last executing test programs: 40.600929014s ago: executing program 2 (id=2954): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) uname(&(0x7f0000000080)=""/186) r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') r3 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') socket$nl_xfrm(0x10, 0x3, 0x6) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020) getrlimit(0x974b33aea5c8d644, &(0x7f00000001c0)) pread64(r3, &(0x7f0000002240)=""/237, 0xed, 0x4eb) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000002adfdc61240aecba000080000000080000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x18) sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, &(0x7f000001cc00)=[@rdma_dest={0x18, 0x114, 0x2, {0x3, 0x8}}, @rdma_args={0x48, 0x114, 0x1, {{0x6, 0xa97}, {&(0x7f0000002480)=""/231, 0xe7}, &(0x7f0000002680)=[{&(0x7f0000002580)=""/53, 0x35}, {&(0x7f00000025c0)=""/5, 0x5}, {&(0x7f0000002600)=""/98, 0x62}, {&(0x7f000001b700)=""/4096, 0x1000}], 0x4, 0x10, 0x4}}, @fadd={0x58, 0x114, 0x6, {{0x10000}, &(0x7f00000026c0), &(0x7f000001c700)=0x7fffffff, 0x6, 0xfff, 0xffff, 0x1ff, 0x10, 0xc6f6}}, @mask_fadd={0x58, 0x114, 0x8, {{0x3, 0x4d}, &(0x7f000001c740)=0x3, &(0x7f000001c780)=0xffffffffffffff4e, 0xc, 0x8000000000000000, 0x1, 0x5, 0x10, 0x10}}, @mask_fadd={0x58, 0x114, 0x8, {{0x1, 0x9}, &(0x7f000001ca80), &(0x7f000001cac0)=0x9, 0xfc1, 0x7, 0x7, 0x6, 0x4c, 0xc0cc}}, @zcopy_cookie={0x18, 0x114, 0xc, 0xfffff629}, @mask_fadd={0x58, 0x114, 0x8, {{0x3, 0xfffffffe}, &(0x7f000001cb00)=0x2, &(0x7f000001cb40)=0x2, 0x920, 0x3, 0x7, 0x1000, 0x2, 0x8}}, @mask_cswp={0x58, 0x114, 0x9, {{0x5, 0xbad2}, 0x0, &(0x7f000001cbc0)=0x232, 0x401, 0x9, 0x5, 0x2, 0x8, 0x9}}], 0x230}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000023c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYRESHEX=r2, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000a000000181100", @ANYRES16=r0, @ANYBLOB], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) 38.617922466s ago: executing program 2 (id=2956): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) socket$nl_generic(0x10, 0x3, 0x10) setreuid(0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd) 37.10621584s ago: executing program 2 (id=2958): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 36.772321393s ago: executing program 2 (id=2961): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) kexec_load(0x3, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x9}], 0x1) syz_emit_ethernet(0x22, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaabb0180c200000188a800"], 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[@ANYBLOB="0380c20000000000000000000800450000380000ee9d00019078ac1e0001ac1414aa030190781201183f2500000000230000000100007f0000017f00000100186371ae9b1c03d96f64b1f04ffe539a831c3e9ec53a6620941155105c720fbb2c7bbef01d9c0304d4df9438cee70a70125aa61bb7967fe0785b9b9c845dcb044afa3d3552f4b5159131124f273e536bd6468cf5d3078229a680"], 0x0) syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c000000290c530a64e755ffd31e0c1d5aa3542b6fa0e3e8e6661b4c6a47ae1f634be8d609d68d5d3536731569c0fda34d5f4e148ab770a8381f6bae6ae4687d1ae362da3824f18c1df3262c83c4f1c9f55018b876966e106b8a1244ff7f1bf11a108c29ca63e0566a2778a393d05447cb79bb8ea9257e60899e95fb0979d053fb50353f33a9cc7c2bbbbcb53a8ec160eb99cb8eb5d65dd42ffd90a5e1c83e9f223478a2b63f779cd2cc08a92764db8bb55d3e6b1007c03c12df1a80a9c1a65145a71cab3e5004659a9645c5e746d793d3ccb015c8d598bff8", @ANYRES16=r1, @ANYBLOB="200026bd7000fddbdf250d00000006000800a1aa000005001800c60000000500190001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4048104}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000440)={'filter\x00', 0x4}, 0x68) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$nl_route(r2, &(0x7f0000000c00)={0x0, 0x20, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="2c00000018000109000000000000000002180000fe0000080000000208000100ac1414"], 0x2c}, 0x1, 0x0, 0x0, 0x20}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, 0x0) r6 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$sock(r6, &(0x7f00000002c0)={&(0x7f0000000100)=@isdn={0x22, 0x7, 0x8, 0x1, 0x6}, 0x80, 0x0}, 0xc0a4) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b30, &(0x7f0000000400)={'wlan0\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003afe0620e6040b000001010203010902240001000010000904140002a024260009050602ff03000045090582020800000000"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) 32.270041572s ago: executing program 2 (id=2969): openat$kvm(0xffffffffffffff9c, 0x0, 0x20200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getrlimit(0x1, &(0x7f0000000000)) socket$packet(0x11, 0x3, 0x300) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20}, 0xfdef) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885, 0x0, 0x0, 0xb9, 0x0, r1}, &(0x7f0000000340)=0x0, &(0x7f0000002300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) r5 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) read$FUSE(r5, &(0x7f0000002340)={0x2020}, 0x2020) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x106f) 30.883201561s ago: executing program 2 (id=2972): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x3915, 0x4) r1 = syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ffd26f10cb060600eb9a0102030109022400010000000009040001020a16d1000905070000000000000905899b"], 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) openat$mice(0xffffff9c, &(0x7f0000000040), 0x105040) syz_open_dev$MSR(&(0x7f0000000000), 0xfffffffffffffffa, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) quotactl_fd$Q_SYNC(r0, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x18, 0x50}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) sendmsg$kcm(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c00000022008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 18.630250418s ago: executing program 1 (id=2993): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1d69e40cd0c3500970a010203010902348001000000000904"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x40}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xe3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000050000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008008000b703000000009c8c850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) mkdir(0x0, 0x88) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000005) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00') writev(r4, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) setresuid(0x0, 0xee00, 0x0) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) utime(&(0x7f0000000000)='./file0\x00', 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00') 14.630633131s ago: executing program 1 (id=3002): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) unshare(0x20000400) r1 = socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) mount_setattr(0xffffffffffffffff, &(0x7f00000040c0)='./file0\x00', 0x1800, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) connect$pppl2tp(r1, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x3, 0x1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) socket$inet6(0xa, 0x80002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00'}, 0x10) r7 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @remote}}) ioctl$sock_inet_SIOCSARP(r7, 0x8953, &(0x7f0000000000)={{0x2, 0x4e22, @dev}, {0x0, @multicast}, 0x38, {0x2, 0x2, @broadcast}, 'syz_tun\x00'}) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_ACCEPT={0xd, 0x0, 0x4, r4, 0x0, 0x0, 0x0, 0x80800}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000d300000095", @ANYRESOCT=r5], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 10.366599647s ago: executing program 3 (id=3013): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) kexec_load(0x3, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x9}], 0x1) syz_emit_ethernet(0x22, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaabb0180c200000188a8000088"], 0x0) connect$inet(r0, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[@ANYBLOB="0380c20000000000000000000800450000380000ee9d00019078ac1e0001ac1414aa030190781201183f2500000000230000000100007f0000017f00000100186371ae9b1c03d96f64b1f04ffe539a831c3e9ec53a6620941155105c720fbb2c7bbef01d9c0304d4df9438cee70a70125aa61bb7967fe0785b9b9c845dcb044afa3d3552f4b5159131124f273e536bd6468cf5d3078229a680"], 0x0) syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c000000290c530a64e755ffd31e0c1d5aa3542b6fa0e3e8e6661b4c6a47ae1f634be8d609d68d5d3536731569c0fda34d5f4e148ab770a8381f6bae6ae4687d1ae362da3824f18c1df3262c83c4f1c9f55018b876966e106b8a1244ff7f1bf11a108c29ca63e0566a2778a393d05447cb79bb8ea9257e60899e95fb0979d053fb50353f33a9cc7c2bbbbcb53a8ec160eb99cb8eb5d65dd42ffd90a5e1c83e9f223478a2b63f779cd2cc08a92764db8bb55d3e6b1007c03c12df1a80a9c1a65145a71cab3e5004659a9645c5e746d793d3ccb015c8d598bff8", @ANYRES16=r1, @ANYBLOB="200026bd7000fddbdf250d00000006000800a1aa000005001800c60000000500190001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4048104}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000440)={'filter\x00', 0x4}, 0x68) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$nl_route(r2, &(0x7f0000000c00)={0x0, 0x20, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="2c00000018000109000000000000000002180000fe0000080000000208000100ac1414"], 0x2c}, 0x1, 0x0, 0x0, 0x20}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, 0x0) r6 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$sock(r6, &(0x7f00000002c0)={&(0x7f0000000100)=@isdn={0x22, 0x7, 0x8, 0x1, 0x6}, 0x80, 0x0}, 0xc0a4) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b30, &(0x7f0000000400)={'wlan0\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003afe0620e6040b000001010203010902240001000010000904140002a024260009050602ff03000045090582020800000000"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) 10.089231198s ago: executing program 4 (id=3014): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x2b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket(0x2, 0x80805, 0x0) setsockopt(r2, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0) close(r7) ioctl$KVM_CHECK_EXTENSION(r8, 0xae01, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8}) r9 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r9, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) bind$inet6(r9, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r9, 0x84, 0x65, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @local}, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x2c) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000080)={0xf000, 0x388000, 0x8}) socket$nl_route(0x10, 0x3, 0x0) 9.983422185s ago: executing program 1 (id=3015): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r8, 0x0, 0x0) ioctl$sock_inet_SIOCDARP(r8, 0x8954, &(0x7f0000000240)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1}, 0x6, {0x2, 0x0, @rand_addr=0x64010102}, 'syz_tun\x00'}) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x0) pipe2$watch_queue(0x0, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, 0xffffffffffffffff, 0x17) close_range(r7, 0xffffffffffffffff, 0x0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x34, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}]}, 0x34}}, 0x0) 9.72515612s ago: executing program 1 (id=3016): syz_open_dev$tty1(0xc, 0x4, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x30, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x18b801, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]}) chdir(&(0x7f0000000140)='./file0\x00') r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r3, 0x0) write(r3, &(0x7f0000000000)="ef", 0x1) fallocate(r3, 0x0, 0x0, 0x1000f4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) mq_unlink(&(0x7f0000000080)='\x00') bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r5, 0x0, 0x0}, 0x20) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) read$alg(r1, &(0x7f0000000240)=""/4096, 0xfffffdef) pipe2$watch_queue(0x0, 0x80) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000430109029200030172e5000904000000010100000a24010000000201020c0d240700000500006e626805000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES32=r0, @ANYRES16=r0], 0x0) 8.710264637s ago: executing program 4 (id=3017): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22042, 0x0) syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) r0 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x0, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) (fail_nth: 1) 8.18491397s ago: executing program 0 (id=3019): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000240)={0x2}) syz_open_dev$tty1(0xc, 0x4, 0x1) open(0x0, 0x0, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101043, 0x5a) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000000)={0x1, 0x3, 0x0, 0x5}) fcntl$lock(r4, 0x24, &(0x7f0000000080)={0x0, 0x0, 0x8}) select(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$clear(0x7, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) 8.184092988s ago: executing program 4 (id=3020): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xa0200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x4a, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100)) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) ioctl$KVM_RUN(r3, 0xae80, 0x0) 7.06945566s ago: executing program 0 (id=3021): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180300001700000000000000ff000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6e, @void, @value}, 0x94) setxattr$security_ima(0x0, 0x0, &(0x7f00000013c0)=ANY=[], 0x700, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x2000300, 0xe, 0xffffffffffffffd1, &(0x7f0000000100)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x4b58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$inet6_tcp(0xa, 0x1, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0xff) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/254, 0xfe}], 0x1, 0x0, 0x0) 6.993837693s ago: executing program 3 (id=3022): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setreuid(0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd) 5.827906644s ago: executing program 3 (id=3023): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000008c0)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) r2 = syz_open_dev$vivid(&(0x7f0000000100), 0x0, 0x2) ioctl$VIDIOC_QUERYMENU(r2, 0xc02c5625, &(0x7f0000000140)={0x2, 0xe6, @name="a84f95d41fa1f6e6099cf56513711605501a2f34bccd244acc346916c9e489cd"}) r3 = openat$mice(0xffffffffffffff9c, &(0x7f00000018c0), 0x80082) write$binfmt_misc(r3, &(0x7f0000000240)="3e1a309b0dfcbabac1200500000000000000eb000000000e00000000", 0x5) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x8042, 0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, &(0x7f0000000340)=0x402, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket(0x40000000015, 0x5, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x803, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r6, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x8, 0x19, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000003000000000854567051d70000000200e0ff18110000c3884f392ba830bb14104bc4566fd80e0ab164f5a3d6656f23712829038ec3dcf580822da04958b157c5863d78aa06fed76a48773552f55bb0e6359a45093895b1f4f41e465d98b51ae195bf21ccb532af", @ANYRES32, @ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b70200000082b3d1d81fac7b8c00000000008000080000008510000008000000078d0900ccea0000852000000400000018240000", @ANYRES32, @ANYBLOB="0000000008000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000", @ANYRES8, @ANYRES32=r7], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) write$tun(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="000386dd0a00100000004000000060ec970204682b00fe8000000000000000000000000000aaff020000000000000000000000000001e38c"], 0xffe) 5.801282499s ago: executing program 4 (id=3024): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) unshare(0x20000400) r1 = socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) mount_setattr(0xffffffffffffffff, &(0x7f00000040c0)='./file0\x00', 0x1800, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) connect$pppl2tp(r1, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x3, 0x1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) socket$inet6(0xa, 0x80002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00'}, 0x10) r7 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @remote}}) ioctl$sock_inet_SIOCSARP(r7, 0x8953, &(0x7f0000000000)={{0x2, 0x4e22, @dev}, {0x0, @multicast}, 0x38, {0x2, 0x2, @broadcast}, 'syz_tun\x00'}) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_ACCEPT={0xd, 0x0, 0x4, r4, 0x0, 0x0, 0x0, 0x80800}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000d300000095", @ANYRESOCT=r5], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 5.581026827s ago: executing program 0 (id=3025): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r8, 0x0, 0x0) ioctl$sock_inet_SIOCDARP(r8, 0x8954, &(0x7f0000000240)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1}, 0x6, {0x2, 0x0, @rand_addr=0x64010102}, 'syz_tun\x00'}) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x0) pipe2$watch_queue(0x0, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, 0xffffffffffffffff, 0x17) close_range(r7, 0xffffffffffffffff, 0x0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x34, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}]}, 0x34}}, 0x0) 4.510179692s ago: executing program 1 (id=3026): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000280)='memory.current\x00', 0x275a, 0x0) 4.507261182s ago: executing program 0 (id=3027): connect$pptp(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x2, {0x0, @local}}, 0x1e) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300), 0x4) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, &(0x7f0000000240)=0x0, &(0x7f0000000280)) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00') read$msr(r4, &(0x7f0000000040)=""/59, 0xffb5) r5 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r5, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r5, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r5, 0x0, 0x0, 0x4000800) 3.705519022s ago: executing program 4 (id=3028): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffd, 0x63750243, 0x0, 0xb, "00629a7d82090100000000000000f7fffffb00"}) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x0, 0x37, 0x0, 0x1, 0x0, 0x10000, @value=r3}, 0x28) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x3, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xfe) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r8, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1008080, &(0x7f0000000500)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}], [{@smackfsroot={'smackfsroot', 0x3d, '/dev/ptmx\x00'}}, {@permit_directio}, {@fowner_lt}, {@smackfshat={'smackfshat', 0x3d, ')%{'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 3.702362821s ago: executing program 3 (id=3029): syz_open_dev$video4linux(0x0, 0x61d, 0x40300) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$nvram(0xffffffffffffff9c, &(0x7f00000014c0), 0x40280, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r1}, 0x8) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000c80)='|', 0x1, 0xbcaf, 0x0, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_POST(r3, 0x5008, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000640)=0x10) close(r3) writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) 3.491618342s ago: executing program 0 (id=3030): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000240)={0x2}) syz_open_dev$tty1(0xc, 0x4, 0x1) open(0x0, 0x0, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101043, 0x5a) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000000)={0x1, 0x3, 0x0, 0x5}) fcntl$lock(r4, 0x24, &(0x7f0000000080)={0x0, 0x0, 0x8}) select(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$clear(0x7, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) 2.476916736s ago: executing program 0 (id=3031): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) kexec_load(0x3, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x9}], 0x1) syz_emit_ethernet(0x22, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaabb0180c200000188a8000088"], 0x0) connect$inet(r0, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[@ANYBLOB="0380c20000000000000000000800450000380000ee9d00019078ac1e0001ac1414aa030190781201183f2500000000230000000100007f0000017f00000100186371ae9b1c03d96f64b1f04ffe539a831c3e9ec53a6620941155105c720fbb2c7bbef01d9c0304d4df9438cee70a70125aa61bb7967fe0785b9b9c845dcb044afa3d3552f4b5159131124f273e536bd6468cf5d3078229a680"], 0x0) syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c000000290c530a64e755ffd31e0c1d5aa3542b6fa0e3e8e6661b4c6a47ae1f634be8d609d68d5d3536731569c0fda34d5f4e148ab770a8381f6bae6ae4687d1ae362da3824f18c1df3262c83c4f1c9f55018b876966e106b8a1244ff7f1bf11a108c29ca63e0566a2778a393d05447cb79bb8ea9257e60899e95fb0979d053fb50353f33a9cc7c2bbbbcb53a8ec160eb99cb8eb5d65dd42ffd90a5e1c83e9f223478a2b63f779cd2cc08a92764db8bb55d3e6b1007c03c12df1a80a9c1a65145a71cab3e5004659a9645c5e746d793d3ccb015c8d598bff8", @ANYRES16=r1, @ANYBLOB="200026bd7000fddbdf250d00000006000800a1aa000005001800c60000000500190001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4048104}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000440)={'filter\x00', 0x4}, 0x68) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$nl_route(r2, &(0x7f0000000c00)={0x0, 0x20, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="2c00000018000109000000000000000002180000fe0000080000000208000100ac1414"], 0x2c}, 0x1, 0x0, 0x0, 0x20}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, 0x0) r6 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$sock(r6, &(0x7f00000002c0)={&(0x7f0000000100)=@isdn={0x22, 0x7, 0x8, 0x1, 0x6}, 0x80, 0x0}, 0xc0a4) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b30, &(0x7f0000000400)={'wlan0\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003afe0620e6040b000001010203010902240001000010000904140002a024260009050602ff03000045090582020800000000"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) 2.325025713s ago: executing program 3 (id=3032): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setreuid(0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd) 1.275306978s ago: executing program 3 (id=3033): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x2c, r2, 0x1, 0x70bd28, 0x9, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0xff}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x81}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4088811}, 0x24000054) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x62040200) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x0) 722.390084ms ago: executing program 1 (id=3034): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180300001700000000000000ff000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6e, @void, @value}, 0x94) setxattr$security_ima(0x0, 0x0, &(0x7f00000013c0)=ANY=[], 0x700, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x2000300, 0xe, 0xffffffffffffffd1, &(0x7f0000000100)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x4b58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$inet6_tcp(0xa, 0x1, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0xff) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/254, 0xfe}], 0x1, 0x0, 0x0) 0s ago: executing program 4 (id=3035): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = syz_open_dev$video4linux(&(0x7f0000001540), 0x6, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000000140)={0x1, 0x0, {0x4, 0xc, 0x201d, 0x8, 0x9, 0x2, 0x6dfd500da6727a8c, 0x6}}) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() (fail_nth: 1) socket$inet(0x2, 0x3, 0x8d) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8916, &(0x7f0000000000)) syz_open_dev$loop(0x0, 0x81, 0x2a82) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x0, 0x0}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r3, 0x407, 0x0) write$FUSE_INIT(r3, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) fcntl$setpipe(r3, 0x407, 0x2000000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) kernel console output (not intermixed with test programs): 427988][ T5870] keyspan 5-1:0.0: Keyspan 1 port adapter converter detected [ 1089.441416][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 84 [ 1089.489045][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 81 [ 1089.567725][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 82 [ 1089.578004][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 1 [ 1089.578158][T13172] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 1089.616337][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 2 [ 1089.652305][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 83 [ 1089.818500][ T5870] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 3 [ 1089.876365][ T5870] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1089.887623][T13172] usb 4-1: config index 0 descriptor too short (expected 32820, got 52) [ 1089.923345][T13172] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1089.983883][T13172] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1089.995184][T13172] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1090.011180][T13172] usb 4-1: Product: syz [ 1090.024330][T13172] usb 4-1: Manufacturer: syz [ 1090.032725][T13172] usb 4-1: SerialNumber: syz [ 1090.525082][ T10] usb 3-1: USB disconnect, device number 74 [ 1090.628910][T13172] usb 4-1: config 0 descriptor?? [ 1090.658848][T13172] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1091.294169][T13172] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1091.426430][T15109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2548'. [ 1092.154269][ T30] audit: type=1400 audit(1746179905.993:102): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=w pid=15093 comm="syz.3.2545" name="500" dev="tmpfs" ino=2663 [ 1092.312337][T15120] program syz.0.2551 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1092.415514][T13172] usb 3-1: new full-speed USB device number 75 using dummy_hcd [ 1092.617526][T13172] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1092.644120][T13172] usb 3-1: config 0 has no interface number 0 [ 1092.670883][T13172] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1092.750692][T13172] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1092.762859][T13172] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.776790][T13172] usb 3-1: Product: syz [ 1092.782125][T13172] usb 3-1: Manufacturer: syz [ 1092.788300][T13172] usb 3-1: SerialNumber: syz [ 1092.798720][T13172] usb 3-1: config 0 descriptor?? [ 1092.807717][T15109] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1092.822597][T13172] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1092.855855][T13172] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1093.031349][T13172] scsi host1: usb-storage 3-1:0.20 [ 1093.048496][T13172] usb 3-1: USB disconnect, device number 75 [ 1093.222680][ T10] usb 4-1: USB disconnect, device number 97 [ 1096.731769][ T5870] usb 5-1: USB disconnect, device number 81 [ 1096.745465][ T5870] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1096.805911][ T5870] keyspan 5-1:0.0: device disconnected [ 1098.669754][T15183] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (2049) [ 1098.888728][T15190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2571'. [ 1098.905549][ T5831] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 1099.117889][ T5831] usb 4-1: device descriptor read/64, error -71 [ 1099.365472][ T5831] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 1099.545613][ T5869] usb 1-1: new full-speed USB device number 78 using dummy_hcd [ 1100.055498][ T5831] usb 4-1: device descriptor read/64, error -71 [ 1101.026140][ T5831] usb usb4-port1: attempt power cycle [ 1101.042765][ T5869] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 1101.054274][ T5869] usb 1-1: config 0 has no interface number 0 [ 1101.074624][ T5869] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1101.125282][T15206] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2575'. [ 1101.128850][ T5869] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1101.169255][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.194566][ T5869] usb 1-1: Product: syz [ 1101.199485][ T5869] usb 1-1: Manufacturer: syz [ 1101.204438][ T5869] usb 1-1: SerialNumber: syz [ 1101.228671][ T5869] usb 1-1: config 0 descriptor?? [ 1101.250915][T15190] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1101.269327][ T5869] usb-storage 1-1:0.20: USB Mass Storage device detected [ 1101.367376][ T10] usb 3-1: new full-speed USB device number 76 using dummy_hcd [ 1101.399107][ T5831] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1101.426385][ T5831] usb 4-1: device descriptor read/8, error -71 [ 1101.468588][ T5869] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1101.486544][ T5869] scsi host1: usb-storage 1-1:0.20 [ 1101.500076][ T5869] usb 1-1: USB disconnect, device number 78 [ 1101.527316][ T10] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1101.545439][ T10] usb 3-1: config 0 has no interface number 0 [ 1101.551645][ T10] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1101.577248][ T10] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1101.591488][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.599847][ T10] usb 3-1: Product: syz [ 1101.604130][ T10] usb 3-1: Manufacturer: syz [ 1101.609748][ T10] usb 3-1: SerialNumber: syz [ 1101.617459][ T10] usb 3-1: config 0 descriptor?? [ 1101.623403][T15206] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1101.633790][ T10] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1101.649796][ T10] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1101.695614][ T5831] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1102.057563][ T5831] usb 4-1: device descriptor read/8, error -71 [ 1102.069428][ T10] scsi host1: usb-storage 3-1:0.20 [ 1102.115826][ T10] usb 3-1: USB disconnect, device number 76 [ 1102.227955][ T5831] usb usb4-port1: unable to enumerate USB device [ 1102.839707][ T5831] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1103.079161][T15240] lo: entered promiscuous mode [ 1103.084317][T15240] lo: entered allmulticast mode [ 1103.107852][T15240] lo: left allmulticast mode [ 1103.114667][T15240] lo: left promiscuous mode [ 1103.141279][ T5831] usb 4-1: config index 0 descriptor too short (expected 32820, got 52) [ 1103.175280][ T5831] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1103.214003][ T5831] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1103.233418][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1103.271683][ T5831] usb 4-1: Product: syz [ 1103.289016][ T5831] usb 4-1: Manufacturer: syz [ 1103.294674][ T5831] usb 4-1: SerialNumber: syz [ 1103.302789][ T5831] usb 4-1: config 0 descriptor?? [ 1103.312723][ T5831] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1104.434372][ T5831] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1104.461298][ T30] audit: type=1400 audit(1746179918.753:103): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=w pid=15227 comm="syz.3.2579" name="504" dev="tmpfs" ino=2684 [ 1104.507474][ T5870] usb 4-1: USB disconnect, device number 102 [ 1108.296009][T15279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2591'. [ 1109.502960][T15289] lo: entered promiscuous mode [ 1109.571696][T15289] lo: entered allmulticast mode [ 1109.628536][ T5931] usb 2-1: new full-speed USB device number 89 using dummy_hcd [ 1110.025817][T15287] lo: left allmulticast mode [ 1110.030528][T15287] lo: left promiscuous mode [ 1115.280509][T15334] lo: entered promiscuous mode [ 1115.318306][T15334] lo: entered allmulticast mode [ 1115.360119][T15334] lo: left allmulticast mode [ 1115.364835][T15334] lo: left promiscuous mode [ 1115.948679][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.964287][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1120.941415][T15394] /dev/nullb0: Can't open blockdev [ 1122.144714][T15401] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2620'. [ 1124.245640][ T5831] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1124.486670][ T5831] usb 5-1: device descriptor read/64, error -71 [ 1124.995612][ T5831] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1125.356305][ T5831] usb 5-1: device descriptor read/64, error -71 [ 1125.596197][ T5831] usb usb5-port1: attempt power cycle [ 1126.435940][ T5831] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1126.476459][ T5831] usb 5-1: device descriptor read/8, error -71 [ 1126.492042][T15443] syz_tun: entered allmulticast mode [ 1126.523576][T15442] syz_tun: left allmulticast mode [ 1127.344266][ T5831] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1127.595436][ T5831] usb 5-1: device not accepting address 85, error -71 [ 1127.606406][ T5831] usb usb5-port1: unable to enumerate USB device [ 1127.725301][ T52] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1127.979637][ T52] usb 2-1: config index 0 descriptor too short (expected 32820, got 52) [ 1127.998422][ T52] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1128.016156][ T52] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1128.035401][ T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1128.064195][ T52] usb 2-1: Product: syz [ 1128.074103][ T52] usb 2-1: Manufacturer: syz [ 1128.084195][ T52] usb 2-1: SerialNumber: syz [ 1128.189894][ T52] usb 2-1: config 0 descriptor?? [ 1128.220594][ T52] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1128.277719][ T52] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1128.799125][ T30] audit: type=1400 audit(1746179943.083:104): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=w pid=15452 comm="syz.1.2632" name="546" dev="tmpfs" ino=2883 [ 1130.716532][T13122] usb 2-1: USB disconnect, device number 90 [ 1131.409218][T15488] FAULT_INJECTION: forcing a failure. [ 1131.409218][T15488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1131.645599][T15488] CPU: 0 UID: 0 PID: 15488 Comm: syz.4.2639 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1131.645633][T15488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1131.645646][T15488] Call Trace: [ 1131.645656][T15488] [ 1131.645666][T15488] dump_stack_lvl+0x189/0x250 [ 1131.645698][T15488] ? __lock_acquire+0xaac/0xd20 [ 1131.645727][T15488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1131.645755][T15488] ? __pfx__printk+0x10/0x10 [ 1131.645786][T15488] ? __might_fault+0xb0/0x130 [ 1131.645828][T15488] should_fail_ex+0x414/0x560 [ 1131.645864][T15488] _copy_from_user+0x2d/0xb0 [ 1131.645892][T15488] ___sys_sendmsg+0x158/0x2a0 [ 1131.645920][T15488] ? __pfx____sys_sendmsg+0x10/0x10 [ 1131.645983][T15488] ? __fget_files+0x2a/0x420 [ 1131.646013][T15488] ? __fget_files+0x3a0/0x420 [ 1131.646053][T15488] __x64_sys_sendmsg+0x19b/0x260 [ 1131.646081][T15488] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1131.646131][T15488] ? do_syscall_64+0xba/0x210 [ 1131.646159][T15488] do_syscall_64+0xf6/0x210 [ 1131.646183][T15488] ? clear_bhb_loop+0x45/0xa0 [ 1131.646207][T15488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1131.646228][T15488] RIP: 0033:0x7f38b298e969 [ 1131.646248][T15488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1131.646266][T15488] RSP: 002b:00007f38b37af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1131.646288][T15488] RAX: ffffffffffffffda RBX: 00007f38b2bb5fa0 RCX: 00007f38b298e969 [ 1131.646303][T15488] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 1131.646315][T15488] RBP: 00007f38b37af090 R08: 0000000000000000 R09: 0000000000000000 [ 1131.646329][T15488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1131.646341][T15488] R13: 0000000000000000 R14: 00007f38b2bb5fa0 R15: 00007ffdbee2b7c8 [ 1131.646373][T15488] [ 1132.062997][T15492] futex_wake_op: syz.2.2640 tries to shift op by -1; fix this program [ 1132.915500][T13122] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1133.075410][T13122] usb 5-1: Using ep0 maxpacket: 8 [ 1133.098425][T13122] usb 5-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1133.121292][T13122] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.150205][ T10] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1133.153852][T13122] usb 5-1: config 0 descriptor?? [ 1133.174362][T13122] keyspan 5-1:0.0: Keyspan 1 port adapter converter detected [ 1133.195875][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 84 [ 1133.214946][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 81 [ 1133.224356][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 82 [ 1133.232162][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 1 [ 1133.244586][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 2 [ 1133.255454][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 83 [ 1133.296972][T13122] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 3 [ 1133.335079][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 1133.351796][ T10] usb 3-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1133.352879][T13122] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1133.538042][T15501] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2641'. [ 1133.854585][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.899730][ T10] usb 3-1: config 0 descriptor?? [ 1133.916290][ T10] keyspan 3-1:0.0: Keyspan 1 port adapter converter detected [ 1133.925298][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 84 [ 1134.345939][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81 [ 1134.497615][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 82 [ 1134.540941][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1 [ 1134.559953][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2 [ 1134.577544][T13172] usb 5-1: USB disconnect, device number 86 [ 1134.596233][T13172] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1134.778487][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83 [ 1134.807758][T13172] keyspan 5-1:0.0: device disconnected [ 1134.814246][ T10] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3 [ 1135.168043][T15512] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2643'. [ 1135.184416][ T10] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB1 [ 1135.411458][T13172] usb 3-1: USB disconnect, device number 77 [ 1135.422901][T13172] keyspan_1 ttyUSB1: Keyspan 1 port adapter converter now disconnected from ttyUSB1 [ 1135.443057][T13172] keyspan 3-1:0.0: device disconnected [ 1135.698076][T13122] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1136.109905][T13122] usb 2-1: config index 0 descriptor too short (expected 32820, got 52) [ 1136.319243][T13122] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1136.837400][T13122] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1136.863253][T13122] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1136.875839][T13122] usb 2-1: Product: syz [ 1136.882285][T13122] usb 2-1: Manufacturer: syz [ 1136.901041][T13122] usb 2-1: SerialNumber: syz [ 1136.918316][T13122] usb 2-1: config 0 descriptor?? [ 1136.965501][T13122] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1136.984516][T15533] FAULT_INJECTION: forcing a failure. [ 1136.984516][T15533] name failslab, interval 1, probability 0, space 0, times 0 [ 1137.013460][T15533] CPU: 0 UID: 0 PID: 15533 Comm: syz.2.2651 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1137.013496][T15533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1137.013511][T15533] Call Trace: [ 1137.013519][T15533] [ 1137.013528][T15533] dump_stack_lvl+0x189/0x250 [ 1137.013563][T15533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1137.013591][T15533] ? __pfx__printk+0x10/0x10 [ 1137.013638][T15533] ? __pfx___might_resched+0x10/0x10 [ 1137.013667][T15533] ? fs_reclaim_acquire+0x7d/0x100 [ 1137.013694][T15533] should_fail_ex+0x414/0x560 [ 1137.013731][T15533] should_failslab+0xa8/0x100 [ 1137.013765][T15533] __kmalloc_noprof+0xcb/0x4f0 [ 1137.013793][T15533] ? sock_kmalloc+0xd6/0x160 [ 1137.013817][T15533] ? lockdep_hardirqs_on+0x9c/0x150 [ 1137.013842][T15533] sock_kmalloc+0xd6/0x160 [ 1137.013871][T15533] alg_setkey+0x55/0x190 [ 1137.013898][T15533] ? alg_setsockopt+0x3c5/0x4a0 [ 1137.013930][T15533] alg_setsockopt+0x3da/0x4a0 [ 1137.013960][T15533] ? __pfx_alg_setsockopt+0x10/0x10 [ 1137.013991][T15533] do_sock_setsockopt+0x257/0x3e0 [ 1137.014018][T15533] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1137.014040][T15533] ? __fget_files+0x2a/0x420 [ 1137.014074][T15533] ? __fget_files+0x3a0/0x420 [ 1137.014103][T15533] ? __fget_files+0x2a/0x420 [ 1137.014141][T15533] __x64_sys_setsockopt+0x18b/0x220 [ 1137.014172][T15533] do_syscall_64+0xf6/0x210 [ 1137.014198][T15533] ? clear_bhb_loop+0x45/0xa0 [ 1137.014222][T15533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1137.014242][T15533] RIP: 0033:0x7f084a18e969 [ 1137.014260][T15533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1137.014279][T15533] RSP: 002b:00007f084afc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1137.014301][T15533] RAX: ffffffffffffffda RBX: 00007f084a3b5fa0 RCX: 00007f084a18e969 [ 1137.014317][T15533] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 1137.014330][T15533] RBP: 00007f084afc9090 R08: 0000000000000010 R09: 0000000000000000 [ 1137.014343][T15533] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 1137.014356][T15533] R13: 0000000000000000 R14: 00007f084a3b5fa0 R15: 00007fff08427138 [ 1137.014388][T15533] [ 1137.054680][T13122] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1138.468671][T15537] futex_wake_op: syz.4.2652 tries to shift op by -1; fix this program [ 1138.830301][ T30] audit: type=1400 audit(1746179953.113:105): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=w pid=15517 comm="syz.1.2648" name="549" dev="tmpfs" ino=2901 [ 1139.147885][T15538] lo: entered promiscuous mode [ 1139.157168][T15544] lo: entered allmulticast mode [ 1139.168150][T15538] lo: left allmulticast mode [ 1139.173075][T15538] lo: left promiscuous mode [ 1140.115152][ T5867] usb 2-1: USB disconnect, device number 91 [ 1141.898595][T15566] FAULT_INJECTION: forcing a failure. [ 1141.898595][T15566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1141.915888][T15566] CPU: 0 UID: 0 PID: 15566 Comm: syz.0.2659 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1141.915911][T15566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1141.915921][T15566] Call Trace: [ 1141.915927][T15566] [ 1141.915934][T15566] dump_stack_lvl+0x189/0x250 [ 1141.915960][T15566] ? __lock_acquire+0xaac/0xd20 [ 1141.915981][T15566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1141.916001][T15566] ? __pfx__printk+0x10/0x10 [ 1141.916025][T15566] ? __might_fault+0xb0/0x130 [ 1141.916055][T15566] should_fail_ex+0x414/0x560 [ 1141.916083][T15566] _copy_from_user+0x2d/0xb0 [ 1141.916103][T15566] __sys_bpf+0x1ed/0x860 [ 1141.916123][T15566] ? __pfx___sys_bpf+0x10/0x10 [ 1141.916149][T15566] ? ksys_write+0x1f0/0x250 [ 1141.916168][T15566] ? rcu_is_watching+0x15/0xb0 [ 1141.916206][T15566] __x64_sys_bpf+0x7c/0x90 [ 1141.916222][T15566] do_syscall_64+0xf6/0x210 [ 1141.916239][T15566] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1141.916254][T15566] ? clear_bhb_loop+0x45/0xa0 [ 1141.916272][T15566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1141.916287][T15566] RIP: 0033:0x7f8690f8e969 [ 1141.916300][T15566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1141.916314][T15566] RSP: 002b:00007f8691de2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1141.916330][T15566] RAX: ffffffffffffffda RBX: 00007f86911b5fa0 RCX: 00007f8690f8e969 [ 1141.916341][T15566] RDX: 0000000000000038 RSI: 0000200000000100 RDI: 0000000000000018 [ 1141.916350][T15566] RBP: 00007f8691de2090 R08: 0000000000000000 R09: 0000000000000000 [ 1141.916360][T15566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1141.916369][T15566] R13: 0000000000000000 R14: 00007f86911b5fa0 R15: 00007ffd9dafb518 [ 1141.916391][T15566] [ 1142.154174][T15571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2661'. [ 1143.835593][T15589] futex_wake_op: syz.4.2664 tries to shift op by -1; fix this program [ 1144.512669][T15601] lo: entered promiscuous mode [ 1144.529298][T15601] lo: entered allmulticast mode [ 1144.541438][T15601] lo: left allmulticast mode [ 1144.546202][T15601] lo: left promiscuous mode [ 1144.771179][ T30] audit: type=1326 audit(1746179959.063:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15602 comm="syz.1.2668" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f051398e969 code=0x0 [ 1145.302747][T15608] overlayfs: failed to resolve './file1': -2 [ 1147.590749][T15622] FAULT_INJECTION: forcing a failure. [ 1147.590749][T15622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1147.604288][T15622] CPU: 1 UID: 0 PID: 15622 Comm: syz.2.2672 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1147.604318][T15622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1147.604330][T15622] Call Trace: [ 1147.604338][T15622] [ 1147.604347][T15622] dump_stack_lvl+0x189/0x250 [ 1147.604379][T15622] ? __lock_acquire+0xaac/0xd20 [ 1147.604410][T15622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1147.604438][T15622] ? __pfx__printk+0x10/0x10 [ 1147.604471][T15622] ? __might_fault+0xb0/0x130 [ 1147.604515][T15622] should_fail_ex+0x414/0x560 [ 1147.604553][T15622] _copy_from_user+0x2d/0xb0 [ 1147.604581][T15622] ___sys_sendmsg+0x158/0x2a0 [ 1147.604610][T15622] ? __pfx____sys_sendmsg+0x10/0x10 [ 1147.604675][T15622] ? __fget_files+0x2a/0x420 [ 1147.604706][T15622] ? __fget_files+0x3a0/0x420 [ 1147.604749][T15622] __sys_sendmmsg+0x227/0x430 [ 1147.604788][T15622] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1147.604825][T15622] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1147.604870][T15622] ? ksys_write+0x1f0/0x250 [ 1147.604896][T15622] ? rcu_is_watching+0x15/0xb0 [ 1147.604937][T15622] __x64_sys_sendmmsg+0xa0/0xc0 [ 1147.604965][T15622] do_syscall_64+0xf6/0x210 [ 1147.604991][T15622] ? clear_bhb_loop+0x45/0xa0 [ 1147.605016][T15622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1147.605037][T15622] RIP: 0033:0x7f084a18e969 [ 1147.605057][T15622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1147.605075][T15622] RSP: 002b:00007f084afa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1147.605097][T15622] RAX: ffffffffffffffda RBX: 00007f084a3b6080 RCX: 00007f084a18e969 [ 1147.605113][T15622] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000006 [ 1147.605126][T15622] RBP: 00007f084afa8090 R08: 0000000000000000 R09: 0000000000000000 [ 1147.605140][T15622] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001 [ 1147.605153][T15622] R13: 0000000000000000 R14: 00007f084a3b6080 R15: 00007fff08427138 [ 1147.605185][T15622] [ 1149.688447][T15656] futex_wake_op: syz.1.2677 tries to shift op by -1; fix this program [ 1150.309129][T15663] FAULT_INJECTION: forcing a failure. [ 1150.309129][T15663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1150.322866][T15662] gre1: entered allmulticast mode [ 1150.335609][T15663] CPU: 0 UID: 0 PID: 15663 Comm: syz.0.2680 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1150.335640][T15663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1150.335654][T15663] Call Trace: [ 1150.335663][T15663] [ 1150.335672][T15663] dump_stack_lvl+0x189/0x250 [ 1150.335703][T15663] ? __lock_acquire+0xaac/0xd20 [ 1150.335733][T15663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1150.335760][T15663] ? __pfx__printk+0x10/0x10 [ 1150.335792][T15663] ? __might_fault+0xb0/0x130 [ 1150.335833][T15663] should_fail_ex+0x414/0x560 [ 1150.335870][T15663] _copy_from_user+0x2d/0xb0 [ 1150.335898][T15663] ___sys_sendmsg+0x158/0x2a0 [ 1150.335925][T15663] ? __pfx____sys_sendmsg+0x10/0x10 [ 1150.335988][T15663] ? __fget_files+0x2a/0x420 [ 1150.336018][T15663] ? __fget_files+0x3a0/0x420 [ 1150.336059][T15663] __x64_sys_sendmsg+0x19b/0x260 [ 1150.336087][T15663] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1150.336130][T15663] ? do_syscall_64+0xba/0x210 [ 1150.336158][T15663] do_syscall_64+0xf6/0x210 [ 1150.336181][T15663] ? clear_bhb_loop+0x45/0xa0 [ 1150.336234][T15663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.336255][T15663] RIP: 0033:0x7f8690f8e969 [ 1150.336274][T15663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1150.336293][T15663] RSP: 002b:00007f8691de2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1150.336315][T15663] RAX: ffffffffffffffda RBX: 00007f86911b5fa0 RCX: 00007f8690f8e969 [ 1150.336332][T15663] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 1150.336345][T15663] RBP: 00007f8691de2090 R08: 0000000000000000 R09: 0000000000000000 [ 1150.336358][T15663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1150.336370][T15663] R13: 0000000000000000 R14: 00007f86911b5fa0 R15: 00007ffd9dafb518 [ 1150.336401][T15663] [ 1150.532328][ T5869] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 1150.675462][ T10] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1150.797371][ T5869] usb 5-1: device descriptor read/64, error -71 [ 1150.846774][ T10] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1150.863427][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1150.906346][ T10] usb 4-1: config 0 descriptor?? [ 1150.921446][ T10] cp210x 4-1:0.0: cp210x converter detected [ 1151.035478][ T5869] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1151.245623][ T5869] usb 5-1: device descriptor read/64, error -71 [ 1151.335831][ T10] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1151.355876][ T5869] usb usb5-port1: attempt power cycle [ 1151.368352][ T10] cp210x 4-1:0.0: GPIO initialisation failed: -524 [ 1151.389517][ T10] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1151.795781][ T5869] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 1151.826722][ T5869] usb 5-1: device descriptor read/8, error -71 [ 1151.885952][ T10] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 1151.979816][T15659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2679'. [ 1152.065922][ T5869] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 1152.101066][ T5869] usb 5-1: device descriptor read/8, error -71 [ 1152.106003][ T10] usb 1-1: config index 0 descriptor too short (expected 32820, got 52) [ 1152.239717][ T5869] usb usb5-port1: unable to enumerate USB device [ 1152.245421][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1152.476830][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1152.569540][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1152.608174][ T10] usb 1-1: Product: syz [ 1152.632441][ T10] usb 1-1: Manufacturer: syz [ 1152.641361][ T10] usb 1-1: SerialNumber: syz [ 1152.658502][ T10] usb 1-1: config 0 descriptor?? [ 1152.673594][ T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1152.714106][ T10] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1152.813625][ T30] audit: type=1326 audit(1746179967.113:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15684 comm="syz.2.2687" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f084a18e969 code=0x0 [ 1153.802245][ T5869] usb 4-1: USB disconnect, device number 103 [ 1153.828589][ T5869] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1153.837097][ T5869] cp210x 4-1:0.0: device disconnected [ 1153.933616][T15700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2692'. [ 1154.438205][T15708] futex_wake_op: syz.1.2691 tries to shift op by -1; fix this program [ 1155.023812][ T5870] usb 1-1: USB disconnect, device number 79 [ 1155.405680][ T5869] usb 4-1: new full-speed USB device number 104 using dummy_hcd [ 1155.435454][T15712] FAULT_INJECTION: forcing a failure. [ 1155.435454][T15712] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1155.448720][T15712] CPU: 0 UID: 0 PID: 15712 Comm: syz.1.2694 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1155.448742][T15712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1155.448752][T15712] Call Trace: [ 1155.448759][T15712] [ 1155.448766][T15712] dump_stack_lvl+0x189/0x250 [ 1155.448789][T15712] ? __lock_acquire+0xaac/0xd20 [ 1155.448812][T15712] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1155.448832][T15712] ? __pfx__printk+0x10/0x10 [ 1155.448863][T15712] ? __might_fault+0xb0/0x130 [ 1155.448893][T15712] should_fail_ex+0x414/0x560 [ 1155.448920][T15712] _copy_from_user+0x2d/0xb0 [ 1155.448941][T15712] ___sys_sendmsg+0x158/0x2a0 [ 1155.448961][T15712] ? __pfx____sys_sendmsg+0x10/0x10 [ 1155.449005][T15712] ? __fget_files+0x2a/0x420 [ 1155.449027][T15712] ? __fget_files+0x3a0/0x420 [ 1155.449056][T15712] __x64_sys_sendmsg+0x19b/0x260 [ 1155.449076][T15712] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1155.449106][T15712] ? do_syscall_64+0xba/0x210 [ 1155.449127][T15712] do_syscall_64+0xf6/0x210 [ 1155.449144][T15712] ? clear_bhb_loop+0x45/0xa0 [ 1155.449163][T15712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1155.449178][T15712] RIP: 0033:0x7f051398e969 [ 1155.449191][T15712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1155.449203][T15712] RSP: 002b:00007f051488e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1155.449219][T15712] RAX: ffffffffffffffda RBX: 00007f0513bb5fa0 RCX: 00007f051398e969 [ 1155.449230][T15712] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 1155.449240][T15712] RBP: 00007f051488e090 R08: 0000000000000000 R09: 0000000000000000 [ 1155.449249][T15712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1155.449258][T15712] R13: 0000000000000000 R14: 00007f0513bb5fa0 R15: 00007ffda22cf058 [ 1155.449280][T15712] [ 1155.641372][ C0] vkms_vblank_simulate: vblank timer overrun [ 1155.894594][ T5869] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 1155.903056][ T5869] usb 4-1: config 0 has no interface number 0 [ 1155.921291][ T5869] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1155.945017][T15714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2693'. [ 1155.968476][ T5869] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1155.983828][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1156.013112][ T5869] usb 4-1: Product: syz [ 1156.032115][ T5869] usb 4-1: Manufacturer: syz [ 1156.510697][T13172] usb 1-1: new full-speed USB device number 80 using dummy_hcd [ 1156.523548][ T5869] usb 4-1: SerialNumber: syz [ 1156.782259][ T5869] usb 4-1: config 0 descriptor?? [ 1156.876095][T15700] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1157.071779][T13172] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 1157.085785][T13172] usb 1-1: config 0 has no interface number 0 [ 1157.114621][ T5869] usb 4-1: can't set config #0, error -71 [ 1157.114708][T13172] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1157.628380][T13172] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1157.645487][T13172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1157.668656][T13172] usb 1-1: Product: syz [ 1157.675390][T13172] usb 1-1: Manufacturer: syz [ 1157.694549][ T5869] usb 4-1: USB disconnect, device number 104 [ 1157.704705][T13172] usb 1-1: SerialNumber: syz [ 1157.744298][T13172] usb 1-1: config 0 descriptor?? [ 1157.769996][T15714] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1157.805484][T13172] usb-storage 1-1:0.20: USB Mass Storage device detected [ 1158.358872][T13172] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1158.437068][ C0] raw-gadget.1 gadget.0: ignoring, device is not running [ 1158.444891][T13172] scsi host1: usb-storage 1-1:0.20 [ 1158.489223][T13172] usb 1-1: USB disconnect, device number 80 [ 1159.586557][T15745] netlink: 'syz.3.2701': attribute type 4 has an invalid length. [ 1160.165437][T13172] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1160.317547][T13172] usb 2-1: config index 0 descriptor too short (expected 32820, got 52) [ 1160.335483][T13172] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1160.381438][T13172] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1160.573833][T15760] futex_wake_op: syz.0.2704 tries to shift op by -1; fix this program [ 1161.075768][T13172] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1161.083832][T13172] usb 2-1: Product: syz [ 1161.088161][T13172] usb 2-1: Manufacturer: syz [ 1161.092782][T13172] usb 2-1: SerialNumber: syz [ 1161.108506][T13172] usb 2-1: config 0 descriptor?? [ 1161.124714][T13172] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1161.288057][T13172] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1162.322732][T13172] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1162.865485][T13172] usb 1-1: Using ep0 maxpacket: 16 [ 1162.879449][T13172] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1162.893865][T13172] usb 1-1: config 2 has an invalid interface number: 120 but max is 0 [ 1162.906704][T13172] usb 1-1: config 2 has no interface number 0 [ 1163.104940][T13172] usb 1-1: config 2 interface 120 has no altsetting 0 [ 1163.119581][T13172] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=68.f3 [ 1163.137436][T13172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1163.151395][T13172] usb 1-1: Product: syz [ 1163.155877][ T59] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1163.163845][T13172] usb 1-1: Manufacturer: syz [ 1163.175002][T13172] usb 1-1: SerialNumber: syz [ 1163.625600][ T59] usb 5-1: Using ep0 maxpacket: 8 [ 1163.687013][ T59] usb 5-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1164.159358][ T59] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1164.166089][ T24] usb 2-1: USB disconnect, device number 92 [ 1164.171936][ T59] usb 5-1: config 0 descriptor?? [ 1164.181715][ T59] keyspan 5-1:0.0: Keyspan 1 port adapter converter detected [ 1164.199733][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 84 [ 1164.213565][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 81 [ 1164.239830][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 82 [ 1164.265187][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 1 [ 1164.283842][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 2 [ 1164.302437][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 83 [ 1164.339062][ T59] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 3 [ 1164.393731][ T59] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1164.469116][T13172] usb 1-1: USB disconnect, device number 81 [ 1164.751508][T15778] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2707'. [ 1165.133609][ T24] usb 5-1: USB disconnect, device number 91 [ 1165.184328][ T24] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1165.626493][ T24] keyspan 5-1:0.0: device disconnected [ 1166.484675][T15799] befs: (nullb0): No write support. Marking filesystem read-only [ 1166.493698][T15799] befs: (nullb0): invalid magic header [ 1166.592315][T15800] futex_wake_op: syz.0.2715 tries to shift op by -1; fix this program [ 1167.157901][T15777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2710'. [ 1169.115229][T15818] program syz.1.2720 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1170.035583][T15822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2721'. [ 1170.625520][ T24] usb 3-1: new full-speed USB device number 78 using dummy_hcd [ 1171.201589][ T24] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1171.225499][ T24] usb 3-1: config 0 has no interface number 0 [ 1171.233076][ T24] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1171.252925][ T24] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1171.390212][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1171.420525][ T24] usb 3-1: Product: syz [ 1171.447539][ T24] usb 3-1: Manufacturer: syz [ 1171.459638][ T24] usb 3-1: SerialNumber: syz [ 1171.512645][ T24] usb 3-1: config 0 descriptor?? [ 1171.533106][T15822] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1171.543874][ T24] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1171.584457][ T24] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1171.760866][ T24] scsi host1: usb-storage 3-1:0.20 [ 1171.786314][ T24] usb 3-1: USB disconnect, device number 78 [ 1171.859191][T15843] overlayfs: failed to resolve './file0': -2 [ 1173.849490][T15858] futex_wake_op: syz.4.2726 tries to shift op by -1; fix this program [ 1173.915799][T13172] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1174.975498][T13172] usb 4-1: Using ep0 maxpacket: 8 [ 1174.982637][T13172] usb 4-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1175.012608][T13172] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.092332][T13172] usb 4-1: config 0 descriptor?? [ 1175.101769][T15866] program syz.0.2732 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1175.112123][T13172] keyspan 4-1:0.0: Keyspan 1 port adapter converter detected [ 1175.142026][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 84 [ 1175.163658][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81 [ 1175.185189][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 82 [ 1175.200027][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1 [ 1175.227216][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2 [ 1175.246381][T15869] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2733'. [ 1175.272732][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83 [ 1175.280663][T13172] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3 [ 1175.292704][T13172] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1175.448385][T15876] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2728'. [ 1175.823533][ T59] usb 2-1: new full-speed USB device number 93 using dummy_hcd [ 1175.851381][T13172] usb 4-1: USB disconnect, device number 105 [ 1175.861243][T13172] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1175.870670][T15874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2734'. [ 1176.346654][T13172] keyspan 4-1:0.0: device disconnected [ 1176.378780][ T59] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 1176.388220][ T59] usb 2-1: config 0 has no interface number 0 [ 1176.406110][ T59] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1176.439431][ T59] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1176.449212][ T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1176.483507][ T59] usb 2-1: Product: syz [ 1176.487883][ T59] usb 2-1: Manufacturer: syz [ 1176.492480][ T59] usb 2-1: SerialNumber: syz [ 1176.506884][ T59] usb 2-1: config 0 descriptor?? [ 1176.512839][T15872] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1176.527482][ T59] usb-storage 2-1:0.20: USB Mass Storage device detected [ 1176.550935][ T59] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1176.645629][ T5870] usb 1-1: new full-speed USB device number 82 using dummy_hcd [ 1176.747273][ T59] scsi host1: usb-storage 2-1:0.20 [ 1176.785607][ T5869] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1176.787524][ T59] usb 2-1: USB disconnect, device number 93 [ 1176.818781][ T5870] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 1176.835589][ T5870] usb 1-1: config 0 has no interface number 0 [ 1176.855567][ T5870] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1176.892751][ T5870] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1176.912672][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1176.922794][ T5870] usb 1-1: Product: syz [ 1176.929678][ T5870] usb 1-1: Manufacturer: syz [ 1176.945624][ T5870] usb 1-1: SerialNumber: syz [ 1176.953240][ T5870] usb 1-1: config 0 descriptor?? [ 1177.103367][T15874] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1177.113489][ T5869] usb 3-1: config index 0 descriptor too short (expected 32820, got 52) [ 1177.124028][ T5869] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1177.136473][ T5870] usb-storage 1-1:0.20: USB Mass Storage device detected [ 1177.178006][ T5870] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1177.188817][ T5869] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1177.338125][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1177.427857][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.435450][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.513798][ T5869] usb 3-1: Product: syz [ 1177.538422][ T5869] usb 3-1: Manufacturer: syz [ 1177.777483][ T5869] usb 3-1: SerialNumber: syz [ 1178.166287][ T5869] usb 3-1: config 0 descriptor?? [ 1178.174342][ T5870] scsi host1: usb-storage 1-1:0.20 [ 1178.223457][ T5869] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1178.253999][ T5870] usb 1-1: USB disconnect, device number 82 [ 1178.389460][ T5869] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1180.364644][ T52] usb 3-1: USB disconnect, device number 79 [ 1180.770624][T15917] program syz.1.2744 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1184.622988][T15956] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2751'. [ 1184.835929][ T10] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 1184.895564][T13172] usb 4-1: new full-speed USB device number 106 using dummy_hcd [ 1185.017776][ T10] usb 1-1: config index 0 descriptor too short (expected 32820, got 52) [ 1185.026677][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1185.057534][T13172] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 1185.075474][T13172] usb 4-1: config 0 has no interface number 0 [ 1185.086074][T13172] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1185.158274][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1185.239720][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1185.265580][ T10] usb 1-1: Product: syz [ 1185.290520][ T10] usb 1-1: Manufacturer: syz [ 1185.295283][ T10] usb 1-1: SerialNumber: syz [ 1185.320574][T13172] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1185.334000][T13172] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1185.343029][ T10] usb 1-1: config 0 descriptor?? [ 1185.634560][T13172] usb 4-1: Product: syz [ 1185.687655][T13172] usb 4-1: Manufacturer: syz [ 1185.712149][T13172] usb 4-1: SerialNumber: syz [ 1185.718400][ T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1185.730749][T13172] usb 4-1: config 0 descriptor?? [ 1185.749758][T15956] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1185.812085][T13172] usb-storage 4-1:0.20: USB Mass Storage device detected [ 1185.835827][ T10] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1185.859049][T13172] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1186.161238][T13172] scsi host1: usb-storage 4-1:0.20 [ 1186.873156][T13172] usb 4-1: USB disconnect, device number 106 [ 1187.447052][T15981] overlayfs: failed to resolve './file0': -2 [ 1188.666908][ T59] usb 1-1: USB disconnect, device number 83 [ 1190.324504][T15986] program syz.0.2762 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1190.486465][T15998] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2764'. [ 1192.080610][ T10] usb 4-1: new full-speed USB device number 107 using dummy_hcd [ 1192.400765][ T10] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 1192.428778][ T10] usb 4-1: config 0 has no interface number 0 [ 1192.434413][T16014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2769'. [ 1192.444096][ T10] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1192.472762][ T10] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1192.489267][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1192.505632][ T10] usb 4-1: Product: syz [ 1192.509994][ T10] usb 4-1: Manufacturer: syz [ 1192.514665][ T10] usb 4-1: SerialNumber: syz [ 1192.521982][ T10] usb 4-1: config 0 descriptor?? [ 1192.527972][T15998] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1192.542158][ T10] usb-storage 4-1:0.20: USB Mass Storage device detected [ 1192.625052][ T10] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1192.756127][ T5870] usb 2-1: new full-speed USB device number 94 using dummy_hcd [ 1192.817457][ T10] scsi host1: usb-storage 4-1:0.20 [ 1193.086991][ T10] usb 4-1: USB disconnect, device number 107 [ 1193.767053][ T5870] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 1193.899250][ T5870] usb 2-1: config 0 has no interface number 0 [ 1194.287423][ T5870] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1194.320038][ T5870] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1194.344927][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1194.370636][ T5870] usb 2-1: Product: syz [ 1194.375088][ T5870] usb 2-1: Manufacturer: syz [ 1194.381539][ T5870] usb 2-1: SerialNumber: syz [ 1194.424759][ T5870] usb 2-1: config 0 descriptor?? [ 1194.437682][T16014] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1194.458960][ T5870] usb-storage 2-1:0.20: USB Mass Storage device detected [ 1194.496285][ T5870] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1194.671045][ T5870] scsi host1: usb-storage 2-1:0.20 [ 1194.701465][ T5870] usb 2-1: USB disconnect, device number 94 [ 1194.788575][ T5869] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1194.998000][ T5869] usb 4-1: config index 0 descriptor too short (expected 32820, got 52) [ 1195.036017][ T5869] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1195.140219][ T5869] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1195.178748][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1195.192980][ T5869] usb 4-1: Product: syz [ 1195.206357][ T5869] usb 4-1: Manufacturer: syz [ 1195.218978][ T5869] usb 4-1: SerialNumber: syz [ 1195.312795][T16041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2776'. [ 1195.434813][ T5869] usb 4-1: config 0 descriptor?? [ 1195.444984][ T5869] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1195.485484][ T5869] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1195.815523][ T59] usb 3-1: new full-speed USB device number 80 using dummy_hcd [ 1196.149200][ T59] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1196.157578][ T59] usb 3-1: config 0 has no interface number 0 [ 1196.164165][ T59] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1196.208678][ T59] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1196.219103][ T59] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1196.859697][ T59] usb 3-1: Product: syz [ 1197.103253][ T59] usb 3-1: Manufacturer: syz [ 1197.167393][ T59] usb 3-1: SerialNumber: syz [ 1197.238384][ T59] usb 3-1: config 0 descriptor?? [ 1197.244820][T16041] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1197.262184][ T59] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1197.310055][ T59] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1197.474341][ T59] scsi host1: usb-storage 3-1:0.20 [ 1197.550268][ T59] usb 3-1: USB disconnect, device number 80 [ 1197.885742][ T10] usb 4-1: USB disconnect, device number 108 [ 1198.815428][ T10] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1198.968275][ T10] usb 3-1: config index 0 descriptor too short (expected 32820, got 52) [ 1198.977258][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1198.996554][ T5869] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1198.998860][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1199.013892][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1199.022249][ T10] usb 3-1: Product: syz [ 1199.026802][ T59] usb 4-1: new full-speed USB device number 109 using dummy_hcd [ 1199.043362][ T10] usb 3-1: Manufacturer: syz [ 1199.069820][ T10] usb 3-1: SerialNumber: syz [ 1199.091449][ T10] usb 3-1: config 0 descriptor?? [ 1199.139669][ T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1199.178755][ T5869] usb 2-1: Using ep0 maxpacket: 8 [ 1199.188945][ T5869] usb 2-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1199.200117][ T59] usb 4-1: config 4 has an invalid interface number: 44 but max is 0 [ 1199.201923][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1199.208780][ T59] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1199.299361][ T5869] usb 2-1: config 0 descriptor?? [ 1199.311002][ T59] usb 4-1: config 4 has no interface number 0 [ 1199.312098][ T10] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1199.312666][ T5869] keyspan 2-1:0.0: Keyspan 1 port adapter converter detected [ 1199.374941][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 84 [ 1199.388326][ T59] usb 4-1: config 4 interface 44 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1199.555866][ T59] usb 4-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice= 5.20 [ 1199.565241][ T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1199.577611][ T59] usb 4-1: Product: syz [ 1199.581830][ T59] usb 4-1: Manufacturer: syz [ 1199.587331][ T59] usb 4-1: SerialNumber: syz [ 1200.411137][T16082] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2783'. [ 1200.903294][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 81 [ 1200.925937][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 82 [ 1200.933719][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 1 [ 1201.023416][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2 [ 1201.071054][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 83 [ 1201.102707][ T5869] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 3 [ 1201.134087][ T5869] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1201.204286][ T5869] usb 2-1: USB disconnect, device number 95 [ 1201.227544][ T5869] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1201.242601][ T5869] keyspan 2-1:0.0: device disconnected [ 1201.273341][ T59] dvb-usb: found a 'Gigabyte U7000' in warm state. [ 1201.326463][ T59] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 1201.365011][ T59] dvbdev: DVB: registering new adapter (Gigabyte U7000) [ 1201.390094][ T59] usb 4-1: media controller created [ 1201.419799][ T59] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1201.554442][ T59] DVB: Unable to find symbol dib7000p_attach() [ 1201.571883][ T59] dvb-usb: no frontend was attached by 'Gigabyte U7000' [ 1201.705619][ T59] rc_core: IR keymap rc-dib0700-rc5 not found [ 1201.720557][ T59] Registered IR keymap rc-empty [ 1201.736513][ T59] dvb-usb: could not initialize remote control. [ 1201.743065][ T59] dvb-usb: Gigabyte U7000 successfully initialized and connected. [ 1201.760810][ T59] usb 4-1: USB disconnect, device number 109 [ 1201.795761][ T59] dvb-usb: Gigabyte U7000 successfully deinitialized and disconnected. [ 1201.811817][T16088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2787'. [ 1201.925576][ T5869] usb 3-1: USB disconnect, device number 81 [ 1202.186478][T16092] netlink: 'syz.1.2788': attribute type 5 has an invalid length. [ 1202.196267][T16092] binder: 16091:16092 ioctl 400c620e 0 returned -14 [ 1202.293249][ T24] usb 5-1: new full-speed USB device number 92 using dummy_hcd [ 1202.670609][ T24] usb 5-1: config 0 has an invalid interface number: 20 but max is 0 [ 1202.679045][ T24] usb 5-1: config 0 has no interface number 0 [ 1202.685197][ T24] usb 5-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1202.865892][ T5869] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1202.892201][ T24] usb 5-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1202.940452][ T59] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1202.945274][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1203.034619][ T24] usb 5-1: Product: syz [ 1203.075475][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 1203.084673][ T24] usb 5-1: Manufacturer: syz [ 1203.121712][ T5869] usb 4-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1203.137319][ T24] usb 5-1: SerialNumber: syz [ 1203.205157][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1203.258068][ T24] usb 5-1: config 0 descriptor?? [ 1203.276159][T16088] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1203.307449][ T5869] usb 4-1: config 0 descriptor?? [ 1203.333405][ T59] usb 3-1: config index 0 descriptor too short (expected 32820, got 52) [ 1203.335748][ T5869] keyspan 4-1:0.0: Keyspan 1 port adapter converter detected [ 1203.365726][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 84 [ 1203.370956][ T59] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1203.376681][ T24] usb-storage 5-1:0.20: USB Mass Storage device detected [ 1203.400812][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81 [ 1203.401357][ T59] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1203.430212][ T59] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1203.453417][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 82 [ 1203.454183][ T59] usb 3-1: Product: syz [ 1203.473289][ T59] usb 3-1: Manufacturer: syz [ 1203.481454][ T59] usb 3-1: SerialNumber: syz [ 1203.514931][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1 [ 1203.525677][ T24] usb-storage 5-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1203.632335][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2 [ 1203.659440][T16111] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2790'. [ 1203.669274][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83 [ 1203.678619][ T5869] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3 [ 1204.113599][ T59] usb 3-1: config 0 descriptor?? [ 1204.115179][ T5869] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1204.141504][ T59] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1204.162497][ T24] scsi host1: usb-storage 5-1:0.20 [ 1204.193979][ T24] usb 5-1: USB disconnect, device number 92 [ 1204.324375][ T59] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1204.326251][ T5869] usb 4-1: USB disconnect, device number 110 [ 1204.535043][ T5869] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1205.225837][ T5869] keyspan 4-1:0.0: device disconnected [ 1206.139169][T16130] FAULT_INJECTION: forcing a failure. [ 1206.139169][T16130] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.185051][T16130] CPU: 0 UID: 0 PID: 16130 Comm: syz.3.2798 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1206.185084][T16130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1206.185098][T16130] Call Trace: [ 1206.185107][T16130] [ 1206.185117][T16130] dump_stack_lvl+0x189/0x250 [ 1206.185155][T16130] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1206.185184][T16130] ? __pfx__printk+0x10/0x10 [ 1206.185222][T16130] ? __pfx___might_resched+0x10/0x10 [ 1206.185251][T16130] ? fs_reclaim_acquire+0x7d/0x100 [ 1206.185283][T16130] should_fail_ex+0x414/0x560 [ 1206.185319][T16130] should_failslab+0xa8/0x100 [ 1206.185353][T16130] __kmalloc_noprof+0xcb/0x4f0 [ 1206.185380][T16130] ? kfree+0x4d/0x440 [ 1206.185404][T16130] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1206.185444][T16130] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1206.185472][T16130] ? tomoyo_domain+0xda/0x130 [ 1206.185504][T16130] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1206.185525][T16130] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1206.185549][T16130] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1206.185589][T16130] ? __lock_acquire+0xaac/0xd20 [ 1206.185636][T16130] ? __fget_files+0x2a/0x420 [ 1206.185671][T16130] ? __fget_files+0x3a0/0x420 [ 1206.185699][T16130] ? __fget_files+0x2a/0x420 [ 1206.185735][T16130] security_file_ioctl+0xcb/0x2d0 [ 1206.185761][T16130] __se_sys_ioctl+0x47/0x170 [ 1206.185789][T16130] do_syscall_64+0xf6/0x210 [ 1206.185815][T16130] ? clear_bhb_loop+0x45/0xa0 [ 1206.185841][T16130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.185861][T16130] RIP: 0033:0x7f018d78e969 [ 1206.185880][T16130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1206.185899][T16130] RSP: 002b:00007f018e55e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1206.185921][T16130] RAX: ffffffffffffffda RBX: 00007f018d9b5fa0 RCX: 00007f018d78e969 [ 1206.185935][T16130] RDX: 0000200000000040 RSI: 00000000c0405602 RDI: 0000000000000003 [ 1206.185949][T16130] RBP: 00007f018e55e090 R08: 0000000000000000 R09: 0000000000000000 [ 1206.185962][T16130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1206.185975][T16130] R13: 0000000000000000 R14: 00007f018d9b5fa0 R15: 00007ffcd12b9928 [ 1206.186008][T16130] [ 1206.522917][ T24] usb 3-1: USB disconnect, device number 82 [ 1206.565557][T16130] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1206.948855][ T5931] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1207.585777][ T5931] usb 5-1: device descriptor read/64, error -71 [ 1207.845887][ T5931] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1208.056089][ T5931] usb 5-1: device descriptor read/64, error -71 [ 1208.116134][ T10] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1208.325946][ T5931] usb usb5-port1: attempt power cycle [ 1208.475495][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 1208.482437][ T10] usb 1-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1208.506511][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1208.530194][ T10] usb 1-1: config 0 descriptor?? [ 1208.548329][ T10] keyspan 1-1:0.0: Keyspan 1 port adapter converter detected [ 1208.605593][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 84 [ 1208.636838][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 81 [ 1208.659728][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 82 [ 1208.705791][ T5931] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1208.724018][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 1 [ 1208.732549][ T5931] usb 5-1: device descriptor read/8, error -71 [ 1208.750540][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 2 [ 1208.775447][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 83 [ 1208.801981][ T10] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 3 [ 1209.014260][T16172] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2805'. [ 1209.777569][ T5931] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1209.912099][ T10] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1210.013390][ T5931] usb 5-1: device descriptor read/8, error -71 [ 1210.022210][ T10] usb 1-1: USB disconnect, device number 84 [ 1210.044456][ T10] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1210.073415][ T10] keyspan 1-1:0.0: device disconnected [ 1210.135776][ T5931] usb usb5-port1: unable to enumerate USB device [ 1210.957572][T16183] befs: (nullb0): No write support. Marking filesystem read-only [ 1210.967215][T16183] befs: (nullb0): invalid magic header [ 1212.018426][T16188] befs: (nullb0): No write support. Marking filesystem read-only [ 1212.027946][T16188] befs: (nullb0): invalid magic header [ 1215.189582][T16196] kvm: kvm [16193]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8eff [ 1215.215720][T16196] kvm: kvm [16193]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x6087 [ 1215.609261][T16196] kvm: kvm [16193]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xb33c [ 1217.615716][ T5931] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1218.157754][ T5931] usb 3-1: Using ep0 maxpacket: 8 [ 1218.206447][ T5931] usb 3-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1218.216528][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1218.238914][ T5931] usb 3-1: config 0 descriptor?? [ 1218.248211][ T5931] keyspan 3-1:0.0: Keyspan 1 port adapter converter detected [ 1218.256894][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 84 [ 1218.266218][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81 [ 1218.274117][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 82 [ 1218.285122][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1 [ 1218.564715][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2 [ 1218.742764][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83 [ 1218.768656][T16249] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2827'. [ 1219.099797][ T5931] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3 [ 1219.117691][ T5931] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1219.176411][ T5931] usb 3-1: USB disconnect, device number 83 [ 1219.204002][ T5931] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1219.266905][ T5931] keyspan 3-1:0.0: device disconnected [ 1220.432534][T16264] befs: (nullb0): No write support. Marking filesystem read-only [ 1220.442146][T16264] befs: (nullb0): invalid magic header [ 1221.332029][T16272] FAULT_INJECTION: forcing a failure. [ 1221.332029][T16272] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1221.474476][T16272] CPU: 0 UID: 0 PID: 16272 Comm: syz.1.2836 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1221.474510][T16272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1221.474523][T16272] Call Trace: [ 1221.474532][T16272] [ 1221.474541][T16272] dump_stack_lvl+0x189/0x250 [ 1221.474578][T16272] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1221.474607][T16272] ? __pfx__printk+0x10/0x10 [ 1221.474652][T16272] should_fail_ex+0x414/0x560 [ 1221.474689][T16272] _copy_to_user+0x31/0xb0 [ 1221.474713][T16272] simple_read_from_buffer+0xe1/0x170 [ 1221.474739][T16272] proc_fail_nth_read+0x1df/0x250 [ 1221.474756][T16272] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1221.474774][T16272] ? rw_verify_area+0x258/0x650 [ 1221.474792][T16272] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1221.474808][T16272] vfs_read+0x1fd/0x980 [ 1221.474831][T16272] ? __pfx___mutex_lock+0x10/0x10 [ 1221.474849][T16272] ? __pfx_vfs_read+0x10/0x10 [ 1221.474869][T16272] ? __fget_files+0x2a/0x420 [ 1221.474896][T16272] ? __fget_files+0x3a0/0x420 [ 1221.474917][T16272] ? __fget_files+0x2a/0x420 [ 1221.474946][T16272] ksys_read+0x145/0x250 [ 1221.474964][T16272] ? rcu_is_watching+0x15/0xb0 [ 1221.474986][T16272] ? __pfx_ksys_read+0x10/0x10 [ 1221.475008][T16272] ? do_syscall_64+0xba/0x210 [ 1221.475028][T16272] do_syscall_64+0xf6/0x210 [ 1221.475045][T16272] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1221.475061][T16272] ? clear_bhb_loop+0x45/0xa0 [ 1221.475079][T16272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1221.475094][T16272] RIP: 0033:0x7f051398d37c [ 1221.475108][T16272] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1221.475120][T16272] RSP: 002b:00007f051488e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1221.475137][T16272] RAX: ffffffffffffffda RBX: 00007f0513bb5fa0 RCX: 00007f051398d37c [ 1221.475148][T16272] RDX: 000000000000000f RSI: 00007f051488e0a0 RDI: 0000000000000005 [ 1221.475158][T16272] RBP: 00007f051488e090 R08: 0000000000000000 R09: 0000000000000000 [ 1221.475167][T16272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1221.475176][T16272] R13: 0000000000000000 R14: 00007f0513bb5fa0 R15: 00007ffda22cf058 [ 1221.475198][T16272] [ 1225.244878][T16312] FAULT_INJECTION: forcing a failure. [ 1225.244878][T16312] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.280823][T16312] CPU: 0 UID: 0 PID: 16312 Comm: syz.4.2846 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1225.280859][T16312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1225.280872][T16312] Call Trace: [ 1225.280881][T16312] [ 1225.280890][T16312] dump_stack_lvl+0x189/0x250 [ 1225.280929][T16312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1225.280958][T16312] ? __pfx__printk+0x10/0x10 [ 1225.280995][T16312] ? __pfx___might_resched+0x10/0x10 [ 1225.281031][T16312] should_fail_ex+0x414/0x560 [ 1225.281075][T16312] ? seq_read_iter+0x1fd/0xe10 [ 1225.281099][T16312] should_failslab+0xa8/0x100 [ 1225.281133][T16312] __kvmalloc_node_noprof+0x168/0x5e0 [ 1225.281165][T16312] ? seq_read_iter+0x1fd/0xe10 [ 1225.281195][T16312] seq_read_iter+0x1fd/0xe10 [ 1225.281232][T16312] ? __asan_memset+0x22/0x50 [ 1225.281264][T16312] seq_read+0x2e2/0x3d0 [ 1225.281299][T16312] ? __pfx_seq_read+0x10/0x10 [ 1225.281339][T16312] ? rw_verify_area+0x258/0x650 [ 1225.281364][T16312] ? __pfx_seq_read+0x10/0x10 [ 1225.281390][T16312] vfs_read+0x1fd/0x980 [ 1225.281423][T16312] ? __pfx___mutex_lock+0x10/0x10 [ 1225.281447][T16312] ? __pfx_vfs_read+0x10/0x10 [ 1225.281476][T16312] ? __fget_files+0x2a/0x420 [ 1225.281511][T16312] ? __fget_files+0x3a0/0x420 [ 1225.281540][T16312] ? __fget_files+0x2a/0x420 [ 1225.281581][T16312] ksys_read+0x145/0x250 [ 1225.281606][T16312] ? rcu_is_watching+0x15/0xb0 [ 1225.281636][T16312] ? __pfx_ksys_read+0x10/0x10 [ 1225.281668][T16312] ? do_syscall_64+0xba/0x210 [ 1225.281696][T16312] do_syscall_64+0xf6/0x210 [ 1225.281720][T16312] ? clear_bhb_loop+0x45/0xa0 [ 1225.281746][T16312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.281766][T16312] RIP: 0033:0x7f38b298e969 [ 1225.281797][T16312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1225.281814][T16312] RSP: 002b:00007f38b37af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1225.281837][T16312] RAX: ffffffffffffffda RBX: 00007f38b2bb5fa0 RCX: 00007f38b298e969 [ 1225.281852][T16312] RDX: 0000000000002020 RSI: 0000200000004300 RDI: 0000000000000004 [ 1225.281866][T16312] RBP: 00007f38b37af090 R08: 0000000000000000 R09: 0000000000000000 [ 1225.281879][T16312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1225.281891][T16312] R13: 0000000000000000 R14: 00007f38b2bb5fa0 R15: 00007ffdbee2b7c8 [ 1225.281925][T16312] [ 1226.405721][ T24] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1226.825506][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 1226.967605][ T24] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 1227.622060][ T24] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 1227.637632][ T24] usb 4-1: config 0 has no interface number 0 [ 1227.776113][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1227.787324][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1227.795559][ T24] usb 4-1: Product: syz [ 1227.816380][ T24] usb 4-1: Manufacturer: syz [ 1227.822224][ T24] usb 4-1: SerialNumber: syz [ 1228.153812][ T24] usb 4-1: config 0 descriptor?? [ 1228.275964][ T24] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 1228.289532][ T24] usb 4-1: No valid video chain found. [ 1229.033290][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2857'. [ 1229.345490][ T5831] usb 2-1: new full-speed USB device number 96 using dummy_hcd [ 1229.578540][ T5831] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 1229.588435][ T5831] usb 2-1: config 0 has no interface number 0 [ 1229.808608][ T5831] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1230.327972][ T5831] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1230.351944][ T59] usb 4-1: USB disconnect, device number 111 [ 1230.371904][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1230.429034][ T5831] usb 2-1: Product: syz [ 1230.453647][ T5831] usb 2-1: Manufacturer: syz [ 1230.475564][ T5831] usb 2-1: SerialNumber: syz [ 1230.516275][ T5831] usb 2-1: config 0 descriptor?? [ 1230.521952][T16358] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1230.564465][ T5831] usb-storage 2-1:0.20: USB Mass Storage device detected [ 1230.607655][ T5831] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1230.726916][T16380] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 1230.736279][T16380] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 1231.463438][ T5831] scsi host1: usb-storage 2-1:0.20 [ 1231.656581][T16389] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2863'. [ 1231.946797][ T5831] usb 2-1: USB disconnect, device number 96 [ 1232.314753][T16399] netlink: 'syz.3.2865': attribute type 2 has an invalid length. [ 1233.468036][ T5831] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1233.739545][ T59] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1233.937098][ T5831] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1233.946570][ T5831] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1233.980771][ T5831] usb 1-1: config 0 descriptor?? [ 1233.995646][ T59] usb 2-1: Using ep0 maxpacket: 32 [ 1234.003859][ T59] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1234.779514][ T5831] cp210x 1-1:0.0: cp210x converter detected [ 1234.842324][ T59] usb 2-1: config index 0 descriptor too short (expected 34347, got 43) [ 1234.855715][ T59] usb 2-1: config 31 has too many interfaces: 196, using maximum allowed: 32 [ 1234.880565][ T59] usb 2-1: config 31 has an invalid descriptor of length 48, skipping remainder of the config [ 1234.891976][ T59] usb 2-1: config 31 has 1 interface, different from the descriptor's value: 196 [ 1234.904592][ T59] usb 2-1: config 31 has no interface number 0 [ 1234.927458][ T59] usb 2-1: config 31 interface 81 altsetting 3 has an endpoint descriptor with address 0x93, changing to 0x83 [ 1234.946615][ T59] usb 2-1: config 31 interface 81 altsetting 3 endpoint 0x83 has invalid maxpacket 30768, setting to 1024 [ 1234.958199][ T59] usb 2-1: config 31 interface 81 altsetting 3 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1234.991282][ T59] usb 2-1: config 31 interface 81 has no altsetting 0 [ 1235.075422][ T5831] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1235.107538][ T59] usb 2-1: string descriptor 0 read error: -22 [ 1235.121122][ T59] usb 2-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice=24.ac [ 1235.472602][ T5831] cp210x 1-1:0.0: GPIO initialisation failed: -524 [ 1235.481639][ T59] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1235.496149][ T5831] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1235.537567][T16412] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1235.550416][ T59] input: USB Touchscreen 0dfc:0001 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:31.81/input/input31 [ 1236.015822][T16409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2867'. [ 1237.108050][ T5831] usb 2-1: USB disconnect, device number 97 [ 1237.615911][T16447] tipc: Started in network mode [ 1237.621007][T16447] tipc: Node identity 7, cluster identity 4711 [ 1237.627352][T16447] tipc: Node number set to 7 [ 1238.002054][T16437] openvswitch: netlink: Actions may not be safe on all matching packets [ 1238.156415][T16437] 9pnet_fd: Insufficient options for proto=fd [ 1238.241618][ T24] usb 1-1: USB disconnect, device number 85 [ 1238.376132][ T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1238.418218][ T24] cp210x 1-1:0.0: device disconnected [ 1238.906528][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.950695][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.343770][T16478] program syz.3.2883 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1245.146531][T16523] FAULT_INJECTION: forcing a failure. [ 1245.146531][T16523] name failslab, interval 1, probability 0, space 0, times 0 [ 1245.181839][T16523] CPU: 1 UID: 0 PID: 16523 Comm: syz.2.2896 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1245.181872][T16523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1245.181886][T16523] Call Trace: [ 1245.181894][T16523] [ 1245.181904][T16523] dump_stack_lvl+0x189/0x250 [ 1245.181942][T16523] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1245.181971][T16523] ? __pfx__printk+0x10/0x10 [ 1245.182010][T16523] ? __pfx___might_resched+0x10/0x10 [ 1245.182048][T16523] ? fs_reclaim_acquire+0x7d/0x100 [ 1245.182076][T16523] should_fail_ex+0x414/0x560 [ 1245.182114][T16523] should_failslab+0xa8/0x100 [ 1245.182148][T16523] __kmalloc_noprof+0xcb/0x4f0 [ 1245.182177][T16523] ? kernfs_fop_write_iter+0x158/0x4f0 [ 1245.182210][T16523] kernfs_fop_write_iter+0x158/0x4f0 [ 1245.182245][T16523] vfs_write+0x548/0xa90 [ 1245.182278][T16523] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1245.182306][T16523] ? __pfx_vfs_write+0x10/0x10 [ 1245.182345][T16523] ? __fget_files+0x2a/0x420 [ 1245.182387][T16523] ksys_write+0x145/0x250 [ 1245.182418][T16523] ? __pfx_ksys_write+0x10/0x10 [ 1245.182449][T16523] ? do_syscall_64+0xba/0x210 [ 1245.182477][T16523] do_syscall_64+0xf6/0x210 [ 1245.182502][T16523] ? clear_bhb_loop+0x45/0xa0 [ 1245.182528][T16523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1245.182548][T16523] RIP: 0033:0x7f084a18e969 [ 1245.182568][T16523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1245.182586][T16523] RSP: 002b:00007f084afa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1245.182609][T16523] RAX: ffffffffffffffda RBX: 00007f084a3b6080 RCX: 00007f084a18e969 [ 1245.182625][T16523] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000007 [ 1245.182639][T16523] RBP: 00007f084afa8090 R08: 0000000000000000 R09: 0000000000000000 [ 1245.182652][T16523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1245.182665][T16523] R13: 0000000000000000 R14: 00007f084a3b6080 R15: 00007fff08427138 [ 1245.182699][T16523] [ 1247.001725][T16540] program syz.3.2899 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1247.038695][T16543] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1247.069710][T16543] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1247.080229][T16543] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1247.089099][T16543] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1247.097000][T16543] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1247.116957][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1247.131235][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1247.139125][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1247.169163][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1247.177862][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1247.245828][ T24] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1247.545971][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 1247.677495][T16549] befs: (nullb0): No write support. Marking filesystem read-only [ 1247.685851][T16549] befs: (nullb0): invalid magic header [ 1248.472746][ T24] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1248.552698][ T24] usb 3-1: config 0 has no interface number 0 [ 1248.588282][ T24] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1248.654274][ T24] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1248.705619][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1248.742439][ T6296] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1248.756032][ T24] usb 3-1: Product: syz [ 1248.777666][ T24] usb 3-1: Manufacturer: syz [ 1248.782308][ T24] usb 3-1: SerialNumber: syz [ 1249.288297][T16543] Bluetooth: hci3: command tx timeout [ 1249.326379][ T24] usb 3-1: config 0 descriptor?? [ 1249.852846][T16563] befs: (nullb0): No write support. Marking filesystem read-only [ 1249.862377][T16563] befs: (nullb0): invalid magic header [ 1251.120302][ T6296] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1251.348635][T16543] Bluetooth: hci3: command tx timeout [ 1251.421251][ T6296] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1251.649075][ T6296] bridge0: port 3(netdevsim0) entered disabled state [ 1251.695485][ T5898] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 1251.910779][ T6296] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 1252.872893][ T6296] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 1252.887146][ T6296] bridge0: port 3(netdevsim0) entered disabled state [ 1253.479779][ T6296] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1253.490416][T16543] Bluetooth: hci3: command tx timeout [ 1254.063171][T16590] befs: (nullb0): No write support. Marking filesystem read-only [ 1254.072035][T16590] befs: (nullb0): invalid magic header [ 1254.581159][ T24] usb 3-1: can't set config #0, error -110 [ 1255.061903][ T5931] usb 3-1: USB disconnect, device number 84 [ 1255.505696][T16543] Bluetooth: hci3: command tx timeout [ 1256.369001][T16542] chnl_net:caif_netlink_parms(): no params data found [ 1257.075456][ T5898] usb 4-1: device descriptor read/64, error -110 [ 1257.339788][ T5898] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1257.371815][ T6296] bridge_slave_1: left allmulticast mode [ 1257.378832][ T6296] bridge_slave_1: left promiscuous mode [ 1257.399284][ T6296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1257.444993][ T6296] bridge_slave_0: left allmulticast mode [ 1257.452933][ T6296] bridge_slave_0: left promiscuous mode [ 1257.462521][ T6296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1257.486896][ T5898] usb 4-1: device descriptor read/64, error -32 [ 1257.673449][ T5898] usb usb4-port1: attempt power cycle [ 1257.985809][ T5831] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1258.168915][ T5831] usb 1-1: Using ep0 maxpacket: 8 [ 1258.187917][ T5831] usb 1-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=d7.cc [ 1258.213237][ T5831] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1258.237459][ T5831] usb 1-1: config 0 descriptor?? [ 1258.255540][ T5898] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 1258.258143][ T5831] keyspan 1-1:0.0: Keyspan 1 port adapter converter detected [ 1258.287613][ T5898] usb 4-1: device descriptor read/8, error -32 [ 1258.294090][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 84 [ 1258.322975][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 81 [ 1258.334527][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 82 [ 1258.416300][ T5898] raw-gadget.1 gadget.3: failed to queue suspend event [ 1258.438410][ T5898] raw-gadget.1 gadget.3: failed to queue reset event [ 1258.586569][ T5898] raw-gadget.1 gadget.3: failed to queue resume event [ 1258.623342][T16625] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2917'. [ 1259.011758][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 1 [ 1259.273557][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 2 [ 1259.281385][ T5898] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 1259.465645][ C1] raw-gadget.1 gadget.3: ignoring, device is not running [ 1259.490708][ T5898] usb 4-1: device descriptor read/8, error -32 [ 1259.490776][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 83 [ 1259.565608][ T5831] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 3 [ 1259.597323][ T5831] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1259.631458][ T5831] usb 1-1: USB disconnect, device number 86 [ 1259.646693][T16628] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2919'. [ 1259.657755][ T5831] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1259.672733][ T5831] keyspan 1-1:0.0: device disconnected [ 1259.723031][ T5898] raw-gadget.1 gadget.3: failed to queue suspend event [ 1259.765925][ T5898] usb usb4-port1: unable to enumerate USB device [ 1260.330916][ T6296] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1260.490528][ T6296] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1260.796126][ T6296] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1260.860108][ T6296] bond0 (unregistering): Released all slaves [ 1260.880991][T16542] bridge0: port 1(bridge_slave_0) entered blocking state [ 1260.907290][T16542] bridge0: port 1(bridge_slave_0) entered disabled state [ 1260.918700][T16542] bridge_slave_0: entered allmulticast mode [ 1260.927570][T16542] bridge_slave_0: entered promiscuous mode [ 1260.987056][T16574] raw-gadget.1 gadget.3: failed to queue disconnect event [ 1261.089404][T16542] bridge0: port 2(bridge_slave_1) entered blocking state [ 1261.115768][T16542] bridge0: port 2(bridge_slave_1) entered disabled state [ 1261.133463][T16542] bridge_slave_1: entered allmulticast mode [ 1261.170049][T16542] bridge_slave_1: entered promiscuous mode [ 1261.534894][ T5831] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 1262.159554][T16642] netlink: 'syz.0.2923': attribute type 1 has an invalid length. [ 1262.223329][T16644] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2923'. [ 1262.244750][T16542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1262.255085][T16645] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 1262.264335][T16645] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 1262.375379][ T5831] usb 4-1: Using ep0 maxpacket: 8 [ 1262.384777][ T5831] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1262.403700][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1262.411923][ T5831] usb 4-1: Product: syz [ 1262.416272][ T5831] usb 4-1: Manufacturer: syz [ 1262.423789][ T5831] usb 4-1: SerialNumber: syz [ 1262.433273][T16642] bond1: entered promiscuous mode [ 1262.439532][ T5831] usb 4-1: config 0 descriptor?? [ 1262.449198][T16642] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1262.664238][ T5831] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1262.690942][T16644] batadv1: entered promiscuous mode [ 1262.701797][T16644] batadv1: entered allmulticast mode [ 1262.724551][T16542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1262.905384][ T5831] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1262.987739][ T5931] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 1263.195502][ T5931] usb 1-1: device descriptor read/64, error -71 [ 1263.463178][T16542] team0: Port device team_slave_0 added [ 1263.500737][T16542] team0: Port device team_slave_1 added [ 1263.515479][ T5931] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 1263.569500][ T6296] hsr_slave_0: left promiscuous mode [ 1263.576381][ T6296] hsr_slave_1: left promiscuous mode [ 1263.582445][ T6296] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1263.605438][ T6296] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1263.620485][ T6296] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1263.641981][ T6296] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1263.673222][ T5931] usb 1-1: device descriptor read/64, error -71 [ 1263.949904][ T5931] usb usb1-port1: attempt power cycle [ 1263.955638][ T6296] veth1_macvtap: left promiscuous mode [ 1264.345381][ T6296] veth0_macvtap: left promiscuous mode [ 1264.373804][ T59] usb 4-1: USB disconnect, device number 116 [ 1264.385023][ T6296] veth1_vlan: left promiscuous mode [ 1264.407815][ T6296] veth0_vlan: left promiscuous mode [ 1266.756268][T16691] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1267.035592][ T5869] usb 3-1: new full-speed USB device number 85 using dummy_hcd [ 1267.174438][ T6296] team0 (unregistering): Port device team_slave_1 removed [ 1267.248082][ T6296] team0 (unregistering): Port device team_slave_0 removed [ 1267.393372][ T5869] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1267.404918][ T5869] usb 3-1: config 0 has no interface number 0 [ 1267.411228][ T5869] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1267.425670][ T5869] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1267.435240][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1267.443491][ T5869] usb 3-1: Product: syz [ 1267.448098][ T5869] usb 3-1: Manufacturer: syz [ 1267.453440][ T5869] usb 3-1: SerialNumber: syz [ 1267.461937][ T5869] usb 3-1: config 0 descriptor?? [ 1267.467933][T16692] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1267.477483][ T5869] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1267.509514][ T5869] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1267.922299][ T5869] scsi host1: usb-storage 3-1:0.20 [ 1268.046221][ T5869] usb 3-1: USB disconnect, device number 85 [ 1268.132489][T16542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1268.160577][T16542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1268.190027][T16542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1268.677128][T16542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1268.684400][T16542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1268.807616][T16542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1269.572737][T16542] hsr_slave_0: entered promiscuous mode [ 1269.599219][T16542] hsr_slave_1: entered promiscuous mode [ 1269.610368][T16542] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1269.618320][T16542] Cannot create hsr debugfs directory [ 1272.236763][T16748] befs: (nullb0): No write support. Marking filesystem read-only [ 1272.246401][T16748] befs: (nullb0): invalid magic header [ 1272.950170][T16742] FAULT_INJECTION: forcing a failure. [ 1272.950170][T16742] name failslab, interval 1, probability 0, space 0, times 0 [ 1273.003063][T16742] CPU: 1 UID: 0 PID: 16742 Comm: syz.0.2947 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1273.003096][T16742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1273.003109][T16742] Call Trace: [ 1273.003119][T16742] [ 1273.003129][T16742] dump_stack_lvl+0x189/0x250 [ 1273.003166][T16742] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1273.003195][T16742] ? __pfx__printk+0x10/0x10 [ 1273.003235][T16742] ? __pfx___might_resched+0x10/0x10 [ 1273.003264][T16742] ? fs_reclaim_acquire+0x7d/0x100 [ 1273.003292][T16742] should_fail_ex+0x414/0x560 [ 1273.003330][T16742] should_failslab+0xa8/0x100 [ 1273.003363][T16742] __kmalloc_noprof+0xcb/0x4f0 [ 1273.003390][T16742] ? kfree+0x4d/0x440 [ 1273.003414][T16742] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1273.003447][T16742] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1273.003476][T16742] ? tomoyo_domain+0xda/0x130 [ 1273.003509][T16742] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1273.003531][T16742] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1273.003557][T16742] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1273.003597][T16742] ? __lock_acquire+0xaac/0xd20 [ 1273.003645][T16742] ? __fget_files+0x2a/0x420 [ 1273.003683][T16742] ? __fget_files+0x3a0/0x420 [ 1273.003713][T16742] ? __fget_files+0x2a/0x420 [ 1273.003748][T16742] security_file_ioctl+0xcb/0x2d0 [ 1273.003775][T16742] __se_sys_ioctl+0x47/0x170 [ 1273.003804][T16742] do_syscall_64+0xf6/0x210 [ 1273.003830][T16742] ? clear_bhb_loop+0x45/0xa0 [ 1273.003857][T16742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1273.003878][T16742] RIP: 0033:0x7f8690f8e969 [ 1273.003905][T16742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1273.003924][T16742] RSP: 002b:00007f8691de2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1273.003947][T16742] RAX: ffffffffffffffda RBX: 00007f86911b5fa0 RCX: 00007f8690f8e969 [ 1273.003962][T16742] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 1273.003975][T16742] RBP: 00007f8691de2090 R08: 0000000000000000 R09: 0000000000000000 [ 1273.003989][T16742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1273.004001][T16742] R13: 0000000000000000 R14: 00007f86911b5fa0 R15: 00007ffd9dafb518 [ 1273.004034][T16742] [ 1273.005183][T16742] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1275.539629][T16542] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1275.649854][T16542] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1275.709969][T16542] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1275.810525][T16542] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1276.642345][T16791] futex_wake_op: syz.2.2956 tries to shift op by -1; fix this program [ 1277.480237][T16542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1277.547594][T16542] 8021q: adding VLAN 0 to HW filter on device team0 [ 1277.630190][ T6071] bridge0: port 1(bridge_slave_0) entered blocking state [ 1277.637443][ T6071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1277.677693][ T6071] bridge0: port 2(bridge_slave_1) entered blocking state [ 1277.684955][ T6071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1277.792780][T16542] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1277.833405][T16542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1277.893665][T16803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2961'. [ 1279.389263][T16542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1279.405689][ T5931] usb 3-1: new full-speed USB device number 86 using dummy_hcd [ 1279.576155][ T5931] usb 3-1: config 0 has an invalid interface number: 20 but max is 0 [ 1279.606920][ T5931] usb 3-1: config 0 has no interface number 0 [ 1279.613321][ T5931] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1279.627787][ T5931] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1279.637491][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1279.667514][ T5931] usb 3-1: Product: syz [ 1280.278552][ T5931] usb 3-1: Manufacturer: syz [ 1280.283274][ T5931] usb 3-1: SerialNumber: syz [ 1280.297653][ T5931] usb 3-1: config 0 descriptor?? [ 1280.303675][T16810] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1280.331817][T16542] veth0_vlan: entered promiscuous mode [ 1280.373682][ T5931] usb-storage 3-1:0.20: USB Mass Storage device detected [ 1280.468458][ T5931] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1280.480482][T16542] veth1_vlan: entered promiscuous mode [ 1280.646109][ T5931] scsi host1: usb-storage 3-1:0.20 [ 1281.007723][T16834] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2965'. [ 1281.085412][ T5931] usb 3-1: USB disconnect, device number 86 [ 1281.217632][T16542] veth0_macvtap: entered promiscuous mode [ 1281.387527][T16542] veth1_macvtap: entered promiscuous mode [ 1281.510982][T16841] futex_wake_op: syz.0.2967 tries to shift op by -1; fix this program [ 1282.312300][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.395245][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.875836][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.886975][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.907340][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.918543][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.929373][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1282.940219][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1282.962737][T16542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1282.984674][T16849] sctp: [Deprecated]: syz.0.2970 (pid 16849) Use of int in maxseg socket option. [ 1282.984674][T16849] Use struct sctp_assoc_value instead [ 1282.995482][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1283.011552][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1283.027954][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1283.038715][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1283.049624][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1283.060891][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1283.075205][T16542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1283.113209][T16542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1283.131289][T16542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1283.156358][T16542] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.165084][T16542] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.174081][T16542] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.183054][T16542] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1283.517639][ T6073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.535981][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1283.564271][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.591459][ T6073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1283.726658][T16857] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 1283.759101][T16857] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 1284.065810][ T10] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 1284.215534][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 1284.253322][ T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1284.280926][ T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 1284.293631][ T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1284.306710][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1284.320567][ T10] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1284.330194][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1284.338463][ T10] usb 3-1: Product: syz [ 1284.343912][ T10] usb 3-1: Manufacturer: syz [ 1284.349241][ T10] usb 3-1: SerialNumber: syz [ 1284.362856][ T10] usb 3-1: config 0 descriptor?? [ 1284.603566][ T10] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input32 [ 1284.647773][ T5174] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 1284.673304][ T5174] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 1284.710035][ T5174] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 1284.781630][ T5174] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 1284.863619][T16859] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 1285.114995][ T5931] usb 3-1: USB disconnect, device number 87 [ 1287.710402][T16895] futex_wake_op: syz.0.2979 tries to shift op by -1; fix this program [ 1289.492345][T16904] lo speed is unknown, defaulting to 1000 [ 1289.512446][T16904] lo speed is unknown, defaulting to 1000 [ 1289.526852][T16904] lo speed is unknown, defaulting to 1000 [ 1290.211903][T16904] infiniband syz0: set active [ 1290.216882][T16904] infiniband syz0: added lo [ 1290.233182][ T5898] lo speed is unknown, defaulting to 1000 [ 1290.290919][T16904] RDS/IB: syz0: added [ 1290.295677][T16904] smc: adding ib device syz0 with port count 1 [ 1290.301998][T16904] smc: ib device syz0 port 1 has pnetid [ 1290.312422][T16904] lo speed is unknown, defaulting to 1000 [ 1290.464466][T16904] lo speed is unknown, defaulting to 1000 [ 1290.616428][T16904] lo speed is unknown, defaulting to 1000 [ 1290.767961][T16904] lo speed is unknown, defaulting to 1000 [ 1290.919326][T16904] lo speed is unknown, defaulting to 1000 [ 1291.072586][ T24] lo speed is unknown, defaulting to 1000 [ 1291.186296][ T5898] usb 2-1: new full-speed USB device number 98 using dummy_hcd [ 1291.407791][ T5898] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1291.436511][ T5898] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1291.473717][ T5898] usb 2-1: can't read configurations, error -71 [ 1292.774079][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1292.798639][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1292.814573][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1292.824654][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1292.838455][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1294.328414][ T9926] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1295.002841][ T5828] Bluetooth: hci1: command tx timeout [ 1295.017474][ T9926] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1295.128112][T16941] futex_wake_op: syz.0.2991 tries to shift op by -1; fix this program [ 1295.830844][T16917] lo speed is unknown, defaulting to 1000 [ 1296.020761][ T9926] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1296.110734][T16951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2996'. [ 1296.135963][ T9926] bridge0: port 3(netdevsim0) entered disabled state [ 1296.962453][ T9926] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode [ 1296.980983][ T9926] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode [ 1297.000000][ T9926] bridge0: port 3(netdevsim0) entered disabled state [ 1297.030778][ T5828] Bluetooth: hci1: command tx timeout [ 1297.221788][ T9926] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1297.257796][ T10] usb 4-1: new full-speed USB device number 117 using dummy_hcd [ 1297.275784][ T5898] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1297.457816][ T5898] usb 2-1: config index 0 descriptor too short (expected 32820, got 52) [ 1297.461083][ T10] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 1297.478056][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1297.485414][ T10] usb 4-1: config 0 has no interface number 0 [ 1297.497203][ T5898] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 1297.506690][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.514823][ T5898] usb 2-1: Product: syz [ 1297.515660][ T10] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1297.519485][ T5898] usb 2-1: Manufacturer: syz [ 1297.534895][ T5898] usb 2-1: SerialNumber: syz [ 1297.544626][ T9926] bridge_slave_1: left allmulticast mode [ 1297.548378][ T5898] usb 2-1: config 0 descriptor?? [ 1297.561756][ T5898] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1297.564514][ T9926] bridge_slave_1: left promiscuous mode [ 1297.582445][ T10] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1297.592055][ T9926] bridge0: port 2(bridge_slave_1) entered disabled state [ 1297.597245][ T5898] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1297.604670][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.616825][ T10] usb 4-1: Product: syz [ 1297.621037][ T10] usb 4-1: Manufacturer: syz [ 1297.625764][ T10] usb 4-1: SerialNumber: syz [ 1297.634566][ T9926] bridge_slave_0: left allmulticast mode [ 1297.640722][ T9926] bridge_slave_0: left promiscuous mode [ 1297.650763][ T9926] bridge0: port 1(bridge_slave_0) entered disabled state [ 1297.699182][ T10] usb 4-1: config 0 descriptor?? [ 1297.706310][T16958] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1297.730719][ T10] usb-storage 4-1:0.20: USB Mass Storage device detected [ 1297.753277][ T10] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1297.962782][ T10] scsi host1: usb-storage 4-1:0.20 [ 1297.995564][ T10] usb 4-1: USB disconnect, device number 117 [ 1298.163339][ T30] audit: type=1400 audit(1746180112.453:108): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=w pid=16948 comm="syz.1.2993" name="5" dev="tmpfs" ino=40 [ 1299.112612][T16987] futex_wake_op: syz.0.3001 tries to shift op by -1; fix this program [ 1299.137118][ T5828] Bluetooth: hci1: command tx timeout [ 1299.814353][ T5869] usb 2-1: USB disconnect, device number 100 [ 1300.238800][T16989] FAULT_INJECTION: forcing a failure. [ 1300.238800][T16989] name failslab, interval 1, probability 0, space 0, times 0 [ 1300.245877][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.263162][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.286684][T16989] CPU: 0 UID: 0 PID: 16989 Comm: syz.0.3003 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1300.286715][T16989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1300.286728][T16989] Call Trace: [ 1300.286736][T16989] [ 1300.286745][T16989] dump_stack_lvl+0x189/0x250 [ 1300.286783][T16989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1300.286811][T16989] ? __pfx__printk+0x10/0x10 [ 1300.286849][T16989] ? __pfx___might_resched+0x10/0x10 [ 1300.286872][T16989] ? fs_reclaim_acquire+0x7d/0x100 [ 1300.286892][T16989] should_fail_ex+0x414/0x560 [ 1300.286919][T16989] should_failslab+0xa8/0x100 [ 1300.286943][T16989] __kmalloc_noprof+0xcb/0x4f0 [ 1300.286964][T16989] ? kfree+0x4d/0x440 [ 1300.286982][T16989] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1300.287004][T16989] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1300.287024][T16989] ? tomoyo_domain+0xda/0x130 [ 1300.287047][T16989] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1300.287062][T16989] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1300.287079][T16989] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1300.287107][T16989] ? __lock_acquire+0xaac/0xd20 [ 1300.287143][T16989] ? __fget_files+0x2a/0x420 [ 1300.287169][T16989] ? __fget_files+0x3a0/0x420 [ 1300.287189][T16989] ? __fget_files+0x2a/0x420 [ 1300.287214][T16989] security_file_ioctl+0xcb/0x2d0 [ 1300.287232][T16989] __se_sys_ioctl+0x47/0x170 [ 1300.287253][T16989] do_syscall_64+0xf6/0x210 [ 1300.287270][T16989] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1300.287285][T16989] ? clear_bhb_loop+0x45/0xa0 [ 1300.287304][T16989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1300.287318][T16989] RIP: 0033:0x7f8690f8e969 [ 1300.287333][T16989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1300.287346][T16989] RSP: 002b:00007f8691de2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1300.287362][T16989] RAX: ffffffffffffffda RBX: 00007f86911b5fa0 RCX: 00007f8690f8e969 [ 1300.287373][T16989] RDX: 0000200000000180 RSI: 000000004008ae89 RDI: 0000000000000007 [ 1300.287383][T16989] RBP: 00007f8691de2090 R08: 0000000000000000 R09: 0000000000000000 [ 1300.287391][T16989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1300.287401][T16989] R13: 0000000000000000 R14: 00007f86911b5fa0 R15: 00007ffd9dafb518 [ 1300.287423][T16989] [ 1300.287436][T16989] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1301.195555][ T5828] Bluetooth: hci1: command tx timeout [ 1303.402116][T17024] futex_wake_op: syz.3.3012 tries to shift op by -1; fix this program [ 1304.191558][T17026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3013'. [ 1304.256066][ T9926] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1304.272195][ T9926] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1304.283150][ T9926] bond0 (unregistering): Released all slaves [ 1304.438086][ T9926] tipc: Left network mode [ 1304.735816][ T24] usb 4-1: new full-speed USB device number 118 using dummy_hcd [ 1304.759982][T16917] chnl_net:caif_netlink_parms(): no params data found [ 1305.187285][ T24] usb 4-1: config 0 has an invalid interface number: 20 but max is 0 [ 1305.553706][ T24] usb 4-1: config 0 has no interface number 0 [ 1305.573415][ T24] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1305.610557][ T24] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1305.628678][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1305.665398][ T24] usb 4-1: Product: syz [ 1305.669640][ T24] usb 4-1: Manufacturer: syz [ 1305.705208][ T24] usb 4-1: SerialNumber: syz [ 1305.739180][ T24] usb 4-1: config 0 descriptor?? [ 1305.772780][T17026] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1305.820555][ T24] usb-storage 4-1:0.20: USB Mass Storage device detected [ 1305.869863][ T24] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1306.057398][ T24] scsi host1: usb-storage 4-1:0.20 [ 1306.194430][ T24] usb 4-1: USB disconnect, device number 118 [ 1306.200687][ T5898] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1306.470091][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.491537][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.513293][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.531159][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.543882][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.556040][ T5898] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1306.569970][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.579027][ T5898] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1306.589539][ T5898] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1306.599091][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 1306.601679][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1306.608472][ T5898] usb 2-1: SerialNumber: syz [ 1307.349452][T16917] bridge0: port 1(bridge_slave_0) entered blocking state [ 1307.361082][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1307.377498][T16917] bridge0: port 1(bridge_slave_0) entered disabled state [ 1307.385782][T16917] bridge_slave_0: entered allmulticast mode [ 1307.394599][T16917] bridge_slave_0: entered promiscuous mode [ 1307.409091][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1307.419861][T16917] bridge0: port 2(bridge_slave_1) entered blocking state [ 1307.435546][T16917] bridge0: port 2(bridge_slave_1) entered disabled state [ 1307.447015][T17056] kvm: kvm [17055]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf7ac [ 1307.456188][T16917] bridge_slave_1: entered allmulticast mode [ 1307.464732][T16917] bridge_slave_1: entered promiscuous mode [ 1307.842735][T17068] futex_wake_op: syz.3.3022 tries to shift op by -1; fix this program [ 1308.515055][ T5898] usb 2-1: 0:2 : does not exist [ 1308.677052][ T5898] usb 2-1: USB disconnect, device number 101 [ 1308.703096][T16917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1308.828158][T16917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1310.694773][ T9926] hsr_slave_0: left promiscuous mode [ 1310.727077][ T9926] hsr_slave_1: left promiscuous mode [ 1310.751967][ T9926] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1310.790357][ T9926] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1310.807513][ T9926] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1310.900946][ T9926] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1310.927990][ T9926] veth1_macvtap: left promiscuous mode [ 1310.933646][ T9926] veth0_macvtap: left promiscuous mode [ 1310.948567][ T9926] veth1_vlan: left promiscuous mode [ 1310.953954][ T9926] veth0_vlan: left promiscuous mode [ 1312.062973][T17102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3031'. [ 1312.761683][T17107] futex_wake_op: syz.3.3032 tries to shift op by -1; fix this program [ 1312.895450][ T5869] usb 1-1: new full-speed USB device number 90 using dummy_hcd [ 1313.247129][ T5869] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 1313.282474][ T5869] usb 1-1: config 0 has no interface number 0 [ 1313.288864][ T5869] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1313.318339][ T5869] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 1313.339854][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.357345][ T5869] usb 1-1: Product: syz [ 1313.361576][ T5869] usb 1-1: Manufacturer: syz [ 1313.376326][ T5869] usb 1-1: SerialNumber: syz [ 1313.383803][ T5869] usb 1-1: config 0 descriptor?? [ 1313.425966][T17108] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1313.437085][ T5869] usb-storage 1-1:0.20: USB Mass Storage device detected [ 1313.486241][ T5869] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 1314.462828][ T9926] team0 (unregistering): Port device team_slave_1 removed [ 1315.112191][T17124] FAULT_INJECTION: forcing a failure. [ 1315.112191][T17124] name failslab, interval 1, probability 0, space 0, times 0 [ 1315.125328][T17124] CPU: 1 UID: 0 PID: 17124 Comm: syz.4.3035 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1315.125358][T17124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1315.125371][T17124] Call Trace: [ 1315.125382][T17124] [ 1315.125392][T17124] dump_stack_lvl+0x189/0x250 [ 1315.125433][T17124] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1315.125462][T17124] ? __pfx__printk+0x10/0x10 [ 1315.125500][T17124] ? __pfx___might_resched+0x10/0x10 [ 1315.125537][T17124] should_fail_ex+0x414/0x560 [ 1315.125576][T17124] should_failslab+0xa8/0x100 [ 1315.125610][T17124] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1315.125641][T17124] ? mas_alloc_nodes+0x2e9/0x8e0 [ 1315.125668][T17124] mas_alloc_nodes+0x2e9/0x8e0 [ 1315.125700][T17124] mas_preallocate+0x542/0x8b0 [ 1315.125718][T17124] ? lockdep_hardirqs_on+0x9c/0x150 [ 1315.125747][T17124] ? __pfx_mas_preallocate+0x10/0x10 [ 1315.125775][T17124] ? init_multi_vma_prep+0x37a/0x490 [ 1315.125816][T17124] commit_merge+0x1f1/0x6e0 [ 1315.125840][T17124] ? __vma_enter_locked+0x1f4/0x380 [ 1315.125878][T17124] ? __pfx_commit_merge+0x10/0x10 [ 1315.125913][T17124] ? vma_merge_existing_range+0xb8f/0x15b0 [ 1315.125949][T17124] vma_merge_existing_range+0x10b7/0x15b0 [ 1315.125999][T17124] vma_modify+0x76/0x460 [ 1315.126028][T17124] vma_modify_flags+0x1e8/0x230 [ 1315.126058][T17124] ? __pfx_vma_modify_flags+0x10/0x10 [ 1315.126110][T17124] mlock_fixup+0x22a/0x360 [ 1315.126144][T17124] apply_mlockall_flags+0x2f0/0x3c0 [ 1315.126176][T17124] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 1315.126212][T17124] ? __pfx_down_write_killable+0x10/0x10 [ 1315.126244][T17124] ? ksys_write+0x1f0/0x250 [ 1315.126270][T17124] ? rcu_is_watching+0x15/0xb0 [ 1315.126310][T17124] __ia32_sys_munlockall+0x10a/0x220 [ 1315.126340][T17124] do_syscall_64+0xf6/0x210 [ 1315.126365][T17124] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1315.126386][T17124] ? clear_bhb_loop+0x45/0xa0 [ 1315.126412][T17124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1315.126433][T17124] RIP: 0033:0x7f38b298e969 [ 1315.126452][T17124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1315.126470][T17124] RSP: 002b:00007f38b378e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 1315.126492][T17124] RAX: ffffffffffffffda RBX: 00007f38b2bb6080 RCX: 00007f38b298e969 [ 1315.126508][T17124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1315.126520][T17124] RBP: 00007f38b378e090 R08: 0000000000000000 R09: 0000000000000000 [ 1315.126533][T17124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1315.126547][T17124] R13: 0000000000000000 R14: 00007f38b2bb6080 R15: 00007ffdbee2b7c8 [ 1315.126579][T17124] [ 1315.126682][T17124] vmg ffffc900039cfc40 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 1315.406023][T17124] vmg ffffc900039cfc40 state: mm ffff888027a6e400 pgoff 200000000 [ 1315.406023][T17124] vmi ffffc900039cfde0 [200000000000,200000800000) [ 1315.406023][T17124] prev ffff888058c5eb40 middle ffff888058c5eb40 next 0000000000000000 target 0000000000000000 [ 1315.406023][T17124] start 200000000000 end 200000800000 flags 8100077 [ 1315.406023][T17124] file 0000000000000000 anon_vma ffff8880356b2440 policy 0000000000000000 [ 1315.406023][T17124] uffd_ctx 0000000000000000 [ 1315.406023][T17124] anon_name 0000000000000000 [ 1315.406023][T17124] state 0 [ 1315.406023][T17124] just_expand 0 [ 1315.406023][T17124] __adjust_middle_start 0 __adjust_next_start 0 [ 1315.406023][T17124] __remove_middle 0 __remove_next 0 [ 1315.471310][T17124] vmg ffffc900039cfc40 mm: [ 1315.476017][T17124] mm ffff888027a6e400 task_size 140737488351232 [ 1315.476017][T17124] mmap_base 139881506111488 mmap_legacy_base 47751289057280 [ 1315.476017][T17124] pgd ffff888059a3e000 mm_users 3 mm_count 1 pgtables_bytes 131072 map_count 34 [ 1315.476017][T17124] hiwater_rss 14e6 hiwater_vm 5f8c total_vm 5fce locked_vm 800 [ 1315.476017][T17124] pinned_vm 0 data_vm 23db exec_vm 1a4 stack_vm 21 [ 1315.476017][T17124] start_code 7f38b2849000 end_code 7f38b29eadd9 start_data 7f38b2b90000 end_data 7f38b2b90000 [ 1315.476017][T17124] start_brk 555561d37000 brk 555561d6b000 start_stack 7ffdbee2c030 [ 1315.476017][T17124] arg_start 7ffdbee2cf6d arg_end 7ffdbee2cf81 env_start 7ffdbee2cf81 env_end 7ffdbee2cfe9 [ 1315.476017][T17124] binfmt ffffffff8e0b0080 flags 800007fd [ 1315.476017][T17124] ioctx_table 0000000000000000 [ 1315.476017][T17124] owner ffff88805d071e00 exe_file ffff88802f3bd340 [ 1315.476017][T17124] notifier_subscriptions 0000000000000000 [ 1315.476017][T17124] numa_next_scan 4295068664 numa_scan_offset 0 numa_scan_seq 0 [ 1315.476017][T17124] tlb_flush_pending 0 [ 1315.476017][T17124] def_flags: 0x0() [ 1315.576970][T17124] vmg ffffc900039cfc40 prev: [ 1315.581640][T17124] vma ffff888058c5eb40 start 0000200000000000 end 0000200000800000 mm ffff888027a6e400 [ 1315.581640][T17124] prot 25 anon_vma ffff8880356b2440 vm_ops 0000000000000000 [ 1315.581640][T17124] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 1315.581640][T17124] refcnt 1 [ 1315.581640][T17124] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 1315.619644][T17124] vmg ffffc900039cfc40 middle: [ 1315.624522][T17124] vma ffff888058c5eb40 start 0000200000000000 end 0000200000800000 mm ffff888027a6e400 [ 1315.624522][T17124] prot 25 anon_vma ffff8880356b2440 vm_ops 0000000000000000 [ 1315.624522][T17124] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 1315.624522][T17124] refcnt 1 [ 1315.624522][T17124] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 1315.661885][T17124] vmg ffffc900039cfc40 next: (NULL) [ 1315.667281][T17124] vmg ffffc900039cfc40 vmi: [ 1315.671924][T17124] MAS: tree=ffff888027a6e440 enode=ffff888029011a0c [ 1315.672107][T17124] (ma_active) [ 1315.678925][T17124] Store Type: [ 1315.682597][T17124] node_store [ 1315.689671][T17124] [6/10] index=200000000000 last=2000007fffff [ 1315.695929][T17124] min=0 max=555561d58fff alloc=0000000000000000, depth=1, flags=0 [ 1315.704335][T17124] maple_tree(ffff888027a6e440) flags 30B, height 2 root ffff88802901081e [ 1315.712967][T17124] 0-ffffffffffffffff: node ffff888029010800 depth 0 type 3 parent ffff888027a6e441 contents: 355560d36000 29e34ea8c000 80000 ffff8002411d3000 0 0 0 0 0 0 | 03 03| ffff888029011a0c 555561D58FFF ffff888027ee920c 7F38B27FFFFF ffff888029010c0c 7F38B376EFFF ffff888029010a0c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 1315.751696][T17124] 0-555561d58fff: node ffff888029011a00 depth 1 type 1 parent ffff888029010806 contents: 0000000000000000 110C22FFFF ffff8880274018c0 110E22FFFF 0000000000000000 1B2F21FFFF ffff888027401280 1B2F25FFFF 0000000000000000 1FFFFFFFEFFF ffff888027401500 1FFFFFFFFFFF ffff888058c5eb40 2000007FFFFF ffff88806a8bf3c0 200000FFFFFF ffff888058c5e500 200001000FFF 0000000000000000 555561D36FFF ffff888058c5e280 555561D58FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 1315.799515][T17124] 0-110c22ffff: 0000000000000000 [ 1315.804959][T17124] 110c230000-110e22ffff: ffff8880274018c0 [ 1315.811346][T17124] 110e230000-1b2f21ffff: 0000000000000000 [ 1315.817674][T17124] 1b2f220000-1b2f25ffff: ffff888027401280 [ 1315.823889][T17124] 1b2f260000-1fffffffefff: 0000000000000000 [ 1315.830514][T17124] 1ffffffff000-1fffffffffff: ffff888027401500 [ 1315.837124][T17124] 200000000000-2000007fffff: ffff888058c5eb40 [ 1315.843682][T17124] 200000800000-200000ffffff: ffff88806a8bf3c0 [ 1315.850344][T17124] 200001000000-200001000fff: ffff888058c5e500 [ 1315.856954][T17124] 200001001000-555561d36fff: 0000000000000000 [ 1315.863509][T17124] 555561d37000-555561d58fff: ffff888058c5e280 [ 1315.870142][T17124] 555561d59000-7f38b27fffff: node ffff888027ee9200 depth 1 type 1 parent ffff88802901080e contents: ffff888058c5ec80 555561D6AFFF 0000000000000000 7F38B07F6FFF ffff888058c5e000 7F38B07F7FFF ffff888058c5e140 7F38B0FF7FFF ffff888078497000 7F38B0FF8FFF ffff888078497140 7F38B17F8FFF ffff888078497500 7F38B17FAFFF ffff8880784973c0 7F38B1BFAFFF ffff888034befdc0 7F38B1BFCFFF ffff888034bef500 7F38B1FFCFFF ffff888034bef640 7F38B1FFEFFF ffff888034bef3c0 7F38B23FEFFF ffff888034bef8c0 7F38B23FFFFF ffff88807e1b3a00 7F38B27FFFFF 0000000000000000 0 000000000000000d [ 1315.922398][T17124] 555561d59000-555561d6afff: ffff888058c5ec80 [ 1315.929212][T17124] 555561d6b000-7f38b07f6fff: 0000000000000000 [ 1315.935821][T17124] 7f38b07f7000-7f38b07f7fff: ffff888058c5e000 [ 1315.942473][T17124] 7f38b07f8000-7f38b0ff7fff: ffff888058c5e140 [ 1315.949076][T17124] 7f38b0ff8000-7f38b0ff8fff: ffff888078497000 [ 1315.955827][T17124] 7f38b0ff9000-7f38b17f8fff: ffff888078497140 [ 1315.962488][T17124] 7f38b17f9000-7f38b17fafff: ffff888078497500 [ 1315.969217][T17124] 7f38b17fb000-7f38b1bfafff: ffff8880784973c0 [ 1315.975869][T17124] 7f38b1bfb000-7f38b1bfcfff: ffff888034befdc0 [ 1315.982427][T17124] 7f38b1bfd000-7f38b1ffcfff: ffff888034bef500 [ 1315.989046][T17124] 7f38b1ffd000-7f38b1ffefff: ffff888034bef640 [ 1315.996154][T17124] 7f38b1fff000-7f38b23fefff: ffff888034bef3c0 [ 1316.002817][T17124] 7f38b23ff000-7f38b23fffff: ffff888034bef8c0 [ 1316.009432][T17124] 7f38b2400000-7f38b27fffff: ffff88807e1b3a00 [ 1316.016136][T17124] 7f38b2800000-7f38b376efff: node ffff888029010c00 depth 1 type 1 parent ffff888029010816 contents: ffff888034e9b3c0 7F38B2848FFF ffff888034a9edc0 7F38B29EAFFF ffff888034a9e280 7F38B2A97FFF ffff8880327ddb40 7F38B2B7CFFF ffff88805a6bc000 7F38B2B85FFF 0000000000000000 7F38B2B8FFFF ffff88805a6bc780 7F38B36EDFFF 0000000000000000 7F38B376DFFF ffff88806a8bf000 7F38B376EFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 1316.063700][T17124] 7f38b2800000-7f38b2848fff: ffff888034e9b3c0 [ 1316.070321][T17124] 7f38b2849000-7f38b29eafff: ffff888034a9edc0 [ 1316.076972][T17124] 7f38b29eb000-7f38b2a97fff: ffff888034a9e280 [ 1316.083517][T17124] 7f38b2a98000-7f38b2b7cfff: ffff8880327ddb40 [ 1316.090159][T17124] 7f38b2b7d000-7f38b2b85fff: ffff88805a6bc000 [ 1316.097222][T17124] 7f38b2b86000-7f38b2b8ffff: 0000000000000000 [ 1316.103877][T17124] 7f38b2b90000-7f38b36edfff: ffff88805a6bc780 [ 1316.110684][T17124] 7f38b36ee000-7f38b376dfff: 0000000000000000 [ 1316.117365][T17124] 7f38b376e000-7f38b376efff: ffff88806a8bf000 [ 1316.123997][T17124] 7f38b376f000-ffffffffffffffff: node ffff888029010a00 depth 1 type 1 parent ffff88802901081e contents: ffff88806a8bf500 7F38B378EFFF ffff88823bfe8f00 7F38B378FFFF ffff88806a8bf640 7F38B37AFFFF ffff88805a6bc140 7F38B37B3FFF ffff88805a6bc500 7F38B37B5FFF ffff88806a8bf8c0 7F38B37B7FFF 0000000000000000 7FFDBEE0BFFF ffff88806a8bf140 7FFDBEE2CFFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 1316.172390][T17124] 7f38b376f000-7f38b378efff: ffff88806a8bf500 [ 1316.179028][T17124] 7f38b378f000-7f38b378ffff: ffff88823bfe8f00 [ 1316.185700][T17124] 7f38b3790000-7f38b37affff: ffff88806a8bf640 [ 1316.192267][T17124] 7f38b37b0000-7f38b37b3fff: ffff88805a6bc140 [ 1316.199275][T17124] 7f38b37b4000-7f38b37b5fff: ffff88805a6bc500 [ 1316.206046][T17124] 7f38b37b6000-7f38b37b7fff: ffff88806a8bf8c0 [ 1316.212921][T17124] 7f38b37b8000-7ffdbee0bfff: 0000000000000000 [ 1316.219594][T17124] 7ffdbee0c000-7ffdbee2cfff: ffff88806a8bf140 [ 1316.226807][T17124] 7ffdbee2d000-ffffffffffffffff: 0000000000000000 [ 1316.234405][T17124] ------------[ cut here ]------------ [ 1316.239992][T17124] WARNING: CPU: 1 PID: 17124 at mm/vma.c:768 vma_merge_existing_range+0x1257/0x15b0 [ 1316.249643][T17124] Modules linked in: [ 1316.253944][T17124] CPU: 1 UID: 0 PID: 17124 Comm: syz.4.3035 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1316.266117][T17124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1316.276282][T17124] RIP: 0010:vma_merge_existing_range+0x1257/0x15b0 [ 1316.283168][T17124] Code: 0b 90 e9 52 f0 ff ff e8 b7 02 ae ff 90 0f 0b 90 e9 87 ef ff ff e8 a9 02 ae ff 48 89 df 48 c7 c6 c0 4f 76 8b e8 1a 20 f3 ff 90 <0f> 0b 90 e9 ff ef ff ff e8 8c 02 ae ff e9 04 f1 ff ff e8 82 02 ae [ 1316.303382][T17124] RSP: 0018:ffffc900039cfaf8 EFLAGS: 00010286 [ 1316.309781][T17124] RAX: ffffffff8b4785fd RBX: ffffc900039cfc40 RCX: ffff88801c3d8000 [ 1316.318078][T17124] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1316.326422][T17124] RBP: 0000200000800000 R08: 0000000000000003 R09: 0000000000000004 [ 1316.334483][T17124] R10: dffffc0000000000 R11: fffffbfff1bba4b4 R12: ffff888058c5eb40 [ 1316.342555][T17124] R13: 1ffff92000739f8c R14: 0000200000000000 R15: 0000200000000000 [ 1316.350639][T17124] FS: 00007f38b378e6c0(0000) GS:ffff888126200000(0000) knlGS:0000000000000000 [ 1316.359738][T17124] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1316.366397][T17124] CR2: 000000110c3f24f6 CR3: 0000000059a3e000 CR4: 00000000003526f0 [ 1316.374427][T17124] Call Trace: [ 1316.377778][T17124] [ 1316.380787][T17124] vma_modify+0x76/0x460 [ 1316.385104][T17124] vma_modify_flags+0x1e8/0x230 [ 1316.390209][T17124] ? __pfx_vma_modify_flags+0x10/0x10 [ 1316.395694][T17124] mlock_fixup+0x22a/0x360 [ 1316.400500][T17124] apply_mlockall_flags+0x2f0/0x3c0 [ 1316.405999][T17124] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 1316.411795][T17124] ? __pfx_down_write_killable+0x10/0x10 [ 1316.417606][T17124] ? ksys_write+0x1f0/0x250 [ 1316.422177][T17124] ? rcu_is_watching+0x15/0xb0 [ 1316.427044][T17124] __ia32_sys_munlockall+0x10a/0x220 [ 1316.432490][T17124] do_syscall_64+0xf6/0x210 [ 1316.437072][T17124] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1316.442763][T17124] ? clear_bhb_loop+0x45/0xa0 [ 1316.447525][T17124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.453476][T17124] RIP: 0033:0x7f38b298e969 [ 1316.457977][T17124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1316.477789][T17124] RSP: 002b:00007f38b378e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 1316.486288][T17124] RAX: ffffffffffffffda RBX: 00007f38b2bb6080 RCX: 00007f38b298e969 [ 1316.494323][T17124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1316.502703][T17124] RBP: 00007f38b378e090 R08: 0000000000000000 R09: 0000000000000000 [ 1316.510961][T17124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1316.519015][T17124] R13: 0000000000000000 R14: 00007f38b2bb6080 R15: 00007ffdbee2b7c8 [ 1316.527089][T17124] [ 1316.530177][T17124] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1316.537495][T17124] CPU: 1 UID: 0 PID: 17124 Comm: syz.4.3035 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 1316.549594][T17124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 1316.559681][T17124] Call Trace: [ 1316.562989][T17124] [ 1316.565951][T17124] dump_stack_lvl+0x99/0x250 [ 1316.570583][T17124] ? __asan_memcpy+0x40/0x70 [ 1316.575212][T17124] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1316.580446][T17124] ? __pfx__printk+0x10/0x10 [ 1316.585356][T17124] panic+0x2db/0x790 [ 1316.589308][T17124] ? __pfx_panic+0x10/0x10 [ 1316.593782][T17124] __warn+0x31b/0x4b0 [ 1316.597798][T17124] ? vma_merge_existing_range+0x1257/0x15b0 [ 1316.603823][T17124] ? vma_merge_existing_range+0x1257/0x15b0 [ 1316.609760][T17124] report_bug+0x2be/0x4f0 [ 1316.614386][T17124] ? vma_merge_existing_range+0x1257/0x15b0 [ 1316.620409][T17124] ? vma_merge_existing_range+0x1257/0x15b0 [ 1316.626346][T17124] ? vma_merge_existing_range+0x1259/0x15b0 [ 1316.632285][T17124] handle_bug+0x84/0x160 [ 1316.636567][T17124] exc_invalid_op+0x1a/0x50 [ 1316.641109][T17124] asm_exc_invalid_op+0x1a/0x20 [ 1316.645989][T17124] RIP: 0010:vma_merge_existing_range+0x1257/0x15b0 [ 1316.652582][T17124] Code: 0b 90 e9 52 f0 ff ff e8 b7 02 ae ff 90 0f 0b 90 e9 87 ef ff ff e8 a9 02 ae ff 48 89 df 48 c7 c6 c0 4f 76 8b e8 1a 20 f3 ff 90 <0f> 0b 90 e9 ff ef ff ff e8 8c 02 ae ff e9 04 f1 ff ff e8 82 02 ae [ 1316.672226][T17124] RSP: 0018:ffffc900039cfaf8 EFLAGS: 00010286 [ 1316.678421][T17124] RAX: ffffffff8b4785fd RBX: ffffc900039cfc40 RCX: ffff88801c3d8000 [ 1316.686514][T17124] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1316.694600][T17124] RBP: 0000200000800000 R08: 0000000000000003 R09: 0000000000000004 [ 1316.702686][T17124] R10: dffffc0000000000 R11: fffffbfff1bba4b4 R12: ffff888058c5eb40 [ 1316.710696][T17124] R13: 1ffff92000739f8c R14: 0000200000000000 R15: 0000200000000000 [ 1316.718708][T17124] ? mt_dump_node+0x18cd/0x26b0 [ 1316.723606][T17124] ? vma_merge_existing_range+0x1256/0x15b0 [ 1316.729561][T17124] vma_modify+0x76/0x460 [ 1316.733845][T17124] vma_modify_flags+0x1e8/0x230 [ 1316.738738][T17124] ? __pfx_vma_modify_flags+0x10/0x10 [ 1316.744268][T17124] mlock_fixup+0x22a/0x360 [ 1316.748836][T17124] apply_mlockall_flags+0x2f0/0x3c0 [ 1316.754077][T17124] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 1316.759844][T17124] ? __pfx_down_write_killable+0x10/0x10 [ 1316.765515][T17124] ? ksys_write+0x1f0/0x250 [ 1316.770055][T17124] ? rcu_is_watching+0x15/0xb0 [ 1316.774972][T17124] __ia32_sys_munlockall+0x10a/0x220 [ 1316.780323][T17124] do_syscall_64+0xf6/0x210 [ 1316.784875][T17124] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1316.790543][T17124] ? clear_bhb_loop+0x45/0xa0 [ 1316.795260][T17124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.801188][T17124] RIP: 0033:0x7f38b298e969 [ 1316.805636][T17124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1316.825285][T17124] RSP: 002b:00007f38b378e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 1316.833737][T17124] RAX: ffffffffffffffda RBX: 00007f38b2bb6080 RCX: 00007f38b298e969 [ 1316.841755][T17124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1316.852166][T17124] RBP: 00007f38b378e090 R08: 0000000000000000 R09: 0000000000000000 [ 1316.860289][T17124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1316.868308][T17124] R13: 0000000000000000 R14: 00007f38b2bb6080 R15: 00007ffdbee2b7c8 [ 1316.876336][T17124] [ 1316.879665][T17124] Kernel Offset: disabled [ 1316.884012][T17124] Rebooting in 86400 seconds..