliver_tap+0x2e/0x1b0 [ 159.636477][ T6732] netlink_unicast+0x758/0x8d0 [ 159.636500][ T6732] netlink_sendmsg+0x805/0xb30 [ 159.636525][ T6732] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.636546][ T6732] ? aa_sock_msg_perm+0x94/0x160 [ 159.636567][ T6732] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 159.636587][ T6732] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.636606][ T6732] __sock_sendmsg+0x21c/0x270 [ 159.636637][ T6732] ____sys_sendmsg+0x505/0x830 [ 159.636661][ T6732] ? __pfx_____sys_sendmsg+0x10/0x10 [ 159.636687][ T6732] ? import_iovec+0x74/0xa0 [ 159.636705][ T6732] ___sys_sendmsg+0x21f/0x2a0 [ 159.636726][ T6732] ? __pfx____sys_sendmsg+0x10/0x10 [ 159.636772][ T6732] ? __fget_files+0x2a/0x420 [ 159.636788][ T6732] ? __fget_files+0x3a0/0x420 [ 159.636813][ T6732] __x64_sys_sendmsg+0x19b/0x260 [ 159.636834][ T6732] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 159.636861][ T6732] ? __pfx_ksys_write+0x10/0x10 [ 159.636875][ T6732] ? rcu_is_watching+0x15/0xb0 [ 159.636903][ T6732] ? do_syscall_64+0xbe/0x3b0 [ 159.636919][ T6732] do_syscall_64+0xfa/0x3b0 [ 159.636932][ T6732] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.636954][ T6732] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.636969][ T6732] ? clear_bhb_loop+0x60/0xb0 [ 159.636987][ T6732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.637002][ T6732] RIP: 0033:0x7f2e8ed8e929 [ 159.637016][ T6732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.637028][ T6732] RSP: 002b:00007f2e8fc6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.637044][ T6732] RAX: ffffffffffffffda RBX: 00007f2e8efb5fa0 RCX: 00007f2e8ed8e929 [ 159.637055][ T6732] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 159.637065][ T6732] RBP: 00007f2e8fc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 159.637074][ T6732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.637082][ T6732] R13: 0000000000000000 R14: 00007f2e8efb5fa0 R15: 00007f2e8f0dfa28 [ 159.637104][ T6732] [ 160.081318][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.268610][ T5921] gspca_sq930x: ucbus_write failed -110 [ 160.274308][ T5921] sq930x 4-1:0.0: probe with driver sq930x failed with error -110 [ 160.422477][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 160.461076][ T9] usb 1-1: device descriptor read/8, error -71 [ 160.570920][ T9] usb usb1-port1: unable to enumerate USB device [ 160.637386][ T6741] netlink: 8 bytes leftover after parsing attributes in process `syz.2.232'. [ 161.076694][ T6749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 161.370787][ T5921] usb 4-1: USB disconnect, device number 11 [ 161.430687][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 161.652726][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 161.762970][ T9] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 161.960872][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 161.974950][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 161.986412][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 162.143269][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 162.234329][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 162.270637][ T6783] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004 [ 162.486577][ T9] usb 1-1: Product: syz [ 162.505979][ T9] usb 1-1: Manufacturer: syz [ 162.533658][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 162.656461][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 162.703807][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 162.762745][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 162.857525][ T9] usb 1-1: USB disconnect, device number 16 [ 162.961178][ T1214] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 163.138015][ T1214] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 163.149149][ T1214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.355871][ T1214] usb 2-1: config 0 descriptor?? [ 163.598951][ T1214] ath6kl: Failed to submit usb control message: -71 [ 163.633139][ T1214] ath6kl: unable to send the bmi data to the device: -71 [ 163.656504][ T1214] ath6kl: Unable to send get target info: -71 [ 163.700233][ T1214] ath6kl: Failed to init ath6kl core: -71 [ 163.722681][ T1214] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 163.751535][ T1214] usb 2-1: USB disconnect, device number 16 [ 164.231078][ T6813] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 164.393809][ T6815] netlink: 'syz.1.243': attribute type 21 has an invalid length. [ 166.243177][ T5926] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 166.298163][ T6853] Cannot find add_set index 0 as target [ 166.411973][ T5926] usb 4-1: Using ep0 maxpacket: 32 [ 166.423703][ T6855] netlink: 32 bytes leftover after parsing attributes in process `syz.2.254'. [ 166.444428][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.470851][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.583287][ T5926] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.631242][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.640948][ T5921] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 166.662264][ T5926] usb 4-1: config 0 descriptor?? [ 166.800816][ T5921] usb 2-1: Using ep0 maxpacket: 8 [ 166.828775][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 166.850682][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 166.876081][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 166.907437][ T5921] usb 2-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=f6.82 [ 166.928764][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.944423][ T5921] usb 2-1: Product: syz [ 166.948674][ T5921] usb 2-1: Manufacturer: syz [ 166.960662][ T5921] usb 2-1: SerialNumber: syz [ 166.991309][ T5921] usb 2-1: config 0 descriptor?? [ 167.036270][ T6870] loop6: detected capacity change from 0 to 1 [ 167.054428][ T6870] Dev loop6: unable to read RDB block 1 [ 167.060705][ T6870] loop6: unable to read partition table [ 167.066620][ T6870] loop6: partition table beyond EOD, truncated [ 167.127409][ T6870] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 167.164496][ T5926] input: HID 054c:03d5 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:03D5.0004/input/input13 [ 167.380879][ T5926] sony 0003:054C:03D5.0004: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.3-1/input0 [ 167.493023][ T5921] usb 2-1: USB disconnect, device number 17 [ 167.521057][ T43] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 167.560174][ T24] usb 4-1: USB disconnect, device number 12 [ 167.727426][ T43] usb 3-1: config 0 has no interfaces? [ 167.766825][ T43] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 167.795183][ T6874] fido_id[6874]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 167.828996][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.850084][ T43] usb 3-1: Product: syz [ 167.860257][ T43] usb 3-1: Manufacturer: syz [ 167.892825][ T43] usb 3-1: SerialNumber: syz [ 167.947209][ T43] usb 3-1: config 0 descriptor?? [ 168.150275][ T6884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.172318][ T6884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.300671][ T24] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 168.380894][ T43] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 168.462701][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 168.474047][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 168.485028][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 168.505641][ T24] usb 1-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00 [ 168.515039][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.529823][ T24] usb 1-1: config 0 descriptor?? [ 168.544133][ T6882] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 168.553530][ T43] usb 4-1: not running at top speed; connect to a high speed hub [ 168.581419][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 168.598825][ T43] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 168.654628][ T43] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 168.666418][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.675409][ T43] usb 4-1: Product: syz [ 168.679829][ T43] usb 4-1: Manufacturer: syz [ 168.686546][ T43] usb 4-1: SerialNumber: syz [ 168.716882][ T6885] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 168.797549][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 168.811641][ T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 168.833994][ T24] usb 1-1: USB disconnect, device number 17 [ 168.939361][ T43] cdc_ncm 4-1:1.0: bind() failure [ 168.974193][ T43] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 168.982230][ T43] cdc_ncm 4-1:1.1: bind() failure [ 169.005977][ T43] usb 4-1: USB disconnect, device number 13 [ 169.570715][ T5926] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 169.770108][ T5926] usb 5-1: config 0 has no interfaces? [ 169.854426][ T5926] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 169.863942][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.896662][ T9] usb 3-1: USB disconnect, device number 10 [ 169.900758][ T5926] usb 5-1: Product: syz [ 169.975082][ T6891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.265'. [ 170.062460][ T5926] usb 5-1: Manufacturer: syz [ 170.117596][ T5926] usb 5-1: SerialNumber: syz [ 170.133829][ T5921] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 170.146176][ T5926] usb 5-1: config 0 descriptor?? [ 170.343203][ T5921] usb 1-1: Using ep0 maxpacket: 32 [ 170.364805][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 170.388110][ T5921] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 170.404942][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.500029][ T5921] usb 1-1: Product: syz [ 170.510658][ T5921] usb 1-1: Manufacturer: syz [ 170.524081][ T5921] usb 1-1: SerialNumber: syz [ 170.558428][ T5921] usb 1-1: config 0 descriptor?? [ 170.631234][ T5921] usb 1-1: bad CDC descriptors [ 170.637795][ T5921] usb 1-1: unsupported MDLM descriptors [ 170.861947][ T9] usb 1-1: USB disconnect, device number 18 [ 170.928164][ T6891] team0 (unregistering): Port device team_slave_0 removed [ 171.024616][ T6891] team0 (unregistering): Port device team_slave_1 removed [ 171.274852][ T6917] netlink: 44 bytes leftover after parsing attributes in process `syz.3.275'. [ 171.929075][ T5841] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 172.482253][ T6946] netlink: 56 bytes leftover after parsing attributes in process `syz.3.284'. [ 172.795335][ T24] usb 5-1: USB disconnect, device number 11 [ 173.426738][ T6976] netlink: 'syz.1.296': attribute type 4 has an invalid length. [ 173.511402][ T5926] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 173.709996][ T5926] usb 3-1: Using ep0 maxpacket: 8 [ 173.717357][ T5926] usb 3-1: config 0 has an invalid interface number: 150 but max is 0 [ 173.738827][ T5926] usb 3-1: config 0 has an invalid interface number: 112 but max is 0 [ 173.750704][ T9] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 173.759551][ T5926] usb 3-1: config 0 has an invalid interface number: 3 but max is 0 [ 173.775745][ T5926] usb 3-1: config 0 has 3 interfaces, different from the descriptor's value: 1 [ 173.809644][ T5926] usb 3-1: config 0 has no interface number 0 [ 173.817964][ T5926] usb 3-1: config 0 has no interface number 1 [ 173.831262][ T5926] usb 3-1: config 0 has no interface number 2 [ 173.839041][ T5926] usb 3-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 173.879343][ T5926] usb 3-1: too many endpoints for config 0 interface 112 altsetting 233: 104, using maximum allowed: 30 [ 173.901975][ T5926] usb 3-1: config 0 interface 112 altsetting 233 has 1 endpoint descriptor, different from the interface descriptor's value: 104 [ 173.931076][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 173.936276][ T5926] usb 3-1: config 0 interface 150 has no altsetting 0 [ 173.939124][ T9] usb 4-1: config 0 has no interface number 0 [ 173.939181][ T9] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 173.963003][ T5926] usb 3-1: config 0 interface 112 has no altsetting 0 [ 173.976646][ T5926] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 174.000018][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.010407][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.037279][ T9] usb 4-1: config 0 descriptor?? [ 174.041580][ T5926] usb 3-1: config 0 descriptor?? [ 174.073731][ T9] usb 4-1: selecting invalid altsetting 1 [ 174.095589][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 174.106840][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 174.200442][ T9] DVB: Unable to find symbol cx22700_attach() [ 174.323214][ T6994] netlink: 'syz.1.302': attribute type 2 has an invalid length. [ 174.334840][ T5926] usb 3-1: string descriptor 0 read error: -71 [ 174.363498][ T6995] binder: 6993:6995 ioctl c0306201 0 returned -14 [ 174.374138][ T5841] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 174.384021][ T5841] Bluetooth: hci4: Injecting HCI hardware error event [ 174.392480][ T51] Bluetooth: hci4: hardware error 0x00 [ 174.404052][ T9] DVB: Unable to find symbol tda10046_attach() [ 174.404989][ T5926] usb 3-1: USB disconnect, device number 11 [ 174.419431][ T6995] binder: 6993:6995 ioctl c018620c 2000000001c0 returned -1 [ 174.434703][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 174.485580][ T9] usb 4-1: USB disconnect, device number 14 [ 175.212704][ T5926] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 175.400810][ T5926] usb 4-1: Using ep0 maxpacket: 16 [ 175.462258][ T5926] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 175.481569][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 175.501554][ T5926] usb 4-1: Product: syz [ 175.524390][ T5926] usb 4-1: Manufacturer: syz [ 175.536709][ T5926] usb 4-1: SerialNumber: syz [ 175.595973][ T5926] usb 4-1: config 0 descriptor?? [ 175.850235][ T1214] usb 4-1: USB disconnect, device number 15 [ 175.905838][ T7032] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 176.045766][ T7038] netlink: 1744 bytes leftover after parsing attributes in process `syz.0.322'. [ 176.208698][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.0.325'. [ 176.530863][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 176.630944][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 176.796463][ T24] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 176.820810][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.828915][ T24] usb 1-1: Product: syz [ 176.847432][ T24] usb 1-1: Manufacturer: syz [ 176.860904][ T24] usb 1-1: SerialNumber: syz [ 176.874160][ T24] usb 1-1: config 0 descriptor?? [ 176.896007][ T24] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 177.072970][ T7067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.331'. [ 177.304572][ T43] usb 1-1: USB disconnect, device number 19 [ 177.830755][ T7093] macvlan1: entered promiscuous mode [ 177.839663][ T7093] ipvlan0: entered promiscuous mode [ 177.847425][ T7093] ipvlan0: left promiscuous mode [ 177.870786][ T7093] macvlan1: left promiscuous mode [ 178.475120][ T7114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.349'. [ 178.709072][ T30] audit: type=1326 audit(1749985925.735:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 178.733647][ T30] audit: type=1326 audit(1749985925.735:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 178.784966][ T30] audit: type=1326 audit(1749985925.745:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 178.840644][ T30] audit: type=1326 audit(1749985925.745:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 178.914672][ T30] audit: type=1326 audit(1749985925.745:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 178.955461][ T30] audit: type=1326 audit(1749985925.745:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 178.980754][ T7124] input: syz1 as /devices/virtual/input/input14 [ 179.014337][ T30] audit: type=1326 audit(1749985925.745:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 179.064662][ T30] audit: type=1326 audit(1749985925.745:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 179.094872][ T30] audit: type=1326 audit(1749985925.745:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8ed8e929 code=0x7ffc0000 [ 179.119057][ T30] audit: type=1326 audit(1749985925.745:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7119 comm="syz.2.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2e8ed8d290 code=0x7ffc0000 [ 179.505473][ T51] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 179.514308][ T51] Bluetooth: hci2: Injecting HCI hardware error event [ 179.524194][ T51] Bluetooth: hci2: hardware error 0x00 [ 180.422833][ T7165] net_ratelimit: 123 callbacks suppressed [ 180.422851][ T7165] netlink: del zone limit has 4 unknown bytes [ 180.960818][ T5921] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 181.190335][ T5921] usb 4-1: config 0 has no interfaces? [ 181.205686][ T5921] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 181.235332][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.264480][ T1214] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 181.296231][ T5921] usb 4-1: Product: syz [ 181.325512][ T5921] usb 4-1: Manufacturer: syz [ 181.330193][ T5921] usb 4-1: SerialNumber: syz [ 181.395748][ T5921] usb 4-1: config 0 descriptor?? [ 181.406470][ T7175] netlink: 24 bytes leftover after parsing attributes in process `syz.2.373'. [ 181.478355][ T1214] usb 1-1: config 0 has no interfaces? [ 181.490497][ T1214] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 181.593480][ T1214] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.644676][ T1214] usb 1-1: Product: syz [ 181.648913][ T1214] usb 1-1: Manufacturer: syz [ 181.653909][ T51] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 181.700628][ T1214] usb 1-1: SerialNumber: syz [ 181.727140][ T1214] usb 1-1: config 0 descriptor?? [ 182.261104][ T7188] sctp: [Deprecated]: syz.2.375 (pid 7188) Use of int in maxseg socket option. [ 182.261104][ T7188] Use struct sctp_assoc_value instead [ 183.160693][ T43] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 183.332927][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.344802][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.362552][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 183.389582][ T43] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 183.411234][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.497962][ T43] usb 3-1: config 0 descriptor?? [ 183.938503][ T43] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xe [ 183.998122][ T43] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 184.022745][ T43] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 184.054842][ T43] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 184.223739][ T5921] usb 3-1: USB disconnect, device number 12 [ 184.276095][ T43] usb 4-1: USB disconnect, device number 16 [ 184.421369][ T7201] fido_id[7201]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 184.508294][ T7207] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 184.753219][ T43] usb 1-1: USB disconnect, device number 20 [ 184.950381][ T7219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.385'. [ 185.049399][ T7226] FAULT_INJECTION: forcing a failure. [ 185.049399][ T7226] name failslab, interval 1, probability 0, space 0, times 0 [ 185.064274][ T7225] netlink: del zone limit has 4 unknown bytes [ 185.075046][ T7226] CPU: 1 UID: 0 PID: 7226 Comm: syz.2.386 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 185.075079][ T7226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 185.075093][ T7226] Call Trace: [ 185.075102][ T7226] [ 185.075111][ T7226] dump_stack_lvl+0x189/0x250 [ 185.075164][ T7226] ? __pfx____ratelimit+0x10/0x10 [ 185.075198][ T7226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.075232][ T7226] ? __pfx__printk+0x10/0x10 [ 185.075262][ T7226] ? __pfx___might_resched+0x10/0x10 [ 185.075301][ T7226] should_fail_ex+0x414/0x560 [ 185.075341][ T7226] should_failslab+0xa8/0x100 [ 185.075366][ T7226] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 185.075389][ T7226] ? __alloc_skb+0x112/0x2d0 [ 185.075418][ T7226] __alloc_skb+0x112/0x2d0 [ 185.075447][ T7226] netlink_sendmsg+0x5c6/0xb30 [ 185.075484][ T7226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.075514][ T7226] ? aa_sock_msg_perm+0x94/0x160 [ 185.075544][ T7226] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 185.075571][ T7226] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.075598][ T7226] __sock_sendmsg+0x21c/0x270 [ 185.075635][ T7226] ____sys_sendmsg+0x505/0x830 [ 185.075669][ T7226] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.075707][ T7226] ? import_iovec+0x74/0xa0 [ 185.075732][ T7226] ___sys_sendmsg+0x21f/0x2a0 [ 185.075763][ T7226] ? __pfx____sys_sendmsg+0x10/0x10 [ 185.075829][ T7226] ? __fget_files+0x2a/0x420 [ 185.075853][ T7226] ? __fget_files+0x3a0/0x420 [ 185.075893][ T7226] __x64_sys_sendmsg+0x19b/0x260 [ 185.075924][ T7226] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 185.075961][ T7226] ? __pfx_ksys_write+0x10/0x10 [ 185.075978][ T7226] ? rcu_is_watching+0x15/0xb0 [ 185.076017][ T7226] ? do_syscall_64+0xbe/0x3b0 [ 185.076041][ T7226] do_syscall_64+0xfa/0x3b0 [ 185.076059][ T7226] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.076091][ T7226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.076112][ T7226] ? clear_bhb_loop+0x60/0xb0 [ 185.076138][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.076159][ T7226] RIP: 0033:0x7f2e8ed8e929 [ 185.076183][ T7226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.076203][ T7226] RSP: 002b:00007f2e8fc6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.076230][ T7226] RAX: ffffffffffffffda RBX: 00007f2e8efb5fa0 RCX: 00007f2e8ed8e929 [ 185.076246][ T7226] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 185.076260][ T7226] RBP: 00007f2e8fc6b090 R08: 0000000000000000 R09: 0000000000000000 [ 185.076273][ T7226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.076287][ T7226] R13: 0000000000000000 R14: 00007f2e8efb5fa0 R15: 00007f2e8f0dfa28 [ 185.076324][ T7226] [ 185.848767][ T7238] netlink: zone id is out of range [ 185.960720][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 186.100681][ T1214] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 186.130780][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 186.147446][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.166686][ T24] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 186.184780][ T7247] capability: warning: `syz.1.393' uses deprecated v2 capabilities in a way that may be insecure [ 186.216124][ T24] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 186.248311][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.284194][ T1214] usb 3-1: Using ep0 maxpacket: 8 [ 186.287174][ T24] usb 5-1: config 0 descriptor?? [ 186.435106][ T1214] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 186.472382][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.490117][ T1214] usb 3-1: Product: syz [ 186.497175][ T1214] usb 3-1: Manufacturer: syz [ 186.535629][ T1214] usb 3-1: SerialNumber: syz [ 186.548607][ T1214] usb 3-1: config 0 descriptor?? [ 186.569645][ T1214] gspca_main: sq930x-2.14.0 probing 2770:930c [ 186.840751][ T24] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 186.924018][ T7263] random: crng reseeded on system resumption [ 187.011019][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 187.020855][ T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 187.048337][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 187.078870][ T24] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 187.089814][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.283650][ T24] usb 2-1: Product: syz [ 187.290330][ T24] usb 2-1: Manufacturer: syz [ 187.304667][ T24] usb 2-1: SerialNumber: syz [ 187.316340][ T1214] gspca_sq930x: ucbus_write failed -110 [ 187.343058][ T24] usb 2-1: config 0 descriptor?? [ 187.349353][ T1214] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 187.379013][ T24] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 187.416309][ T24] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 187.628100][ T7269] netlink: 312 bytes leftover after parsing attributes in process `syz.3.401'. [ 187.966259][ T24] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 187.974279][ T24] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 188.700925][ T1214] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 188.787285][ T5923] usb 5-1: USB disconnect, device number 12 [ 188.867684][ T24] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 188.879601][ T24] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 188.894932][ T24] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 188.902426][ T24] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 188.916174][ T7287] netlink: 44 bytes leftover after parsing attributes in process `syz.4.407'. [ 188.946424][ T1214] usb 1-1: config 0 has no interfaces? [ 188.999435][ T1214] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 189.008766][ T1214] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.017703][ T1214] usb 1-1: Product: syz [ 189.022093][ T1214] usb 1-1: Manufacturer: syz [ 189.041474][ T1214] usb 1-1: SerialNumber: syz [ 189.101471][ T1214] usb 1-1: config 0 descriptor?? [ 189.142448][ T5921] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 189.313621][ T1214] usb 3-1: USB disconnect, device number 13 [ 189.328557][ T5921] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 189.358163][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.449687][ T5921] usb 4-1: Product: syz [ 189.491857][ T5921] usb 4-1: Manufacturer: syz [ 189.505509][ T5921] usb 4-1: SerialNumber: syz [ 189.513181][ T24] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 189.544339][ T24] usb 2-1: USB disconnect, device number 18 [ 189.549854][ T5921] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 189.640360][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 190.086086][ T7288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.112796][ T7288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.376631][ T5923] usb 4-1: USB disconnect, device number 17 [ 190.790881][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 190.798378][ T9] ath9k_htc: Failed to initialize the device [ 190.851507][ T5923] usb 4-1: ath9k_htc: USB layer deinitialized [ 191.343369][ T7328] veth0_to_bond: entered promiscuous mode [ 191.387225][ T7328] veth0_to_bond: left promiscuous mode [ 191.421160][ T7330] netlink: zone id is out of range [ 191.588686][ T5923] usb 1-1: USB disconnect, device number 21 [ 191.690832][ T43] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 191.847869][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 191.873080][ T43] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 191.890864][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.909249][ T43] usb 4-1: Product: syz [ 191.919400][ T43] usb 4-1: Manufacturer: syz [ 191.938266][ T43] usb 4-1: SerialNumber: syz [ 191.950023][ T43] usb 4-1: config 0 descriptor?? [ 191.993033][ T43] gspca_main: sq930x-2.14.0 probing 2770:930c [ 192.190710][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 192.341016][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 192.351660][ T24] usb 1-1: config 0 has an invalid interface number: 202 but max is 1 [ 192.359922][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.683428][ T24] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 192.701192][ T7356] netlink: 'syz.4.431': attribute type 8 has an invalid length. [ 192.735486][ T43] gspca_sq930x: ucbus_write failed -110 [ 192.749068][ T24] usb 1-1: config 0 has no interface number 0 [ 192.761315][ T43] sq930x 4-1:0.0: probe with driver sq930x failed with error -110 [ 192.769413][ T7356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.431'. [ 192.778595][ T24] usb 1-1: too many endpoints for config 0 interface 202 altsetting 87: 182, using maximum allowed: 30 [ 192.806079][ T7356] bridge0: entered allmulticast mode [ 192.818412][ T24] usb 1-1: config 0 interface 202 altsetting 87 endpoint 0x2 has invalid maxpacket 255, setting to 64 [ 192.852293][ T24] usb 1-1: config 0 interface 202 altsetting 87 has 1 endpoint descriptor, different from the interface descriptor's value: 182 [ 192.888460][ T24] usb 1-1: config 0 interface 202 has no altsetting 0 [ 192.902763][ T24] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.2b [ 192.912200][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.920827][ T24] usb 1-1: Product: syz [ 192.932981][ T24] usb 1-1: Manufacturer: syz [ 192.961525][ T24] usb 1-1: SerialNumber: syz [ 193.019239][ T24] usb 1-1: config 0 descriptor?? [ 193.053561][ T24] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 193.560765][ T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 193.818036][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.830998][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 193.843246][ T9] usb 2-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9 [ 193.855359][ T9] usb 2-1: Manufacturer: syz [ 193.860255][ T9] usb 2-1: SerialNumber: syz [ 193.908521][ T9] usb 2-1: config 0 descriptor?? [ 194.126513][ T9] usb 2-1: USB disconnect, device number 19 [ 194.132791][ T5921] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 194.149080][ T1148] usb 1-1: Failed to submit usb control message: -110 [ 194.174514][ T1148] usb 1-1: unable to send the bmi data to the device: -110 [ 194.186934][ T1148] usb 1-1: unable to get target info from device [ 194.197615][ T1148] usb 1-1: could not get target info (-110) [ 194.207223][ T1148] usb 1-1: could not probe fw (-110) [ 194.292160][ T5921] usb 5-1: Using ep0 maxpacket: 8 [ 194.389536][ T5921] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 194.400712][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.409640][ T5921] usb 5-1: Product: syz [ 194.415528][ T5921] usb 5-1: Manufacturer: syz [ 194.420739][ T5921] usb 5-1: SerialNumber: syz [ 194.432904][ T5921] usb 5-1: config 0 descriptor?? [ 194.463648][ T5921] gspca_main: sq930x-2.14.0 probing 2770:930c [ 194.684840][ T1214] usb 4-1: USB disconnect, device number 18 [ 194.932589][ T1214] usb 1-1: USB disconnect, device number 22 [ 194.991257][ T5921] gspca_sq930x: reg_r 001f failed -110 [ 194.996843][ T5921] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 195.342170][ T7395] netlink: 4 bytes leftover after parsing attributes in process `syz.0.443'. [ 195.597534][ T7399] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004 [ 196.831118][ T7422] netlink: zone id is out of range [ 197.082212][ T1214] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 197.361870][ T1214] usb 1-1: Using ep0 maxpacket: 8 [ 197.380347][ T1214] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 197.393734][ T1214] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.423179][ T1214] usb 1-1: Product: syz [ 197.431496][ T1214] usb 1-1: Manufacturer: syz [ 197.445789][ T1214] usb 1-1: SerialNumber: syz [ 197.472285][ T1214] usb 1-1: config 0 descriptor?? [ 197.486884][ T1214] gspca_main: sq930x-2.14.0 probing 2770:930c [ 197.519540][ T9] usb 5-1: USB disconnect, device number 13 [ 198.246386][ T1214] gspca_sq930x: ucbus_write failed -110 [ 198.279298][ T1214] sq930x 1-1:0.0: probe with driver sq930x failed with error -110 [ 199.437441][ T7448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.457'. [ 199.659060][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.667919][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.052778][ T7458] netlink: 36 bytes leftover after parsing attributes in process `syz.2.460'. [ 200.299505][ T1214] usb 1-1: USB disconnect, device number 23 [ 200.365171][ T5940] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 200.560668][ T5940] usb 3-1: device descriptor read/64, error -71 [ 200.785055][ T7466] syzkaller0: entered promiscuous mode [ 200.810800][ T7466] syzkaller0: entered allmulticast mode [ 200.833079][ T5940] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 201.000234][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.468'. [ 201.020889][ T5940] usb 3-1: device descriptor read/64, error -71 [ 201.135354][ T5940] usb usb3-port1: attempt power cycle [ 201.511054][ T5940] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 201.533939][ T5940] usb 3-1: device descriptor read/8, error -71 [ 201.630630][ T1214] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 201.872980][ T5940] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 201.901787][ T5940] usb 3-1: device descriptor read/8, error -71 [ 201.923152][ T1214] usb 4-1: config 0 has no interfaces? [ 201.948307][ T1214] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 201.964904][ T1214] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.981936][ T1214] usb 4-1: Product: syz [ 201.986182][ T1214] usb 4-1: Manufacturer: syz [ 201.991925][ T1214] usb 4-1: SerialNumber: syz [ 202.007764][ T1214] usb 4-1: config 0 descriptor?? [ 202.022202][ T5940] usb usb3-port1: unable to enumerate USB device [ 202.197920][ T7496] netlink: zone id is out of range [ 202.450693][ T5940] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 202.631839][ T5940] usb 5-1: Using ep0 maxpacket: 8 [ 202.653540][ T5940] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 202.664692][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.674239][ T5940] usb 5-1: Product: syz [ 202.679649][ T5940] usb 5-1: Manufacturer: syz [ 202.684583][ T5940] usb 5-1: SerialNumber: syz [ 202.705774][ T5940] usb 5-1: config 0 descriptor?? [ 202.730286][ T5940] gspca_main: sq930x-2.14.0 probing 2770:930c [ 203.426190][ T7498] kvm: kvm [7497]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x100000011 [ 203.437040][ T7498] kvm: kvm [7497]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 203.447842][ T5940] gspca_sq930x: ucbus_write failed -110 [ 203.453574][ T5940] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 203.553337][ T7498] kvm_intel: kvm [7497]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x4001 [ 204.531512][ T9] usb 4-1: USB disconnect, device number 19 [ 205.290223][ T7525] netlink: zone id is out of range [ 205.397597][ T7528] FAULT_INJECTION: forcing a failure. [ 205.397597][ T7528] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.425626][ T7528] CPU: 0 UID: 0 PID: 7528 Comm: syz.1.486 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 205.425659][ T7528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.425673][ T7528] Call Trace: [ 205.425683][ T7528] [ 205.425690][ T7528] dump_stack_lvl+0x189/0x250 [ 205.425721][ T7528] ? __pfx____ratelimit+0x10/0x10 [ 205.425745][ T7528] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.425770][ T7528] ? __pfx__printk+0x10/0x10 [ 205.425797][ T7528] should_fail_ex+0x414/0x560 [ 205.425822][ T7528] _copy_to_user+0x31/0xb0 [ 205.425840][ T7528] snd_pcm_oss_read2+0x316/0x430 [ 205.425865][ T7528] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 205.425884][ T7528] ? __pfx_snd_pcm_oss_read2+0x10/0x10 [ 205.425908][ T7528] ? __pfx_snd_pcm_post_prepare+0x10/0x10 [ 205.425924][ T7528] ? snd_pcm_action_nonatomic+0x25c/0x2b0 [ 205.425944][ T7528] snd_pcm_oss_read+0x635/0x8d0 [ 205.425975][ T7528] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 205.425999][ T7528] vfs_read+0x200/0x980 [ 205.426030][ T7528] ? __pfx_vfs_read+0x10/0x10 [ 205.426057][ T7528] ? __fget_files+0x2a/0x420 [ 205.426077][ T7528] ? __fget_files+0x2a/0x420 [ 205.426093][ T7528] ? __fget_files+0x3a0/0x420 [ 205.426109][ T7528] ? __fget_files+0x2a/0x420 [ 205.426132][ T7528] ksys_read+0x145/0x250 [ 205.426148][ T7528] ? __pfx_ksys_read+0x10/0x10 [ 205.426159][ T7528] ? rcu_is_watching+0x15/0xb0 [ 205.426188][ T7528] ? do_syscall_64+0xbe/0x3b0 [ 205.426205][ T7528] do_syscall_64+0xfa/0x3b0 [ 205.426218][ T7528] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.426241][ T7528] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.426256][ T7528] ? clear_bhb_loop+0x60/0xb0 [ 205.426275][ T7528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.426301][ T7528] RIP: 0033:0x7fde1e78e929 [ 205.426315][ T7528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.426329][ T7528] RSP: 002b:00007fde1c5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 205.426346][ T7528] RAX: ffffffffffffffda RBX: 00007fde1e9b5fa0 RCX: 00007fde1e78e929 [ 205.426358][ T7528] RDX: 00000000200021d5 RSI: 00002000000011c0 RDI: 0000000000000003 [ 205.426368][ T7528] RBP: 00007fde1c5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 205.426377][ T7528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 205.426387][ T7528] R13: 0000000000000000 R14: 00007fde1e9b5fa0 R15: 00007fde1eadfa28 [ 205.426410][ T7528] [ 205.673239][ C0] vkms_vblank_simulate: vblank timer overrun [ 205.751515][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 205.860504][ T5926] usb 5-1: USB disconnect, device number 14 [ 205.881770][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.489'. [ 205.912119][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 205.936587][ T9] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 205.945925][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.960792][ T9] usb 1-1: Product: syz [ 205.965262][ T9] usb 1-1: Manufacturer: syz [ 205.970018][ T9] usb 1-1: SerialNumber: syz [ 205.982483][ T9] usb 1-1: config 0 descriptor?? [ 206.041708][ T9] gspca_main: sq930x-2.14.0 probing 2770:930c [ 206.440708][ T1214] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 206.792451][ T1214] usb 2-1: config 0 has no interfaces? [ 206.801137][ T9] gspca_sq930x: ucbus_write failed -110 [ 206.806880][ T9] sq930x 1-1:0.0: probe with driver sq930x failed with error -110 [ 206.827771][ T1214] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 206.838575][ T1214] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.911009][ T43] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 207.097309][ T1214] usb 2-1: Product: syz [ 207.102155][ T1214] usb 2-1: Manufacturer: syz [ 207.106830][ T1214] usb 2-1: SerialNumber: syz [ 207.114610][ T1214] usb 2-1: config 0 descriptor?? [ 207.321855][ T43] usb 3-1: unable to get BOS descriptor or descriptor too short [ 207.344213][ T43] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 207.357859][ T43] usb 3-1: config 1 has no interface number 1 [ 207.460748][ T43] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 207.504537][ T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 207.560490][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.649967][ T43] usb 3-1: Product: syz [ 207.654751][ T43] usb 3-1: Manufacturer: syz [ 207.659886][ T43] usb 3-1: SerialNumber: syz [ 207.802666][ T7551] netlink: 56 bytes leftover after parsing attributes in process `syz.4.493'. [ 207.989094][ T7547] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=7 (14 ns) > initial count (10 ns). Using initial count to start timer. [ 208.044985][ T7547] kvm: pic: non byte write [ 208.197458][ T43] usb 3-1: found format II with max.bitrate = 26774, frame size=2 [ 208.252443][ T43] usb 3-1: found format II with max.bitrate = 26774, frame size=2 [ 208.299181][ T43] usb 3-1: failed to enable PITCH for EP 0x82 [ 208.444971][ T43] usb 3-1: USB disconnect, device number 18 [ 208.619248][ T9] usb 1-1: USB disconnect, device number 24 [ 208.787692][ T7574] netlink: zone id is out of range [ 209.003029][ T5932] udevd[5932]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 209.171304][ T5926] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 209.179074][ T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 209.340729][ T5926] usb 4-1: Using ep0 maxpacket: 8 [ 209.349036][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 209.365875][ T24] usb 5-1: config 0 has no interfaces? [ 209.375922][ T5926] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 209.386954][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.395348][ T5926] usb 4-1: Product: syz [ 209.401344][ T24] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 209.413770][ T7579] netlink: 'syz.0.502': attribute type 10 has an invalid length. [ 209.421198][ T3448] ------------[ cut here ]------------ [ 209.422976][ T5926] usb 4-1: Manufacturer: syz [ 209.427263][ T3448] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 209.428411][ T3448] WARNING: CPU: 0 PID: 3448 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350 [ 209.436665][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.439340][ T3448] Modules linked in: [ 209.454941][ T5926] usb 4-1: SerialNumber: syz [ 209.458032][ T3448] CPU: 0 UID: 0 PID: 3448 Comm: kworker/u8:8 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 209.465542][ T7579] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.466559][ T3448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.466580][ T3448] Workqueue: bond0 bond_mii_monitor [ 209.482576][ T7579] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.486050][ T3448] [ 209.508621][ T24] usb 5-1: Product: syz [ 209.510822][ T3448] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 209.510863][ T3448] Code: 7c fe ff ff e8 4e bc 69 f8 c6 05 f5 6d 34 06 01 90 48 c7 c7 80 b8 92 8c 48 c7 c6 7a 97 9c 8d ba 48 00 00 00 e8 ee 66 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 209.510885][ T3448] RSP: 0018:ffffc9000c527670 EFLAGS: 00010246 [ 209.518095][ T24] usb 5-1: Manufacturer: syz [ 209.522465][ T3448] [ 209.555752][ T3448] RAX: c4253d9e039de900 RBX: ffff888032636000 RCX: ffff88803137da00 [ 209.563447][ T24] usb 5-1: SerialNumber: syz [ 209.563808][ T3448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 209.576442][ T3448] RBP: 0000000000000000 R08: ffff8880b8624293 R09: 1ffff110170c4852 [ 209.584512][ T3448] R10: dffffc0000000000 R11: ffffed10170c4853 R12: 1ffff110064c6c5d [ 209.592599][ T3448] R13: dffffc0000000000 R14: ffffffff8c1c4608 R15: 0000000000000000 [ 209.600844][ T3448] FS: 0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000 [ 209.609882][ T3448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 209.616562][ T3448] CR2: 00002000003db030 CR3: 000000001f754000 CR4: 00000000003526f0 [ 209.625921][ T3448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000d8 [ 209.630902][ T5926] usb 4-1: config 0 descriptor?? [ 209.635293][ T3448] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 209.642162][ T24] usb 5-1: config 0 descriptor?? [ 209.646970][ T3448] Call Trace: [ 209.655239][ T3448] [ 209.658246][ T3448] ? ethtool_op_get_link+0xd/0x70 [ 209.663404][ T3448] ethtool_op_get_link+0x15/0x70 [ 209.668393][ T3448] bond_check_dev_link+0x444/0x6c0 [ 209.673611][ T3448] ? __pfx_bond_check_dev_link+0x10/0x10 [ 209.679312][ T3448] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 209.685832][ T3448] bond_mii_monitor+0x428/0x2e00 [ 209.686042][ T5926] gspca_main: sq930x-2.14.0 probing 2770:930c [ 209.690900][ T3448] ? bond_mii_monitor+0x153/0x2e00 [ 209.690950][ T3448] ? __pfx_bond_mii_monitor+0x10/0x10 [ 209.707651][ T3448] ? __lock_acquire+0xab9/0xd20 [ 209.712616][ T3448] ? process_scheduled_works+0x9ef/0x17b0 [ 209.718409][ T3448] ? _raw_spin_unlock_irq+0x23/0x50 [ 209.724990][ T3448] ? process_scheduled_works+0x9ef/0x17b0 [ 209.731935][ T3448] ? process_scheduled_works+0x9ef/0x17b0 [ 209.737738][ T3448] process_scheduled_works+0xae1/0x17b0 [ 209.743430][ T3448] ? __pfx_process_scheduled_works+0x10/0x10 [ 209.749500][ T3448] worker_thread+0x8a0/0xda0 [ 209.754222][ T3448] kthread+0x70e/0x8a0 [ 209.758378][ T3448] ? __pfx_worker_thread+0x10/0x10 [ 209.763579][ T3448] ? __pfx_kthread+0x10/0x10 [ 209.768226][ T3448] ? _raw_spin_unlock_irq+0x23/0x50 [ 209.773562][ T3448] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.778851][ T3448] ? __pfx_kthread+0x10/0x10 [ 209.783532][ T3448] ret_from_fork+0x3fc/0x770 [ 209.788180][ T3448] ? __pfx_ret_from_fork+0x10/0x10 [ 209.793494][ T3448] ? __switch_to_asm+0x39/0x70 [ 209.798318][ T3448] ? __switch_to_asm+0x33/0x70 [ 209.803164][ T3448] ? __pfx_kthread+0x10/0x10 [ 209.807849][ T3448] ret_from_fork_asm+0x1a/0x30 [ 209.812858][ T3448] [ 209.815937][ T3448] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 209.823258][ T3448] CPU: 0 UID: 0 PID: 3448 Comm: kworker/u8:8 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 209.835455][ T3448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.845561][ T3448] Workqueue: bond0 bond_mii_monitor [ 209.850851][ T3448] Call Trace: [ 209.854165][ T3448] [ 209.857130][ T3448] dump_stack_lvl+0x99/0x250 [ 209.861788][ T3448] ? __asan_memcpy+0x40/0x70 [ 209.866469][ T3448] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.872001][ T3448] ? __pfx__printk+0x10/0x10 [ 209.876676][ T3448] panic+0x2db/0x790 [ 209.880642][ T3448] ? __pfx_panic+0x10/0x10 [ 209.885125][ T3448] ? ret_from_fork_asm+0x1a/0x30 [ 209.890127][ T3448] __warn+0x31b/0x4b0 [ 209.894170][ T3448] ? __linkwatch_sync_dev+0x303/0x350 [ 209.899609][ T3448] ? __linkwatch_sync_dev+0x303/0x350 [ 209.905049][ T3448] report_bug+0x2be/0x4f0 [ 209.909458][ T3448] ? __linkwatch_sync_dev+0x303/0x350 [ 209.914897][ T3448] ? __linkwatch_sync_dev+0x303/0x350 [ 209.920322][ T3448] ? __linkwatch_sync_dev+0x305/0x350 [ 209.925745][ T3448] handle_bug+0x84/0x160 [ 209.930043][ T3448] exc_invalid_op+0x1a/0x50 [ 209.934595][ T3448] asm_exc_invalid_op+0x1a/0x20 [ 209.939491][ T3448] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 209.945536][ T3448] Code: 7c fe ff ff e8 4e bc 69 f8 c6 05 f5 6d 34 06 01 90 48 c7 c7 80 b8 92 8c 48 c7 c6 7a 97 9c 8d ba 48 00 00 00 e8 ee 66 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 209.965198][ T3448] RSP: 0018:ffffc9000c527670 EFLAGS: 00010246 [ 209.971336][ T3448] RAX: c4253d9e039de900 RBX: ffff888032636000 RCX: ffff88803137da00 [ 209.979368][ T3448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 209.987403][ T3448] RBP: 0000000000000000 R08: ffff8880b8624293 R09: 1ffff110170c4852 [ 209.995430][ T3448] R10: dffffc0000000000 R11: ffffed10170c4853 R12: 1ffff110064c6c5d [ 210.003464][ T3448] R13: dffffc0000000000 R14: ffffffff8c1c4608 R15: 0000000000000000 [ 210.011508][ T3448] ? ethtool_op_get_link+0xd/0x70 [ 210.016604][ T3448] ethtool_op_get_link+0x15/0x70 [ 210.021597][ T3448] bond_check_dev_link+0x444/0x6c0 [ 210.026774][ T3448] ? __pfx_bond_check_dev_link+0x10/0x10 [ 210.032488][ T3448] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 210.039051][ T3448] bond_mii_monitor+0x428/0x2e00 [ 210.044059][ T3448] ? bond_mii_monitor+0x153/0x2e00 [ 210.049245][ T3448] ? __pfx_bond_mii_monitor+0x10/0x10 [ 210.054683][ T3448] ? __lock_acquire+0xab9/0xd20 [ 210.059604][ T3448] ? process_scheduled_works+0x9ef/0x17b0 [ 210.065390][ T3448] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.070731][ T3448] ? process_scheduled_works+0x9ef/0x17b0 [ 210.076606][ T3448] ? process_scheduled_works+0x9ef/0x17b0 [ 210.082386][ T3448] process_scheduled_works+0xae1/0x17b0 [ 210.088021][ T3448] ? __pfx_process_scheduled_works+0x10/0x10 [ 210.094078][ T3448] worker_thread+0x8a0/0xda0 [ 210.098750][ T3448] kthread+0x70e/0x8a0 [ 210.102878][ T3448] ? __pfx_worker_thread+0x10/0x10 [ 210.108054][ T3448] ? __pfx_kthread+0x10/0x10 [ 210.112736][ T3448] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.118003][ T3448] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.123264][ T3448] ? __pfx_kthread+0x10/0x10 [ 210.127905][ T3448] ret_from_fork+0x3fc/0x770 [ 210.132555][ T3448] ? __pfx_ret_from_fork+0x10/0x10 [ 210.137743][ T3448] ? __switch_to_asm+0x39/0x70 [ 210.142566][ T3448] ? __switch_to_asm+0x33/0x70 [ 210.147376][ T3448] ? __pfx_kthread+0x10/0x10 [ 210.152018][ T3448] ret_from_fork_asm+0x1a/0x30 [ 210.156853][ T3448] [ 210.160268][ T3448] Kernel Offset: disabled [ 210.164628][ T3448] Rebooting in 86400 seconds..