last executing test programs: 4m49.085935562s ago: executing program 32 (id=5692): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 4m46.819308894s ago: executing program 33 (id=5699): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f00000003c0)={0x0, 0x12, 0x1, 'T'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 4m24.823168552s ago: executing program 2 (id=5725): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d0102030109021200010000000009"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000640)={0x2c, &(0x7f0000000540)={0x20, 0x16, 0x1, 'i'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000940)={0x44, &(0x7f00000006c0)={0x0, 0x19}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4m21.62876363s ago: executing program 2 (id=5726): socket$igmp6(0xa, 0x3, 0x2) socket(0x10, 0x803, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 4m21.557443871s ago: executing program 2 (id=5727): openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}}) statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r5, 0x0, 0x1, 0x5}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r5, 0x0, 0x7, 0x1}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r5, 0x0, 0x9, 0x2}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r5, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000}) syz_fuse_handle_req(r0, &(0x7f0000002300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804085eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c272074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee0602d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca36507002b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x130, 0x0, 0x2fc6, {0x1, 0x7, 0x0, '\x00', {0x1, 0xfffffff8, 0x8000, 0x8, r2, r3, 0xa000, '\x00', 0xe, 0xfffffffffffff2e0, 0x5, 0x6, {0x1006, 0xa}, {0x4, 0x6}, {0xa, 0x900}, {0xd, 0xa04}, 0x7, 0x80000c, 0x5, 0x85ce}}}}) write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1}, 0x50) 4m21.215808501s ago: executing program 2 (id=5728): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x0, 0x804}) 4m21.108944421s ago: executing program 2 (id=5729): r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000001c0)={0x5b, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000300)={0x40, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000380)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f0000000340)={0x40, 0x16, 0x1a, "456e3e6ee62336ac00d529a0cb2586fdcc85f2f101d495901df3"}, 0x0, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xde}, 0x0, &(0x7f0000000480)={0x40, 0xa0, 0x4, 0x81}, 0x0}) 4m15.523776199s ago: executing program 2 (id=5731): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$inet6(r0, &(0x7f0000847fff)="82", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0xffffffff, @loopback, 0x467169e2}, 0x1c) recvmmsg(r0, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x40000000, 0x0) 4m15.376676478s ago: executing program 34 (id=5731): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendto$inet6(r0, &(0x7f0000847fff)="82", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0xffffffff, @loopback, 0x467169e2}, 0x1c) recvmmsg(r0, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x40000000, 0x0) 3m7.029292529s ago: executing program 6 (id=5700): r0 = socket$nl_rdma(0x10, 0x3, 0x14) syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) socket$inet6(0xa, 0x80001, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac}, 0x0, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x100000000, 0x8080) ioctl$BLKCRYPTOPREPAREKEY(r2, 0xc040128b, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="cf6b26cc909be13b8c4f451a5f64c09c18925cb7484658ea3453fe3854ffff8193f011019097a216ef77dc15f61c", @ANYRES64=r0], 0x18}, 0x1, 0x0, 0x0, 0x20008045}, 0x48090) 3m6.79575383s ago: executing program 1 (id=5789): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f00000003c0)={0x0, 0x12, 0x1, 'T'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, &(0x7f0000000100)={0x40, 0x12, 0x1, "ec"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000e40)={0x34, &(0x7f0000000cc0)={0x20, 0x9, 0x1, "e6"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000200)={0x40, 0x17, 0x1, '`'}, 0x0, 0x0}) syz_usb_connect$cdc_ncm(0x2, 0x88, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000001c0)={0x20, 0x31}, 0x0, 0x0, 0x0, 0x0, 0x0}) 3m5.899104396s ago: executing program 6 (id=5792): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x0, 0x804}) 3m5.628887793s ago: executing program 6 (id=5794): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x800000000001ff, 0x68a802) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) timer_gettime(0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x3, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @decl_tag={0x1, 0x0, 0x0, 0x11, 0x805, 0x6}]}, {0x0, [0x61]}}, 0x0, 0x53}, 0x28) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300021000000000000000000000000200080008000000040000000400000005000600000000000a00000000000000fe8000000000000000000000000000000000000000000000020001000000000000eaffffff00000005000500000000000a"], 0x80}, 0x1, 0x7}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x12, r2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@struct={0x8, 0x1, 0x0, 0x4, 0x1, 0xfffffff7, [{0x20000004, 0x2, 0x6756}]}, @func={0xe, 0x0, 0x0, 0xc, 0x4}]}, {0x0, [0x30, 0x61, 0x5f, 0x5f, 0x0, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/138, 0x46, 0x8a, 0x1, 0x5}, 0x61) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64d2, &(0x7f0000000100)={0x2, 0x0, 0x1, 0x1, 0x80000001, 0x329f99e5, 0x1}) 3m4.851766935s ago: executing program 6 (id=5795): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) io_setup(0x5be, &(0x7f0000000100)=0x0) io_submit(r6, 0x0, &(0x7f0000001400)) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') r7 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0) ioctl$FITRIM(r7, 0xc0c0586d, &(0x7f0000000000)={0x0, 0x4, 0x4}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = getpid() fcntl$setownex(r8, 0xf, &(0x7f0000000100)={0x2, r9}) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f00000001c0)) io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x8, r5, 0x0, 0x0, 0x8, 0x0, 0x2, r7}]) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x33eb4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pread64(0xffffffffffffffff, 0x0, 0x0, 0x8) 3m4.551939551s ago: executing program 35 (id=5795): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) io_setup(0x5be, &(0x7f0000000100)=0x0) io_submit(r6, 0x0, &(0x7f0000001400)) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') r7 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0) ioctl$FITRIM(r7, 0xc0c0586d, &(0x7f0000000000)={0x0, 0x4, 0x4}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = getpid() fcntl$setownex(r8, 0xf, &(0x7f0000000100)={0x2, r9}) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f00000001c0)) io_submit(r6, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x8, r5, 0x0, 0x0, 0x8, 0x0, 0x2, r7}]) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x33eb4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pread64(0xffffffffffffffff, 0x0, 0x0, 0x8) 3m2.082673696s ago: executing program 1 (id=5801): r0 = socket$inet_udplite(0x2, 0x2, 0x88) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x7, 0x8000001}) r1 = syz_open_dev$sg(&(0x7f00000008c0), 0x0, 0x1) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffd, 0x6, 0x7, @scatter={0x0, 0xf5ff, 0x0}, &(0x7f00000001c0)="a2b2536b0513", 0x0, 0x1, 0x0, 0x0, 0x0}) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000000)) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETSGCNT(r2, 0x89e1, &(0x7f0000000000)={@remote, @private=0xa010100}) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x6a) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x20, 0x4, @loopback, 0xc}, {0xa, 0x4e20, 0x0, @empty, 0x200d}, r5, 0x40099c}}, 0x48) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r6, r7, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) setgid(0xee00) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000080)={'wlan1\x00', {0x2, 0x4000, @empty=0xfe000000}}) 3m1.76776079s ago: executing program 1 (id=5802): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0xfc, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0xcc, 0x2, {{0x9, [0x5, 0x3, 0x3, 0x7, 0xd, 0x1, 0x8, 0x4, 0x7, 0x10, 0x2, 0xd, 0x2, 0x81, 0x7, 0xc], 0x1, [0x9, 0x55b8, 0x40, 0x3e5, 0x8001, 0x933, 0x8, 0x5, 0x1, 0x8001, 0xc7, 0x1, 0x8, 0x8, 0x2, 0x8], [0x0, 0x80, 0x3, 0xdfb4, 0xff, 0x2, 0x0, 0x2, 0x5e2, 0x1000, 0x4, 0x3, 0x6, 0x900, 0x3689, 0x7fc7]}, [@TCA_MQPRIO_MODE={0x6, 0x1, 0x1}, @TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x2}, @TCA_MQPRIO_MIN_RATE64={0x4c, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x6}, {0xc, 0x3, 0x3}, {0xc, 0x3, 0x80}, {0xc, 0x3, 0x1}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x8}]}, @TCA_MQPRIO_SHAPER={0x6, 0x2, 0x1}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x1}]}}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x44800}, 0x40c4816) 3m1.498958512s ago: executing program 1 (id=5804): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x0, 0x804}) 3m1.322696701s ago: executing program 1 (id=5805): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f0000000300)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167e643c4a1b7880610cc96655b1b141ab059b24d0fbc599da0e7151ed9bc4e70f01573e4139455def7cdcb6c348360c63175e066b273fa38e6828544caf211fabe91ef7b46f326d462c8fb1585e9ce9ab1385b05827b938b385ffc0021ecb2f8ad7cf6f2e3b1af4db51e52f2d63faa1a965b503932ce4e347ae69adc12d90f16d34ccc95a27a0359504dc3308cf4a620b76fcdb6a4f354f12741ed8e861438ba636c28c269c3fba2e8a0feb13a61b4b175a7a7676ec21cf17c7b7f0da2dd75cd758c3b399", 0xe0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x18) acct(0xfffffffffffffffe) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) ioctl$EVIOCSABS2F(r2, 0x401845ef, &(0x7f0000000180)={0x100, 0x9, 0x5, 0x9, 0x1, 0x2}) dup(r3) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES64=r5], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1400000010007c0000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000010900020073797a310000000008000a40fffffffc400000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180050001"], 0xa4}}, 0x40) ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r2, 0x4068aea3, &(0x7f0000000100)) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0xf, 0x2, 0x81, '\x00', 0x81}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) socket(0x15, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') socket$nl_route(0x10, 0x3, 0x0) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r7, 0x5453, 0x0) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000fffffffff0e000000000000000380000007000000030000ca75ffffff00000000000000002e00"], &(0x7f0000000040)=""/249, 0x46, 0x8c, 0x6}, 0x20) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r8, r9, 0x0, 0x20000023896) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) 2m57.968156862s ago: executing program 1 (id=5812): socket$nl_route(0x10, 0x3, 0x0) epoll_create1(0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040884}, 0x0) r3 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r5, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0xfffe) pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x95a5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 2m57.702608724s ago: executing program 36 (id=5812): socket$nl_route(0x10, 0x3, 0x0) epoll_create1(0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040884}, 0x0) r3 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r5, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0xfffe) pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x95a5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 2m2.783859833s ago: executing program 7 (id=5977): migrate_pages(0xffffffffffffffff, 0x8, 0x0, 0x0) (fail_nth: 1) 2m2.475783175s ago: executing program 9 (id=5980): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000007540), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000007640)={0x0, 0x0, &(0x7f0000007600)={&(0x7f0000000240)=ANY=[@ANYBLOB="b1936ac5482576be8764c980247effff0000", @ANYRES16=r1, @ANYBLOB="01002abd7000fcdbdf251200000008000600010000001800018014000200766574683100"/46], 0x34}}, 0x4000854) r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0xcf4, &(0x7f0000000040)={0x0, 0xc8a4, 0xc000, 0x3, 0x160}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) syz_usb_control_io$sierra_net(r2, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00e3430000006379302b8c306325839a47dee487cd48c981258c50685b794926a59681b60330eb512eaa8ee88b10b82e5366807f14b9cebbcaf7546e7617f8873200c4e32c6b00"/90], 0x0, 0x0}) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000b80)={0x2c, &(0x7f0000000180)={0x40, 0x12, 0xba, "cca5f6b27a793035898f1f473c42dc2f7868cf6682f6557e67e314aa5557f9e09162ae11b5523a9f0a94c4f689fdbf8b9d227fced91532836a76e810f1d98154aa86bdd7cc7b8242884a75f983dde8c200ce1649a4e6b085ea7619d616a06d6d19659b8faf98628c0ab5c7fca1056c5f34f0ada2a47b6022f9ec057ed669429b7f9e44ed1dfaa2cd51d83a81678c92ebc0a58a49f05eeee336a34cbae5bb112ce378cba605e178f340dfd263ca9772624504bb58203955d9f4a4"}, 0x0, 0x0, 0x0, 0x0}) 2m2.23200494s ago: executing program 7 (id=5981): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_audit(0x10, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="09090000000000000000010000d02200000008410000000900180000006062"], 0x68}}, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d5, 0x0) 2m1.756009309s ago: executing program 7 (id=5984): syz_usb_connect$cdc_ncm(0x2, 0x75, &(0x7f0000001a00)=ANY=[@ANYBLOB="12010002020000102505a1a4400001020301090260f5fc605063000201"], 0x0) 2m0.538000428s ago: executing program 9 (id=5993): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000014c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000fc0)={0x2c, &(0x7f0000000dc0)={0x40, 0x10}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 2m0.502322871s ago: executing program 7 (id=5994): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(0x0, 0x9) pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x0, 0x804}) 2m0.350425097s ago: executing program 7 (id=5995): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0) sendmsg$TIPC_CMD_SHOW_STATS(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x10, 0x70bd27, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000084}, 0x40000) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="17ebf1aa6fe85b50806500f3", @ANYRESHEX=r0, @ANYBLOB="010000000000fedbdf25030000008000018038000400200001000a0000000000000000000000000000000000000000000001000000001400020002004e237f00000100000000000000004400028008000300090000000800030009000000080004000200000008000300050000000800040008000000080004000700000008000200af0600000800040000000000"], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1m59.426986603s ago: executing program 7 (id=6000): socket$nl_generic(0x10, 0x3, 0x10) socket$igmp6(0xa, 0x3, 0x2) socket(0x10, 0x803, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1m58.390728262s ago: executing program 37 (id=6000): socket$nl_generic(0x10, 0x3, 0x10) socket$igmp6(0xa, 0x3, 0x2) socket(0x10, 0x803, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1m57.240372426s ago: executing program 9 (id=6008): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1b, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000a4000000040000000000000095"], &(0x7f0000001080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001c40)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000007126000000000000bf670000000000005601000000ff07ad67060000020000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000160400000400f9ffad3001000000000084000000000000004500000001f0ffff95000000000000006e8ad524a56601a5585b7351ca1136aef2e9407e5c2501d11900db85604036883647b1fb3f1403b816f511c8c56e56e40b01005505f8a89dae4293b10f3631b25fc9f189084c7fddccff01361d355f6cce8ec2abcdf1bc9040daef2cfa2046e2091e269f4734ffa55eb2d4e8de20b38c8808b365b46bd54c68cd30139a8c3827a7dd6d6e2b5fea3906f8456b0000000000ff07efffffff0047018ae79db613d2aec070f718ab629b4975320dd7a7da532281fd22c7b835005bf52715396669836db6000000005b4f0591ee7c8cd263dd172b28d01c4d8d4fee81e3cdd5daf2cdad3d1a74a2f078aa6402483856a6e494408d0b33047f06aec2cc590df28efc7dbec6857db922195a271af103f03e1155197e067b2ebf4e2dae060959c9639564f000fc3cdd05a1575c91cf5ba8b2db403681ee48f5287123a0d246c0c4c00fe979dbc09ed4db22d7172adc6ae8faa5f9ad188e07000000000000008d88a0b4684559d46cae41db1b914e93f1f8000000000000000000e33de432e488ad0e724c2d14a1e770e116984a5700afb8a1f3d47277ef0e33e7e00ec5f74e10937ba0e321346977b7d1b18013f509675b5b0f352e30dffda780e95c301f4fc7d5a76475ace6b128b02bfd71023daffdf748a6bd356fcba6ec96373d1101000736ac0bbcb5f4836bddfe8bf46308000000ade9e59fcf271bb98bd0b8b5216b858b414c31682f9f3db2e4d8e5898e445fe55ac56c0d642986f8bbc7340bc6393f774318c9fc9b05788de2c6e601b50777e8dff581de1d5ae3d801ead7eba31126e2172fa1eadf5f3bec81004d00000000c8e4692e051c731f9ac766b7fd66278d40f0760f23e8c7d1f47cd8e02504e85e152955ad8acd989c0b2eea71414f533f5685c3904bfe1d0011ffc1ba5398f3d6812467c1a4186edd036f15bf847c50f79e1a0ad3d2b5080ecb0148e2b86177869884ae62420c9f1b534e969fce97ffff070000000000dbbfe0ed7c5853a665c0805752dca0e571d75cac5a5d8e4f6e05055b6dec5a9a5696f053a92d81fd9e5f2b9dbbe24f38e745b5a95d45003d0600e413dc623f3e6b096c8b0ad7438c6631388892c55b0671140afbfb83bba415f729fea4c8a8a86189dceedad84cdd17c46bdd847a1f4b0facd3744f5bbb06abb319204fca4bcd4297fe7b4cee75abf43e14fe861224799c0f12702964fc890a176fdafa2c9387280b5693c000c0304cece48642649375dae0b7979b229f708a97349e96e783af9a23cd3980a2c29d3d62875e5319cd51bdd224878a0b25edf0e83c930633bd9a0c3e28f359608ea326c77a1aa17318f392a0ec6c188916f452533d4327feccfd68ec8278a90252693fb133c4615801077e1d75420017c03990b855fe481a20b4919bb11c6d737b6545ef140a0fc339bb53953662f1454f9852e7c4e17eb8668f076c659f56d6c7f97a96d6cdf45cfe88b30c170000000001000000effbf33bd1becb0de0a080931f137967de563c29d81aacb3d48226a4e4b6670900000000000000fa68bff3693afc44db223f2be09295e4a8da03d23b48bb38b31a14ffcddd92c38f6b6d86a0e5ed47a82bad5d2a6dce4c4d353261260c9d7a6bd9f2c872c4172a3d2ac80dfb718cc159e6423065624f130000000000000000000000000000000000000000002a37163e8d7ef2f3c58d045f0700000094029acbe333aebd10f2118fbfeda3fa5500d52cd5241588d2b68a332edfef6d701c8936a25d68b841f982511392cc0d3a78616f8ce0f2877d099258bf85866d0ee7f803fa50fd41ef62b028d12028a7b497d92f544523290f520b0d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @sched_cls}, 0x43) r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0xfffffffc, 0xb, 0x0, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"}) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000080)={0x4, 0x80d, 0x9, 0x2007, 0x1b, "0316d2a2478294f3902707f67f047714a77a00"}) ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0x7) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000001180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000240)={0x2, 0x0, 0x80000004, 0x6, 0x0, "7f1227f7adf97affe4ffff7d1800"}) pipe2$watch_queue(&(0x7f0000000140), 0x80) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000006c0)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) ioctl(r6, 0xfffff000, &(0x7f0000000000)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x110, &(0x7f0000000080)=0x3, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r7, 0xffffffffffffffff, 0x0) r8 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000000)='\xc6o\n/\xc2\xaeG\x1cP\'\xac\x1fGC\x15\x99\xa4\x1d9+\xac\x9a\x1f\'\x8c\"\xab\xb4wA`Oa\x17\x8f\xf7X\xabx\xcd\xf1\xf3T\xae\xd2QZu\xea\x15\xb09w\xe6\xc8K\f\xb2\xf0\x83\xe5\xb1)\xbb\xa8\xf9\xae\xb5\xa8t\xc3\x84\xb0[+\xa2\xad\xb0\x06\x8f\xb9hd\xcbv&x\b%\x86L\xf9Od\r s\xf8f\xb0\xe2N\xa9\x87\xfd\xb5\xc9E\xeb\xbe\xe6t\xdf\xe4\x0eH\xe8\\\x91\x15\xbd\xd6\x7fse\vYV\x85\xc6\xf6\x95\xa8q') syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080600060500060400000180c20000007f0000010180c20000006401c47a"], 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r8, 0xc0287c02, &(0x7f0000001100)={0x80000000, &(0x7f0000000680), &(0x7f0000001180)=[{}, {{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r8, 0xc0287c02, &(0x7f0000001200)={r9, 0x0, &(0x7f0000001240)}) r10 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x2c, &(0x7f00000010c0)=[@in6={0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, @in={0x2, 0x4e20, @broadcast}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r10, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) 1m55.003687635s ago: executing program 9 (id=6015): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x9) pipe2(0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x0, 0x804}) 1m54.901955223s ago: executing program 9 (id=6017): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000014c0)=ANY=[@ANYBLOB="00000100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000fc0)={0x2c, &(0x7f0000000dc0)={0x40, 0x10}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 1m53.654196968s ago: executing program 9 (id=6024): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000096ca077900"/20, @ANYRES32=0x0, @ANYBLOB="0000000008290400240012800b000100697036746e6c000014000280060012"], 0x44}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4000000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@delneigh={0x24, 0x1a, 0x1, 0x0, 0xffffeffd, {0xa, 0x0, 0x0, 0x0, 0x0, 0x99}, [@NDA_PORT={0x6, 0x6, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0xd0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r4, r3, 0x0, 0x100000002) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES32=r4, @ANYRES16=r0, @ANYRES8=r0, @ANYRES64=r3, @ANYRES8=r2], 0x7c}}, 0x4000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000f00)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fbdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="1c002d800a"], 0x38}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x60, 0x19, 0xa, 0x101, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x91}, 0x4008840) 1m53.327788505s ago: executing program 38 (id=6024): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000096ca077900"/20, @ANYRES32=0x0, @ANYBLOB="0000000008290400240012800b000100697036746e6c000014000280060012"], 0x44}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4000000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@delneigh={0x24, 0x1a, 0x1, 0x0, 0xffffeffd, {0xa, 0x0, 0x0, 0x0, 0x0, 0x99}, [@NDA_PORT={0x6, 0x6, 0x4e20}]}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0xd0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r4, r3, 0x0, 0x100000002) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES32=r4, @ANYRES16=r0, @ANYRES8=r0, @ANYRES64=r3, @ANYRES8=r2], 0x7c}}, 0x4000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000f00)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fbdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="1c002d800a"], 0x38}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x60, 0x19, 0xa, 0x101, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x91}, 0x4008840) 20.200984355s ago: executing program 0 (id=6338): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000017c0)={0x114, 0x2f, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0x1000000fac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x44, 0x0, 0x0, @uid}, @nested={0xd5, 0x66, 0x0, 0x1, [@nested={0x24, 0x132, 0x0, 0x1, [@typed={0x8, 0x141, 0x0, 0x0, @u32=0xb2}, @typed={0x8, 0xca, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @typed={0x8, 0x13d, 0x0, 0x0, @u32=0xfffffffc}, @nested={0x4, 0xc5}, @nested={0x4, 0x8a}]}, @nested={0x8, 0xa1, 0x0, 0x1, [@nested={0x4, 0xb}]}, @generic="c073bf8f025953f538087c2947af34d793a12e66cd988ba2df542272ddf8f3b0634ff9883b7914bc9c92aafa8bb7b0c0552ff62f4a9716d08229fbc0558c09235f84d6771d08666d8b337ac75c741e4e77f4a9bc443c6a07af22469f8689554aa0e81e897ed6146a5b6cb1adf5cecbe76fb27a1c2610d17b8d3c80cfe639ce824597e338c1bb6a7d118257e8e8ac7e1f1c03054e4ec9bce7dfd5f3620229ab929fb9ebb565"]}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 19.839787414s ago: executing program 0 (id=6345): syz_emit_ethernet(0x0, 0x0, 0x0) socket(0x10, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 17.259731117s ago: executing program 0 (id=6357): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xbe, &(0x7f0000000280)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @loopback, @rand_addr=0x640100fe, {[@cipso={0x86, 0x78, 0xffffffffffffffff, [{0x0, 0xc, "0800b28c590300000052"}, {0x5, 0x9, "020007651442eb"}, {0x0, 0x12, "7434954373561d0785b703c85daf643b"}, {0x0, 0x9, "e706d30bd224f8"}, {0x2, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x6, 0xa, "0000000000800000"}, {0x7, 0x12, "73bc23f9ffffffa30900a301c8460000"}, {0x0, 0xf, "c8f46976e79ea788f03d9d3205"}]}, @cipso={0x86, 0x6, 0x20}]}}}}}}}, 0x0) 17.251413507s ago: executing program 0 (id=6358): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newqdisc={0x54, 0x24, 0xe0b, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x24, 0x2, {{0x1ff, 0x6, 0xfffffffd, 0x0, 0xa57, 0x32d}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}]}}}]}, 0x54}}, 0x0) sendto$packet(r0, &(0x7f0000000580)="44c394f305916c4516999da20800", 0xe, 0x0, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x6}}, 0x14) 16.023813711s ago: executing program 0 (id=6362): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)={0x14, 0x26, 0x9, 0x80004, 0x80, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x4000000) 15.735807111s ago: executing program 0 (id=6368): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000200), 0x12) bind$x25(r0, &(0x7f0000000080), 0x12) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GFACILITIES(r3, 0x89e2, &(0x7f0000000000)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="7c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000003c00198008000100400200000800020081040000080002000401000008000100080000000800010040010000080001000000000008000200200f0000080003"], 0x7c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'bridge0\x00'}) write$rfkill(r2, &(0x7f0000000080)={0x1100, 0x0, 0x3, 0x1}, 0x8) 2.878217411s ago: executing program 8 (id=6526): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="30003300c0000000ffffffffffff08021100000050"], 0x54}}, 0x0) 2.693824449s ago: executing program 3 (id=6531): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="240000005800410f9c00f4f90085b3a85c91fddf080001000501009f0800028001000000", 0x24) 1.384871286s ago: executing program 8 (id=6535): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0xc000) 1.244867453s ago: executing program 8 (id=6539): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.184728027s ago: executing program 5 (id=6540): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1}, 0x0) 1.154782684s ago: executing program 4 (id=6541): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, 0x0, 0x0) sendmmsg$sock(r0, &(0x7f0000000480)=[{{&(0x7f0000000080)=@phonet={0x23, 0x6e, 0x0, 0x7}, 0x80, 0x0}}, {{&(0x7f0000000100)=@phonet={0x23, 0x4, 0xce, 0x5}, 0x80, 0x0, 0x0, &(0x7f0000000680)=[@mark={{0x14, 0x1, 0x24, 0x8}}, @mark={{0x14, 0x1, 0x24, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x42}}], 0x60}}], 0x2, 0x0) 931.842988ms ago: executing program 3 (id=6542): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, 0x0) 931.535073ms ago: executing program 5 (id=6543): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r4 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x80) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2d, 0x25dfdafd, {0x0, 0x0, 0x0, 0x0, {0xc, 0xe}, {0x0, 0xfff1}, {0x3, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) 931.357499ms ago: executing program 8 (id=6544): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x84, 0x10, 0x401, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x5c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4c, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x40, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x400}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffffa}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x10000, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x3}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x3}]}}}, @IFLA_LINK={0x8}]}, 0x84}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000000) 911.576632ms ago: executing program 4 (id=6545): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008}, 0x0) r1 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 783.508916ms ago: executing program 3 (id=6546): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="30003300c0000000ffffffffffff08021100000050"], 0x54}}, 0x0) 775.873132ms ago: executing program 8 (id=6547): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 634.57484ms ago: executing program 39 (id=6368): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000200), 0x12) bind$x25(r0, &(0x7f0000000080), 0x12) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GFACILITIES(r3, 0x89e2, &(0x7f0000000000)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="7c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000003c00198008000100400200000800020081040000080002000401000008000100080000000800010040010000080001000000000008000200200f0000080003"], 0x7c}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'bridge0\x00'}) write$rfkill(r2, &(0x7f0000000080)={0x1100, 0x0, 0x3, 0x1}, 0x8) 622.613232ms ago: executing program 3 (id=6549): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) 605.196329ms ago: executing program 4 (id=6550): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x1c, 0x43, 0x107, 0xfffffffe, 0x25dfdbfc, {0x3, 0x7c}, [@nested={0x4, 0x145}, @nested={0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) 604.411068ms ago: executing program 5 (id=6551): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d103000008000340000000012c0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a310000"], 0x4ec}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 457.30785ms ago: executing program 8 (id=6552): bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018b4c1a4", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x39, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) close(r4) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r4, 0x40047451, &(0x7f0000000180)) 456.632188ms ago: executing program 3 (id=6553): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040091}, 0x800) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept4(0xffffffffffffffff, &(0x7f0000000380)=@alg, &(0x7f00000000c0)=0x8b, 0x80000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x3c}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) sendmsg$nl_route_sched(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000001c0)=@delchain={0x24, 0x65, 0x400, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0x4}, {0x0, 0xa}, {0x4, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x400c881}, 0x880) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x5206, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff], 0x0, 0x41901}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 456.441711ms ago: executing program 4 (id=6554): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1}, 0x0) 354.879268ms ago: executing program 5 (id=6555): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5) sendto$inet6(r0, &(0x7f0000000580)='\a', 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x6}, 0x1c) shutdown(r0, 0x1) 259.873973ms ago: executing program 4 (id=6556): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, 0x0) 209.840474ms ago: executing program 4 (id=6557): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) personality(0x4000000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_type(r1, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r2, &(0x7f0000000280), 0x9) r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000c40), 0x12) r4 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r5, 0x0, 0x1, 0x5) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12) 184.078111ms ago: executing program 5 (id=6558): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0xc) sendmmsg(r0, 0x0, 0x0, 0xc040) 52.590785ms ago: executing program 5 (id=6559): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008}, 0x0) r1 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 0s ago: executing program 3 (id=6560): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000640)) kernel console output (not intermixed with test programs): .865592][T22386] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1056.868698][T22386] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1056.868725][T22386] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1056.868743][T22386] usb 1-1: Product: syz [ 1056.868757][T22386] usb 1-1: Manufacturer: syz [ 1056.868770][T22386] usb 1-1: SerialNumber: syz [ 1056.874474][T22386] usb 1-1: config 0 descriptor?? [ 1056.971263][T22386] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 1057.097039][T22386] snd_usb_toneport 1-1:0.0: cannot get proper max packet size [ 1057.097360][T22386] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 1057.101689][T22386] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 1057.328049][T23942] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5910'. [ 1057.392673][ T5792] usb 1-1: USB disconnect, device number 34 [ 1057.533986][T23969] FAULT_INJECTION: forcing a failure. [ 1057.533986][T23969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1057.534018][T23969] CPU: 0 UID: 0 PID: 23969 Comm: syz.9.5914 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1057.534039][T23969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1057.534049][T23969] Call Trace: [ 1057.534056][T23969] [ 1057.534064][T23969] dump_stack_lvl+0x189/0x250 [ 1057.534091][T23969] ? __pfx____ratelimit+0x10/0x10 [ 1057.534125][T23969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1057.534145][T23969] ? __pfx__printk+0x10/0x10 [ 1057.534166][T23969] ? __might_fault+0xb0/0x130 [ 1057.534197][T23969] should_fail_ex+0x46c/0x600 [ 1057.534227][T23969] _copy_from_user+0x2d/0xb0 [ 1057.534248][T23969] ___sys_recvmsg+0x12e/0x510 [ 1057.534275][T23969] ? __pfx____sys_recvmsg+0x10/0x10 [ 1057.534321][T23969] ? __fget_files+0x3a6/0x420 [ 1057.534351][T23969] do_recvmmsg+0x30d/0x770 [ 1057.534379][T23969] ? __pfx_do_recvmmsg+0x10/0x10 [ 1057.534398][T23969] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1057.534421][T23969] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1057.534453][T23969] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1057.534488][T23969] __x64_sys_recvmmsg+0x190/0x240 [ 1057.534512][T23969] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1057.534538][T23969] ? do_syscall_64+0xbe/0xfa0 [ 1057.534563][T23969] do_syscall_64+0xfa/0xfa0 [ 1057.534582][T23969] ? lockdep_hardirqs_on+0x9c/0x150 [ 1057.534601][T23969] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1057.534617][T23969] ? clear_bhb_loop+0x60/0xb0 [ 1057.534636][T23969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1057.534652][T23969] RIP: 0033:0x7fdaaf5fefc9 [ 1057.534668][T23969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1057.534685][T23969] RSP: 002b:00007fdaad85e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1057.534705][T23969] RAX: ffffffffffffffda RBX: 00007fdaaf855fa0 RCX: 00007fdaaf5fefc9 [ 1057.534718][T23969] RDX: 0000000000000001 RSI: 0000200000001100 RDI: 0000000000000004 [ 1057.534731][T23969] RBP: 00007fdaad85e090 R08: 0000000000000000 R09: 0000000000000000 [ 1057.534742][T23969] R10: 0000000000010003 R11: 0000000000000246 R12: 0000000000000001 [ 1057.534754][T23969] R13: 00007fdaaf856038 R14: 00007fdaaf855fa0 R15: 00007ffe8b325ca8 [ 1057.534785][T23969] [ 1057.794385][T23976] netlink: 'syz.9.5916': attribute type 2 has an invalid length. [ 1058.053007][ T9550] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1058.193809][T22386] usb 9-1: USB disconnect, device number 3 [ 1058.208956][ T9550] usb 10-1: device descriptor read/64, error -71 [ 1058.347569][ T5912] usb 8-1: USB disconnect, device number 25 [ 1058.443033][ T9550] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1058.581139][T23993] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5919'. [ 1058.581166][T23993] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5919'. [ 1058.597441][ T9550] usb 10-1: device descriptor read/64, error -71 [ 1058.715741][ T9550] usb usb10-port1: attempt power cycle [ 1059.055225][T24006] FAULT_INJECTION: forcing a failure. [ 1059.055225][T24006] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1059.055258][T24006] CPU: 0 UID: 0 PID: 24006 Comm: syz.0.5923 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1059.055279][T24006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1059.055291][T24006] Call Trace: [ 1059.055299][T24006] [ 1059.055307][T24006] dump_stack_lvl+0x189/0x250 [ 1059.055333][T24006] ? __pfx____ratelimit+0x10/0x10 [ 1059.055355][T24006] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1059.055375][T24006] ? __pfx__printk+0x10/0x10 [ 1059.055397][T24006] ? __might_fault+0xb0/0x130 [ 1059.055428][T24006] should_fail_ex+0x46c/0x600 [ 1059.055456][T24006] _copy_from_user+0x2d/0xb0 [ 1059.055476][T24006] do_sock_getsockopt+0x17d/0x450 [ 1059.055500][T24006] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1059.055519][T24006] ? do_syscall_64+0xa0/0xfa0 [ 1059.055540][T24006] ? __fget_files+0x2a/0x420 [ 1059.055558][T24006] ? __fget_files+0x3a6/0x420 [ 1059.055575][T24006] ? __fget_files+0x2a/0x420 [ 1059.055601][T24006] __x64_sys_getsockopt+0x1ab/0x250 [ 1059.055620][T24006] ? do_syscall_64+0xa0/0xfa0 [ 1059.055641][T24006] ? do_syscall_64+0xa0/0xfa0 [ 1059.055666][T24006] do_syscall_64+0xfa/0xfa0 [ 1059.055685][T24006] ? lockdep_hardirqs_on+0x9c/0x150 [ 1059.055705][T24006] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1059.055722][T24006] ? clear_bhb_loop+0x60/0xb0 [ 1059.055743][T24006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1059.055759][T24006] RIP: 0033:0x7f3b3ac4efc9 [ 1059.055776][T24006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1059.055791][T24006] RSP: 002b:00007f3b38eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1059.055811][T24006] RAX: ffffffffffffffda RBX: 00007f3b3aea5fa0 RCX: 00007f3b3ac4efc9 [ 1059.055825][T24006] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 1059.055836][T24006] RBP: 00007f3b38eae090 R08: 0000200000000140 R09: 0000000000000000 [ 1059.055848][T24006] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001 [ 1059.055860][T24006] R13: 00007f3b3aea6038 R14: 00007f3b3aea5fa0 R15: 00007ffc9845bd78 [ 1059.055892][T24006] [ 1059.183041][ T9550] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1059.203838][ T9550] usb 10-1: device descriptor read/8, error -71 [ 1059.443672][ T9550] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1059.474960][ T9550] usb 10-1: device descriptor read/8, error -71 [ 1059.584661][ T9550] usb usb10-port1: unable to enumerate USB device [ 1059.943149][ T5912] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 1060.113185][ T5912] usb 8-1: device descriptor read/64, error -71 [ 1060.275660][T22386] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1060.353219][ T5912] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 1060.433024][T22386] usb 1-1: Using ep0 maxpacket: 32 [ 1060.435610][T22386] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1060.435640][T22386] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1060.437863][T22386] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1060.437897][T22386] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 1060.437915][T22386] usb 1-1: Product: syz [ 1060.437927][T22386] usb 1-1: Manufacturer: syz [ 1060.483252][ T5912] usb 8-1: device descriptor read/64, error -71 [ 1060.510585][T22386] hub 1-1:4.0: USB hub found [ 1060.593574][ T5912] usb usb8-port1: attempt power cycle [ 1060.713072][T22386] hub 1-1:4.0: config failed, can't read hub descriptor (err -22) [ 1060.774284][T22386] usb 1-1: USB disconnect, device number 35 [ 1060.933192][ T5912] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 1060.953906][ T5912] usb 8-1: device descriptor read/8, error -71 [ 1061.088699][T24056] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5935'. [ 1061.195561][ T5912] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 1061.226754][ T5912] usb 8-1: device descriptor read/8, error -71 [ 1061.335353][ T5912] usb usb8-port1: unable to enumerate USB device [ 1062.273520][T22386] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 1062.425354][T22386] usb 9-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1062.425383][T22386] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1062.464234][T22386] usb 9-1: config 0 descriptor?? [ 1062.840848][T24101] FAULT_INJECTION: forcing a failure. [ 1062.840848][T24101] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1062.840882][T24101] CPU: 1 UID: 0 PID: 24101 Comm: syz.0.5942 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1062.840903][T24101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1062.840915][T24101] Call Trace: [ 1062.840922][T24101] [ 1062.840930][T24101] dump_stack_lvl+0x189/0x250 [ 1062.840957][T24101] ? __pfx____ratelimit+0x10/0x10 [ 1062.840980][T24101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1062.841000][T24101] ? __pfx__printk+0x10/0x10 [ 1062.841022][T24101] ? __might_fault+0xb0/0x130 [ 1062.841052][T24101] should_fail_ex+0x46c/0x600 [ 1062.841081][T24101] _copy_from_user+0x2d/0xb0 [ 1062.841107][T24101] ___sys_sendmsg+0x158/0x2a0 [ 1062.841133][T24101] ? __pfx____sys_sendmsg+0x10/0x10 [ 1062.841194][T24101] ? __fget_files+0x2a/0x420 [ 1062.841213][T24101] ? __fget_files+0x3a6/0x420 [ 1062.841241][T24101] __x64_sys_sendmsg+0x1a1/0x260 [ 1062.841265][T24101] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1062.841295][T24101] ? __pfx_ksys_write+0x10/0x10 [ 1062.841317][T24101] ? do_syscall_64+0xbe/0xfa0 [ 1062.841343][T24101] do_syscall_64+0xfa/0xfa0 [ 1062.841362][T24101] ? lockdep_hardirqs_on+0x9c/0x150 [ 1062.841384][T24101] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.841401][T24101] ? clear_bhb_loop+0x60/0xb0 [ 1062.841430][T24101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.841448][T24101] RIP: 0033:0x7f3b3ac4efc9 [ 1062.841465][T24101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1062.841481][T24101] RSP: 002b:00007f3b38eae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1062.841501][T24101] RAX: ffffffffffffffda RBX: 00007f3b3aea5fa0 RCX: 00007f3b3ac4efc9 [ 1062.841515][T24101] RDX: 0000000004000000 RSI: 0000200000000440 RDI: 0000000000000004 [ 1062.841528][T24101] RBP: 00007f3b38eae090 R08: 0000000000000000 R09: 0000000000000000 [ 1062.841540][T24101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1062.841551][T24101] R13: 00007f3b3aea6038 R14: 00007f3b3aea5fa0 R15: 00007ffc9845bd78 [ 1062.841582][T24101] [ 1063.387590][T18001] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 1063.553129][T18001] usb 8-1: Using ep0 maxpacket: 8 [ 1063.571241][T18001] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1063.571302][T18001] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1063.571361][T18001] usb 8-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1063.571381][T18001] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1063.580916][T18001] usb 8-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1063.581005][T18001] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.581024][T18001] usb 8-1: Product: syz [ 1063.581038][T18001] usb 8-1: Manufacturer: syz [ 1063.581052][T18001] usb 8-1: SerialNumber: syz [ 1063.606922][T18001] usb 8-1: config 0 descriptor?? [ 1063.730521][T18001] snd_usb_toneport 8-1:0.0: Line 6 TonePort UX2 found [ 1063.878923][T18001] snd_usb_toneport 8-1:0.0: cannot get proper max packet size [ 1063.880331][T18001] snd_usb_toneport 8-1:0.0: Line 6 TonePort UX2 now disconnected [ 1063.888965][T18001] snd_usb_toneport 8-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 1063.981882][T24128] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5948'. [ 1063.981906][T24128] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5948'. [ 1064.026744][T24128] netlink: 'syz.9.5948': attribute type 4 has an invalid length. [ 1064.071622][T24104] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5943'. [ 1064.107461][ T5912] usb 8-1: USB disconnect, device number 30 [ 1064.111325][T24128] netlink: 'syz.9.5948': attribute type 4 has an invalid length. [ 1064.823081][ T5869] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1064.847936][T22386] pegasus 9-1:0.0: setup Pegasus II specific registers [ 1064.933141][T18001] usb 10-1: new full-speed USB device number 8 using dummy_hcd [ 1064.973010][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 1064.975544][ T5869] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 1064.975570][ T5869] usb 1-1: config 0 has no interface number 0 [ 1064.980020][ T5869] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1064.980054][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1064.980073][ T5869] usb 1-1: Product: syz [ 1064.980086][ T5869] usb 1-1: Manufacturer: syz [ 1064.980099][ T5869] usb 1-1: SerialNumber: syz [ 1065.046873][ T5869] usb 1-1: config 0 descriptor?? [ 1065.059987][ T5869] smsc95xx v2.0.0 [ 1065.153106][T18001] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1065.153135][T18001] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1065.153153][T18001] usb 10-1: Product: syz [ 1065.153177][T18001] usb 10-1: Manufacturer: syz [ 1065.153190][T18001] usb 10-1: SerialNumber: syz [ 1065.190792][T18001] usb 10-1: config 0 descriptor?? [ 1065.411609][T18001] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1065.492652][ T5869] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1065.492680][ T5869] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1065.533176][T17682] usb 8-1: new full-speed USB device number 31 using dummy_hcd [ 1065.686640][T17682] usb 8-1: not running at top speed; connect to a high speed hub [ 1065.701421][T17682] usb 8-1: config index 0 descriptor too short (expected 62816, got 99) [ 1065.701446][T17682] usb 8-1: config 96 has too many interfaces: 252, using maximum allowed: 32 [ 1065.701464][T17682] usb 8-1: config 96 has an invalid descriptor of length 0, skipping remainder of the config [ 1065.701482][T17682] usb 8-1: config 96 has 0 interfaces, different from the descriptor's value: 252 [ 1065.747352][T17682] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1065.747382][T17682] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1065.748002][T17682] usb 8-1: Product: syz [ 1065.748014][T17682] usb 8-1: Manufacturer: syz [ 1065.748649][T17682] usb 8-1: SerialNumber: syz [ 1065.927022][T22386] pegasus 9-1:0.0: can't locate MII phy, using default [ 1066.031464][T22386] pegasus 9-1:0.0: eth21, ELECOM USB Ethernet LD-USB20, 8a:14:b2:e7:6f:c4 [ 1066.126435][T17682] usb 8-1: USB disconnect, device number 31 [ 1066.160358][T22386] usb 9-1: USB disconnect, device number 4 [ 1066.316870][ T5869] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 1066.317185][ T5869] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61 [ 1066.844479][T17666] Bluetooth: hci4: command 0x0406 tx timeout [ 1066.844517][T17666] Bluetooth: hci2: command 0x0406 tx timeout [ 1066.974923][T22386] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 1067.123125][T22386] usb 9-1: Using ep0 maxpacket: 16 [ 1067.141928][T22386] usb 9-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1067.142009][T22386] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.187614][T22386] usb 9-1: config 0 descriptor?? [ 1067.208236][T22386] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1067.248040][T18001] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1067.285967][T18001] usb 10-1: USB disconnect, device number 8 [ 1067.630311][T18001] usb 1-1: USB disconnect, device number 36 [ 1069.303053][T18001] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 1069.443116][T18001] usb 8-1: device descriptor read/64, error -71 [ 1069.487707][T24226] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5968'. [ 1069.683036][T18001] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 1069.693049][ T5792] usb 10-1: new full-speed USB device number 9 using dummy_hcd [ 1069.812995][T18001] usb 8-1: device descriptor read/64, error -71 [ 1069.823238][ T5792] usb 10-1: device descriptor read/64, error -71 [ 1069.923452][T18001] usb usb8-port1: attempt power cycle [ 1070.073447][ T5792] usb 10-1: new full-speed USB device number 10 using dummy_hcd [ 1070.100072][T22386] usb 9-1: USB disconnect, device number 5 [ 1070.213487][ T5792] usb 10-1: device descriptor read/64, error -71 [ 1070.275799][T18001] usb 8-1: new high-speed USB device number 34 using dummy_hcd [ 1070.293846][T18001] usb 8-1: device descriptor read/8, error -71 [ 1070.326979][ T5792] usb usb10-port1: attempt power cycle [ 1070.529065][T22386] usb 9-1: new full-speed USB device number 6 using dummy_hcd [ 1070.554098][T18001] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 1070.583884][T18001] usb 8-1: device descriptor read/8, error -71 [ 1070.694567][T18001] usb usb8-port1: unable to enumerate USB device [ 1070.724945][T22386] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1070.724974][T22386] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1070.724993][T22386] usb 9-1: Product: syz [ 1070.725006][T22386] usb 9-1: Manufacturer: syz [ 1070.725020][T22386] usb 9-1: SerialNumber: syz [ 1070.751388][ T5792] usb 10-1: new full-speed USB device number 11 using dummy_hcd [ 1070.785452][T22386] usb 9-1: config 0 descriptor?? [ 1070.838631][ T5792] usb 10-1: device descriptor read/8, error -71 [ 1071.046308][T22386] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1071.073112][ T5792] usb 10-1: new full-speed USB device number 12 using dummy_hcd [ 1071.094167][ T5792] usb 10-1: device descriptor read/8, error -71 [ 1071.203441][ T5792] usb usb10-port1: unable to enumerate USB device [ 1072.296870][T24271] FAULT_INJECTION: forcing a failure. [ 1072.296870][T24271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1072.296902][T24271] CPU: 0 UID: 0 PID: 24271 Comm: syz.7.5977 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1072.296925][T24271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1072.296937][T24271] Call Trace: [ 1072.296945][T24271] [ 1072.296952][T24271] dump_stack_lvl+0x189/0x250 [ 1072.296978][T24271] ? __pfx____ratelimit+0x10/0x10 [ 1072.297000][T24271] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1072.297021][T24271] ? __pfx__printk+0x10/0x10 [ 1072.297057][T24271] should_fail_ex+0x46c/0x600 [ 1072.297085][T24271] _copy_to_user+0x31/0xb0 [ 1072.297109][T24271] simple_read_from_buffer+0xe1/0x170 [ 1072.297133][T24271] proc_fail_nth_read+0x1b6/0x220 [ 1072.297191][T24271] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1072.297214][T24271] ? rw_verify_area+0x2ac/0x4e0 [ 1072.297237][T24271] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1072.297261][T24271] vfs_read+0x206/0xa30 [ 1072.297291][T24271] ? __pfx_vfs_read+0x10/0x10 [ 1072.297312][T24271] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1072.297340][T24271] ? mutex_lock_nested+0x154/0x1d0 [ 1072.297356][T24271] ? fdget_pos+0x253/0x320 [ 1072.297385][T24271] ksys_read+0x14b/0x260 [ 1072.297404][T24271] ? __pfx_ksys_read+0x10/0x10 [ 1072.297423][T24271] ? do_syscall_64+0xbe/0xfa0 [ 1072.297448][T24271] do_syscall_64+0xfa/0xfa0 [ 1072.297466][T24271] ? lockdep_hardirqs_on+0x9c/0x150 [ 1072.297487][T24271] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.297504][T24271] ? clear_bhb_loop+0x60/0xb0 [ 1072.297526][T24271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.297541][T24271] RIP: 0033:0x7f0ba37cd9dc [ 1072.297558][T24271] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1072.297574][T24271] RSP: 002b:00007f0ba1a2e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1072.297593][T24271] RAX: ffffffffffffffda RBX: 00007f0ba3a25fa0 RCX: 00007f0ba37cd9dc [ 1072.297606][T24271] RDX: 000000000000000f RSI: 00007f0ba1a2e0a0 RDI: 0000000000000003 [ 1072.297617][T24271] RBP: 00007f0ba1a2e090 R08: 0000000000000000 R09: 0000000000000000 [ 1072.297628][T24271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1072.297647][T24271] R13: 00007f0ba3a26038 R14: 00007f0ba3a25fa0 R15: 00007ffd25cd0828 [ 1072.297680][T24271] [ 1072.763075][ T5869] usb 10-1: new full-speed USB device number 13 using dummy_hcd [ 1072.866209][ C0] raw-gadget.2 gadget.8: ignoring, device is not running [ 1072.866441][T22386] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1072.870903][T22386] usb 9-1: USB disconnect, device number 6 [ 1072.916928][ T5869] usb 10-1: config 0 has an invalid interface number: 128 but max is 0 [ 1072.916954][ T5869] usb 10-1: config 0 has no interface number 0 [ 1072.937874][ T5869] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1072.937901][ T5869] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1072.937920][ T5869] usb 10-1: Product: syz [ 1072.937933][ T5869] usb 10-1: Manufacturer: syz [ 1072.937946][ T5869] usb 10-1: SerialNumber: syz [ 1072.945494][ T5869] usb 10-1: config 0 descriptor?? [ 1073.588963][ T5869] usb 10-1: Firmware: major: 204, minor: 165, hardware type: UNKNOWN (246) [ 1073.613040][T22386] usb 8-1: new full-speed USB device number 36 using dummy_hcd [ 1073.782943][T22386] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 1073.782980][T22386] usb 8-1: can't read configurations, error -71 [ 1073.791339][ T5869] usb 10-1: failed to fetch extended address, random address set [ 1073.791368][ T5869] usb 10-1: atusb_probe: initialization failed, error = -524 [ 1073.791604][ T5869] atusb 10-1:0.128: probe with driver atusb failed with error -524 [ 1073.833233][ T5869] usb 10-1: USB disconnect, device number 13 [ 1074.683031][ T9546] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 1074.863008][ T9546] usb 10-1: Using ep0 maxpacket: 16 [ 1074.865310][ T9546] usb 10-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1074.865337][ T9546] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1074.871021][ T9546] usb 10-1: config 0 descriptor?? [ 1074.909970][ T9546] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1075.283124][T24286] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1075.433090][T24286] usb 1-1: Using ep0 maxpacket: 32 [ 1075.435526][T24286] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 1075.435552][T24286] usb 1-1: config 0 has no interface number 0 [ 1075.440075][T24286] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1075.440104][T24286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1075.440123][T24286] usb 1-1: Product: syz [ 1075.440136][T24286] usb 1-1: Manufacturer: syz [ 1075.440149][T24286] usb 1-1: SerialNumber: syz [ 1075.465246][T24286] usb 1-1: config 0 descriptor?? [ 1075.526442][T24286] smsc95xx v2.0.0 [ 1075.946816][T24286] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1075.946846][T24286] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1076.412008][T24121] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1076.995827][T24121] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1077.005459][ T9546] usb 9-1: new full-speed USB device number 7 using dummy_hcd [ 1077.155343][ T9546] usb 9-1: config 0 has an invalid interface number: 128 but max is 0 [ 1077.155368][ T9546] usb 9-1: config 0 has no interface number 0 [ 1077.158343][ T9546] usb 9-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1077.158371][ T9546] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1077.158390][ T9546] usb 9-1: Product: syz [ 1077.158403][ T9546] usb 9-1: Manufacturer: syz [ 1077.158416][ T9546] usb 9-1: SerialNumber: syz [ 1077.178416][T24286] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1077.178725][T24286] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -32 [ 1077.239411][T24286] usb 1-1: USB disconnect, device number 37 [ 1077.265807][ T9546] usb 9-1: config 0 descriptor?? [ 1077.318233][T24146] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1077.336570][T24146] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1077.338419][T24146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1077.340063][T24146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1077.348428][T24146] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1077.548342][T24121] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1077.566359][ T5869] usb 10-1: USB disconnect, device number 14 [ 1077.934967][ T9546] usb 9-1: Firmware: major: 204, minor: 165, hardware type: UNKNOWN (246) [ 1077.985247][T24121] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.113063][ T5869] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 1078.138572][ T9546] usb 9-1: failed to fetch extended address, random address set [ 1078.138603][ T9546] usb 9-1: atusb_probe: initialization failed, error = -524 [ 1078.138845][ T9546] atusb 9-1:0.128: probe with driver atusb failed with error -524 [ 1078.177686][ T9546] usb 9-1: USB disconnect, device number 7 [ 1078.223043][ T9536] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 1078.274878][ T5869] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1078.274905][ T5869] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.274925][ T5869] usb 10-1: Product: syz [ 1078.274938][ T5869] usb 10-1: Manufacturer: syz [ 1078.274952][ T5869] usb 10-1: SerialNumber: syz [ 1078.385571][ T9536] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 1078.385597][ T9536] usb 1-1: config 0 has no interface number 0 [ 1078.388967][ T9536] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1078.388994][ T9536] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.389013][ T9536] usb 1-1: Product: syz [ 1078.389026][ T9536] usb 1-1: Manufacturer: syz [ 1078.389039][ T9536] usb 1-1: SerialNumber: syz [ 1078.455230][ T9536] usb 1-1: config 0 descriptor?? [ 1078.862814][ T9536] usb 1-1: Firmware: major: 99, minor: 121, hardware type: UNKNOWN (48) [ 1079.039680][ T5869] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 1079.039737][ T5869] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1079.040508][ T5869] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1079.078253][ T9536] usb 1-1: no permanent extended address found, random address set [ 1079.078281][ T9536] usb 1-1: atusb_probe: initialization failed, error = -524 [ 1079.078512][ T9536] atusb 1-1:0.128: probe with driver atusb failed with error -524 [ 1079.164414][ T5869] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -71 [ 1079.249972][ T5869] usb 10-1: USB disconnect, device number 15 [ 1079.310427][ T5912] usb 1-1: USB disconnect, device number 38 [ 1079.327597][T24376] chnl_net:caif_netlink_parms(): no params data found [ 1079.393156][T24146] Bluetooth: hci2: command tx timeout [ 1079.703103][ T9538] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 1079.863201][ T9538] usb 9-1: Using ep0 maxpacket: 32 [ 1079.866562][ T9538] usb 9-1: no configurations [ 1079.866580][ T9538] usb 9-1: can't read configurations, error -22 [ 1079.993142][ T9538] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 1080.021261][T24441] FAULT_INJECTION: forcing a failure. [ 1080.021261][T24441] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1080.021293][T24441] CPU: 1 UID: 0 PID: 24441 Comm: syz.0.6016 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1080.021314][T24441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1080.021326][T24441] Call Trace: [ 1080.021334][T24441] [ 1080.021343][T24441] dump_stack_lvl+0x189/0x250 [ 1080.021369][T24441] ? __pfx____ratelimit+0x10/0x10 [ 1080.021392][T24441] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1080.021412][T24441] ? __pfx__printk+0x10/0x10 [ 1080.021434][T24441] ? __might_fault+0xb0/0x130 [ 1080.021465][T24441] should_fail_ex+0x46c/0x600 [ 1080.021494][T24441] _copy_from_user+0x2d/0xb0 [ 1080.021515][T24441] do_ipv6_setsockopt+0x23e/0x2eb0 [ 1080.021653][T24441] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 1080.021686][T24441] ? get_pid_task+0x20/0x1f0 [ 1080.021714][T24441] ? __lock_acquire+0xab9/0xd20 [ 1080.021741][T24441] ? do_raw_spin_lock+0x121/0x290 [ 1080.021774][T24441] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1080.021798][T24441] ? lockdep_hardirqs_on+0x9c/0x150 [ 1080.021823][T24441] ? __lock_acquire+0xab9/0xd20 [ 1080.021846][T24441] ipv6_setsockopt+0x59/0x170 [ 1080.021869][T24441] rawv6_setsockopt+0x23b/0x5b0 [ 1080.021919][T24441] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 1080.021937][T24441] ? __fget_files+0x2a/0x420 [ 1080.021958][T24441] ? sock_common_setsockopt+0x36/0xc0 [ 1080.021981][T24441] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1080.022008][T24441] do_sock_setsockopt+0x17c/0x1b0 [ 1080.022040][T24441] __x64_sys_setsockopt+0x145/0x1b0 [ 1080.022064][T24441] do_syscall_64+0xfa/0xfa0 [ 1080.022084][T24441] ? lockdep_hardirqs_on+0x9c/0x150 [ 1080.022104][T24441] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.022121][T24441] ? clear_bhb_loop+0x60/0xb0 [ 1080.022142][T24441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1080.022158][T24441] RIP: 0033:0x7f3b3ac4efc9 [ 1080.022175][T24441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1080.022190][T24441] RSP: 002b:00007f3b38e8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1080.022210][T24441] RAX: ffffffffffffffda RBX: 00007f3b3aea6090 RCX: 00007f3b3ac4efc9 [ 1080.022223][T24441] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000003 [ 1080.022235][T24441] RBP: 00007f3b38e8d090 R08: 0000000000000004 R09: 0000000000000000 [ 1080.022247][T24441] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 1080.022259][T24441] R13: 00007f3b3aea6128 R14: 00007f3b3aea6090 R15: 00007ffc9845bd78 [ 1080.022289][T24441] [ 1080.037058][T24439] pim6reg: entered allmulticast mode [ 1080.046427][T24376] bridge0: port 1(bridge_slave_0) entered blocking state [ 1080.046558][T24376] bridge0: port 1(bridge_slave_0) entered disabled state [ 1080.046805][T24376] bridge_slave_0: entered allmulticast mode [ 1080.049491][T24376] bridge_slave_0: entered promiscuous mode [ 1080.153074][ T9538] usb 9-1: Using ep0 maxpacket: 32 [ 1080.163771][ T9538] usb 9-1: no configurations [ 1080.163791][ T9538] usb 9-1: can't read configurations, error -22 [ 1080.164163][ T9538] usb usb9-port1: attempt power cycle [ 1080.275991][T24376] bridge0: port 2(bridge_slave_1) entered blocking state [ 1080.276127][T24376] bridge0: port 2(bridge_slave_1) entered disabled state [ 1080.276395][T24376] bridge_slave_1: entered allmulticast mode [ 1080.290810][T24376] bridge_slave_1: entered promiscuous mode [ 1080.503046][ T9538] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 1080.526847][ T9538] usb 9-1: Using ep0 maxpacket: 32 [ 1080.527697][ T9538] usb 9-1: no configurations [ 1080.527713][ T9538] usb 9-1: can't read configurations, error -22 [ 1080.603120][ T5792] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1080.688647][ T9538] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 1080.718488][ T9538] usb 9-1: Using ep0 maxpacket: 32 [ 1080.720116][ T9538] usb 9-1: no configurations [ 1080.720132][ T9538] usb 9-1: can't read configurations, error -22 [ 1080.720762][ T9538] usb usb9-port1: unable to enumerate USB device [ 1080.765534][ T5792] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1080.765567][ T5792] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1080.765603][ T5792] usb 1-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1080.765625][ T5792] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1080.771177][ T5792] usb 1-1: config 0 descriptor?? [ 1080.989521][T24444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1080.990436][T24444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1081.171827][T24376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1081.286354][T24444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1081.296887][T24444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1081.408595][ T5792] usbhid 1-1:0.0: can't add hid device: -71 [ 1081.408717][ T5792] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1081.432430][T24376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1081.444220][ T5792] usb 1-1: USB disconnect, device number 39 [ 1081.473115][T24146] Bluetooth: hci2: command tx timeout [ 1081.586858][T24121] bridge_slave_1: left allmulticast mode [ 1081.586887][T24121] bridge_slave_1: left promiscuous mode [ 1081.587154][T24121] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.681307][T24121] bridge_slave_0: left allmulticast mode [ 1081.681335][T24121] bridge_slave_0: left promiscuous mode [ 1081.681641][T24121] bridge0: port 1(bridge_slave_0) entered disabled state [ 1082.164700][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1082.183434][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1082.193627][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1082.211680][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1082.214582][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1082.288424][ T5912] usb 1-1: new full-speed USB device number 40 using dummy_hcd [ 1082.457912][ T5912] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1082.457941][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1082.457957][ T5912] usb 1-1: Product: syz [ 1082.457969][ T5912] usb 1-1: Manufacturer: syz [ 1082.457980][ T5912] usb 1-1: SerialNumber: syz [ 1082.469933][ T5912] usb 1-1: config 0 descriptor?? [ 1082.713209][ T5912] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1083.433185][ T1622] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 1083.576226][T24146] Bluetooth: hci2: command tx timeout [ 1083.593128][ T1622] usb 9-1: Using ep0 maxpacket: 16 [ 1083.643538][ T1622] usb 9-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1083.643622][ T1622] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.679366][ T1622] usb 9-1: config 0 descriptor?? [ 1083.698526][ T1622] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1084.285543][T24146] Bluetooth: hci1: command tx timeout [ 1084.605835][ T5912] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1084.616449][ T5912] usb 1-1: USB disconnect, device number 40 [ 1085.302639][T24512] Driver unsupported XDP return value 0 on prog (id 564) dev N/A, expect packet loss! [ 1085.407453][ T5912] usb 1-1: new full-speed USB device number 41 using dummy_hcd [ 1085.474908][T24121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1085.554397][T24121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1085.557820][ T5912] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1085.557848][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.557862][ T5912] usb 1-1: Product: syz [ 1085.557869][ T5912] usb 1-1: Manufacturer: syz [ 1085.557876][ T5912] usb 1-1: SerialNumber: syz [ 1085.561683][ T5912] usb 1-1: config 0 descriptor?? [ 1085.622695][T24121] bond0 (unregistering): Released all slaves [ 1085.633054][T24146] Bluetooth: hci2: command tx timeout [ 1085.800161][ T5912] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1085.890712][T24376] team0: Port device team_slave_0 added [ 1085.897481][T24376] team0: Port device team_slave_1 added [ 1086.219461][ T9538] usb 9-1: USB disconnect, device number 12 [ 1086.355933][T24146] Bluetooth: hci1: command tx timeout [ 1086.738426][T24376] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1086.738501][T24376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1086.738537][T24376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1086.795652][T24376] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1086.795668][T24376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1086.795693][T24376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1086.813334][ T5912] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1087.293058][ T1622] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 1087.476769][T24376] hsr_slave_0: entered promiscuous mode [ 1087.478170][T24376] hsr_slave_1: entered promiscuous mode [ 1087.479199][T24376] debugfs: 'hsr0' already exists in 'hsr' [ 1087.479223][T24376] Cannot create hsr debugfs directory [ 1087.486600][ T1622] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1087.486629][ T1622] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1087.486650][ T1622] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1087.486695][ T1622] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1087.486716][ T1622] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1087.495873][ T1622] usb 9-1: config 0 descriptor?? [ 1087.753097][T24121] hsr_slave_0: left promiscuous mode [ 1087.800914][T24121] hsr_slave_1: left promiscuous mode [ 1087.801784][T24121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1087.801809][T24121] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1087.864222][T24121] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1087.864251][T24121] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1087.920025][ T1622] plantronics 0003:047F:FFFF.004C: reserved main item tag 0xd [ 1087.944834][ T1622] plantronics 0003:047F:FFFF.004C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 1088.071733][T24121] veth1_macvtap: left promiscuous mode [ 1088.071846][T24121] veth0_macvtap: left promiscuous mode [ 1088.072113][T24121] veth1_vlan: left promiscuous mode [ 1088.072297][T24121] veth0_vlan: left promiscuous mode [ 1088.214382][ T10] usb 9-1: USB disconnect, device number 13 [ 1088.291157][T24297] usb 1-1: USB disconnect, device number 41 [ 1088.381530][T24566] FAULT_INJECTION: forcing a failure. [ 1088.381530][T24566] name failslab, interval 1, probability 0, space 0, times 0 [ 1088.381563][T24566] CPU: 0 UID: 0 PID: 24566 Comm: syz.0.6047 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1088.381593][T24566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1088.381604][T24566] Call Trace: [ 1088.381612][T24566] [ 1088.381620][T24566] dump_stack_lvl+0x189/0x250 [ 1088.381646][T24566] ? __pfx____ratelimit+0x10/0x10 [ 1088.381669][T24566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1088.381690][T24566] ? __pfx__printk+0x10/0x10 [ 1088.381716][T24566] ? __pfx___might_resched+0x10/0x10 [ 1088.381739][T24566] ? fs_reclaim_acquire+0x7d/0x100 [ 1088.381761][T24566] should_fail_ex+0x46c/0x600 [ 1088.381783][T24566] ? __alloc_skb+0x112/0x2d0 [ 1088.381798][T24566] should_failslab+0xa8/0x100 [ 1088.381817][T24566] ? __alloc_skb+0x112/0x2d0 [ 1088.381832][T24566] kmem_cache_alloc_node_noprof+0x78/0x6e0 [ 1088.381850][T24566] ? netlink_autobind+0xdb/0x300 [ 1088.381980][T24566] __alloc_skb+0x112/0x2d0 [ 1088.382001][T24566] netlink_sendmsg+0x5c6/0xb30 [ 1088.382026][T24566] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1088.382045][T24566] ? __lock_acquire+0xab9/0xd20 [ 1088.382066][T24566] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1088.382085][T24566] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1088.382105][T24566] __sock_sendmsg+0x21c/0x270 [ 1088.382132][T24566] sock_write_iter+0x27f/0x370 [ 1088.382157][T24566] ? __pfx_sock_write_iter+0x10/0x10 [ 1088.382200][T24566] vfs_write+0x5d5/0xb40 [ 1088.382219][T24566] ? __pfx_sock_write_iter+0x10/0x10 [ 1088.382238][T24566] ? __pfx_vfs_write+0x10/0x10 [ 1088.382265][T24566] ? __fget_files+0x2a/0x420 [ 1088.382291][T24566] ksys_write+0x14b/0x260 [ 1088.382312][T24566] ? __pfx_ksys_write+0x10/0x10 [ 1088.382330][T24566] ? do_syscall_64+0xbe/0xfa0 [ 1088.382357][T24566] do_syscall_64+0xfa/0xfa0 [ 1088.382375][T24566] ? lockdep_hardirqs_on+0x9c/0x150 [ 1088.382393][T24566] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.382408][T24566] ? clear_bhb_loop+0x60/0xb0 [ 1088.382429][T24566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.382443][T24566] RIP: 0033:0x7f3b3ac4efc9 [ 1088.382460][T24566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1088.382476][T24566] RSP: 002b:00007f3b38eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1088.382496][T24566] RAX: ffffffffffffffda RBX: 00007f3b3aea5fa0 RCX: 00007f3b3ac4efc9 [ 1088.382509][T24566] RDX: 0000000000000029 RSI: 0000200000000000 RDI: 0000000000000003 [ 1088.382521][T24566] RBP: 00007f3b38eae090 R08: 0000000000000000 R09: 0000000000000000 [ 1088.382533][T24566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1088.382544][T24566] R13: 00007f3b3aea6038 R14: 00007f3b3aea5fa0 R15: 00007ffc9845bd78 [ 1088.382574][T24566] [ 1088.433196][T24146] Bluetooth: hci1: command tx timeout [ 1088.763352][T24297] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1088.913497][T24297] usb 1-1: Using ep0 maxpacket: 16 [ 1088.922115][T24297] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1088.927529][T24297] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1088.927556][T24297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1088.927575][T24297] usb 1-1: Product: syz [ 1088.927588][T24297] usb 1-1: Manufacturer: syz [ 1088.927601][T24297] usb 1-1: SerialNumber: syz [ 1088.935298][T24297] usb 1-1: config 0 descriptor?? [ 1089.063108][ T10] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 1089.243120][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 1089.246508][ T10] usb 9-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1089.246536][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1089.251250][ T10] usb 9-1: config 0 descriptor?? [ 1089.261269][ T10] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1090.543291][T24146] Bluetooth: hci1: command tx timeout [ 1091.554392][ T1622] usb 1-1: USB disconnect, device number 42 [ 1091.685529][T24121] team0 (unregistering): Port device team_slave_1 removed [ 1091.833373][ T1622] usb 9-1: USB disconnect, device number 14 [ 1092.053860][T24121] team0 (unregistering): Port device team_slave_0 removed [ 1092.391324][ T1622] usb 9-1: new full-speed USB device number 15 using dummy_hcd [ 1092.463237][T24146] Bluetooth: hci5: command 0x0406 tx timeout [ 1092.571642][ T1622] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x19, changing to 0x9 [ 1092.571662][ T1622] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1092.571683][ T1622] usb 9-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a [ 1092.571696][ T1622] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1092.615204][ T1622] usb 9-1: config 0 descriptor?? [ 1092.636133][ T1622] pegasus_notetaker 9-1:0.0: probe with driver pegasus_notetaker failed with error -22 [ 1092.933777][T24297] usb 9-1: USB disconnect, device number 15 [ 1095.963077][T22386] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1096.133295][T22386] usb 1-1: Using ep0 maxpacket: 16 [ 1096.135579][T22386] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1096.135607][T22386] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1096.138595][T22386] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1096.138621][T22386] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.138639][T22386] usb 1-1: Product: syz [ 1096.138652][T22386] usb 1-1: Manufacturer: syz [ 1096.138666][T22386] usb 1-1: SerialNumber: syz [ 1096.169297][T22386] usb 1-1: config 0 descriptor?? [ 1096.176674][T22386] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1096.176706][T22386] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 1096.755394][T24286] usb 9-1: new full-speed USB device number 16 using dummy_hcd [ 1096.815189][T22386] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1096.816189][T22386] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 1096.905440][T24286] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1096.905467][T24286] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1096.909739][T24286] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1096.909767][T24286] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1096.909786][T24286] usb 9-1: Product: syz [ 1096.909799][T24286] usb 9-1: Manufacturer: syz [ 1096.909813][T24286] usb 9-1: SerialNumber: syz [ 1096.965021][T24286] usb 9-1: config 0 descriptor?? [ 1097.017820][T22386] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 1097.017841][T22386] em28xx 1-1:0.0: No AC97 audio processor [ 1097.296507][T24481] chnl_net:caif_netlink_parms(): no params data found [ 1098.215250][T24121] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1098.698470][T24121] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1098.768883][ T5912] usb 1-1: USB disconnect, device number 43 [ 1098.771120][ T5912] em28xx 1-1:0.0: Disconnecting em28xx [ 1098.773390][ T5912] em28xx 1-1:0.0: Freeing device [ 1098.859822][T24676] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6066'. [ 1099.385128][T24121] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.488138][T24481] bridge0: port 1(bridge_slave_0) entered blocking state [ 1099.488241][T24481] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.488468][T24481] bridge_slave_0: entered allmulticast mode [ 1099.490980][T24481] bridge_slave_0: entered promiscuous mode [ 1099.563540][ T5912] usb 9-1: USB disconnect, device number 16 [ 1099.938103][T24121] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1099.983718][T24481] bridge0: port 2(bridge_slave_1) entered blocking state [ 1099.983897][T24481] bridge0: port 2(bridge_slave_1) entered disabled state [ 1099.984084][T24481] bridge_slave_1: entered allmulticast mode [ 1099.985635][T24481] bridge_slave_1: entered promiscuous mode [ 1100.953128][ T5912] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 1101.118228][ T5912] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1101.118262][ T5912] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1101.118302][ T5912] usb 9-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1101.118324][ T5912] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1101.205222][ T5912] usb 9-1: config 0 descriptor?? [ 1101.318515][T24481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1101.403027][ T9536] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1101.421717][T24698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1101.422291][T24698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1101.430111][T24481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1101.554442][ T9536] usb 1-1: Using ep0 maxpacket: 16 [ 1101.556949][ T9536] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1101.556979][ T9536] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1101.559681][ T9536] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1101.559707][ T9536] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.559725][ T9536] usb 1-1: Product: syz [ 1101.559739][ T9536] usb 1-1: Manufacturer: syz [ 1101.559752][ T9536] usb 1-1: SerialNumber: syz [ 1101.567019][ T9536] usb 1-1: config 0 descriptor?? [ 1101.599683][ T9536] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1101.599718][ T9536] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 1101.701801][T24698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1101.722784][T24698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1101.746436][ T5912] steelseries 0003:1038:1410.004D: item fetching failed at offset 3/7 [ 1101.747208][ T5912] steelseries 0003:1038:1410.004D: parse failed [ 1101.747304][ T5912] steelseries 0003:1038:1410.004D: probe with driver steelseries failed with error -22 [ 1101.865292][T24481] team0: Port device team_slave_0 added [ 1101.900228][T24481] team0: Port device team_slave_1 added [ 1101.976854][T24297] usb 9-1: USB disconnect, device number 17 [ 1102.230659][ T9536] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1102.231716][ T9536] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 1102.436704][ T9536] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 1102.436726][ T9536] em28xx 1-1:0.0: No AC97 audio processor [ 1103.045822][T24481] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1103.045841][T24481] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1103.045867][T24481] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1103.111803][T24481] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1103.111820][T24481] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1103.111845][T24481] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1103.117348][T24376] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1103.202685][T24376] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1103.242334][T24376] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1103.250767][T24726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6080'. [ 1103.278075][T24121] bridge_slave_1: left allmulticast mode [ 1103.278094][T24121] bridge_slave_1: left promiscuous mode [ 1103.278243][T24121] bridge0: port 2(bridge_slave_1) entered disabled state [ 1103.293100][T24286] usb 9-1: new full-speed USB device number 18 using dummy_hcd [ 1103.363952][T24121] bridge_slave_0: left allmulticast mode [ 1103.363973][T24121] bridge_slave_0: left promiscuous mode [ 1103.364152][T24121] bridge0: port 1(bridge_slave_0) entered disabled state [ 1103.454970][T24286] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1103.454996][T24286] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1103.458293][T24286] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1103.458320][T24286] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1103.458339][T24286] usb 9-1: Product: syz [ 1103.458350][T24286] usb 9-1: Manufacturer: syz [ 1103.458358][T24286] usb 9-1: SerialNumber: syz [ 1103.465111][T24286] usb 9-1: config 0 descriptor?? [ 1104.245948][T22386] usb 1-1: USB disconnect, device number 44 [ 1104.248277][T22386] em28xx 1-1:0.0: Disconnecting em28xx [ 1104.285356][T22386] em28xx 1-1:0.0: Freeing device [ 1106.319555][ T5912] usb 9-1: USB disconnect, device number 18 [ 1106.643896][T24121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1106.735033][T24121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1106.791968][T24121] bond0 (unregistering): Released all slaves [ 1106.873156][T24376] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1107.563110][T22386] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1107.667519][T24481] hsr_slave_0: entered promiscuous mode [ 1107.669514][T24481] hsr_slave_1: entered promiscuous mode [ 1107.670534][T24481] debugfs: 'hsr0' already exists in 'hsr' [ 1107.670559][T24481] Cannot create hsr debugfs directory [ 1107.713223][T22386] usb 1-1: Using ep0 maxpacket: 16 [ 1107.720612][T22386] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1107.720640][T22386] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1107.726440][T22386] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1107.726468][T22386] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1107.726486][T22386] usb 1-1: Product: syz [ 1107.726499][T22386] usb 1-1: Manufacturer: syz [ 1107.726512][T22386] usb 1-1: SerialNumber: syz [ 1107.727923][T24782] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6094'. [ 1107.773106][T24297] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 1107.802455][T22386] usb 1-1: config 0 descriptor?? [ 1107.810615][T22386] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1107.810634][T22386] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 1107.988206][T24297] usb 9-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1107.988287][T24297] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1107.988306][T24297] usb 9-1: Product: syz [ 1107.988318][T24297] usb 9-1: Manufacturer: syz [ 1107.988330][T24297] usb 9-1: SerialNumber: syz [ 1108.409863][T22386] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1108.410551][T22386] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 1108.468102][T24297] rtl8150 9-1:1.0: couldn't reset the device [ 1108.468660][T24297] rtl8150 9-1:1.0: probe with driver rtl8150 failed with error -5 [ 1108.497810][T24297] usb 9-1: USB disconnect, device number 19 [ 1108.612640][T22386] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 1108.612661][T22386] em28xx 1-1:0.0: No AC97 audio processor [ 1108.793082][T24121] hsr_slave_0: left promiscuous mode [ 1108.813136][T24121] hsr_slave_1: left promiscuous mode [ 1108.813818][T24121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1108.813834][T24121] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1108.855565][T24121] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1108.855593][T24121] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1108.930375][T24121] veth1_macvtap: left promiscuous mode [ 1108.930443][T24121] veth0_macvtap: left promiscuous mode [ 1108.930587][T24121] veth1_vlan: left promiscuous mode [ 1108.930689][T24121] veth0_vlan: left promiscuous mode [ 1110.123168][ T9538] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 1110.293101][ T9538] usb 9-1: Using ep0 maxpacket: 8 [ 1110.294833][ T9538] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1110.294890][ T9538] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1110.294906][ T9538] usb 9-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1110.294919][ T9538] usb 9-1: config 0 interface 0 has no altsetting 0 [ 1110.299034][ T9538] usb 9-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1110.299062][ T9538] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1110.299082][ T9538] usb 9-1: Product: syz [ 1110.299095][ T9538] usb 9-1: Manufacturer: syz [ 1110.299109][ T9538] usb 9-1: SerialNumber: syz [ 1110.305424][ T9538] usb 9-1: config 0 descriptor?? [ 1110.318473][ T9538] snd_usb_toneport 9-1:0.0: Line 6 TonePort UX2 found [ 1110.416689][T22386] usb 1-1: USB disconnect, device number 45 [ 1110.418901][T22386] em28xx 1-1:0.0: Disconnecting em28xx [ 1110.435607][T22386] em28xx 1-1:0.0: Freeing device [ 1110.519273][ T9538] snd_usb_toneport 9-1:0.0: cannot get proper max packet size [ 1110.519549][ T9538] snd_usb_toneport 9-1:0.0: Line 6 TonePort UX2 now disconnected [ 1110.521892][ T9538] snd_usb_toneport 9-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 1110.577342][T24814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6104'. [ 1110.719198][T24809] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6103'. [ 1110.742478][T22386] usb 9-1: USB disconnect, device number 20 [ 1112.043600][T24121] team0 (unregistering): Port device team_slave_1 removed [ 1112.334679][T24121] team0 (unregistering): Port device team_slave_0 removed [ 1113.259278][ T37] audit: type=1326 audit(1761050509.453:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24820 comm="syz.8.6107" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09f3a3efc9 code=0x0 [ 1114.198021][T24826] netlink: 'syz.8.6108': attribute type 10 has an invalid length. [ 1114.249840][T24827] netlink: 'syz.8.6108': attribute type 10 has an invalid length. [ 1115.966841][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.524295][T24826] team0: Port device dummy0 added [ 1116.564648][T24827] team0: Port device dummy0 removed [ 1116.569551][T24827] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1116.954868][T24286] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1117.073169][ T9538] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 1117.103061][T24286] usb 1-1: Using ep0 maxpacket: 16 [ 1117.104846][T24286] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1117.104929][T24286] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1117.107581][T24286] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1117.107597][T24286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1117.107608][T24286] usb 1-1: Product: syz [ 1117.107615][T24286] usb 1-1: Manufacturer: syz [ 1117.107622][T24286] usb 1-1: SerialNumber: syz [ 1117.110768][T24286] usb 1-1: config 0 descriptor?? [ 1117.116812][T24286] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1117.116844][T24286] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 1117.226016][ T9538] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1117.226047][ T9538] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1117.226143][ T9538] usb 9-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1117.226164][ T9538] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.257885][ T9538] usb 9-1: config 0 descriptor?? [ 1117.523914][T24837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1117.524328][T24837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1117.714477][T24376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1117.719084][T24286] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1117.719884][T24286] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 1117.752368][T24837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1117.752824][T24837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1117.768380][ T9538] steelseries 0003:1038:1410.004E: item fetching failed at offset 3/7 [ 1117.769543][ T9538] steelseries 0003:1038:1410.004E: parse failed [ 1117.769638][ T9538] steelseries 0003:1038:1410.004E: probe with driver steelseries failed with error -22 [ 1117.961843][T24286] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 1117.961864][T24286] em28xx 1-1:0.0: No AC97 audio processor [ 1118.092779][T24286] usb 9-1: USB disconnect, device number 21 [ 1118.185152][T24376] 8021q: adding VLAN 0 to HW filter on device team0 [ 1118.192777][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 1118.209065][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1118.424326][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 1118.424436][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1118.980251][T24481] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1119.030045][T24481] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1119.068339][T24481] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1119.109829][T24481] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1119.221754][T24376] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1119.398697][T24376] veth0_vlan: entered promiscuous mode [ 1119.427771][T24376] veth1_vlan: entered promiscuous mode [ 1119.448780][T24481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1119.515187][T24481] 8021q: adding VLAN 0 to HW filter on device team0 [ 1119.546490][T17683] bridge0: port 1(bridge_slave_0) entered blocking state [ 1119.548250][T17683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1119.595238][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 1119.595449][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1119.611807][T24376] veth0_macvtap: entered promiscuous mode [ 1119.642531][T24376] veth1_macvtap: entered promiscuous mode [ 1119.783895][T24376] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1119.862986][T24376] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1119.944958][ T6632] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.955801][ T6632] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.958330][ T6632] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.960701][ T6632] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.340040][ T10] usb 1-1: USB disconnect, device number 46 [ 1121.350264][ T10] em28xx 1-1:0.0: Disconnecting em28xx [ 1121.364983][ T10] em28xx 1-1:0.0: Freeing device [ 1121.413121][ T9538] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 1121.578738][ T9538] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1121.578771][ T9538] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1121.578810][ T9538] usb 9-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1121.578832][ T9538] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1121.603269][ T9538] usb 9-1: config 0 descriptor?? [ 1121.692972][ T10] usb 1-1: new full-speed USB device number 47 using dummy_hcd [ 1121.740643][ T6632] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.740664][ T6632] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.825890][ T10] usb 1-1: device descriptor read/64, error -71 [ 1121.831408][T24875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1121.847857][T24875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1121.850524][ T6632] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.850543][ T6632] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.905933][T24481] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1122.083007][ T10] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 1122.101493][T24875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1122.104636][T24875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1122.116577][ T9538] steelseries 0003:1038:1410.004F: item fetching failed at offset 3/7 [ 1122.117368][ T9538] steelseries 0003:1038:1410.004F: parse failed [ 1122.117464][ T9538] steelseries 0003:1038:1410.004F: probe with driver steelseries failed with error -22 [ 1122.213364][ T10] usb 1-1: device descriptor read/64, error -71 [ 1122.323516][ T10] usb usb1-port1: attempt power cycle [ 1122.432609][ T5912] usb 9-1: USB disconnect, device number 22 [ 1122.504537][T24481] veth0_vlan: entered promiscuous mode [ 1122.537523][T24481] veth1_vlan: entered promiscuous mode [ 1122.590796][T24900] FAULT_INJECTION: forcing a failure. [ 1122.590796][T24900] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1122.590827][T24900] CPU: 1 UID: 0 PID: 24900 Comm: syz.3.6128 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1122.590848][T24900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1122.590859][T24900] Call Trace: [ 1122.590867][T24900] [ 1122.590875][T24900] dump_stack_lvl+0x189/0x250 [ 1122.590901][T24900] ? __pfx____ratelimit+0x10/0x10 [ 1122.590921][T24900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1122.590941][T24900] ? __pfx__printk+0x10/0x10 [ 1122.590961][T24900] ? __might_fault+0xb0/0x130 [ 1122.590991][T24900] should_fail_ex+0x46c/0x600 [ 1122.591019][T24900] _copy_from_user+0x2d/0xb0 [ 1122.591040][T24900] netlink_setsockopt+0x1af/0x770 [ 1122.591066][T24900] ? __pfx_netlink_setsockopt+0x10/0x10 [ 1122.591089][T24900] ? __fget_files+0x2a/0x420 [ 1122.591108][T24900] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 1122.591125][T24900] ? __pfx_netlink_setsockopt+0x10/0x10 [ 1122.591145][T24900] do_sock_setsockopt+0x17c/0x1b0 [ 1122.591170][T24900] __x64_sys_setsockopt+0x145/0x1b0 [ 1122.591194][T24900] do_syscall_64+0xfa/0xfa0 [ 1122.591215][T24900] ? lockdep_hardirqs_on+0x9c/0x150 [ 1122.591236][T24900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.591253][T24900] ? clear_bhb_loop+0x60/0xb0 [ 1122.591274][T24900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.591289][T24900] RIP: 0033:0x7f37234fefc9 [ 1122.591306][T24900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1122.591320][T24900] RSP: 002b:00007f372175e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1122.591338][T24900] RAX: ffffffffffffffda RBX: 00007f3723755fa0 RCX: 00007f37234fefc9 [ 1122.591350][T24900] RDX: 0000000000000001 RSI: 000000000000010e RDI: 0000000000000003 [ 1122.591361][T24900] RBP: 00007f372175e090 R08: 0000000000000004 R09: 0000000000000000 [ 1122.591372][T24900] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1122.591383][T24900] R13: 00007f3723756038 R14: 00007f3723755fa0 R15: 00007ffdcbfc16e8 [ 1122.591415][T24900] [ 1122.873007][ T10] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 1122.891588][T24481] veth0_macvtap: entered promiscuous mode [ 1122.904091][ T10] usb 1-1: device descriptor read/8, error -71 [ 1122.922481][T24481] veth1_macvtap: entered promiscuous mode [ 1122.999606][T24481] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1123.217028][T24481] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1123.243100][ T10] usb 1-1: new full-speed USB device number 50 using dummy_hcd [ 1123.275184][ T10] usb 1-1: device descriptor read/8, error -71 [ 1123.322566][T24912] binder: 24908:24912 ioctl c0306201 0 returned -14 [ 1123.334358][T24912] FAULT_INJECTION: forcing a failure. [ 1123.334358][T24912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1123.334396][T24912] CPU: 0 UID: 0 PID: 24912 Comm: syz.8.6132 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1123.334418][T24912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1123.334429][T24912] Call Trace: [ 1123.334437][T24912] [ 1123.334446][T24912] dump_stack_lvl+0x189/0x250 [ 1123.334472][T24912] ? __pfx____ratelimit+0x10/0x10 [ 1123.334494][T24912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1123.334514][T24912] ? __pfx__printk+0x10/0x10 [ 1123.334536][T24912] ? __might_fault+0xb0/0x130 [ 1123.334567][T24912] should_fail_ex+0x46c/0x600 [ 1123.334596][T24912] _copy_from_user+0x2d/0xb0 [ 1123.334618][T24912] ___sys_sendmsg+0x158/0x2a0 [ 1123.334642][T24912] ? __pfx____sys_sendmsg+0x10/0x10 [ 1123.334699][T24912] ? __fget_files+0x2a/0x420 [ 1123.334718][T24912] ? __fget_files+0x3a6/0x420 [ 1123.334748][T24912] __x64_sys_sendmsg+0x1a1/0x260 [ 1123.334771][T24912] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1123.334809][T24912] ? do_syscall_64+0xbe/0xfa0 [ 1123.334836][T24912] do_syscall_64+0xfa/0xfa0 [ 1123.334864][T24912] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1123.334882][T24912] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1123.334899][T24912] ? clear_bhb_loop+0x60/0xb0 [ 1123.334921][T24912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1123.334938][T24912] RIP: 0033:0x7f09f3a3efc9 [ 1123.334955][T24912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1123.334971][T24912] RSP: 002b:00007f09f1c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1123.334993][T24912] RAX: ffffffffffffffda RBX: 00007f09f3c96180 RCX: 00007f09f3a3efc9 [ 1123.335007][T24912] RDX: 000000000000008c RSI: 0000200000000e40 RDI: 0000000000000007 [ 1123.335019][T24912] RBP: 00007f09f1c5c090 R08: 0000000000000000 R09: 0000000000000000 [ 1123.335030][T24912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1123.335042][T24912] R13: 00007f09f3c96218 R14: 00007f09f3c96180 R15: 00007ffe03703718 [ 1123.335075][T24912] [ 1123.486644][ T1913] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1123.498661][ T1913] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1123.507976][ T1913] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1123.508077][ T1913] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.133119][T24915] binder: 24911:24915 ioctl c0306201 0 returned -14 [ 1126.493012][ T10] usb usb1-port1: unable to enumerate USB device [ 1126.955090][T24922] FAULT_INJECTION: forcing a failure. [ 1126.955090][T24922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1126.955125][T24922] CPU: 1 UID: 0 PID: 24922 Comm: syz.3.6136 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1126.955147][T24922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1126.955159][T24922] Call Trace: [ 1126.955168][T24922] [ 1126.955177][T24922] dump_stack_lvl+0x189/0x250 [ 1126.955205][T24922] ? __pfx____ratelimit+0x10/0x10 [ 1126.955229][T24922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1126.955250][T24922] ? __pfx__printk+0x10/0x10 [ 1126.955273][T24922] ? __might_fault+0xb0/0x130 [ 1126.955305][T24922] should_fail_ex+0x46c/0x600 [ 1126.955335][T24922] _copy_from_user+0x2d/0xb0 [ 1126.955357][T24922] do_ipv6_setsockopt+0x23e/0x2eb0 [ 1126.955391][T24922] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 1126.955425][T24922] ? get_pid_task+0x20/0x1f0 [ 1126.955453][T24922] ? __lock_acquire+0xab9/0xd20 [ 1126.955482][T24922] ? do_raw_spin_lock+0x121/0x290 [ 1126.955524][T24922] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1126.955548][T24922] ? lockdep_hardirqs_on+0x9c/0x150 [ 1126.955576][T24922] ? __lock_acquire+0xab9/0xd20 [ 1126.955602][T24922] ipv6_setsockopt+0x59/0x170 [ 1126.955627][T24922] rawv6_setsockopt+0x23b/0x5b0 [ 1126.955653][T24922] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 1126.955673][T24922] ? __fget_files+0x2a/0x420 [ 1126.955697][T24922] ? sock_common_setsockopt+0x36/0xc0 [ 1126.955722][T24922] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1126.955749][T24922] do_sock_setsockopt+0x17c/0x1b0 [ 1126.955774][T24922] __x64_sys_setsockopt+0x145/0x1b0 [ 1126.955801][T24922] do_syscall_64+0xfa/0xfa0 [ 1126.955822][T24922] ? lockdep_hardirqs_on+0x9c/0x150 [ 1126.955844][T24922] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.955862][T24922] ? clear_bhb_loop+0x60/0xb0 [ 1126.955885][T24922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1126.955902][T24922] RIP: 0033:0x7f37234fefc9 [ 1126.955919][T24922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1126.955936][T24922] RSP: 002b:00007f372175e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1126.955956][T24922] RAX: ffffffffffffffda RBX: 00007f3723755fa0 RCX: 00007f37234fefc9 [ 1126.955971][T24922] RDX: 0000000000000016 RSI: 0000000000000029 RDI: 0000000000000004 [ 1126.955984][T24922] RBP: 00007f372175e090 R08: 0000000000000004 R09: 0000000000000000 [ 1126.955996][T24922] R10: 0000200000fcb000 R11: 0000000000000246 R12: 0000000000000001 [ 1126.956009][T24922] R13: 00007f3723756038 R14: 00007f3723755fa0 R15: 00007ffdcbfc16e8 [ 1126.956042][T24922] [ 1127.174244][ T1622] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 1127.345699][T24121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1127.345721][T24121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1127.406816][ T1622] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 1127.406842][ T1622] usb 1-1: config 0 has no interface number 0 [ 1127.411025][ T1622] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1127.411052][ T1622] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1127.411070][ T1622] usb 1-1: Product: syz [ 1127.411082][ T1622] usb 1-1: Manufacturer: syz [ 1127.411096][ T1622] usb 1-1: SerialNumber: syz [ 1127.436151][ T1622] usb 1-1: config 0 descriptor?? [ 1127.498688][ T6572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1127.498709][ T6572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1128.063653][ T1622] usb 1-1: Firmware: major: 204, minor: 165, hardware type: UNKNOWN (246) [ 1128.507435][ T1622] usb 1-1: failed to fetch extended address, random address set [ 1128.507466][ T1622] usb 1-1: atusb_probe: initialization failed, error = -524 [ 1128.507706][ T1622] atusb 1-1:0.128: probe with driver atusb failed with error -524 [ 1128.979930][T24949] FAULT_INJECTION: forcing a failure. [ 1128.979930][T24949] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1128.980123][T24949] CPU: 0 UID: 0 PID: 24949 Comm: syz.3.6144 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1128.980147][T24949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1128.980158][T24949] Call Trace: [ 1128.980166][T24949] [ 1128.980175][T24949] dump_stack_lvl+0x189/0x250 [ 1128.980201][T24949] ? __pfx____ratelimit+0x10/0x10 [ 1128.980224][T24949] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1128.980245][T24949] ? __pfx__printk+0x10/0x10 [ 1128.980267][T24949] ? __might_fault+0xb0/0x130 [ 1128.980298][T24949] should_fail_ex+0x46c/0x600 [ 1128.980328][T24949] _copy_from_user+0x2d/0xb0 [ 1128.980348][T24949] __sys_bpf+0x1e3/0x860 [ 1128.980371][T24949] ? __pfx___sys_bpf+0x10/0x10 [ 1128.980406][T24949] ? __pfx_preempt_schedule_notrace+0x10/0x10 [ 1128.980427][T24949] ? ksys_write+0x230/0x260 [ 1128.980457][T24949] __x64_sys_bpf+0x7c/0x90 [ 1128.980475][T24949] do_syscall_64+0xfa/0xfa0 [ 1128.980498][T24949] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1128.980515][T24949] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1128.980533][T24949] ? clear_bhb_loop+0x60/0xb0 [ 1128.980554][T24949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1128.980571][T24949] RIP: 0033:0x7f37234fefc9 [ 1128.980588][T24949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1128.980603][T24949] RSP: 002b:00007f372173d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1128.980623][T24949] RAX: ffffffffffffffda RBX: 00007f3723756090 RCX: 00007f37234fefc9 [ 1128.980637][T24949] RDX: 0000000000000040 RSI: 00002000000012c0 RDI: 000000000000001c [ 1128.980650][T24949] RBP: 00007f372173d090 R08: 0000000000000000 R09: 0000000000000000 [ 1128.980662][T24949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1128.980673][T24949] R13: 00007f3723756128 R14: 00007f3723756090 R15: 00007ffdcbfc16e8 [ 1128.980705][T24949] [ 1130.339721][T24945] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6143'. [ 1133.397217][T24146] Bluetooth: hci0: command 0x0406 tx timeout [ 1134.128314][ T1622] usb 1-1: USB disconnect, device number 51 [ 1134.384619][T24961] netlink: 'syz.5.6149': attribute type 4 has an invalid length. [ 1134.395568][T24961] netlink: 'syz.5.6149': attribute type 4 has an invalid length. [ 1134.443031][ T1622] usb 1-1: new full-speed USB device number 52 using dummy_hcd [ 1134.577667][ T1622] usb 1-1: device descriptor read/64, error -71 [ 1134.743566][T24973] fuse: Bad value for 'fd' [ 1134.909904][T24982] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1134.909904][T24982] The task syz.8.6155 (24982) triggered the difference, watch for misbehavior. [ 1134.933541][T24286] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1135.066402][T24286] usb 5-1: device descriptor read/64, error -71 [ 1135.303057][T24286] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1135.308034][ T1622] usb 1-1: new full-speed USB device number 53 using dummy_hcd [ 1135.433097][T24286] usb 5-1: device descriptor read/64, error -71 [ 1135.478547][ T1622] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 1135.478576][ T1622] usb 1-1: config 0 has no interface number 0 [ 1135.481584][ T1622] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1135.481612][ T1622] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1135.481637][ T1622] usb 1-1: Product: syz [ 1135.481651][ T1622] usb 1-1: Manufacturer: syz [ 1135.481664][ T1622] usb 1-1: SerialNumber: syz [ 1135.492402][ T1622] usb 1-1: config 0 descriptor?? [ 1135.543792][T24286] usb usb5-port1: attempt power cycle [ 1136.053030][T24286] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1136.073894][T24286] usb 5-1: device descriptor read/8, error -71 [ 1136.881252][ T9536] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 1136.913138][ T1622] usb 1-1: Firmware: major: 204, minor: 165, hardware type: UNKNOWN (246) [ 1137.035716][ T9536] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1137.035749][ T9536] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1137.035794][ T9536] usb 9-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1137.035815][ T9536] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1137.114217][ T1622] usb 1-1: failed to fetch extended address, random address set [ 1137.114244][ T1622] usb 1-1: atusb_probe: initialization failed, error = -524 [ 1137.114484][ T1622] atusb 1-1:0.128: probe with driver atusb failed with error -524 [ 1137.121032][ T9536] usb 9-1: config 0 descriptor?? [ 1137.156544][ T1622] usb 1-1: USB disconnect, device number 53 [ 1137.163137][T24286] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1137.183877][T24286] usb 5-1: device descriptor read/8, error -71 [ 1137.293489][T24286] usb usb5-port1: unable to enumerate USB device [ 1137.349120][T25003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1137.350448][T25003] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1137.533192][T24297] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 1137.577659][ T9536] steelseries 0003:1038:1410.0050: item fetching failed at offset 3/7 [ 1137.579479][ T9536] steelseries 0003:1038:1410.0050: parse failed [ 1137.579582][ T9536] steelseries 0003:1038:1410.0050: probe with driver steelseries failed with error -22 [ 1137.663208][T24297] usb 4-1: device descriptor read/64, error -71 [ 1137.795759][ T1622] usb 9-1: USB disconnect, device number 23 [ 1137.914407][T24297] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 1137.914741][T25026] xt_limit: Overflow, try lower: 324382443/0 [ 1138.052968][T24297] usb 4-1: device descriptor read/64, error -71 [ 1138.166514][T24297] usb usb4-port1: attempt power cycle [ 1138.386977][ T1622] usb 5-1: new low-speed USB device number 32 using dummy_hcd [ 1138.522942][T24297] usb 4-1: new full-speed USB device number 38 using dummy_hcd [ 1138.546862][ T1622] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 1138.546888][ T1622] usb 5-1: config 179 has no interface number 0 [ 1138.546938][ T1622] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 1138.546963][ T1622] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1138.546984][ T1622] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1138.547008][ T1622] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8 [ 1138.547031][ T1622] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1138.547070][ T1622] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1138.547091][ T1622] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1138.549285][T24297] usb 4-1: device descriptor read/8, error -71 [ 1138.553718][T25026] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1138.661966][ T1622] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1138.670077][ T1622] xpad 5-1:179.65: probe with driver xpad failed with error -90 [ 1138.757597][T25026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1138.758024][T25026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1138.833101][T24297] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 1138.854572][T24297] usb 4-1: device descriptor read/8, error -71 [ 1138.974024][T24297] usb usb4-port1: unable to enumerate USB device [ 1140.347962][ T1622] usb 5-1: USB disconnect, device number 32 [ 1140.901411][T25074] FAULT_INJECTION: forcing a failure. [ 1140.901411][T25074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1140.901443][T25074] CPU: 1 UID: 0 PID: 25074 Comm: syz.8.6172 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1140.901463][T25074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1140.901474][T25074] Call Trace: [ 1140.901482][T25074] [ 1140.901490][T25074] dump_stack_lvl+0x189/0x250 [ 1140.901516][T25074] ? __pfx____ratelimit+0x10/0x10 [ 1140.901538][T25074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1140.901559][T25074] ? __pfx__printk+0x10/0x10 [ 1140.901596][T25074] should_fail_ex+0x46c/0x600 [ 1140.901625][T25074] _copy_to_user+0x31/0xb0 [ 1140.901647][T25074] simple_read_from_buffer+0xe1/0x170 [ 1140.901672][T25074] proc_fail_nth_read+0x1b6/0x220 [ 1140.901698][T25074] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.901725][T25074] ? rw_verify_area+0x2ac/0x4e0 [ 1140.901748][T25074] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.901774][T25074] vfs_read+0x206/0xa30 [ 1140.901808][T25074] ? __pfx_vfs_read+0x10/0x10 [ 1140.901829][T25074] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1140.901860][T25074] ? mutex_lock_nested+0x154/0x1d0 [ 1140.901877][T25074] ? fdget_pos+0x253/0x320 [ 1140.901907][T25074] ksys_read+0x14b/0x260 [ 1140.901928][T25074] ? __pfx_ksys_read+0x10/0x10 [ 1140.901951][T25074] ? do_syscall_64+0xbe/0xfa0 [ 1140.901977][T25074] do_syscall_64+0xfa/0xfa0 [ 1140.901996][T25074] ? lockdep_hardirqs_on+0x9c/0x150 [ 1140.902018][T25074] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1140.902036][T25074] ? clear_bhb_loop+0x60/0xb0 [ 1140.902059][T25074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1140.902077][T25074] RIP: 0033:0x7f09f3a3d9dc [ 1140.902093][T25074] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1140.902108][T25074] RSP: 002b:00007f09f1c5c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1140.902128][T25074] RAX: ffffffffffffffda RBX: 00007f09f3c96180 RCX: 00007f09f3a3d9dc [ 1140.902142][T25074] RDX: 000000000000000f RSI: 00007f09f1c5c0a0 RDI: 0000000000000008 [ 1140.902154][T25074] RBP: 00007f09f1c5c090 R08: 0000000000000000 R09: 0000000000000000 [ 1140.902166][T25074] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 1140.902178][T25074] R13: 00007f09f3c96218 R14: 00007f09f3c96180 R15: 00007ffe03703718 [ 1140.902211][T25074] [ 1141.983039][ T1622] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1142.419058][ T1622] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1142.419089][ T1622] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1142.419127][ T1622] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1142.419147][ T1622] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1142.475701][ T1622] usb 5-1: config 0 descriptor?? [ 1142.682319][T25090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1142.682729][T25090] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1142.928717][ T1622] steelseries 0003:1038:1410.0051: item fetching failed at offset 3/7 [ 1142.929582][ T1622] steelseries 0003:1038:1410.0051: parse failed [ 1142.929685][ T1622] steelseries 0003:1038:1410.0051: probe with driver steelseries failed with error -22 [ 1143.115615][ T9536] usb 5-1: USB disconnect, device number 33 [ 1143.163432][ T9554] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 1143.340777][ T9554] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 1143.340803][ T9554] usb 4-1: config 0 has no interface number 0 [ 1143.364279][ T9554] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1143.364308][ T9554] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1143.364327][ T9554] usb 4-1: Product: syz [ 1143.364340][ T9554] usb 4-1: Manufacturer: syz [ 1143.364353][ T9554] usb 4-1: SerialNumber: syz [ 1143.375203][ T9554] usb 4-1: config 0 descriptor?? [ 1143.464350][T24297] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 1143.632521][T25139] FAULT_INJECTION: forcing a failure. [ 1143.632521][T25139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1143.632555][T25139] CPU: 1 UID: 0 PID: 25139 Comm: syz.8.6195 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1143.632576][T25139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1143.632587][T25139] Call Trace: [ 1143.632594][T25139] [ 1143.632603][T25139] dump_stack_lvl+0x189/0x250 [ 1143.632631][T25139] ? __pfx____ratelimit+0x10/0x10 [ 1143.632654][T25139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1143.632674][T25139] ? __pfx__printk+0x10/0x10 [ 1143.632695][T25139] ? __might_fault+0xb0/0x130 [ 1143.632724][T25139] should_fail_ex+0x46c/0x600 [ 1143.632753][T25139] _copy_from_user+0x2d/0xb0 [ 1143.632773][T25139] sk_setsockopt+0x276/0x2a70 [ 1143.632791][T25139] ? __lock_acquire+0xab9/0xd20 [ 1143.632818][T25139] ? __pfx_sk_setsockopt+0x10/0x10 [ 1143.632834][T25139] ? do_raw_spin_lock+0x121/0x290 [ 1143.632869][T25139] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1143.632890][T25139] ? lockdep_hardirqs_on+0x9c/0x150 [ 1143.632914][T25139] ? __lock_acquire+0xab9/0xd20 [ 1143.632945][T25139] unix_setsockopt+0x158/0x2a0 [ 1143.633073][T25139] ? __pfx_unix_setsockopt+0x10/0x10 [ 1143.633094][T25139] ? __fget_files+0x2a/0x420 [ 1143.633116][T25139] ? __fget_files+0x2a/0x420 [ 1143.633133][T25139] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 1143.633152][T25139] ? __pfx_unix_setsockopt+0x10/0x10 [ 1143.633175][T25139] do_sock_setsockopt+0x17c/0x1b0 [ 1143.633200][T25139] __x64_sys_setsockopt+0x145/0x1b0 [ 1143.633225][T25139] do_syscall_64+0xfa/0xfa0 [ 1143.633245][T25139] ? lockdep_hardirqs_on+0x9c/0x150 [ 1143.633266][T25139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1143.633285][T25139] ? clear_bhb_loop+0x60/0xb0 [ 1143.633306][T25139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1143.633323][T25139] RIP: 0033:0x7f09f3a3efc9 [ 1143.633340][T25139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1143.633355][T25139] RSP: 002b:00007f09f1c9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1143.633375][T25139] RAX: ffffffffffffffda RBX: 00007f09f3c95fa0 RCX: 00007f09f3a3efc9 [ 1143.633388][T25139] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000004 [ 1143.633399][T25139] RBP: 00007f09f1c9e090 R08: 0000000000000010 R09: 0000000000000000 [ 1143.633411][T25139] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 1143.633423][T25139] R13: 00007f09f3c96038 R14: 00007f09f3c95fa0 R15: 00007ffe03703718 [ 1143.633455][T25139] [ 1143.644474][T24297] usb 1-1: Using ep0 maxpacket: 16 [ 1143.650512][T24297] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1143.650539][T24297] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1143.706956][T24297] usb 1-1: config 0 descriptor?? [ 1143.778609][T24297] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1144.004739][ T9554] usb 4-1: Firmware: major: 99, minor: 121, hardware type: UNKNOWN (48) [ 1144.208488][ T9554] usb 4-1: no permanent extended address found, random address set [ 1144.208575][ T9554] usb 4-1: atusb_probe: initialization failed, error = -524 [ 1144.208916][ T9554] atusb 4-1:0.128: probe with driver atusb failed with error -524 [ 1144.449580][T22386] usb 4-1: USB disconnect, device number 40 [ 1144.513499][ T9554] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 1144.589266][T24297] gspca_sonixj: reg_r err -32 [ 1144.589384][T24297] sonixj 1-1:0.0: probe with driver sonixj failed with error -32 [ 1144.683260][ T9554] usb 9-1: Using ep0 maxpacket: 16 [ 1144.686168][ T9554] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1144.686198][ T9554] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1144.693446][ T9554] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1144.693475][ T9554] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1144.693495][ T9554] usb 9-1: Product: syz [ 1144.693508][ T9554] usb 9-1: Manufacturer: syz [ 1144.693522][ T9554] usb 9-1: SerialNumber: syz [ 1144.718657][ T9554] usb 9-1: config 0 descriptor?? [ 1144.729480][ T9554] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1144.729510][ T9554] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 1145.343917][T24286] usb 4-1: new full-speed USB device number 41 using dummy_hcd [ 1145.436237][ T9554] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 1145.442002][ T9554] em28xx 9-1:0.0: Config register raw data: 0xfffffffb [ 1145.509334][T24286] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1145.509361][T24286] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1145.509380][T24286] usb 4-1: Product: syz [ 1145.509393][T24286] usb 4-1: Manufacturer: syz [ 1145.509407][T24286] usb 4-1: SerialNumber: syz [ 1145.545549][T24286] usb 4-1: config 0 descriptor?? [ 1145.644351][ T9554] em28xx 9-1:0.0: AC97 chip type couldn't be determined [ 1145.644372][ T9554] em28xx 9-1:0.0: No AC97 audio processor [ 1145.759141][T24286] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1145.961647][T24286] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1146.263700][T24286] usb 1-1: USB disconnect, device number 54 [ 1146.682996][T24286] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1146.835737][T24286] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1146.835771][T24286] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1146.835808][T24286] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1146.835830][T24286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1146.884858][T24286] usb 5-1: config 0 descriptor?? [ 1146.886008][ T9554] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 1147.053469][ T9554] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1147.053501][ T9554] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1147.053522][ T9554] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1147.053563][ T9554] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1147.053584][ T9554] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1147.063859][ T9554] usb 1-1: config 0 descriptor?? [ 1147.124356][T25206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1147.125103][T25206] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1147.292196][ T1622] usb 9-1: USB disconnect, device number 24 [ 1147.304303][ T1622] em28xx 9-1:0.0: Disconnecting em28xx [ 1147.307356][ T1622] em28xx 9-1:0.0: Freeing device [ 1147.336922][T24286] steelseries 0003:1038:1410.0052: item fetching failed at offset 3/7 [ 1147.337739][T24286] steelseries 0003:1038:1410.0052: parse failed [ 1147.337837][T24286] steelseries 0003:1038:1410.0052: probe with driver steelseries failed with error -22 [ 1147.537597][ T9554] plantronics 0003:047F:FFFF.0053: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1147.801900][T22386] usb 5-1: USB disconnect, device number 34 [ 1147.895575][T24286] usb 1-1: USB disconnect, device number 55 [ 1148.146276][T22386] usb 4-1: USB disconnect, device number 41 [ 1148.613969][T25267] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6217'. [ 1148.613992][T25267] netlink: 'syz.5.6217': attribute type 21 has an invalid length. [ 1148.663247][T22386] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 1148.693056][ T9554] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 1148.820656][T22386] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1148.820685][T22386] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.820703][T22386] usb 4-1: Product: syz [ 1148.820717][T22386] usb 4-1: Manufacturer: syz [ 1148.820730][T22386] usb 4-1: SerialNumber: syz [ 1148.873913][ T9554] usb 1-1: Using ep0 maxpacket: 16 [ 1148.877067][ T9554] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1148.877094][ T9554] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1148.893453][T22386] usb 4-1: config 0 descriptor?? [ 1148.922537][ T9554] usb 1-1: config 0 descriptor?? [ 1148.954230][ T9554] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1149.127040][T22386] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1149.354023][ T9554] gspca_sonixj: reg_r err -32 [ 1149.354123][ T9554] sonixj 1-1:0.0: probe with driver sonixj failed with error -32 [ 1150.591869][T24286] usb 9-1: new full-speed USB device number 25 using dummy_hcd [ 1150.859423][T24286] usb 9-1: no configurations [ 1150.859492][T24286] usb 9-1: can't read configurations, error -22 [ 1151.024237][T24286] usb 9-1: new full-speed USB device number 26 using dummy_hcd [ 1151.457346][T24286] usb 9-1: no configurations [ 1151.457366][T24286] usb 9-1: can't read configurations, error -22 [ 1151.457759][T24286] usb usb9-port1: attempt power cycle [ 1151.605803][T22386] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1151.625334][T22386] usb 4-1: USB disconnect, device number 42 [ 1151.669072][T24297] usb 1-1: USB disconnect, device number 56 [ 1151.758957][T25320] FAULT_INJECTION: forcing a failure. [ 1151.758957][T25320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1151.758991][T25320] CPU: 0 UID: 0 PID: 25320 Comm: syz.0.6227 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1151.759011][T25320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1151.759022][T25320] Call Trace: [ 1151.759029][T25320] [ 1151.759037][T25320] dump_stack_lvl+0x189/0x250 [ 1151.759063][T25320] ? __pfx____ratelimit+0x10/0x10 [ 1151.759085][T25320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1151.759104][T25320] ? __pfx__printk+0x10/0x10 [ 1151.759125][T25320] ? __might_fault+0xb0/0x130 [ 1151.759153][T25320] should_fail_ex+0x46c/0x600 [ 1151.759179][T25320] _copy_from_user+0x2d/0xb0 [ 1151.759199][T25320] ___sys_sendmsg+0x158/0x2a0 [ 1151.759221][T25320] ? __pfx____sys_sendmsg+0x10/0x10 [ 1151.759275][T25320] ? __fget_files+0x2a/0x420 [ 1151.759293][T25320] ? __fget_files+0x3a6/0x420 [ 1151.759321][T25320] __sys_sendmmsg+0x22d/0x430 [ 1151.759348][T25320] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1151.759377][T25320] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1151.759411][T25320] ? ksys_write+0x230/0x260 [ 1151.759430][T25320] ? __pfx_ksys_write+0x10/0x10 [ 1151.759453][T25320] __x64_sys_sendmmsg+0xa0/0xc0 [ 1151.759475][T25320] do_syscall_64+0xfa/0xfa0 [ 1151.759495][T25320] ? lockdep_hardirqs_on+0x9c/0x150 [ 1151.759515][T25320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.759532][T25320] ? clear_bhb_loop+0x60/0xb0 [ 1151.759561][T25320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.759578][T25320] RIP: 0033:0x7f3b3ac4efc9 [ 1151.759595][T25320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1151.759612][T25320] RSP: 002b:00007f3b38eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1151.759633][T25320] RAX: ffffffffffffffda RBX: 00007f3b3aea5fa0 RCX: 00007f3b3ac4efc9 [ 1151.759647][T25320] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 1151.759659][T25320] RBP: 00007f3b38eae090 R08: 0000000000000000 R09: 0000000000000000 [ 1151.759671][T25320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1151.759682][T25320] R13: 00007f3b3aea6038 R14: 00007f3b3aea5fa0 R15: 00007ffc9845bd78 [ 1151.759713][T25320] [ 1151.910677][T24286] usb 9-1: new full-speed USB device number 27 using dummy_hcd [ 1151.973092][T24286] usb 9-1: no configurations [ 1151.973111][T24286] usb 9-1: can't read configurations, error -22 [ 1151.977377][T25326] devpts: Unknown parameter '0x0000000000000003' [ 1152.153045][T24286] usb 9-1: new full-speed USB device number 28 using dummy_hcd [ 1152.179836][T24286] usb 9-1: no configurations [ 1152.179855][T24286] usb 9-1: can't read configurations, error -22 [ 1152.180193][T24286] usb usb9-port1: unable to enumerate USB device [ 1154.280649][T25336] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6231'. [ 1154.281149][T25336] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6231'. [ 1154.488985][T25336] bridge0: port 3(vlan2) entered blocking state [ 1154.489997][T25336] bridge0: port 3(vlan2) entered disabled state [ 1154.491772][T25336] vlan2: entered allmulticast mode [ 1154.491828][T25336] bridge0: entered allmulticast mode [ 1155.914705][T25336] vlan2: left allmulticast mode [ 1155.914727][T25336] bridge0: left allmulticast mode [ 1156.585766][ T5792] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 1157.009208][ T5792] usb 1-1: Using ep0 maxpacket: 16 [ 1157.017906][ T5792] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1157.017936][ T5792] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1157.049525][ T5792] usb 1-1: config 0 descriptor?? [ 1157.061373][ T5792] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1157.661469][ T5792] gspca_sonixj: reg_r err -32 [ 1157.661566][ T5792] sonixj 1-1:0.0: probe with driver sonixj failed with error -32 [ 1158.505683][ T5792] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1158.652977][ T5792] usb 4-1: Using ep0 maxpacket: 8 [ 1158.655783][ T5792] usb 4-1: config 0 has too many interfaces: 42, using maximum allowed: 32 [ 1158.655810][ T5792] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 42 [ 1158.655858][ T5792] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1158.655879][ T5792] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x67, changing to 0x7 [ 1158.655902][ T5792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1158.655924][ T5792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1158.655945][ T5792] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1158.655985][ T5792] usb 4-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=70.57 [ 1158.656006][ T5792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1158.661574][ T5792] usb 4-1: config 0 descriptor?? [ 1158.663077][T24286] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 1158.799780][ T5792] kobil_sct 4-1:0.0: KOBIL USB smart card terminal converter detected [ 1158.817186][ T5792] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 1158.935615][T24286] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1158.935642][T24286] usb 5-1: config 0 has no interfaces? [ 1158.945654][T24286] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1158.945682][T24286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1158.945698][T24286] usb 5-1: Product: syz [ 1158.945711][T24286] usb 5-1: Manufacturer: syz [ 1158.945724][T24286] usb 5-1: SerialNumber: syz [ 1158.971564][T24286] usb 5-1: config 0 descriptor?? [ 1158.987167][T22386] usb 1-1: USB disconnect, device number 57 [ 1159.159181][T24297] usb 4-1: USB disconnect, device number 43 [ 1159.168256][T24297] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 1159.168759][T24297] kobil_sct 4-1:0.0: device disconnected [ 1159.290558][T25388] FAULT_INJECTION: forcing a failure. [ 1159.290558][T25388] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1159.290593][T25388] CPU: 0 UID: 0 PID: 25388 Comm: syz.8.6245 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1159.290615][T25388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1159.290627][T25388] Call Trace: [ 1159.290635][T25388] [ 1159.290644][T25388] dump_stack_lvl+0x189/0x250 [ 1159.290670][T25388] ? __pfx____ratelimit+0x10/0x10 [ 1159.290692][T25388] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1159.290711][T25388] ? __pfx__printk+0x10/0x10 [ 1159.290749][T25388] should_fail_ex+0x46c/0x600 [ 1159.290783][T25388] _copy_to_user+0x31/0xb0 [ 1159.290805][T25388] simple_read_from_buffer+0xe1/0x170 [ 1159.290832][T25388] proc_fail_nth_read+0x1b6/0x220 [ 1159.290859][T25388] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1159.290884][T25388] ? rw_verify_area+0x2ac/0x4e0 [ 1159.290908][T25388] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1159.290933][T25388] vfs_read+0x206/0xa30 [ 1159.290976][T25388] ? __pfx_vfs_read+0x10/0x10 [ 1159.290997][T25388] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1159.291025][T25388] ? mutex_lock_nested+0x154/0x1d0 [ 1159.291042][T25388] ? fdget_pos+0x253/0x320 [ 1159.291071][T25388] ksys_read+0x14b/0x260 [ 1159.291086][T25388] ? __fget_files+0x2a/0x420 [ 1159.291107][T25388] ? __pfx_ksys_read+0x10/0x10 [ 1159.291122][T25388] ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0 [ 1159.291150][T25388] ? syscall_user_dispatch+0x4f/0x90 [ 1159.291178][T25388] do_syscall_64+0xfa/0xfa0 [ 1159.291198][T25388] ? lockdep_hardirqs_on+0x9c/0x150 [ 1159.291219][T25388] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1159.291237][T25388] ? clear_bhb_loop+0x60/0xb0 [ 1159.291258][T25388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1159.291275][T25388] RIP: 0033:0x7f09f3a3d9dc [ 1159.291292][T25388] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1159.291308][T25388] RSP: 002b:00007f09f1c9e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1159.291328][T25388] RAX: ffffffffffffffda RBX: 00007f09f3c95fa0 RCX: 00007f09f3a3d9dc [ 1159.291341][T25388] RDX: 000000000000000f RSI: 00007f09f1c9e0a0 RDI: 0000000000000003 [ 1159.291352][T25388] RBP: 00007f09f1c9e090 R08: 0000000000000000 R09: 0000000000000000 [ 1159.291364][T25388] R10: 00000000000fffe0 R11: 0000000000000246 R12: 0000000000000001 [ 1159.291375][T25388] R13: 00007f09f3c96038 R14: 00007f09f3c95fa0 R15: 00007ffe03703718 [ 1159.291408][T25388] [ 1159.423259][T22386] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 1159.583079][T22386] usb 1-1: Using ep0 maxpacket: 32 [ 1159.590715][T22386] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 1159.590744][T22386] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1159.596513][T22386] usb 1-1: config 0 descriptor?? [ 1159.615394][T22386] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 1160.878092][T22386] gspca_vc032x: reg_w err -110 [ 1160.878109][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878120][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878128][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878137][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878145][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878154][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878163][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878172][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878181][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878189][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878198][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878206][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878215][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878224][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878232][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878240][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878248][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878255][T22386] gspca_vc032x: I2c Bus Busy Wait 00 [ 1160.878262][T22386] gspca_vc032x: Unknown sensor... [ 1160.878346][T22386] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 1161.269441][ T5792] usb 4-1: new full-speed USB device number 44 using dummy_hcd [ 1161.415863][ T5792] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1161.415889][ T5792] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1161.415942][ T5792] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1161.415963][ T5792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1161.511095][ T5792] usb 4-1: config 0 descriptor?? [ 1161.523420][ T5792] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1161.523944][ T5792] dvb-usb: bulk message failed: -22 (3/0) [ 1161.537240][ T9554] usb 5-1: USB disconnect, device number 35 [ 1162.564487][ T5792] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1162.673551][ T5792] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1162.673619][ T5792] usb 4-1: media controller created [ 1162.677294][ T5792] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1162.734618][ T5792] dvb-usb: bulk message failed: -22 (6/0) [ 1162.734766][ T5792] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1162.765495][ T5792] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input11 [ 1162.786517][ T5792] dvb-usb: schedule remote query interval to 150 msecs. [ 1162.786539][ T5792] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1162.794534][T22386] usb 1-1: USB disconnect, device number 58 [ 1162.816040][ T5792] usb 4-1: USB disconnect, device number 44 [ 1162.913291][ T9538] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 1163.031052][ T5792] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1163.123299][ T9538] usb 9-1: Using ep0 maxpacket: 16 [ 1163.125821][ T9538] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1163.125852][ T9538] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1163.128609][ T9538] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1163.128646][ T9538] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1163.128664][ T9538] usb 9-1: Product: syz [ 1163.128678][ T9538] usb 9-1: Manufacturer: syz [ 1163.128691][ T9538] usb 9-1: SerialNumber: syz [ 1163.191549][ T1622] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 1163.211542][ T9538] usb 9-1: config 0 descriptor?? [ 1163.230312][ T9538] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1163.230343][ T9538] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 1163.253050][T22386] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 1163.332996][ T1622] usb 5-1: Using ep0 maxpacket: 16 [ 1163.336327][ T1622] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1163.336353][ T1622] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1163.349641][ T1622] usb 5-1: config 0 descriptor?? [ 1163.370127][ T1622] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1163.418461][T22386] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1163.418487][T22386] usb 1-1: config 0 has no interfaces? [ 1163.440901][T22386] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1163.440930][T22386] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1163.440949][T22386] usb 1-1: Product: syz [ 1163.440962][T22386] usb 1-1: Manufacturer: syz [ 1163.440976][T22386] usb 1-1: SerialNumber: syz [ 1163.477775][T22386] usb 1-1: config 0 descriptor?? [ 1163.523249][ T5792] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1163.675635][ T5792] usb 4-1: no configurations [ 1163.675654][ T5792] usb 4-1: can't read configurations, error -22 [ 1163.781507][ T1622] gspca_sonixj: reg_r err -32 [ 1163.781812][ T1622] sonixj 5-1:0.0: probe with driver sonixj failed with error -32 [ 1163.813372][ T5792] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 1163.881225][ T9538] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 1163.894205][ T9538] em28xx 9-1:0.0: Config register raw data: 0xfffffffb [ 1163.951491][T25485] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6265'. [ 1163.974324][ T5792] usb 4-1: no configurations [ 1163.974344][ T5792] usb 4-1: can't read configurations, error -22 [ 1163.974906][ T5792] usb usb4-port1: attempt power cycle [ 1164.301885][ T9538] em28xx 9-1:0.0: AC97 chip type couldn't be determined [ 1164.301907][ T9538] em28xx 9-1:0.0: No AC97 audio processor [ 1164.313026][ T5792] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1164.352756][ T5792] usb 4-1: no configurations [ 1164.352775][ T5792] usb 4-1: can't read configurations, error -22 [ 1164.488327][ T5792] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1164.510540][ T5792] usb 4-1: no configurations [ 1164.510559][ T5792] usb 4-1: can't read configurations, error -22 [ 1164.514558][ T5792] usb usb4-port1: unable to enumerate USB device [ 1165.635332][T24297] usb 9-1: USB disconnect, device number 29 [ 1165.637869][T24297] em28xx 9-1:0.0: Disconnecting em28xx [ 1165.669519][T24297] em28xx 9-1:0.0: Freeing device [ 1165.697724][T25556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1165.697964][T25556] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1165.967480][ T9538] usb 5-1: USB disconnect, device number 36 [ 1166.013015][T24297] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 1166.121303][ T5792] usb 1-1: USB disconnect, device number 59 [ 1166.187588][T24297] usb 9-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1166.187618][T24297] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1166.187637][T24297] usb 9-1: Product: syz [ 1166.187650][T24297] usb 9-1: Manufacturer: syz [ 1166.187663][T24297] usb 9-1: SerialNumber: syz [ 1166.423131][ T9538] usb 5-1: new full-speed USB device number 37 using dummy_hcd [ 1166.442729][T24297] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 1166.442783][T24297] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 1166.442800][T24297] lan78xx 9-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1166.513853][T24297] lan78xx 9-1:1.0: probe with driver lan78xx failed with error -71 [ 1166.541260][T24297] usb 9-1: USB disconnect, device number 30 [ 1166.543053][T24286] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 1166.585247][ T9538] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1166.585273][ T9538] usb 5-1: config 0 has no interfaces? [ 1166.588275][ T9538] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1166.588301][ T9538] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1166.588320][ T9538] usb 5-1: Product: syz [ 1166.588342][ T9538] usb 5-1: Manufacturer: syz [ 1166.588355][ T9538] usb 5-1: SerialNumber: syz [ 1166.591651][ T9538] usb 5-1: config 0 descriptor?? [ 1166.737056][T24286] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1166.737081][T24286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1166.737092][T24286] usb 1-1: Product: syz [ 1166.737100][T24286] usb 1-1: Manufacturer: syz [ 1166.737107][T24286] usb 1-1: SerialNumber: syz [ 1166.776148][T24286] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1167.282567][ T9538] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1168.363168][ T1622] usb 9-1: new high-speed USB device number 31 using dummy_hcd [ 1168.433478][ T9538] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1168.444432][ T9538] ath9k_htc: Failed to initialize the device [ 1168.536541][ T1622] usb 9-1: Using ep0 maxpacket: 16 [ 1168.544897][ T1622] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1168.544929][ T1622] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1168.551639][ T1622] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1168.551664][ T1622] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1168.551680][ T1622] usb 9-1: Product: syz [ 1168.551693][ T1622] usb 9-1: Manufacturer: syz [ 1168.551707][ T1622] usb 9-1: SerialNumber: syz [ 1168.575955][ T1622] usb 9-1: config 0 descriptor?? [ 1168.639289][ T1622] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1168.639324][ T1622] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class) [ 1168.746623][ T9538] usb 1-1: ath9k_htc: USB layer deinitialized [ 1169.687809][T25601] kexec: Could not allocate control_code_buffer [ 1169.837113][ T1622] em28xx 9-1:0.0: unknown em28xx chip ID (0) [ 1169.838366][ T1622] em28xx 9-1:0.0: Config register raw data: 0xfffffffb [ 1169.922496][T24286] usb 5-1: USB disconnect, device number 37 [ 1170.174992][ T9538] usb 1-1: USB disconnect, device number 60 [ 1170.246416][ T1622] em28xx 9-1:0.0: AC97 chip type couldn't be determined [ 1170.246437][ T1622] em28xx 9-1:0.0: No AC97 audio processor [ 1170.293513][T25650] netlink: 'syz.5.6284': attribute type 12 has an invalid length. [ 1170.528002][T25660] ip6tnl0: Master is either lo or non-ether device [ 1170.610619][T25666] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6287'. [ 1170.638266][T25664] loop6: detected capacity change from 0 to 7 [ 1170.679311][T25664] Dev loop6: unable to read RDB block 7 [ 1170.679383][T25664] loop6: unable to read partition table [ 1170.679731][T25664] loop6: partition table beyond EOD, truncated [ 1170.679750][T25664] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1170.822957][ T9554] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1170.922575][T25675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6290'. [ 1170.995132][ T9554] usb 5-1: Using ep0 maxpacket: 16 [ 1170.997426][ T9554] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1170.997453][ T9554] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1171.036392][ T9554] usb 5-1: config 0 descriptor?? [ 1171.058854][ T9554] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 1171.403479][ T9538] usb 9-1: USB disconnect, device number 31 [ 1171.406058][ T9538] em28xx 9-1:0.0: Disconnecting em28xx [ 1171.426669][ T9538] em28xx 9-1:0.0: Freeing device [ 1172.269373][T25652] netlink: 'syz.4.6285': attribute type 12 has an invalid length. [ 1172.289525][ T9554] gspca_sonixj: reg_w1 err -71 [ 1172.317224][ T9554] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 1172.320411][ T9554] usb 5-1: USB disconnect, device number 38 [ 1172.438319][T25723] netlink: 'syz.3.6305': attribute type 1 has an invalid length. [ 1172.438343][T25723] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6305'. [ 1172.488452][T25726] tls_set_device_offload_rx: netdev not found [ 1172.594660][T25731] netlink: 412 bytes leftover after parsing attributes in process `syz.3.6307'. [ 1173.008505][T25751] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1173.509145][T25754] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1173.521714][T25754] batadv_slave_1: entered promiscuous mode [ 1173.521742][T25754] batadv_slave_1: entered allmulticast mode [ 1173.693278][T25776] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6320'. [ 1173.797446][T25781] openvswitch: netlink: Message has 2688 unknown bytes. [ 1174.211120][T25800] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1174.662587][T25824] netlink: 'syz.3.6337': attribute type 11 has an invalid length. [ 1174.662608][T25824] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6337'. [ 1174.856938][T25831] netlink: 'syz.0.6338': attribute type 1 has an invalid length. [ 1174.865504][T25835] netlink: del zone limit has 4 unknown bytes [ 1174.866391][T25834] netlink: 'syz.3.6340': attribute type 1 has an invalid length. [ 1174.866408][T25834] netlink: 212 bytes leftover after parsing attributes in process `syz.3.6340'. [ 1174.866432][T25834] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6340'. [ 1176.492807][T25851] bridge0: port 2(bridge_slave_1) entered disabled state [ 1176.497418][T25851] bridge0: port 1(bridge_slave_0) entered disabled state [ 1176.662111][T25879] openvswitch: netlink: EtherType 300 is less than min 600 [ 1176.762182][T25881] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6354'. [ 1176.853789][T25883] netlink: 408 bytes leftover after parsing attributes in process `syz.4.6355'. [ 1177.300042][T25851] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1177.325682][T25851] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1177.404018][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.628581][T25889] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6358'. [ 1178.509089][T25859] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6349'. [ 1178.510286][T25859] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6349'. [ 1178.779734][ T1913] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.795046][ T1913] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.810192][ T1913] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.810243][ T1913] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1178.814124][T25901] tipc: Started in network mode [ 1178.814151][T25901] tipc: Node identity ac14140f, cluster identity 4711 [ 1178.822593][T25901] tipc: New replicast peer: 255.255.255.255 [ 1178.826350][T25901] tipc: Enabled bearer , priority 10 [ 1178.829820][T25901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6361'. [ 1179.034128][T25912] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1179.103054][T25914] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6365'. [ 1179.937494][ T1622] tipc: Node number set to 2886997007 [ 1180.212643][T25963] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6379'. [ 1180.377916][T25972] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6380'. [ 1182.029062][T25964] team0 (unregistering): Port device team_slave_0 removed [ 1182.071502][T25964] team0 (unregistering): Port device team_slave_1 removed [ 1182.520907][ T12] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 20002 - 0 [ 1182.722962][ T12] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 20002 - 0 [ 1182.879048][ T12] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 20002 - 0 [ 1183.009633][T26053] netlink: 'syz.3.6400': attribute type 13 has an invalid length. [ 1183.053771][T26056] netlink: 404 bytes leftover after parsing attributes in process `syz.4.6401'. [ 1183.058113][ T12] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 20002 - 0 [ 1183.059428][T26054] netlink: 'syz.8.6399': attribute type 1 has an invalid length. [ 1183.514290][T26053] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1183.598078][T26054] bond1: entered promiscuous mode [ 1183.598628][T26054] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1183.657225][T26081] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6406'. [ 1183.877454][T26066] bond1: (slave bridge1): making interface the new active one [ 1183.877478][T26066] bridge1: entered promiscuous mode [ 1183.879197][T26066] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 1184.454813][T26109] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6417'. [ 1184.520368][T26113] netlink: 68 bytes leftover after parsing attributes in process `syz.8.6418'. [ 1184.562434][T26115] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6419'. [ 1184.860169][T26133] netlink: 256 bytes leftover after parsing attributes in process `syz.4.6423'. [ 1187.388655][T26230] netlink: 'syz.4.6461': attribute type 1 has an invalid length. [ 1187.388678][T26230] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6461'. [ 1187.464017][T26237] netlink: zone id is out of range [ 1187.464032][T26237] netlink: del zone limit has 4 unknown bytes [ 1187.729573][T26247] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6466'. [ 1188.346809][T26267] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1188.663083][T26283] netlink: 'syz.8.6480': attribute type 1 has an invalid length. [ 1188.816842][T26283] bond2: entered promiscuous mode [ 1188.817434][T26283] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1189.006046][T26288] bond2: (slave bridge2): making interface the new active one [ 1189.006098][T26288] bridge2: entered promiscuous mode [ 1189.007314][T26288] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 1189.272201][T26310] vlan2: entered promiscuous mode [ 1189.272223][T26310] bridge0: entered promiscuous mode [ 1189.333715][T26313] nbd: device at index 8 is going down [ 1190.236556][T25923] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1190.236582][T25923] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1190.391938][T25923] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1190.391960][T25923] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 1190.714190][T26375] netlink: zone id is out of range [ 1191.942277][T26400] netlink: zone id is out of range [ 1192.082023][T26409] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6526'. [ 1192.083066][T26410] netlink: zone id is out of range [ 1193.649773][T25923] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1193.649795][T25923] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1193.817263][T25923] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1193.817284][T25923] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1194.017279][T25923] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1194.017300][T25923] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1194.111751][T26453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6546'. [ 1194.863605][T26483] ------------[ cut here ]------------ [ 1194.863629][T26483] WARNING: CPU: 0 PID: 26483 at ./include/linux/seqlock.h:221 cgroup_freeze+0x80a/0xf90 [ 1194.863666][T26483] Modules linked in: [ 1194.863686][T26483] CPU: 0 UID: 0 PID: 26483 Comm: syz.4.6557 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1194.863709][T26483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1194.863721][T26483] RIP: 0010:cgroup_freeze+0x80a/0xf90 [ 1194.863738][T26483] Code: 90 e9 9e fb ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c e7 f9 ff ff 4c 89 f7 e8 c1 1f 68 00 e9 da f9 ff ff e8 37 68 06 00 90 <0f> 0b 90 e9 10 fc ff ff 44 89 f9 80 e1 07 38 c1 48 8b 0c 24 0f 8c [ 1194.863754][T26483] RSP: 0018:ffffc9000947f8e0 EFLAGS: 00010287 [ 1194.863771][T26483] RAX: ffffffff81b8a4d9 RBX: 0000000000000000 RCX: 0000000000080000 [ 1194.863785][T26483] RDX: ffffc90014159000 RSI: 00000000000000a8 RDI: 00000000000000a9 [ 1194.863799][T26483] RBP: ffffc9000947fa70 R08: 0000000000000000 R09: 0000000000000000 [ 1194.863812][T26483] R10: dffffc0000000000 R11: fffffbfff1deed6f R12: dffffc0000000000 [ 1194.863828][T26483] R13: 0000000000000000 R14: 0000000000000001 R15: ffff888036c6c791 [ 1194.863841][T26483] FS: 00007fafca13d6c0(0000) GS:ffff888126bc2000(0000) knlGS:0000000000000000 [ 1194.863856][T26483] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1194.863870][T26483] CR2: 000000110c2bdf95 CR3: 000000002e364000 CR4: 00000000003526f0 [ 1194.863888][T26483] Call Trace: [ 1194.863903][T26483] [ 1194.863919][T26483] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1194.863951][T26483] ? __pfx_cgroup_freeze+0x10/0x10 [ 1194.863989][T26483] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1194.864014][T26483] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1194.864036][T26483] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1194.864069][T26483] ? mutex_lock_nested+0x154/0x1d0 [ 1194.864087][T26483] ? cgroup_kn_lock_live+0x13c/0x230 [ 1194.864120][T26483] cgroup_freeze_write+0x156/0x1c0 [ 1194.864146][T26483] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 1194.864168][T26483] ? kernfs_root+0x1c/0x230 [ 1194.864189][T26483] ? kernfs_root+0x1c/0x230 [ 1194.864213][T26483] ? kernfs_root+0x1ea/0x230 [ 1194.864235][T26483] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 1194.864259][T26483] cgroup_file_write+0x39e/0x740 [ 1194.864288][T26483] ? __pfx_cgroup_file_write+0x10/0x10 [ 1194.864324][T26483] ? __pfx_cgroup_file_write+0x10/0x10 [ 1194.864340][T26483] kernfs_fop_write_iter+0x3b0/0x540 [ 1194.864366][T26483] vfs_write+0x5d5/0xb40 [ 1194.864389][T26483] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1194.864410][T26483] ? __pfx_vfs_write+0x10/0x10 [ 1194.864425][T26483] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1194.864453][T26483] ? mutex_lock_nested+0x154/0x1d0 [ 1194.864471][T26483] ? fdget_pos+0x253/0x320 [ 1194.864501][T26483] ksys_write+0x14b/0x260 [ 1194.864522][T26483] ? __pfx_ksys_write+0x10/0x10 [ 1194.864546][T26483] ? do_syscall_64+0xbe/0xfa0 [ 1194.864574][T26483] do_syscall_64+0xfa/0xfa0 [ 1194.864594][T26483] ? lockdep_hardirqs_on+0x9c/0x150 [ 1194.864617][T26483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.864636][T26483] ? clear_bhb_loop+0x60/0xb0 [ 1194.864659][T26483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.864677][T26483] RIP: 0033:0x7fafcbefefc9 [ 1194.864695][T26483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.864710][T26483] RSP: 002b:00007fafca13d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1194.864730][T26483] RAX: ffffffffffffffda RBX: 00007fafcc156090 RCX: 00007fafcbefefc9 [ 1194.864744][T26483] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 000000000000000a [ 1194.864758][T26483] RBP: 00007fafcbf81f91 R08: 0000000000000000 R09: 0000000000000000 [ 1194.864770][T26483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1194.864782][T26483] R13: 00007fafcc156128 R14: 00007fafcc156090 R15: 00007ffed7af6f08 [ 1194.864819][T26483] [ 1194.864839][T26483] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1194.864855][T26483] CPU: 0 UID: 0 PID: 26483 Comm: syz.4.6557 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1194.864876][T26483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1194.864888][T26483] Call Trace: [ 1194.864902][T26483] [ 1194.864909][T26483] dump_stack_lvl+0x99/0x250 [ 1194.864933][T26483] ? __asan_memcpy+0x40/0x70 [ 1194.864959][T26483] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1194.864981][T26483] ? __pfx__printk+0x10/0x10 [ 1194.865020][T26483] vpanic+0x237/0x6d0 [ 1194.865065][T26483] ? __pfx_vpanic+0x10/0x10 [ 1194.865098][T26483] panic+0xb9/0xc0 [ 1194.865117][T26483] ? __pfx_panic+0x10/0x10 [ 1194.865154][T26483] __warn+0x31b/0x4b0 [ 1194.865171][T26483] ? cgroup_freeze+0x80a/0xf90 [ 1194.865191][T26483] ? cgroup_freeze+0x80a/0xf90 [ 1194.865209][T26483] report_bug+0x2be/0x4f0 [ 1194.865320][T26483] ? cgroup_freeze+0x80a/0xf90 [ 1194.865339][T26483] ? cgroup_freeze+0x80a/0xf90 [ 1194.865357][T26483] ? cgroup_freeze+0x80c/0xf90 [ 1194.865375][T26483] handle_bug+0x84/0x160 [ 1194.865401][T26483] exc_invalid_op+0x1a/0x50 [ 1194.865426][T26483] asm_exc_invalid_op+0x1a/0x20 [ 1194.865444][T26483] RIP: 0010:cgroup_freeze+0x80a/0xf90 [ 1194.865462][T26483] Code: 90 e9 9e fb ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c e7 f9 ff ff 4c 89 f7 e8 c1 1f 68 00 e9 da f9 ff ff e8 37 68 06 00 90 <0f> 0b 90 e9 10 fc ff ff 44 89 f9 80 e1 07 38 c1 48 8b 0c 24 0f 8c [ 1194.865478][T26483] RSP: 0018:ffffc9000947f8e0 EFLAGS: 00010287 [ 1194.865495][T26483] RAX: ffffffff81b8a4d9 RBX: 0000000000000000 RCX: 0000000000080000 [ 1194.865509][T26483] RDX: ffffc90014159000 RSI: 00000000000000a8 RDI: 00000000000000a9 [ 1194.865522][T26483] RBP: ffffc9000947fa70 R08: 0000000000000000 R09: 0000000000000000 [ 1194.865535][T26483] R10: dffffc0000000000 R11: fffffbfff1deed6f R12: dffffc0000000000 [ 1194.865550][T26483] R13: 0000000000000000 R14: 0000000000000001 R15: ffff888036c6c791 [ 1194.865573][T26483] ? cgroup_freeze+0x809/0xf90 [ 1194.865605][T26483] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1194.865632][T26483] ? __pfx_cgroup_freeze+0x10/0x10 [ 1194.865648][T26483] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1194.865672][T26483] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1194.865693][T26483] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1194.865724][T26483] ? mutex_lock_nested+0x154/0x1d0 [ 1194.865742][T26483] ? cgroup_kn_lock_live+0x13c/0x230 [ 1194.865773][T26483] cgroup_freeze_write+0x156/0x1c0 [ 1194.865798][T26483] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 1194.865837][T26483] ? kernfs_root+0x1c/0x230 [ 1194.865859][T26483] ? kernfs_root+0x1c/0x230 [ 1194.865884][T26483] ? kernfs_root+0x1ea/0x230 [ 1194.865911][T26483] ? __pfx_cgroup_freeze_write+0x10/0x10 [ 1194.865936][T26483] cgroup_file_write+0x39e/0x740 [ 1194.865964][T26483] ? __pfx_cgroup_file_write+0x10/0x10 [ 1194.866000][T26483] ? __pfx_cgroup_file_write+0x10/0x10 [ 1194.866017][T26483] kernfs_fop_write_iter+0x3b0/0x540 [ 1194.866045][T26483] vfs_write+0x5d5/0xb40 [ 1194.866070][T26483] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1194.866093][T26483] ? __pfx_vfs_write+0x10/0x10 [ 1194.866108][T26483] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1194.866140][T26483] ? mutex_lock_nested+0x154/0x1d0 [ 1194.866157][T26483] ? fdget_pos+0x253/0x320 [ 1194.866188][T26483] ksys_write+0x14b/0x260 [ 1194.866210][T26483] ? __pfx_ksys_write+0x10/0x10 [ 1194.866234][T26483] ? do_syscall_64+0xbe/0xfa0 [ 1194.866261][T26483] do_syscall_64+0xfa/0xfa0 [ 1194.866282][T26483] ? lockdep_hardirqs_on+0x9c/0x150 [ 1194.866304][T26483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.866323][T26483] ? clear_bhb_loop+0x60/0xb0 [ 1194.866347][T26483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.866365][T26483] RIP: 0033:0x7fafcbefefc9 [ 1194.866381][T26483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.866397][T26483] RSP: 002b:00007fafca13d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1194.866415][T26483] RAX: ffffffffffffffda RBX: 00007fafcc156090 RCX: 00007fafcbefefc9 [ 1194.866430][T26483] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 000000000000000a [ 1194.866443][T26483] RBP: 00007fafcbf81f91 R08: 0000000000000000 R09: 0000000000000000 [ 1194.866455][T26483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1194.866468][T26483] R13: 00007fafcc156128 R14: 00007fafcc156090 R15: 00007ffed7af6f08 [ 1194.866505][T26483] [ 1194.866757][T26483] Kernel Offset: disabled