last executing test programs: 10.68331124s ago: executing program 3 (id=1299): r0 = timerfd_create(0x9, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') read$FUSE(r3, &(0x7f0000012380)={0x2020}, 0x2020) socket(0x2, 0x80805, 0x0) read$FUSE(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1) read$FUSE(r3, &(0x7f00000005c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r3, &(0x7f0000002600)={0x78, 0x0, r5, [{0x1, 0xe6, 0x6, 0x5, 'wlan0\x00'}, {0x1, 0x8, 0xf, 0x9, '/dev/cpu/#/msr\x00'}, {0x6, 0x1, 0x8, 0x8, '}^}%%}-:'}]}, 0x78) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1412}], @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @device_b}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @key_params=[@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x4}]]}, 0x44}}, 0x10000004) socket(0x840000000002, 0x3, 0xff) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r9, 0x0) ioctl$KVM_NMI(r9, 0xae9a) ioctl$KVM_RUN(r9, 0xae80, 0x0) timerfd_settime(r0, 0x2, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 10.187713984s ago: executing program 2 (id=1301): r0 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6fe, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000400)={'tunl0\x00', 0x0, 0x0, 0x40, 0xfffffff7, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfd, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @empty}}}}) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e04"], 0xd) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r1, 0x8b1a, &(0x7f0000000040)) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) memfd_create(0x0, 0x9e665dd9265b9773) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netlink\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f00000002c0)=""/128, 0x80}], 0x1, 0xc002a0, 0x101) r4 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x161040, 0x88) finit_module(r4, 0x0, 0x3) setsockopt$inet_udp_int(r4, 0x11, 0x0, &(0x7f0000000440)=0x1000, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) r5 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r5, 0x10d, 0x3, 0x0, &(0x7f00000000c0)) openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) 9.858893023s ago: executing program 2 (id=1303): r0 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x48, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0x0, 0xc}, {}, {0x7}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x80}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x7}]}}]}, 0x48}}, 0x20040014) 9.291970758s ago: executing program 2 (id=1305): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = add_key$keyring(&(0x7f0000000340), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x28}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) setsockopt$inet_mreq(r7, 0x0, 0x20, &(0x7f0000000140)={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="48000000100001047fff00"/20, @ANYRES32, @ANYBLOB="0000040000000000280012800a000100767863616e"], 0x48}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x8, 0x40, 0x4, 0x8, {{0xb, 0x4, 0x2, 0x8, 0x2c, 0x66, 0x0, 0x69, 0x2f, 0x0, @multicast2, @broadcast, {[@noop, @noop, @generic={0x86, 0xc, "deb00654558a8bf65e98"}, @end, @generic={0x88, 0x9, "a5ed1645a4974b"}]}}}}}) 9.205080419s ago: executing program 3 (id=1306): socket(0x11, 0x2, 0x7fffffe) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/24, 0x18}, {0x0, 0x2}], 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5f, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 8.993500218s ago: executing program 3 (id=1307): setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) pipe2(&(0x7f0000000180)={0xffffffffffffffff}, 0x480) read$dsp(r0, &(0x7f0000000280)=""/109, 0x6d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000240)="66368098030000005f0fc7b2a4b50000260f01c566baf80cb8fb721489ef66bafc0cecb9140101c0b8da000000ba000000000f30c7442400791a0000c744240200d00000c7442406000000000f011c2426f367360f0698b9840b00000f32262e0fc72e", 0x63}], 0x1, 0x10, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = dup(r3) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7d, 0x1, 0x5, '\x00', 0x9}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f000059e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200)=[@flags={0x3, 0x41292}], 0x1) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1fd74035781bd649085f35212d230000040000000646", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r7 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfffa, 0x2}, {}, {0x10, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x28, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x73}, @TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @ipv4={'\x00', '\xff\xff', @remote}}]}}]}, 0x58}}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r5}, 0x10) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x42041) close(0x4) 7.929250685s ago: executing program 2 (id=1310): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r5, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x7}, {0x0}, &(0x7f00000011c0)=[{&(0x7f0000001140)=""/101, 0x65}], 0x1, 0x60, 0xffffffff00000003}}], 0x48, 0x8004}, 0x0) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r6, 0x5b04, 0x0) 7.206031015s ago: executing program 4 (id=1312): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r3 = socket$inet(0x2, 0x5, 0x0) mknodat$null(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x1, 0x103) getsockopt$inet_int(r3, 0x0, 0x12, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r6 = eventfd(0x4) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, 0x0, 0xffff1000}) accept4(r2, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_IOVA_RANGES(r1, 0x3b84, &(0x7f00000000c0)={0x20, 0x0, 0x0, 0x0, 0x0}) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf"]}) r7 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02) ioctl$CEC_TRANSMIT(r7, 0xc0386105, &(0x7f0000000d40)={0x0, 0x9, 0x4, 0x3ff, 0x0, 0x405f, "57c1169b6664ea614e6ac71ae7213061", 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}) 6.087557927s ago: executing program 3 (id=1314): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="19000000000000000000030000000800", @ANYRES32=0x0, @ANYBLOB="050002"], 0x24}}, 0x0) 5.98191902s ago: executing program 4 (id=1315): r0 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6fe, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000400)={'tunl0\x00', 0x0, 0x0, 0x40, 0xfffffff7, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfd, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @empty}}}}) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e04"], 0xd) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r1, 0x8b1a, &(0x7f0000000040)) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) memfd_create(0x0, 0x9e665dd9265b9773) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netlink\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f00000002c0)=""/128, 0x80}], 0x1, 0xc002a0, 0x101) r4 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/power/mem_sleep', 0x161040, 0x88) finit_module(r4, 0x0, 0x3) setsockopt$inet_udp_int(r4, 0x11, 0x0, &(0x7f0000000440)=0x1000, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) r5 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r5, 0x10d, 0x3, 0x0, &(0x7f00000000c0)) openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) 5.393884383s ago: executing program 3 (id=1318): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000640)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b04, 0x0) 5.365403007s ago: executing program 4 (id=1319): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x83602) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x1c, 0x2}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f01201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1223, 0x3f07, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x2}}}}}]}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"]) 4.134173625s ago: executing program 1 (id=1325): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x38, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac10, 0xfac0c, 0xfac01]}]]}, 0x38}}, 0xc0) 4.050587714s ago: executing program 1 (id=1326): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r3 = socket$inet(0x2, 0x5, 0x0) mknodat$null(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x1, 0x103) getsockopt$inet_int(r3, 0x0, 0x12, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, 0x0, 0xffff1000}) accept4(r2, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_IOVA_RANGES(r1, 0x3b84, &(0x7f00000000c0)={0x20, 0x0, 0x0, 0x0, 0x0}) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf"]}) r6 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02) ioctl$CEC_TRANSMIT(r6, 0xc0386105, &(0x7f0000000d40)={0x0, 0x9, 0x4, 0x3ff, 0x0, 0x405f, "57c1169b6664ea614e6ac71ae7213061", 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}) 3.271567337s ago: executing program 1 (id=1327): r0 = timerfd_create(0x9, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') read$FUSE(r3, &(0x7f0000012380)={0x2020}, 0x2020) socket(0x2, 0x80805, 0x0) read$FUSE(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1) read$FUSE(r3, &(0x7f00000005c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r3, &(0x7f0000002600)={0x78, 0x0, r5, [{0x1, 0xe6, 0x6, 0x5, 'wlan0\x00'}, {0x1, 0x8, 0xf, 0x9, '/dev/cpu/#/msr\x00'}, {0x6, 0x1, 0x8, 0x8, '}^}%%}-:'}]}, 0x78) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1412}], @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @device_b}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @key_params=[@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x4}]]}, 0x44}}, 0x10000004) socket(0x840000000002, 0x3, 0xff) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r9, 0x0) ioctl$KVM_NMI(r9, 0xae9a) ioctl$KVM_RUN(r9, 0xae80, 0x0) timerfd_settime(r0, 0x2, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 3.006666027s ago: executing program 0 (id=1328): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0x6f, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYRES8=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYBLOB="18accb2d9e2f5ac9ac1a12c6a90ce791c8a0bb36ea67c822b8013ee63e6f9fded05773df1e8c5b94af2ad3b221db4cd0", @ANYBLOB="0000000000000000b702000000000000c50000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xcf, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000004c0)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102400, 0x19000) r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100)=0xd) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0) sendmsg$IEEE802154_ASSOCIATE_REQ(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r9, 0x1, 0x40000, 0x0, {}, [@IEEE802154_ATTR_CAPABILITY={0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_CHANNEL={0x5}]}, 0x34}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000203010200000000000000000000000000c037b16a7c0000"], 0x1c}}, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) 2.349160555s ago: executing program 0 (id=1329): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="19000000000000000000030000000800", @ANYRES32=0x0, @ANYBLOB="050002"], 0x24}}, 0x0) 2.072127474s ago: executing program 4 (id=1330): openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) r0 = gettid() timer_create(0xb, 0x0, 0x0) timer_create(0x4, &(0x7f0000000540)={0x0, 0x3d, 0x1, @thr={&(0x7f0000000480)="aaa943b88ba5902f7dca3af4acf37b22cb2c66c446a0c92101cffedb5fb0374262ba52f5c9bf5d039b52a034bd172b6937f24cc10e92918e9c6a9bfd4c60cfe3f69dd25c68148f10e2a9e80459c4c99514518967786d93ef49ba382a6887f691b73fe23b7d0471bd624471552c5f8d25c47c", &(0x7f0000000500)}}, &(0x7f0000000580)=0x0) timer_settime(r1, 0x0, &(0x7f00000003c0)={{}, {0x0, 0x3938700}}, 0x0) timer_create(0x2, &(0x7f0000000100)={0x0, 0x8, 0x4, @tid=r0}, &(0x7f0000000140)) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008800800"], 0x48}}, 0x0) pipe(&(0x7f0000000140)) sendmmsg$inet(r4, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 2.036167594s ago: executing program 0 (id=1331): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) utimes(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={{0x0, 0x2710}, {0x0, 0xea60}}) 1.984614317s ago: executing program 0 (id=1332): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r3 = socket$inet(0x2, 0x5, 0x0) mknodat$null(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x1, 0x103) getsockopt$inet_int(r3, 0x0, 0x12, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r6 = eventfd(0x4) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, 0x0, 0xffff1000}) accept4(r2, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_IOVA_RANGES(r1, 0x3b84, &(0x7f00000000c0)={0x20, 0x0, 0x0, 0x0, 0x0}) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf"]}) r7 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02) ioctl$CEC_TRANSMIT(r7, 0xc0386105, &(0x7f0000000d40)={0x0, 0x9, 0x4, 0x3ff, 0x0, 0x405f, "57c1169b6664ea614e6ac71ae7213061", 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}) 1.546545734s ago: executing program 1 (id=1333): openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) gettid() timer_create(0xb, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008800800"], 0x48}}, 0x0) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 1.491070873s ago: executing program 0 (id=1334): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x81) ppoll(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10) r3 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'netdevsim0\x00'}) r4 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r5}) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000080000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r6}, 0x10) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r7) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r8 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r8, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.455411436s ago: executing program 1 (id=1335): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) 1.435968309s ago: executing program 4 (id=1336): openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) gettid() timer_create(0xb, 0x0, 0x0) timer_create(0x4, &(0x7f0000000540)={0x0, 0x3d, 0x1, @thr={&(0x7f0000000480)="aaa943b88ba5902f7dca3af4acf37b22cb2c66c446a0c92101cffedb5fb0374262ba52f5c9bf5d039b52a034bd172b6937f24cc10e92918e9c6a9bfd4c60cfe3f69dd25c68148f10e2a9e80459c4c99514518967786d93ef49ba382a6887f691b73fe23b7d0471bd624471552c5f8d25c47c", &(0x7f0000000500)}}, &(0x7f0000000580)) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008800800"], 0x48}}, 0x0) pipe(&(0x7f0000000140)) sendmmsg$inet(r2, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 894.254371ms ago: executing program 2 (id=1337): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r3 = socket$inet(0x2, 0x5, 0x0) mknodat$null(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x1, 0x103) getsockopt$inet_int(r3, 0x0, 0x12, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, 0x0, 0xffff1000}) accept4(r2, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_IOVA_RANGES(r1, 0x3b84, &(0x7f00000000c0)={0x20, 0x0, 0x0, 0x0, 0x0}) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf"]}) r6 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc2b02) ioctl$CEC_TRANSMIT(r6, 0xc0386105, &(0x7f0000000d40)={0x0, 0x9, 0x4, 0x3ff, 0x0, 0x405f, "57c1169b6664ea614e6ac71ae7213061", 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f}) 893.757828ms ago: executing program 1 (id=1338): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x44800) r1 = syz_io_uring_setup(0x230, &(0x7f0000000540)={0x0, 0x0, 0x10100, 0x0, 0xa0}, &(0x7f0000000140)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = syz_io_uring_setup(0x112, &(0x7f0000000a00)={0x0, 0x1, 0x0, 0xa, 0x10004002}, &(0x7f0000000580)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000000c0)=@IORING_OP_MADVISE={0x19, 0x10, 0x0, 0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4}) io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0) 812.008154ms ago: executing program 3 (id=1339): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) io_setup(0x7, &(0x7f0000002140)=0x0) io_pgetevents(r2, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x20000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f00005c5000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4048aecb, &(0x7f0000000080)) ioctl$KVM_RUN(r6, 0xae80, 0x0) 452.612539ms ago: executing program 0 (id=1340): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ce, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240), 0x106, 0xa}}, 0x20) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) syz_emit_ethernet(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_emit_ethernet(0x2b, &(0x7f00000001c0)={@random="192654f4b005", @link_local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {0x11, 0x0, 0x0, @loopback, "04"}}}}}, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet(0x2, 0x8080e, 0x1) rt_sigqueueinfo(0x0, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff}) r3 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x2fd1, 0x1, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f0000000440)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macsec0\x00'}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) 137.01514ms ago: executing program 4 (id=1341): openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)) r0 = socket$packet(0x11, 0x2, 0x300) sendmmsg$sock(r0, &(0x7f0000000380)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3, 0x3, 0x0, 0x1}}, 0x80, 0x0}}], 0x1, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x588d}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=1342): r0 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6fe, @void, @value}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000400)={'tunl0\x00', 0x0, 0x0, 0x40, 0xfffffff7, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfd, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @empty}}}}) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e04"], 0xd) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r1, 0x8b1a, &(0x7f0000000040)) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) memfd_create(0x0, 0x9e665dd9265b9773) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netlink\x00') finit_module(0xffffffffffffffff, 0x0, 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) r2 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r2, &(0x7f00000006c0)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x5, 0x3a, 'e\xc9K\xc0K\"\xe8&\x86(\xdf*\x94x\xaa\xb1\x1c\x1cf\xf4\xa6c\xf6y\x84\x80\xec\x87\xf6G\xe5Uy\x8f1x\xb0\xc6 \x14\xf0\xcf\x88H3\xf0\xb0\xdfp7\xb9-E_\xeb\xca)/\xaa\xf7\x89\f\xe63\x9b\xebL\xff\x81\xef\xdd\x90\x8f\xb0j', 0x3a, '\x00\x00eh`\x1a\x00+^\x01\xa0\xfdZ\x020\x93-M\x93\xf4\x7fj\x05B\xf5,\xf4\xe8\x18<\xfd{\xe9\xd2\xfb\xf6\xa2COg\x84\xc8\xd7\x1c\x93\x87\xc2Q\xd3\xceM:\xb0\xf8y\xe4%\xff\x14\x91\xfc\xbdRDs[\xc0\x03^~\x1d\xda\xd5\xf5\x83B\xc4?\xe9[:\x1d\xf9\x95\x8e\xfe\x10,\\^\x84\x8d\xb39\xfeu\xbd\x05cN ~\xbf:Z\xfd!$\xfc\x01@\xc0\xc2\xe0i+\xd7\xac\xaa\xd2!\b\x1b\xa8\x9f\x9f\xe3\x06\xe3~&\xe0x8\x84\xa9\xc3\xb6\xed\x92\x95\xa5\xbb\xb8\x04dB\xfd', 0x3a, './file1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x1fe) socket$inet6_dccp(0xa, 0x6, 0x0) kernel console output (not intermixed with test programs): 3:0x7f825177f25c [ 280.193767][ T9208] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 8e 02 00 48 [ 280.213360][ T9208] RSP: 002b:00007f82524f9050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 280.221762][ T9208] RAX: ffffffffffffffda RBX: 00007f8251945fa0 RCX: 00007f825177f25c [ 280.229720][ T9208] RDX: 000000000000000f RSI: 00007f82524f90b0 RDI: 0000000000000004 [ 280.237683][ T9208] RBP: 00007f82524f90a0 R08: 0000000000000000 R09: 0000000000000000 [ 280.245662][ T9208] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001 [ 280.253619][ T9208] R13: 0000000000000000 R14: 00007f8251945fa0 R15: 00007ffef99408f8 [ 280.261574][ T9208] [ 280.264606][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.774222][ T9] usb 5-1: USB disconnect, device number 47 [ 280.878309][ T9218] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 280.879962][ T51] usb 3-1: USB disconnect, device number 25 [ 280.890658][ T9218] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 280.921342][ T9216] syz.0.929 uses old SIOCAX25GETINFO [ 280.932324][ T29] audit: type=1400 audit(2000000012.076:591): avc: denied { ioctl } for pid=9210 comm="syz.0.929" path="socket:[22891]" dev="sockfs" ino=22891 ioctlcmd=0x89e9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 281.072080][ T9222] netlink: 8 bytes leftover after parsing attributes in process `syz.4.933'. [ 281.345994][ T29] audit: type=1400 audit(2000000012.478:592): avc: denied { shutdown } for pid=9210 comm="syz.0.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 281.425393][ T6456] wlan0: Creating new IBSS network, BSSID ae:59:cd:cc:b8:8c [ 281.616252][ T7367] wlan0: Trigger new scan to find an IBSS to join [ 281.808910][ T9] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 281.861635][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 281.883635][ T9232] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 282.172225][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 282.319025][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.330148][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 282.339982][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 282.340007][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.349952][ T9] usb 5-1: config 0 descriptor?? [ 282.374249][ T9242] binder: 9241:9242 ioctl 4018620d 0 returned -22 [ 282.789785][ T9] appleir 0003:05AC:8241.000D: unknown main item tag 0x4 [ 282.797457][ T9] appleir 0003:05AC:8241.000D: unknown main item tag 0x2 [ 282.814616][ T9] appleir 0003:05AC:8241.000D: No inputs registered, leaving [ 282.842219][ T9] appleir 0003:05AC:8241.000D: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 282.854645][ T8] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 282.980646][ T9264] FAULT_INJECTION: forcing a failure. [ 282.980646][ T9264] name failslab, interval 1, probability 0, space 0, times 0 [ 282.993771][ T9264] CPU: 0 UID: 0 PID: 9264 Comm: syz.1.947 Not tainted 6.13.0-rc1-syzkaller #0 [ 283.002614][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 283.012651][ T9264] Call Trace: [ 283.015910][ T9264] [ 283.018824][ T9264] dump_stack_lvl+0x16c/0x1f0 [ 283.023491][ T9264] should_fail_ex+0x497/0x5b0 [ 283.028156][ T9264] ? fs_reclaim_acquire+0xae/0x150 [ 283.033258][ T9264] should_failslab+0xc2/0x120 [ 283.037920][ T9264] __kmalloc_cache_node_noprof+0x6e/0x420 [ 283.043623][ T9264] ? __get_vm_area_node+0x101/0x2f0 [ 283.048802][ T9264] ? __switch_to+0x749/0x1190 [ 283.053469][ T9264] __get_vm_area_node+0x101/0x2f0 [ 283.058483][ T9264] __vmalloc_node_range_noprof+0x26a/0x1530 [ 283.064385][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.069920][ T9264] ? __pfx___schedule+0x10/0x10 [ 283.074753][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.080288][ T9264] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 283.086600][ T9264] ? irqentry_exit+0x3b/0x90 [ 283.091175][ T9264] ? lockdep_hardirqs_on+0x7c/0x110 [ 283.096366][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.101901][ T9264] __vmalloc_noprof+0x6d/0x90 [ 283.106562][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.112093][ T9264] bpf_prog_alloc_no_stats+0x54/0x620 [ 283.117445][ T9264] ? bpf_prog_load+0x474/0x2660 [ 283.122289][ T9264] bpf_prog_alloc+0x3b/0x230 [ 283.126862][ T9264] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 283.132760][ T9264] bpf_prog_load+0x1b3f/0x2660 [ 283.137514][ T9264] ? __pfx_bpf_prog_load+0x10/0x10 [ 283.142611][ T9264] ? avc_has_perm_noaudit+0x143/0x3a0 [ 283.147975][ T9264] ? irqentry_exit+0x3b/0x90 [ 283.152556][ T9264] ? __sys_bpf+0x274/0x49c0 [ 283.157051][ T9264] ? __sanitizer_cov_trace_switch+0x40/0x90 [ 283.162932][ T9264] __sys_bpf+0x4043/0x49c0 [ 283.167335][ T9264] ? __pfx_lock_release+0x10/0x10 [ 283.172346][ T9264] ? __pfx___sys_bpf+0x10/0x10 [ 283.177096][ T9264] ? vfs_write+0x306/0x1150 [ 283.181590][ T9264] ? __mutex_unlock_slowpath+0x164/0x690 [ 283.187218][ T9264] ? fput+0x67/0x440 [ 283.191099][ T9264] ? ksys_write+0x1ba/0x250 [ 283.195582][ T9264] ? __pfx_ksys_write+0x10/0x10 [ 283.200415][ T9264] __x64_sys_bpf+0x78/0xc0 [ 283.204819][ T9264] ? lockdep_hardirqs_on+0x7c/0x110 [ 283.210001][ T9264] do_syscall_64+0xcd/0x250 [ 283.214490][ T9264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.220375][ T9264] RIP: 0033:0x7f8251780849 [ 283.224774][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.244363][ T9264] RSP: 002b:00007f82524b7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 283.252767][ T9264] RAX: ffffffffffffffda RBX: 00007f8251946160 RCX: 00007f8251780849 [ 283.260717][ T9264] RDX: 0000000000000090 RSI: 0000000020000400 RDI: 0000000000000005 [ 283.268669][ T9264] RBP: 00007f82524b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 283.276619][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.284571][ T9264] R13: 0000000000000000 R14: 00007f8251946160 R15: 00007ffef99408f8 [ 283.292531][ T9264] [ 283.296095][ T9264] syz.1.947: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 283.312287][ T9264] CPU: 0 UID: 0 PID: 9264 Comm: syz.1.947 Not tainted 6.13.0-rc1-syzkaller #0 [ 283.321127][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 283.331164][ T9264] Call Trace: [ 283.334421][ T9264] [ 283.337333][ T9264] dump_stack_lvl+0x16c/0x1f0 [ 283.342007][ T9264] warn_alloc+0x24d/0x3a0 [ 283.346321][ T9264] ? __pfx_warn_alloc+0x10/0x10 [ 283.351153][ T9264] ? rcu_is_watching+0x12/0xc0 [ 283.355902][ T9264] ? __kmalloc_cache_node_noprof+0x2ad/0x420 [ 283.361869][ T9264] ? __kasan_kmalloc+0x8a/0xb0 [ 283.366615][ T9264] ? __get_vm_area_node+0x1dc/0x2f0 [ 283.371797][ T9264] __vmalloc_node_range_noprof+0xd27/0x1530 [ 283.377676][ T9264] ? __pfx___schedule+0x10/0x10 [ 283.382508][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.388041][ T9264] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 283.394351][ T9264] ? irqentry_exit+0x3b/0x90 [ 283.398928][ T9264] ? lockdep_hardirqs_on+0x7c/0x110 [ 283.404110][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.409637][ T9264] __vmalloc_noprof+0x6d/0x90 [ 283.414297][ T9264] ? bpf_prog_alloc_no_stats+0x54/0x620 [ 283.419825][ T9264] bpf_prog_alloc_no_stats+0x54/0x620 [ 283.425179][ T9264] ? bpf_prog_load+0x474/0x2660 [ 283.430016][ T9264] bpf_prog_alloc+0x3b/0x230 [ 283.434587][ T9264] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 283.440464][ T9264] bpf_prog_load+0x1b3f/0x2660 [ 283.445217][ T9264] ? __pfx_bpf_prog_load+0x10/0x10 [ 283.450314][ T9264] ? avc_has_perm_noaudit+0x143/0x3a0 [ 283.455678][ T9264] ? irqentry_exit+0x3b/0x90 [ 283.460258][ T9264] ? __sys_bpf+0x274/0x49c0 [ 283.464746][ T9264] ? __sanitizer_cov_trace_switch+0x40/0x90 [ 283.470625][ T9264] __sys_bpf+0x4043/0x49c0 [ 283.475025][ T9264] ? __pfx_lock_release+0x10/0x10 [ 283.480035][ T9264] ? __pfx___sys_bpf+0x10/0x10 [ 283.484784][ T9264] ? vfs_write+0x306/0x1150 [ 283.489275][ T9264] ? __mutex_unlock_slowpath+0x164/0x690 [ 283.494901][ T9264] ? fput+0x67/0x440 [ 283.498782][ T9264] ? ksys_write+0x1ba/0x250 [ 283.503267][ T9264] ? __pfx_ksys_write+0x10/0x10 [ 283.508100][ T9264] __x64_sys_bpf+0x78/0xc0 [ 283.512502][ T9264] ? lockdep_hardirqs_on+0x7c/0x110 [ 283.517684][ T9264] do_syscall_64+0xcd/0x250 [ 283.522176][ T9264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.528051][ T9264] RIP: 0033:0x7f8251780849 [ 283.532451][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.552048][ T9264] RSP: 002b:00007f82524b7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 283.560441][ T9264] RAX: ffffffffffffffda RBX: 00007f8251946160 RCX: 00007f8251780849 [ 283.568396][ T9264] RDX: 0000000000000090 RSI: 0000000020000400 RDI: 0000000000000005 [ 283.576348][ T9264] RBP: 00007f82524b70a0 R08: 0000000000000000 R09: 0000000000000000 [ 283.584300][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.592252][ T9264] R13: 0000000000000000 R14: 00007f8251946160 R15: 00007ffef99408f8 [ 283.600215][ T9264] [ 283.605697][ T9264] Mem-Info: [ 283.609690][ T9264] active_anon:6591 inactive_anon:0 isolated_anon:0 [ 283.609690][ T9264] active_file:18336 inactive_file:3207 isolated_file:0 [ 283.609690][ T9264] unevictable:768 dirty:414 writeback:0 [ 283.609690][ T9264] slab_reclaimable:6852 slab_unreclaimable:99122 [ 283.609690][ T9264] mapped:30321 shmem:2626 pagetables:825 [ 283.609690][ T9264] sec_pagetables:0 bounce:0 [ 283.609690][ T9264] kernel_misc_reclaimable:0 [ 283.609690][ T9264] free:1352916 free_pcp:435 free_cma:0 [ 283.654898][ T9264] Node 0 active_anon:26364kB inactive_anon:0kB active_file:73264kB inactive_file:12820kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121236kB dirty:1656kB writeback:0kB shmem:8968kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11564kB pagetables:3300kB sec_pagetables:0kB all_unreclaimable? no [ 283.687180][ T9264] Node 1 active_anon:0kB inactive_anon:0kB active_file:80kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:48kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 283.717424][ T9264] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 283.744477][ T9264] lowmem_reserve[]: 0 2459 2459 0 0 [ 283.749709][ T9264] Node 0 DMA32 free:1492380kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:26360kB inactive_anon:0kB active_file:73264kB inactive_file:12736kB unevictable:1536kB writepending:1656kB present:3129332kB managed:2547180kB mlocked:0kB bounce:0kB free_pcp:1696kB local_pcp:868kB free_cma:0kB [ 283.780069][ T9264] lowmem_reserve[]: 0 0 0 0 0 [ 283.784782][ T9264] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:84kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 283.811525][ T9264] lowmem_reserve[]: 0 0 0 0 0 [ 283.816237][ T9264] Node 1 Normal free:3903924kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:80kB inactive_file:8kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 283.844962][ T9264] lowmem_reserve[]: 0 0 0 0 0 [ 283.849674][ T9264] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 283.862400][ T9264] Node 0 DMA32: 94*4kB (UE) 973*8kB (UME) 557*16kB (UME) 418*32kB (UME) 464*64kB (UME) 173*128kB (UME) 24*256kB (UME) 26*512kB (UME) 26*1024kB (UME) 10*2048kB (ME) 328*4096kB (UM) = 1492336kB [ 283.881593][ T9264] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 283.893127][ T9264] Node 1 Normal: 217*4kB (UME) 62*8kB (UE) 38*16kB (UE) 210*32kB (UME) 77*64kB (UME) 27*128kB (UME) 15*256kB (UME) 10*512kB (UM) 5*1024kB (UM) 3*2048kB (UE) 944*4096kB (M) = 3903924kB [ 283.911491][ T9264] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 283.912036][ T5828] Bluetooth: hci3: command 0x0406 tx timeout [ 283.921103][ T9264] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 283.972793][ T9264] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 283.982667][ T9264] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 283.993234][ T9264] 24170 total pagecache pages [ 283.998366][ T9264] 0 pages in swap cache [ 284.010183][ T9264] Free swap = 124360kB [ 284.010295][ T8] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 284.025544][ T9264] Total swap = 124996kB [ 284.029691][ T9264] 2097051 pages RAM [ 284.033556][ T9264] 0 pages HighMem/MovableOnly [ 284.038219][ T9264] 428598 pages reserved [ 284.042367][ T9264] 0 pages cma reserved [ 284.084100][ T8] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 284.115968][ T8] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 284.168620][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.199327][ T9250] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 284.231717][ T8] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 284.394579][ T9279] FAULT_INJECTION: forcing a failure. [ 284.394579][ T9279] name failslab, interval 1, probability 0, space 0, times 0 [ 284.407496][ T9279] CPU: 0 UID: 0 PID: 9279 Comm: syz.1.952 Not tainted 6.13.0-rc1-syzkaller #0 [ 284.416352][ T9279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 284.426407][ T9279] Call Trace: [ 284.426832][ T9275] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 284.429670][ T9279] [ 284.429699][ T9279] dump_stack_lvl+0x16c/0x1f0 [ 284.429727][ T9279] should_fail_ex+0x497/0x5b0 [ 284.429754][ T9279] ? fs_reclaim_acquire+0xae/0x150 [ 284.429783][ T9279] should_failslab+0xc2/0x120 [ 284.429807][ T9279] __kmalloc_noprof+0xcb/0x510 [ 284.463809][ T9279] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 284.470912][ T9279] ? cred_has_capability.isra.0+0x192/0x2f0 [ 284.476794][ T9279] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 284.482237][ T9279] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 284.488293][ T9279] ? bpf_lsm_capable+0x9/0x10 [ 284.492950][ T9279] ? security_capable+0x7e/0x260 [ 284.497873][ T9279] genl_rcv_msg+0x565/0x800 [ 284.502360][ T9279] ? __pfx_genl_rcv_msg+0x10/0x10 [ 284.507371][ T9279] ? __pfx_devlink_nl_pre_doit_dev_lock+0x10/0x10 [ 284.513771][ T9279] ? __pfx_devlink_nl_reload_doit+0x10/0x10 [ 284.519651][ T9279] ? __pfx_devlink_nl_post_doit_dev_lock+0x10/0x10 [ 284.526144][ T9279] netlink_rcv_skb+0x16b/0x440 [ 284.530901][ T9279] ? __pfx_genl_rcv_msg+0x10/0x10 [ 284.535908][ T9279] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 284.541198][ T9279] ? down_read+0xc9/0x330 [ 284.545517][ T9279] ? __pfx_down_read+0x10/0x10 [ 284.550273][ T9279] ? netlink_deliver_tap+0x1ae/0xd30 [ 284.555549][ T9279] genl_rcv+0x28/0x40 [ 284.559518][ T9279] netlink_unicast+0x53c/0x7f0 [ 284.564273][ T9279] ? __pfx_netlink_unicast+0x10/0x10 [ 284.569551][ T9279] netlink_sendmsg+0x8b8/0xd70 [ 284.574309][ T9279] ? __pfx_netlink_sendmsg+0x10/0x10 [ 284.579589][ T9279] ____sys_sendmsg+0xaaf/0xc90 [ 284.584341][ T9279] ? copy_msghdr_from_user+0x10b/0x160 [ 284.589782][ T9279] ? __pfx_____sys_sendmsg+0x10/0x10 [ 284.595068][ T9279] ___sys_sendmsg+0x135/0x1e0 [ 284.599728][ T9279] ? __pfx____sys_sendmsg+0x10/0x10 [ 284.604918][ T9279] ? __pfx_lock_release+0x10/0x10 [ 284.609925][ T9279] ? trace_lock_acquire+0x14e/0x1f0 [ 284.615121][ T9279] ? __fget_files+0x206/0x3a0 [ 284.619786][ T9279] __sys_sendmsg+0x16e/0x220 [ 284.624361][ T9279] ? __pfx___sys_sendmsg+0x10/0x10 [ 284.629472][ T9279] do_syscall_64+0xcd/0x250 [ 284.633964][ T9279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.639842][ T9279] RIP: 0033:0x7f8251780849 [ 284.644239][ T9279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.663914][ T9279] RSP: 002b:00007f82524f9058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 284.672308][ T9279] RAX: ffffffffffffffda RBX: 00007f8251945fa0 RCX: 00007f8251780849 [ 284.680260][ T9279] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 284.688213][ T9279] RBP: 00007f82524f90a0 R08: 0000000000000000 R09: 0000000000000000 [ 284.696165][ T9279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.704118][ T9279] R13: 0000000000000000 R14: 00007f8251945fa0 R15: 00007ffef99408f8 [ 284.712099][ T9279] [ 284.866322][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 284.997135][ T9293] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 285.065520][ T9] usb 1-1: USB disconnect, device number 41 [ 285.197730][ T8] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 285.368651][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 285.375311][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.386249][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.396131][ T8] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 285.405428][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.415498][ T8] usb 2-1: config 0 descriptor?? [ 285.645413][ T5825] Bluetooth: hci3: unexpected event for opcode 0x040e [ 285.665626][ T9296] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 286.183591][ T9304] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 286.572152][ T29] audit: type=1400 audit(2000000017.351:593): avc: denied { ioctl } for pid=9289 comm="syz.1.956" path="socket:[23359]" dev="sockfs" ino=23359 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 286.623128][ T5907] usb 5-1: USB disconnect, device number 48 [ 286.653338][ T5828] Bluetooth: hci3: unexpected event for opcode 0x1003 [ 287.134453][ T9315] FAULT_INJECTION: forcing a failure. [ 287.134453][ T9315] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.159276][ T9315] CPU: 0 UID: 0 PID: 9315 Comm: syz.4.964 Not tainted 6.13.0-rc1-syzkaller #0 [ 287.168233][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 287.178293][ T9315] Call Trace: [ 287.181571][ T9315] [ 287.184490][ T9315] dump_stack_lvl+0x16c/0x1f0 [ 287.189159][ T9315] should_fail_ex+0x497/0x5b0 [ 287.193850][ T9315] _copy_to_user+0x32/0xd0 [ 287.198257][ T9315] simple_read_from_buffer+0xd0/0x160 [ 287.203607][ T9315] proc_fail_nth_read+0x198/0x270 [ 287.208618][ T9315] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.214163][ T9315] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.219700][ T9315] vfs_read+0x1df/0xbe0 [ 287.223851][ T9315] ? __fget_files+0x1fc/0x3a0 [ 287.228518][ T9315] ? __pfx___mutex_lock+0x10/0x10 [ 287.233521][ T9315] ? __pfx_vfs_read+0x10/0x10 [ 287.238175][ T9315] ? __fget_files+0x206/0x3a0 [ 287.242846][ T9315] ksys_read+0x12b/0x250 [ 287.247097][ T9315] ? __pfx_ksys_read+0x10/0x10 [ 287.251871][ T9315] do_syscall_64+0xcd/0x250 [ 287.256385][ T9315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.262287][ T9315] RIP: 0033:0x7f11fd77f25c [ 287.266706][ T9315] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 8e 02 00 48 [ 287.271322][ T9321] binder: 9313:9321 ioctl c0306201 200003c0 returned -14 [ 287.286305][ T9315] RSP: 002b:00007f11fe5f9050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 287.286329][ T9315] RAX: ffffffffffffffda RBX: 00007f11fd945fa0 RCX: 00007f11fd77f25c [ 287.286341][ T9315] RDX: 000000000000000f RSI: 00007f11fe5f90b0 RDI: 0000000000000003 [ 287.286356][ T9315] RBP: 00007f11fe5f90a0 R08: 0000000000000000 R09: 0000000000000000 [ 287.286367][ T9315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.286379][ T9315] R13: 0000000000000000 R14: 00007f11fd945fa0 R15: 00007ffc970d04f8 [ 287.286407][ T9315] [ 287.516612][ T29] audit: type=1400 audit(2000000018.249:594): avc: denied { map } for pid=9313 comm="syz.2.963" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 287.591330][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 287.597828][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 287.655252][ T8] usb 2-1: USB disconnect, device number 33 [ 288.036293][ T29] audit: type=1400 audit(2000000018.736:595): avc: denied { call } for pid=9313 comm="syz.2.963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 288.116277][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 288.136849][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 288.157433][ T9339] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 288.339188][ T9345] netlink: 32 bytes leftover after parsing attributes in process `syz.1.973'. [ 288.475209][ T9348] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 288.611660][ T8] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 288.626132][ T9353] FAULT_INJECTION: forcing a failure. [ 288.626132][ T9353] name failslab, interval 1, probability 0, space 0, times 0 [ 288.660174][ T9353] CPU: 0 UID: 0 PID: 9353 Comm: syz.1.976 Not tainted 6.13.0-rc1-syzkaller #0 [ 288.669044][ T9353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 288.679111][ T9353] Call Trace: [ 288.682389][ T9353] [ 288.685318][ T9353] dump_stack_lvl+0x16c/0x1f0 [ 288.690008][ T9353] should_fail_ex+0x497/0x5b0 [ 288.694697][ T9353] ? fs_reclaim_acquire+0xae/0x150 [ 288.699817][ T9353] should_failslab+0xc2/0x120 [ 288.704499][ T9353] __kmalloc_noprof+0xcb/0x510 [ 288.709258][ T9353] rds_message_alloc+0x42/0x230 [ 288.714084][ T9353] rds_sendmsg+0xb71/0x31a0 [ 288.718573][ T9353] ? __pfx_avc_has_perm+0x10/0x10 [ 288.723621][ T9353] ? __pfx_rds_sendmsg+0x10/0x10 [ 288.728558][ T9353] ? __pfx_sock_has_perm+0x10/0x10 [ 288.733677][ T9353] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 288.740471][ T9353] ? __sys_sendto+0x488/0x4f0 [ 288.745148][ T9353] __sys_sendto+0x488/0x4f0 [ 288.749650][ T9353] ? __pfx___sys_sendto+0x10/0x10 [ 288.754661][ T9353] ? ksys_write+0x1ba/0x250 [ 288.759148][ T9353] ? __pfx_ksys_write+0x10/0x10 [ 288.764005][ T9353] __x64_sys_sendto+0xe0/0x1c0 [ 288.768780][ T9353] ? do_syscall_64+0x91/0x250 [ 288.773467][ T9353] ? lockdep_hardirqs_on+0x7c/0x110 [ 288.778669][ T9353] do_syscall_64+0xcd/0x250 [ 288.783166][ T9353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.789069][ T9353] RIP: 0033:0x7f8251780849 [ 288.793483][ T9353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.813090][ T9353] RSP: 002b:00007f82524f9058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 288.821504][ T9353] RAX: ffffffffffffffda RBX: 00007f8251945fa0 RCX: 00007f8251780849 [ 288.829474][ T9353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 288.833166][ T9360] FAULT_INJECTION: forcing a failure. [ 288.833166][ T9360] name failslab, interval 1, probability 0, space 0, times 0 [ 288.837426][ T9353] RBP: 00007f82524f90a0 R08: 0000000020000240 R09: 000000000000001c [ 288.837440][ T9353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.837451][ T9353] R13: 0000000000000000 R14: 00007f8251945fa0 R15: 00007ffef99408f8 [ 288.873853][ T9353] [ 288.876858][ T9360] CPU: 1 UID: 0 PID: 9360 Comm: syz.2.979 Not tainted 6.13.0-rc1-syzkaller #0 [ 288.885698][ T9360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 288.895727][ T9360] Call Trace: [ 288.898980][ T9360] [ 288.901886][ T9360] dump_stack_lvl+0x16c/0x1f0 [ 288.906539][ T9360] should_fail_ex+0x497/0x5b0 [ 288.911193][ T9360] ? fs_reclaim_acquire+0xae/0x150 [ 288.916279][ T9360] should_failslab+0xc2/0x120 [ 288.920932][ T9360] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 288.926710][ T9360] ? __alloc_skb+0x2b1/0x380 [ 288.931287][ T9360] __alloc_skb+0x2b1/0x380 [ 288.935701][ T9360] ? __pfx___alloc_skb+0x10/0x10 [ 288.940627][ T9360] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 288.946584][ T9360] netlink_alloc_large_skb+0x69/0x130 [ 288.951942][ T9360] netlink_sendmsg+0x689/0xd70 [ 288.956680][ T9360] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.961961][ T9360] ____sys_sendmsg+0xaaf/0xc90 [ 288.966696][ T9360] ? copy_msghdr_from_user+0x10b/0x160 [ 288.972126][ T9360] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.977397][ T9360] ___sys_sendmsg+0x135/0x1e0 [ 288.982059][ T9360] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.987265][ T9360] ? __pfx_lock_release+0x10/0x10 [ 288.992274][ T9360] ? trace_lock_acquire+0x14e/0x1f0 [ 288.997464][ T9360] ? __fget_files+0x206/0x3a0 [ 289.002127][ T9360] __sys_sendmsg+0x16e/0x220 [ 289.006702][ T9360] ? __pfx___sys_sendmsg+0x10/0x10 [ 289.011805][ T9360] do_syscall_64+0xcd/0x250 [ 289.016295][ T9360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.022174][ T9360] RIP: 0033:0x7f6b33780849 [ 289.026571][ T9360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.046166][ T9360] RSP: 002b:00007f6b3456b058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 289.054562][ T9360] RAX: ffffffffffffffda RBX: 00007f6b33945fa0 RCX: 00007f6b33780849 [ 289.062516][ T9360] RDX: 000000000000c004 RSI: 0000000020000340 RDI: 0000000000000003 [ 289.070471][ T9360] RBP: 00007f6b3456b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 289.078422][ T9360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.086373][ T9360] R13: 0000000000000000 R14: 00007f6b33945fa0 R15: 00007ffc4f575428 [ 289.094334][ T9360] [ 289.142848][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 289.148083][ T6456] wlan0: Trigger new scan to find an IBSS to join [ 289.470920][ T8] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 289.490525][ T8] usb 5-1: config 0 has no interface number 0 [ 289.525624][ T8] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 289.547997][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.565511][ T9368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.981'. [ 289.576087][ T8] usb 5-1: Product: syz [ 289.580270][ T8] usb 5-1: Manufacturer: syz [ 289.603844][ T9368] netlink: 72 bytes leftover after parsing attributes in process `syz.1.981'. [ 289.688549][ T8] usb 5-1: SerialNumber: syz [ 289.711398][ T8] usb 5-1: config 0 descriptor?? [ 289.897282][ T9384] FAULT_INJECTION: forcing a failure. [ 289.897282][ T9384] name failslab, interval 1, probability 0, space 0, times 0 [ 289.922873][ T51] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 289.944350][ T5868] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 289.960091][ T9384] CPU: 1 UID: 0 PID: 9384 Comm: syz.0.987 Not tainted 6.13.0-rc1-syzkaller #0 [ 289.968957][ T9384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 289.979004][ T9384] Call Trace: [ 289.982274][ T9384] [ 289.985197][ T9384] dump_stack_lvl+0x16c/0x1f0 [ 289.989878][ T9384] should_fail_ex+0x497/0x5b0 [ 289.994559][ T9384] ? fs_reclaim_acquire+0xae/0x150 [ 289.999681][ T9384] should_failslab+0xc2/0x120 [ 290.004357][ T9384] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 290.010162][ T9384] ? __alloc_skb+0x2b1/0x380 [ 290.014758][ T9384] __alloc_skb+0x2b1/0x380 [ 290.019181][ T9384] ? __pfx___alloc_skb+0x10/0x10 [ 290.024129][ T9384] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 290.030121][ T9384] netlink_alloc_large_skb+0x69/0x130 [ 290.035499][ T9384] netlink_sendmsg+0x689/0xd70 [ 290.040268][ T9384] ? __pfx_netlink_sendmsg+0x10/0x10 [ 290.045567][ T9384] ____sys_sendmsg+0xaaf/0xc90 [ 290.050330][ T9384] ? copy_msghdr_from_user+0x10b/0x160 [ 290.055785][ T9384] ? __pfx_____sys_sendmsg+0x10/0x10 [ 290.061082][ T9384] ___sys_sendmsg+0x135/0x1e0 [ 290.065760][ T9384] ? __pfx____sys_sendmsg+0x10/0x10 [ 290.070963][ T9384] ? __pfx_lock_release+0x10/0x10 [ 290.075986][ T9384] ? trace_lock_acquire+0x14e/0x1f0 [ 290.081198][ T9384] ? __fget_files+0x206/0x3a0 [ 290.085880][ T9384] __sys_sendmsg+0x16e/0x220 [ 290.090464][ T9384] ? __pfx___sys_sendmsg+0x10/0x10 [ 290.095589][ T9384] do_syscall_64+0xcd/0x250 [ 290.100096][ T9384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.105997][ T9384] RIP: 0033:0x7f2ef3f80849 [ 290.110404][ T9384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.130006][ T9384] RSP: 002b:00007f2ef4d91058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 290.138419][ T9384] RAX: ffffffffffffffda RBX: 00007f2ef4145fa0 RCX: 00007f2ef3f80849 [ 290.146383][ T9384] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003 [ 290.154347][ T9384] RBP: 00007f2ef4d910a0 R08: 0000000000000000 R09: 0000000000000000 [ 290.162309][ T9384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.170273][ T9384] R13: 0000000000000000 R14: 00007f2ef4145fa0 R15: 00007ffcff2ec948 [ 290.178248][ T9384] [ 290.181358][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.254303][ T5906] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 290.334611][ T9389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.344636][ T51] usb 2-1: device descriptor read/64, error -71 [ 290.352450][ T9389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.371915][ T5868] usb 3-1: Using ep0 maxpacket: 8 [ 290.378287][ T5868] usb 3-1: config 0 has no interfaces? [ 290.384443][ T5868] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 290.397919][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.571852][ T5868] usb 3-1: config 0 descriptor?? [ 290.592315][ T5906] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 290.603537][ T5906] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 290.617708][ T5906] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 290.666166][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.689356][ T9391] netlink: 'syz.0.989': attribute type 2 has an invalid length. [ 290.703400][ T51] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 290.886574][ T9380] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 290.917351][ T51] usb 2-1: device descriptor read/64, error -71 [ 290.961998][ T5828] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 290.978335][ T5828] Bluetooth: hci3: Injecting HCI hardware error event [ 290.988013][ T5828] Bluetooth: hci3: hardware error 0x00 [ 291.038264][ T8] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 291.058636][ T8] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 291.090458][ T5906] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 291.104975][ T8] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 291.289542][ T51] usb usb2-port1: attempt power cycle [ 291.324716][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 291.329385][ T5867] usb 3-1: USB disconnect, device number 26 [ 291.335854][ T8] usb 5-1: USB disconnect, device number 49 [ 291.361319][ T5825] Bluetooth: hci3: unexpected event for opcode 0x040e [ 291.370228][ T9396] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 291.654856][ T51] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 291.688229][ T51] usb 2-1: device descriptor read/8, error -71 [ 291.954144][ T51] usb 2-1: new full-speed USB device number 37 using dummy_hcd [ 292.000265][ T51] usb 2-1: device descriptor read/8, error -71 [ 292.381299][ T6456] wlan0: Trigger new scan to find an IBSS to join [ 292.388660][ T51] usb usb2-port1: unable to enumerate USB device [ 292.396345][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 292.480558][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 292.530964][ T8] quatech2 5-1:0.51: device disconnected [ 292.570789][ T5906] usb 4-1: USB disconnect, device number 33 [ 293.900238][ T5828] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 293.912793][ T5867] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 293.936426][ T2973] wlan0: Trigger new scan to find an IBSS to join [ 293.944437][ T6463] wlan0: Trigger new scan to find an IBSS to join [ 294.803158][ T5867] usb 3-1: Using ep0 maxpacket: 8 [ 294.833923][ T5867] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 294.853034][ T5867] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 294.872614][ T5867] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.874892][ T9433] syzkaller1: entered promiscuous mode [ 294.885668][ T5867] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 294.891115][ T9433] syzkaller1: entered allmulticast mode [ 294.900115][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.954382][ T5867] usbtmc 3-1:16.0: bulk endpoints not found [ 294.996771][ T29] audit: type=1400 audit(2000000025.246:596): avc: denied { listen } for pid=9430 comm="syz.4.1000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 295.111970][ T9445] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 295.375050][ T5870] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 295.439220][ T5906] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 295.548756][ T5870] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 295.561133][ T5870] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0115, bcdDevice=cb.61 [ 295.573032][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.581342][ T5870] usb 2-1: Product: syz [ 295.585700][ T5870] usb 2-1: Manufacturer: syz [ 295.590387][ T5870] usb 2-1: SerialNumber: syz [ 295.596890][ T5870] usb 2-1: config 0 descriptor?? [ 295.604114][ T5870] kvaser_usb 2-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 295.612238][ T5906] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 295.628276][ T5906] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 295.640421][ T5906] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 295.657159][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 295.665626][ T5906] usb 4-1: SerialNumber: syz [ 295.738952][ T7375] wlan0: Creating new IBSS network, BSSID 0a:d5:89:d6:27:27 [ 295.792447][ T5828] Bluetooth: hci2: unexpected event for opcode 0x040e [ 296.019314][ T9448] netlink: 'syz.1.1005': attribute type 8 has an invalid length. [ 296.027264][ T9448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1005'. [ 296.072080][ T5867] usb 2-1: USB disconnect, device number 38 [ 296.233716][ T5906] usb 4-1: 0:2 : does not exist [ 296.271009][ T5906] usb 4-1: USB disconnect, device number 34 [ 296.738689][ T5826] udevd[5826]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 297.783584][ T6463] wlan0: Trigger new scan to find an IBSS to join [ 297.806368][ T5867] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 297.928549][ T5906] usb 3-1: USB disconnect, device number 27 [ 298.218177][ T5867] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 298.250867][ T5867] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12644, setting to 64 [ 298.294653][ T5867] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 298.316313][ T9483] FAULT_INJECTION: forcing a failure. [ 298.316313][ T9483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.336826][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 298.348274][ T9483] CPU: 1 UID: 0 PID: 9483 Comm: syz.3.1015 Not tainted 6.13.0-rc1-syzkaller #0 [ 298.357220][ T9483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 298.367281][ T9483] Call Trace: [ 298.370559][ T9483] [ 298.373486][ T9483] dump_stack_lvl+0x16c/0x1f0 [ 298.378167][ T9483] should_fail_ex+0x497/0x5b0 [ 298.382851][ T9483] _copy_from_iter+0x469/0x1560 [ 298.387706][ T9483] ? __pfx__copy_from_iter+0x10/0x10 [ 298.393000][ T9483] packet_sendmsg+0x1c0b/0x5660 [ 298.397857][ T9483] ? __pfx___lock_acquire+0x10/0x10 [ 298.403066][ T9483] ? sock_has_perm+0x25a/0x2f0 [ 298.407830][ T9483] ? __pfx_sock_has_perm+0x10/0x10 [ 298.412945][ T9483] ? __pfx_packet_sendmsg+0x10/0x10 [ 298.418161][ T9483] ____sys_sendmsg+0xaaf/0xc90 [ 298.422930][ T9483] ? copy_msghdr_from_user+0x10b/0x160 [ 298.428392][ T9483] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.433695][ T9483] ___sys_sendmsg+0x135/0x1e0 [ 298.438369][ T9483] ? __pfx____sys_sendmsg+0x10/0x10 [ 298.443576][ T9483] ? __pfx_lock_release+0x10/0x10 [ 298.448604][ T9483] ? trace_lock_acquire+0x14e/0x1f0 [ 298.453808][ T9483] ? __fget_files+0x206/0x3a0 [ 298.458473][ T9483] __sys_sendmsg+0x16e/0x220 [ 298.463045][ T9483] ? __pfx___sys_sendmsg+0x10/0x10 [ 298.468150][ T9483] do_syscall_64+0xcd/0x250 [ 298.472641][ T9483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.478521][ T9483] RIP: 0033:0x7efd74980849 [ 298.482926][ T9483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.502517][ T9483] RSP: 002b:00007efd75831058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.510913][ T9483] RAX: ffffffffffffffda RBX: 00007efd74b45fa0 RCX: 00007efd74980849 [ 298.519392][ T9483] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 298.527343][ T9483] RBP: 00007efd758310a0 R08: 0000000000000000 R09: 0000000000000000 [ 298.535295][ T9483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.543260][ T9483] R13: 0000000000000000 R14: 00007efd74b45fa0 R15: 00007ffd8eb7b7f8 [ 298.551234][ T9483] [ 298.554843][ T5867] usb 1-1: SerialNumber: syz [ 298.605227][ T9462] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 298.819046][ T9488] syz_tun: entered promiscuous mode [ 298.825864][ T9488] syz_tun: left promiscuous mode [ 298.919824][ T9493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1016'. [ 299.208499][ T9496] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 299.299892][ T7367] wlan0: Creating new IBSS network, BSSID a6:65:eb:0c:ca:2b [ 299.419604][ T9503] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1022'. [ 299.492888][ T9507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1021'. [ 299.537248][ T9507] bridge1: entered promiscuous mode [ 299.542462][ T9507] bridge1: entered allmulticast mode [ 299.790354][ T8] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 299.833159][ T7367] wlan0: Trigger new scan to find an IBSS to join [ 299.961391][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 299.967965][ T8] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 299.977006][ T8] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 299.988222][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 300.009171][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 300.034371][ T5867] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 300.045169][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.047072][ T5867] usb-storage 1-1:1.0: USB Mass Storage device detected [ 300.073656][ T8] usbtmc 5-1:16.0: bulk endpoints not found [ 300.080528][ T5867] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 300.083014][ T9516] FAULT_INJECTION: forcing a failure. [ 300.083014][ T9516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.132814][ T9516] CPU: 1 UID: 0 PID: 9516 Comm: syz.0.1026 Not tainted 6.13.0-rc1-syzkaller #0 [ 300.141781][ T9516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 300.151829][ T9516] Call Trace: [ 300.155095][ T9516] [ 300.158002][ T9516] dump_stack_lvl+0x16c/0x1f0 [ 300.162665][ T9516] should_fail_ex+0x497/0x5b0 [ 300.167354][ T9516] strncpy_from_user+0x3b/0x2d0 [ 300.172209][ T9516] getname_flags.part.0+0x8f/0x550 [ 300.177674][ T9516] getname+0x8d/0xe0 [ 300.181557][ T9516] do_sys_openat2+0x104/0x1e0 [ 300.186210][ T9516] ? __pfx_do_sys_openat2+0x10/0x10 [ 300.191387][ T9516] ? __fget_files+0x206/0x3a0 [ 300.196042][ T9516] __x64_sys_openat+0x175/0x210 [ 300.200887][ T9516] ? __pfx___x64_sys_openat+0x10/0x10 [ 300.206265][ T9516] ? ksys_write+0x1ba/0x250 [ 300.210746][ T9516] do_syscall_64+0xcd/0x250 [ 300.215239][ T9516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.221115][ T9516] RIP: 0033:0x7f2ef3f80849 [ 300.225507][ T9516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.245092][ T9516] RSP: 002b:00007f2ef4d91058 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 300.253496][ T9516] RAX: ffffffffffffffda RBX: 00007f2ef4145fa0 RCX: 00007f2ef3f80849 [ 300.261452][ T9516] RDX: 0000000000080101 RSI: 000000002000c380 RDI: ffffffffffffff9c [ 300.269404][ T9516] RBP: 00007f2ef4d910a0 R08: 0000000000000000 R09: 0000000000000000 [ 300.277358][ T9516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.285313][ T9516] R13: 0000000000000000 R14: 00007f2ef4145fa0 R15: 00007ffcff2ec948 [ 300.293278][ T9516] [ 300.304872][ T5867] scsi host1: usb-storage 1-1:1.0 [ 300.356431][ T5867] usb 1-1: USB disconnect, device number 42 [ 300.418718][ T9518] input: syz1 as /devices/virtual/input/input15 [ 300.592027][ T29] audit: type=1400 audit(2000000030.475:597): avc: denied { ioctl } for pid=9530 comm="syz.3.1030" path="socket:[25004]" dev="sockfs" ino=25004 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 300.737099][ T29] audit: type=1400 audit(2000000030.615:598): avc: denied { read } for pid=9540 comm="syz.0.1034" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 300.768675][ T29] audit: type=1400 audit(2000000030.615:599): avc: denied { open } for pid=9540 comm="syz.0.1034" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 300.793646][ T29] audit: type=1400 audit(2000000030.634:600): avc: denied { ioctl } for pid=9540 comm="syz.0.1034" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x640c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 300.945100][ T5867] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 301.351149][ T5867] usb 4-1: Using ep0 maxpacket: 32 [ 301.358898][ T5867] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 301.367237][ T5867] usb 4-1: config 0 has no interface number 0 [ 301.375913][ T5867] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 301.385756][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.393768][ T5867] usb 4-1: Product: syz [ 301.402730][ T5867] usb 4-1: Manufacturer: syz [ 301.407721][ T5867] usb 4-1: SerialNumber: syz [ 301.413911][ T5867] usb 4-1: config 0 descriptor?? [ 301.427233][ T5867] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 301.477456][ T5828] Bluetooth: hci1: unexpected event for opcode 0x040e [ 301.486419][ T9564] mac80211_hwsim hwsim4 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 301.736116][ T5867] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 301.783483][ T5867] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 301.987060][ T2973] wlan0: Trigger new scan to find an IBSS to join [ 302.003751][ T9536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.016533][ T9536] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 302.252459][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 302.261174][ T5867] usb 4-1: USB disconnect, device number 35 [ 302.288754][ T5867] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 302.340571][ T5867] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 302.446012][ T8] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 302.455636][ T5867] quatech2 4-1:0.51: device disconnected [ 302.743111][ T5867] usb 5-1: USB disconnect, device number 50 [ 302.753564][ T8] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 302.765106][ T8] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 302.775549][ T8] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 302.842063][ T9585] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 302.888598][ T9586] Cannot find add_set index 1026 as target [ 303.045419][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.058338][ T9570] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 303.069486][ T8] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 303.083842][ T7367] wlan0: Trigger new scan to find an IBSS to join [ 303.115667][ T51] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 303.307518][ T51] usb 3-1: device descriptor read/64, error -71 [ 303.460077][ T8] usb 1-1: USB disconnect, device number 43 [ 303.564135][ T51] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 303.703084][ T51] usb 3-1: device descriptor read/64, error -71 [ 303.798292][ T5828] Bluetooth: hci2: unexpected event for opcode 0x040e [ 303.821825][ T51] usb usb3-port1: attempt power cycle [ 304.109740][ T7367] wlan0: Trigger new scan to find an IBSS to join [ 304.132078][ T29] audit: type=1400 audit(2000000033.796:601): avc: denied { read } for pid=9608 comm="syz.3.1053" name="mouse0" dev="devtmpfs" ino=1026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 304.155197][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.170020][ T29] audit: type=1400 audit(2000000033.796:602): avc: denied { open } for pid=9608 comm="syz.3.1053" path="/dev/input/mouse0" dev="devtmpfs" ino=1026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 304.184129][ T51] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 304.205239][ T6456] wlan0: Creating new IBSS network, BSSID 52:ef:7c:b4:4c:44 [ 304.216876][ T51] usb 3-1: device descriptor read/8, error -71 [ 304.241501][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 304.248690][ T9613] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 304.509263][ T51] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 304.754331][ T51] usb 3-1: device descriptor read/8, error -71 [ 304.886891][ T9626] : entered promiscuous mode [ 305.030183][ T51] usb usb3-port1: unable to enumerate USB device [ 305.327678][ T6463] wlan0: Trigger new scan to find an IBSS to join [ 305.447311][ T29] audit: type=1326 audit(2000000035.021:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 305.601693][ T29] audit: type=1326 audit(2000000035.021:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 305.770647][ T29] audit: type=1326 audit(2000000035.021:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 305.797906][ T29] audit: type=1326 audit(2000000035.021:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 305.999362][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 305.999378][ T29] audit: type=1400 audit(2000000035.526:617): avc: denied { read } for pid=9644 comm="syz.1.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 306.028294][ T29] audit: type=1326 audit(2000000035.535:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 306.053555][ T29] audit: type=1326 audit(2000000035.591:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 306.078536][ T29] audit: type=1326 audit(2000000035.591:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 306.101798][ C1] vkms_vblank_simulate: vblank timer overrun [ 306.111826][ T29] audit: type=1326 audit(2000000035.591:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 306.135085][ C1] vkms_vblank_simulate: vblank timer overrun [ 306.141616][ T5867] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 306.162166][ T29] audit: type=1326 audit(2000000035.591:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 306.185767][ T29] audit: type=1326 audit(2000000035.591:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9634 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f2ef3f80849 code=0x7ffc0000 [ 306.208932][ C1] vkms_vblank_simulate: vblank timer overrun [ 306.485568][ T9660] netlink: 'syz.2.1069': attribute type 2 has an invalid length. [ 306.504698][ T9660] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1069'. [ 307.034943][ T9663] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1070'. [ 307.045409][ T9663] bridge_slave_1: left allmulticast mode [ 307.054573][ T9663] bridge_slave_1: left promiscuous mode [ 307.061771][ T6463] wlan0: Creating new IBSS network, BSSID 06:f7:b9:4a:24:85 [ 307.071295][ T9663] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.081997][ T5867] usb 5-1: Using ep0 maxpacket: 32 [ 307.089680][ T5867] usb 5-1: config 0 has an invalid interface number: 186 but max is 0 [ 307.100163][ T5867] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 307.122480][ T9663] bridge_slave_0: left allmulticast mode [ 307.131266][ T5867] usb 5-1: config 0 has no interface number 0 [ 307.139175][ T9663] bridge_slave_0: left promiscuous mode [ 307.144894][ T9663] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.155647][ T5867] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 307.186924][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 307.217692][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 307.252067][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 307.357233][ T5867] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 41, changing to 9 [ 307.420124][ T5867] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid maxpacket 16664, setting to 1024 [ 307.540473][ T29] audit: type=1400 audit(2000000036.938:624): avc: denied { name_bind } for pid=9665 comm="syz.2.1071" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 308.008772][ T5867] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 308.037672][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 308.053726][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 308.065754][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 308.085516][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 308.123300][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has a duplicate endpoint with address 0xC, skipping [ 308.267456][ T5867] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 308.467610][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 308.475212][ T6463] wlan0: Trigger new scan to find an IBSS to join [ 308.497794][ T5867] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x3 has invalid maxpacket 42751, setting to 64 [ 308.512508][ T5867] usb 5-1: config 0 interface 186 altsetting 0 has 14 endpoint descriptors, different from the interface descriptor's value: 15 [ 308.527831][ T5867] usb 5-1: New USB device found, idVendor=04dd, idProduct=8005, bcdDevice=f6.88 [ 308.536963][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.544951][ T5867] usb 5-1: Product: syz [ 308.549271][ T5867] usb 5-1: Manufacturer: syz [ 308.553870][ T5867] usb 5-1: SerialNumber: syz [ 308.568002][ T5867] usb 5-1: config 0 descriptor?? [ 308.600153][ T9643] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 308.621525][ T5867] usb 5-1: bad CDC descriptors [ 308.781153][ T5907] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 308.961083][ T5907] usb 3-1: Using ep0 maxpacket: 32 [ 308.970247][ T5907] usb 3-1: New USB device found, idVendor=05da, idProduct=00b6, bcdDevice=cd.b7 [ 308.985128][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.998846][ T5907] usb 3-1: Product: syz [ 309.006663][ T5907] usb 3-1: Manufacturer: syz [ 309.011258][ T5907] usb 3-1: SerialNumber: syz [ 309.020793][ T5907] usb 3-1: config 0 descriptor?? [ 309.027594][ T5907] microtek usb (rev 0.4.3): expecting 3 got 0 endpoints! Bailing out. [ 309.241931][ T970] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 309.245740][ T5870] usb 3-1: USB disconnect, device number 32 [ 309.305022][ T5867] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 309.404468][ T970] usb 1-1: config 0 has an invalid interface number: 133 but max is 0 [ 309.412762][ T970] usb 1-1: config 0 has no interface number 0 [ 309.420333][ T970] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 309.429600][ T970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.437633][ T970] usb 1-1: Product: syz [ 309.441788][ T970] usb 1-1: Manufacturer: syz [ 309.446580][ T970] usb 1-1: SerialNumber: syz [ 309.452376][ T970] usb 1-1: config 0 descriptor?? [ 309.465329][ T5867] usb 2-1: Using ep0 maxpacket: 8 [ 309.471780][ T5867] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 309.472459][ T6456] wlan0: Creating new IBSS network, BSSID 26:8e:4a:ad:df:93 [ 309.480458][ T5867] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 309.480493][ T5867] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 309.507338][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.685028][ T9694] binder: 9693:9694 ioctl 4018620d 0 returned -22 [ 309.867449][ T9699] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 309.892554][ T9701] FAULT_INJECTION: forcing a failure. [ 309.892554][ T9701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 309.909360][ T9701] CPU: 0 UID: 0 PID: 9701 Comm: syz.3.1081 Not tainted 6.13.0-rc1-syzkaller #0 [ 309.918278][ T9701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 309.928313][ T9701] Call Trace: [ 309.931577][ T9701] [ 309.934480][ T9701] dump_stack_lvl+0x16c/0x1f0 [ 309.939143][ T9701] should_fail_ex+0x497/0x5b0 [ 309.943808][ T9701] _copy_from_user+0x2e/0xd0 [ 309.948374][ T9701] copy_from_sockptr_offset.constprop.0+0x137/0x160 [ 309.954938][ T9701] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 309.962037][ T9701] ? __local_bh_enable_ip+0xa4/0x120 [ 309.967298][ T9701] sk_setsockopt+0x148f/0x3d50 [ 309.972036][ T9701] ? lock_acquire+0x2f/0xb0 [ 309.976514][ T9701] ? __pfx_sk_setsockopt+0x10/0x10 [ 309.981596][ T9701] ? avc_has_perm_noaudit+0x143/0x3a0 [ 309.986949][ T9701] ? __pfx_avc_has_perm+0x10/0x10 [ 309.991969][ T9701] ? sock_has_perm+0x25a/0x2f0 [ 309.996710][ T9701] udp_lib_setsockopt+0x721/0xfe0 [ 310.001707][ T9701] ? __pfx_udp_push_pending_frames+0x10/0x10 [ 310.007661][ T9701] ? __pfx_udp_lib_setsockopt+0x10/0x10 [ 310.013185][ T9701] udp_setsockopt+0xbc/0xd0 [ 310.017670][ T9701] ? __pfx_udp_push_pending_frames+0x10/0x10 [ 310.023625][ T9701] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 310.029496][ T9701] do_sock_setsockopt+0x222/0x480 [ 310.034495][ T9701] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 310.040021][ T9701] ? lock_acquire+0x2f/0xb0 [ 310.044508][ T9701] __sys_setsockopt+0x1a0/0x230 [ 310.049335][ T9701] __x64_sys_setsockopt+0xbd/0x160 [ 310.054431][ T9701] ? do_syscall_64+0x91/0x250 [ 310.059092][ T9701] ? lockdep_hardirqs_on+0x7c/0x110 [ 310.064275][ T9701] do_syscall_64+0xcd/0x250 [ 310.068752][ T9701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.074628][ T9701] RIP: 0033:0x7efd74980849 [ 310.079016][ T9701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.098608][ T9701] RSP: 002b:00007efd75831058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 310.106993][ T9701] RAX: ffffffffffffffda RBX: 00007efd74b45fa0 RCX: 00007efd74980849 [ 310.114938][ T9701] RDX: 0000000000000034 RSI: 0000000000000001 RDI: 0000000000000004 [ 310.122894][ T9701] RBP: 00007efd758310a0 R08: 0000000000000004 R09: 0000000000000000 [ 310.130839][ T9701] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001 [ 310.138787][ T9701] R13: 0000000000000000 R14: 00007efd74b45fa0 R15: 00007ffd8eb7b7f8 [ 310.146738][ T9701] [ 310.151276][ T970] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected [ 310.159244][ T970] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81 [ 310.205054][ T970] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1 [ 310.212829][ T970] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2 [ 310.228032][ T970] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 310.475471][ T9710] FAULT_INJECTION: forcing a failure. [ 310.475471][ T9710] name failslab, interval 1, probability 0, space 0, times 0 [ 310.490025][ T9710] CPU: 1 UID: 0 PID: 9710 Comm: syz.3.1083 Not tainted 6.13.0-rc1-syzkaller #0 [ 310.498975][ T9710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 310.509025][ T9710] Call Trace: [ 310.512290][ T9710] [ 310.515204][ T9710] dump_stack_lvl+0x16c/0x1f0 [ 310.519874][ T9710] should_fail_ex+0x497/0x5b0 [ 310.524540][ T9710] ? fs_reclaim_acquire+0xae/0x150 [ 310.529642][ T9710] should_failslab+0xc2/0x120 [ 310.534312][ T9710] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 310.540113][ T9710] ? __alloc_skb+0x2b1/0x380 [ 310.544694][ T9710] __alloc_skb+0x2b1/0x380 [ 310.549099][ T9710] ? __pfx___alloc_skb+0x10/0x10 [ 310.554026][ T9710] ? selinux_socket_getpeersec_dgram+0x1a5/0x370 [ 310.560341][ T9710] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 310.567004][ T9710] netlink_alloc_large_skb+0x69/0x130 [ 310.572365][ T9710] netlink_sendmsg+0x689/0xd70 [ 310.577120][ T9710] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.582399][ T9710] ____sys_sendmsg+0xaaf/0xc90 [ 310.587150][ T9710] ? copy_msghdr_from_user+0x10b/0x160 [ 310.592593][ T9710] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.597872][ T9710] ___sys_sendmsg+0x135/0x1e0 [ 310.602534][ T9710] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.607722][ T9710] ? __pfx_lock_release+0x10/0x10 [ 310.612731][ T9710] ? trace_lock_acquire+0x14e/0x1f0 [ 310.617927][ T9710] ? __fget_files+0x206/0x3a0 [ 310.622594][ T9710] __sys_sendmsg+0x16e/0x220 [ 310.627168][ T9710] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.632274][ T9710] do_syscall_64+0xcd/0x250 [ 310.636766][ T9710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.642645][ T9710] RIP: 0033:0x7efd74980849 [ 310.647044][ T9710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.666634][ T9710] RSP: 002b:00007efd75831058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.675031][ T9710] RAX: ffffffffffffffda RBX: 00007efd74b45fa0 RCX: 00007efd74980849 [ 310.682986][ T9710] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 310.690949][ T9710] RBP: 00007efd758310a0 R08: 0000000000000000 R09: 0000000000000000 [ 310.698904][ T9710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.706859][ T9710] R13: 0000000000000000 R14: 00007efd74b45fa0 R15: 00007ffd8eb7b7f8 [ 310.714820][ T9710] [ 311.241359][ T5870] usb 5-1: USB disconnect, device number 51 [ 311.646396][ T6456] wlan0: Trigger new scan to find an IBSS to join [ 311.821862][ T9728] binder: 9727:9728 ioctl 4018620d 0 returned -22 [ 311.844851][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 311.856510][ T9730] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 312.005808][ T8] usb 1-1: USB disconnect, device number 44 [ 312.014605][ T8] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 312.027150][ T8] keyspan 1-1:0.133: device disconnected [ 312.518733][ T5870] usb 2-1: USB disconnect, device number 39 [ 312.664221][ T6456] wlan0: Trigger new scan to find an IBSS to join [ 312.827842][ T9752] netlink: 'syz.1.1095': attribute type 2 has an invalid length. [ 312.839394][ T9752] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1095'. [ 313.404307][ T9756] netlink: 'syz.4.1098': attribute type 4 has an invalid length. [ 313.494317][ T9761] netlink: 'syz.2.1101': attribute type 9 has an invalid length. [ 313.502206][ T9761] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1101'. [ 313.519770][ T9762] binder: 9760:9762 ioctl 4018620d 0 returned -22 [ 313.591262][ T5828] Bluetooth: hci1: unexpected event for opcode 0x040e [ 313.623270][ T9766] mac80211_hwsim hwsim4 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 313.863132][ T9770] binder: 9769:9770 ioctl 4018620d 0 returned -22 [ 313.973982][ T9776] netlink: 'syz.4.1104': attribute type 2 has an invalid length. [ 313.993402][ T9776] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1104'. [ 314.244319][ T5870] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 314.666822][ T5870] usb 1-1: Using ep0 maxpacket: 8 [ 314.709083][ T5870] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 314.720179][ T5870] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 314.737715][ T5870] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 314.747477][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.700512][ T51] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 315.852555][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 316.182627][ T6440] wlan0: Trigger new scan to find an IBSS to join [ 316.210052][ T51] usb 2-1: config index 0 descriptor too short (expected 82, got 18) [ 316.260918][ T51] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=c2.c6 [ 316.293445][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.320196][ T51] usb 2-1: config 0 descriptor?? [ 316.602845][ T9846] netlink: 'syz.4.1113': attribute type 2 has an invalid length. [ 316.615529][ T9846] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1113'. [ 316.772872][ T51] mxuport 2-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71) [ 316.798068][ T51] mxuport 2-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71) [ 316.860150][ T51] mxuport 2-1:0.0: probe with driver mxuport failed with error -71 [ 316.965966][ T51] usb 2-1: USB disconnect, device number 40 [ 317.010829][ T9] usb 1-1: USB disconnect, device number 45 [ 317.056634][ T5870] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 317.141476][ T8] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 317.259202][ T5870] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 317.271869][ T5870] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 317.287762][ T5870] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 317.299169][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.308917][ T8] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 317.320670][ T8] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 317.332013][ T9842] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 317.332134][ T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 317.350680][ T5870] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 317.360201][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.397312][ T9844] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 317.414635][ T8] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 317.423123][ T9] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 317.547394][ T51] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 317.611523][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 317.617839][ T9] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 317.626557][ T9] usb 1-1: config 0 has no interface number 0 [ 317.634435][ T9] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 317.643479][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.652169][ T9] usb 1-1: Product: syz [ 317.656870][ T5870] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 317.664690][ T9] usb 1-1: Manufacturer: syz [ 317.670389][ T9] usb 1-1: SerialNumber: syz [ 317.677701][ T9] usb 1-1: config 0 descriptor?? [ 317.684994][ T9] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 317.710994][ T51] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 317.720408][ T51] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.728494][ T51] usb 5-1: Product: syz [ 317.732821][ T51] usb 5-1: Manufacturer: syz [ 317.737652][ T51] usb 5-1: SerialNumber: syz [ 317.747858][ T51] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 317.781289][ T5867] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 317.856491][ T5870] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 317.866180][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.874769][ T5870] usb 2-1: Product: syz [ 317.879609][ T5870] usb 2-1: Manufacturer: syz [ 317.884225][ T5870] usb 2-1: SerialNumber: syz [ 317.919830][ T5870] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 317.945578][ T9] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 317.962741][ T9] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 317.966609][ T7367] wlan0: Trigger new scan to find an IBSS to join [ 317.991932][ T8] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 318.030224][ T5868] usb 4-1: USB disconnect, device number 36 [ 318.075513][ T9850] netlink: 'syz.4.1116': attribute type 4 has an invalid length. [ 318.113778][ T9850] netlink: 'syz.4.1116': attribute type 4 has an invalid length. [ 318.149741][ T9848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.161760][ T9848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.274417][ T9852] netlink: 'syz.1.1117': attribute type 4 has an invalid length. [ 318.292212][ T9852] netlink: 'syz.1.1117': attribute type 4 has an invalid length. [ 318.385616][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 318.385942][ T970] usb 1-1: USB disconnect, device number 46 [ 318.408605][ T970] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 318.422149][ T970] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 318.433949][ T970] quatech2 1-1:0.51: device disconnected [ 318.559792][ T5870] usb 5-1: USB disconnect, device number 52 [ 319.014830][ T7373] wlan0: Creating new IBSS network, BSSID 1e:ef:6e:62:23:9a [ 319.033374][ T9] usb 2-1: USB disconnect, device number 41 [ 319.247552][ T5867] usb 5-1: Service connection timeout for: 256 [ 319.253741][ T5867] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 319.265932][ T5867] ath9k_htc: Failed to initialize the device [ 319.276928][ T5870] usb 5-1: ath9k_htc: USB layer deinitialized [ 319.433246][ T8] usb 2-1: Service connection timeout for: 256 [ 319.481459][ T9868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1121'. [ 319.539569][ T8] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 319.665062][ T8] ath9k_htc: Failed to initialize the device [ 319.674133][ T9] usb 2-1: ath9k_htc: USB layer deinitialized [ 319.698325][ T5907] usb 3-1: USB disconnect, device number 33 [ 320.188087][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 320.189354][ T7367] wlan0: Trigger new scan to find an IBSS to join [ 320.216422][ T9885] binder: 9884:9885 ioctl 4018620d 0 returned -22 [ 320.269254][ T5907] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 320.431721][ T5828] Bluetooth: hci1: unexpected event for opcode 0x040e [ 320.440113][ T9893] mac80211_hwsim hwsim4 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 320.799525][ T5907] usb 3-1: Using ep0 maxpacket: 8 [ 320.813486][ T5907] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 320.954560][ T5907] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 321.189939][ T5907] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 321.199858][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.407923][ T6446] wlan0: Creating new IBSS network, BSSID 9e:f5:61:b2:67:f6 [ 321.834558][ T5868] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 322.044635][ T5868] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 322.055002][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.073575][ T5868] usb 5-1: Product: syz [ 322.097951][ T5868] usb 5-1: Manufacturer: syz [ 322.121513][ T5868] usb 5-1: SerialNumber: syz [ 322.193731][ T5868] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 322.213405][ T5867] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 322.335571][ T9923] FAULT_INJECTION: forcing a failure. [ 322.335571][ T9923] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 322.388177][ T9923] CPU: 1 UID: 0 PID: 9923 Comm: syz.1.1138 Not tainted 6.13.0-rc1-syzkaller #0 [ 322.397141][ T9923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 322.407174][ T9923] Call Trace: [ 322.410429][ T9923] [ 322.413349][ T9923] dump_stack_lvl+0x16c/0x1f0 [ 322.418015][ T9923] should_fail_ex+0x497/0x5b0 [ 322.422677][ T9923] _copy_from_user+0x2e/0xd0 [ 322.427253][ T9923] sk_getsockopt+0x1096/0x3430 [ 322.432002][ T9923] ? hlock_class+0x4e/0x130 [ 322.436504][ T9923] ? __lock_acquire+0x15a9/0x3c40 [ 322.441526][ T9923] ? __pfx_sk_getsockopt+0x10/0x10 [ 322.446627][ T9923] ? __pfx___lock_acquire+0x10/0x10 [ 322.451812][ T9923] ? __lock_acquire+0xcc5/0x3c40 [ 322.456737][ T9923] ? find_held_lock+0x2d/0x110 [ 322.461490][ T9923] ? __might_fault+0x13b/0x190 [ 322.466240][ T9923] ? __pfx_lock_release+0x10/0x10 [ 322.471246][ T9923] ? trace_lock_acquire+0x14e/0x1f0 [ 322.476434][ T9923] ? lock_acquire+0x2f/0xb0 [ 322.480921][ T9923] ? __might_fault+0xe3/0x190 [ 322.485583][ T9923] ? __might_fault+0xe3/0x190 [ 322.490250][ T9923] do_sock_getsockopt+0x647/0x800 [ 322.495261][ T9923] ? trace_lock_acquire+0x50/0x1f0 [ 322.500372][ T9923] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 322.505911][ T9923] ? lock_acquire+0x2f/0xb0 [ 322.510398][ T9923] ? __fget_files+0x40/0x3a0 [ 322.514976][ T9923] ? __fget_files+0x206/0x3a0 [ 322.519640][ T9923] __sys_getsockopt+0x12f/0x260 [ 322.524481][ T9923] __x64_sys_getsockopt+0xbd/0x160 [ 322.529578][ T9923] ? do_syscall_64+0x91/0x250 [ 322.534244][ T9923] ? lockdep_hardirqs_on+0x7c/0x110 [ 322.539429][ T9923] do_syscall_64+0xcd/0x250 [ 322.543921][ T9923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.549801][ T9923] RIP: 0033:0x7f8251780849 [ 322.554200][ T9923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.573795][ T9923] RSP: 002b:00007f82524f9058 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 322.582195][ T9923] RAX: ffffffffffffffda RBX: 00007f8251945fa0 RCX: 00007f8251780849 [ 322.590160][ T9923] RDX: 000000000000001c RSI: 0000000000000001 RDI: 0000000000000003 [ 322.598119][ T9923] RBP: 00007f82524f90a0 R08: 0000000020000180 R09: 0000000000000000 [ 322.606076][ T9923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.614037][ T9923] R13: 0000000000000000 R14: 00007f8251945fa0 R15: 00007ffef99408f8 [ 322.622016][ T9923] [ 322.640367][ T9926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1139'. [ 322.815277][ T9907] netlink: 'syz.4.1135': attribute type 4 has an invalid length. [ 323.055028][ T9929] netlink: 'syz.4.1135': attribute type 4 has an invalid length. [ 323.142910][ T9] usb 3-1: USB disconnect, device number 34 [ 323.287828][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 323.304284][ T9939] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 323.572489][ T9942] netlink: 'syz.2.1143': attribute type 2 has an invalid length. [ 323.592535][ T9942] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1143'. [ 324.052939][ T5868] usb 5-1: USB disconnect, device number 53 [ 324.210827][ T5867] usb 5-1: Service connection timeout for: 256 [ 324.228633][ T5867] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 324.241922][ T5867] ath9k_htc: Failed to initialize the device [ 324.351651][ T5868] usb 5-1: ath9k_htc: USB layer deinitialized [ 324.947188][ T29] audit: type=1400 audit(2000000052.850:625): avc: denied { write } for pid=9949 comm="syz.0.1148" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 325.041220][ T9962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1150'. [ 325.323427][ T29] audit: type=1400 audit(2000000052.850:626): avc: denied { ioctl } for pid=9949 comm="syz.0.1148" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 325.524111][ T3011] wlan0: Trigger new scan to find an IBSS to join [ 325.530711][ T7373] wlan0: Trigger new scan to find an IBSS to join [ 325.727243][ T9977] netlink: 'syz.2.1155': attribute type 2 has an invalid length. [ 325.749107][ T5868] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 325.883501][ T5828] Bluetooth: hci2: unexpected event for opcode 0x040e [ 325.918241][ T5868] usb 4-1: Using ep0 maxpacket: 8 [ 325.929173][ T5868] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 326.159281][ T5868] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 326.181594][ T5868] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 326.204414][ T5868] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 326.216558][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.501495][ T5868] usbtmc 4-1:16.0: bulk endpoints not found [ 326.881086][ T8] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 327.062086][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 327.073309][ T8] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 327.081805][ T8] usb 5-1: config 0 has no interface number 0 [ 327.081917][ T9993] FAULT_INJECTION: forcing a failure. [ 327.081917][ T9993] name failslab, interval 1, probability 0, space 0, times 0 [ 327.090483][ T8] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 327.100673][ T9993] CPU: 1 UID: 0 PID: 9993 Comm: syz.1.1162 Not tainted 6.13.0-rc1-syzkaller #0 [ 327.100696][ T9993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 327.100706][ T9993] Call Trace: [ 327.100711][ T9993] [ 327.100718][ T9993] dump_stack_lvl+0x16c/0x1f0 [ 327.100745][ T9993] should_fail_ex+0x497/0x5b0 [ 327.100772][ T9993] ? fs_reclaim_acquire+0xae/0x150 [ 327.100801][ T9993] should_failslab+0xc2/0x120 [ 327.100824][ T9993] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 327.100846][ T9993] ? __alloc_skb+0x2b1/0x380 [ 327.100873][ T9993] ? __pfx_mark_lock+0x10/0x10 [ 327.100899][ T9993] __alloc_skb+0x2b1/0x380 [ 327.100928][ T9993] ? __pfx___alloc_skb+0x10/0x10 [ 327.100954][ T9993] ? find_held_lock+0x2d/0x110 [ 327.100981][ T9993] ? __might_fault+0x13b/0x190 [ 327.101007][ T9993] alloc_skb_with_frags+0xe4/0x850 [ 327.101029][ T9993] ? __might_fault+0xe3/0x190 [ 327.101054][ T9993] sock_alloc_send_pskb+0x7f1/0x980 [ 327.101082][ T9993] ? _copy_from_iter+0x15e/0x1560 [ 327.101105][ T9993] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 327.101142][ T9993] packet_sendmsg+0x1f70/0x5660 [ 327.101179][ T9993] ? sock_has_perm+0x25a/0x2f0 [ 327.101199][ T9993] ? __pfx_sock_has_perm+0x10/0x10 [ 327.115527][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.119091][ T9993] ? __pfx_packet_sendmsg+0x10/0x10 [ 327.129474][ T8] usb 5-1: Product: syz [ 327.132392][ T9993] ? __fget_files+0x206/0x3a0 [ 327.135353][ T8] usb 5-1: Manufacturer: syz [ 327.139973][ T9993] __sys_sendto+0x488/0x4f0 [ 327.140005][ T9993] ? __pfx___sys_sendto+0x10/0x10 [ 327.145189][ T8] usb 5-1: SerialNumber: syz [ 327.149757][ T9993] ? ksys_write+0x1ba/0x250 [ 327.149777][ T9993] ? __pfx_ksys_write+0x10/0x10 [ 327.149797][ T9993] __x64_sys_sendto+0xe0/0x1c0 [ 327.149823][ T9993] ? do_syscall_64+0x91/0x250 [ 327.149846][ T9993] ? lockdep_hardirqs_on+0x7c/0x110 [ 327.149867][ T9993] do_syscall_64+0xcd/0x250 [ 327.149897][ T9993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.149921][ T9993] RIP: 0033:0x7f8251780849 [ 327.149935][ T9993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.149952][ T9993] RSP: 002b:00007f82524f9058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 327.149971][ T9993] RAX: ffffffffffffffda RBX: 00007f8251945fa0 RCX: 00007f8251780849 [ 327.149983][ T9993] RDX: 000000000000fc13 RSI: 0000000020000280 RDI: 000000000000000b [ 327.149994][ T9993] RBP: 00007f82524f90a0 R08: 0000000000000000 R09: 000000000000002f [ 327.150005][ T9993] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 327.150016][ T9993] R13: 0000000000000000 R14: 00007f8251945fa0 R15: 00007ffef99408f8 [ 327.150038][ T9993] [ 327.446772][ T8] usb 5-1: config 0 descriptor?? [ 327.455922][ T8] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 327.549017][ T9997] tmpfs: Unknown parameter 'usrquota' [ 327.810899][ T5868] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 327.872408][ T8] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 327.901094][ T8] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 327.932073][ T9984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.942573][ T9984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.988007][ T5868] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 328.015033][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.040383][ T5868] usb 3-1: Product: syz [ 328.051618][ T5868] usb 3-1: Manufacturer: syz [ 328.062641][ T5868] usb 3-1: SerialNumber: syz [ 328.083953][ T5868] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 328.105890][ T5867] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 328.203929][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 328.204291][ T5868] usb 5-1: USB disconnect, device number 54 [ 328.246321][ T5868] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 328.291132][ T5868] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 328.319725][ T5868] quatech2 5-1:0.51: device disconnected [ 328.343309][T10000] netlink: 'syz.2.1165': attribute type 4 has an invalid length. [ 328.351351][T10009] mac80211_hwsim hwsim4 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 328.351387][ T5828] Bluetooth: hci1: unexpected event for opcode 0x040e [ 328.373643][T10000] netlink: 'syz.2.1165': attribute type 4 has an invalid length. [ 328.789261][ T8] usb 4-1: USB disconnect, device number 37 [ 328.869654][ T5907] usb 3-1: USB disconnect, device number 35 [ 329.004077][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 329.010924][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.042311][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 329.109556][T10013] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 329.529881][ T5867] usb 3-1: Service connection timeout for: 256 [ 329.542283][ T5867] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 329.550825][ T5867] ath9k_htc: Failed to initialize the device [ 329.568864][ T5907] usb 3-1: ath9k_htc: USB layer deinitialized [ 329.625001][T10027] x_tables: duplicate underflow at hook 2 [ 330.322728][ T5867] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 330.735562][ T5868] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 330.773891][ T5867] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 330.789159][ T5867] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 330.799273][ T5867] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 330.813051][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.890074][ T6440] wlan0: Trigger new scan to find an IBSS to join [ 330.900408][ T5868] usb 4-1: Using ep0 maxpacket: 8 [ 330.908571][T10036] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 330.918918][ T5867] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 330.926678][ T5868] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 330.936141][ T5868] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 330.961356][ T5868] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 331.019199][ T5868] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 331.032515][ T5868] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 331.047530][ T5868] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 331.086781][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.112062][ T5868] usbtmc 4-1:16.0: bulk endpoints not found [ 331.255696][ T970] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 331.334073][T10052] FAULT_INJECTION: forcing a failure. [ 331.334073][T10052] name failslab, interval 1, probability 0, space 0, times 0 [ 331.347069][T10052] CPU: 0 UID: 0 PID: 10052 Comm: syz.0.1181 Not tainted 6.13.0-rc1-syzkaller #0 [ 331.356085][T10052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 331.366115][T10052] Call Trace: [ 331.369383][T10052] [ 331.372290][T10052] dump_stack_lvl+0x16c/0x1f0 [ 331.376945][T10052] should_fail_ex+0x497/0x5b0 [ 331.381611][T10052] ? fs_reclaim_acquire+0xae/0x150 [ 331.386728][T10052] should_failslab+0xc2/0x120 [ 331.391390][T10052] __kmalloc_noprof+0xcb/0x510 [ 331.396141][T10052] alloc_pipe_info+0x1ec/0x590 [ 331.400897][T10052] splice_direct_to_actor+0x793/0xa40 [ 331.406266][T10052] ? get_pid_task+0xfc/0x250 [ 331.410857][T10052] ? __pfx_direct_splice_actor+0x10/0x10 [ 331.416482][T10052] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 331.422382][T10052] ? __pfx___might_resched+0x10/0x10 [ 331.427665][T10052] do_splice_direct+0x178/0x250 [ 331.432517][T10052] ? __pfx_do_splice_direct+0x10/0x10 [ 331.437870][T10052] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 331.443757][T10052] do_sendfile+0xaed/0xe30 [ 331.448170][T10052] ? __pfx_do_sendfile+0x10/0x10 [ 331.453101][T10052] ? __fget_files+0x206/0x3a0 [ 331.457781][T10052] __x64_sys_sendfile64+0x1da/0x220 [ 331.462967][T10052] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 331.468662][T10052] ? syscall_user_dispatch+0x7a/0x130 [ 331.474036][T10052] do_syscall_64+0xcd/0x250 [ 331.478543][T10052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.484440][T10052] RIP: 0033:0x7f2ef3f80849 [ 331.488841][T10052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.508435][T10052] RSP: 002b:00007f2ef4d91058 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 331.516834][T10052] RAX: ffffffffffffffda RBX: 00007f2ef4145fa0 RCX: 00007f2ef3f80849 [ 331.524783][T10052] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000007 [ 331.532742][T10052] RBP: 00007f2ef4d910a0 R08: 0000000000000000 R09: 0000000000000000 [ 331.540706][T10052] R10: 000000000003ffff R11: 0000000000000246 R12: 0000000000000001 [ 331.548670][T10052] R13: 0000000000000000 R14: 00007f2ef4145fa0 R15: 00007ffcff2ec948 [ 331.556646][T10052] [ 331.667533][ T970] usb 2-1: Using ep0 maxpacket: 8 [ 331.702261][ T970] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 331.712454][ T970] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 331.810020][ T5907] usb 5-1: USB disconnect, device number 55 [ 331.812795][ T970] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 331.929105][ T12] wlan0: Trigger new scan to find an IBSS to join [ 331.962284][ T970] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 332.003401][ T970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.040470][ T970] usbtmc 2-1:16.0: bulk endpoints not found [ 332.824951][ T5907] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 333.010841][ T5907] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 333.020335][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.035003][ T5907] usb 5-1: Product: syz [ 333.042971][ T5907] usb 5-1: Manufacturer: syz [ 333.052087][ T5907] usb 5-1: SerialNumber: syz [ 333.062282][ T5907] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 333.078946][ T8] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 333.305170][T10067] netlink: 'syz.4.1184': attribute type 4 has an invalid length. [ 333.390338][ T970] usb 4-1: USB disconnect, device number 38 [ 333.410440][T10074] netlink: 'syz.4.1184': attribute type 4 has an invalid length. [ 333.941619][ T5870] usb 5-1: USB disconnect, device number 56 [ 334.454926][ T970] usb 2-1: USB disconnect, device number 42 [ 334.781134][ T8] usb 5-1: Service connection timeout for: 256 [ 334.787336][ T8] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 334.948052][ T8] ath9k_htc: Failed to initialize the device [ 335.059606][ T5870] usb 5-1: ath9k_htc: USB layer deinitialized [ 335.069499][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 335.474036][ T7373] wlan0: Trigger new scan to find an IBSS to join [ 336.213648][ T5870] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 336.296812][ T5907] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 336.359485][T10120] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1198'. [ 336.384402][ T5868] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 336.525226][ T3011] wlan0: Creating new IBSS network, BSSID 32:53:93:d4:0f:73 [ 336.533217][ T5870] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 336.544825][ T5907] usb 3-1: Using ep0 maxpacket: 8 [ 336.550960][ T5870] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 336.561392][ T5907] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 336.572190][ T5907] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 336.585433][ T5870] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 336.595356][ T5907] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 336.598061][ T5868] usb 5-1: Using ep0 maxpacket: 8 [ 336.605970][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.618762][ T5907] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 336.618855][ T7375] wlan0: Creating new IBSS network, BSSID ee:b6:73:56:d8:00 [ 336.629771][ T5907] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 336.651077][ T5868] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 336.662766][T10110] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 336.669982][ T5868] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 336.702842][ T5868] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 336.703488][ T5870] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 336.721364][ T5907] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 336.747722][ T5868] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 336.748359][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.767236][ T5868] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 336.785266][ T5868] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 336.787277][ T5907] usbtmc 3-1:16.0: bulk endpoints not found [ 336.895089][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.233756][ T5868] usb 5-1: usb_control_msg returned -32 [ 337.239793][ T5868] usbtmc 5-1:16.0: can't read capabilities [ 337.475897][ T5868] usb 4-1: USB disconnect, device number 39 [ 337.790790][T10140] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 338.576099][ T35] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 338.604091][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 338.615128][T10148] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 338.777421][ T5870] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 339.046702][ T5870] usb 1-1: Using ep0 maxpacket: 16 [ 339.057436][ T5870] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 339.081195][ T5870] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 339.109521][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.134796][ T5870] usb 1-1: Product: syz [ 339.147039][ T5870] usb 1-1: Manufacturer: syz [ 339.160996][ T5870] usb 1-1: SerialNumber: syz [ 339.182999][ T5870] usb 1-1: config 0 descriptor?? [ 339.201671][ T5870] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 339.221999][ T5870] usb 1-1: Detected FT232R [ 339.531057][ T5870] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 340.829778][ T5870] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 341.484199][ T6446] wlan0: Trigger new scan to find an IBSS to join [ 342.378700][ T5868] usb 1-1: USB disconnect, device number 47 [ 342.439525][ T5868] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 342.460213][ T5868] ftdi_sio 1-1:0.0: device disconnected [ 342.570490][T10186] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1213'. [ 343.280326][T10139] usbtmc 5-1:16.0: usb_control_msg returned -110 [ 343.289796][ T970] usb 3-1: USB disconnect, device number 36 [ 343.351249][ T5907] usb 5-1: USB disconnect, device number 57 [ 343.419173][ T5870] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 343.582567][ T5870] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 343.629676][ T5870] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 343.661956][ T5870] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 343.680124][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.739641][T10188] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 343.752235][ T5870] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 344.009961][ T5865] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 344.216000][ T5865] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 344.237427][ T5865] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 344.474699][ T5865] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 344.528184][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.551053][T10204] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 344.563670][ T5865] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 344.684011][ T5865] usb 4-1: USB disconnect, device number 40 [ 344.744853][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 345.515320][ T5870] usb 5-1: USB disconnect, device number 58 [ 346.872580][ T6440] wlan0: Creating new IBSS network, BSSID 26:45:2b:48:3d:90 [ 347.149974][ T5867] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 347.259514][ T5828] Bluetooth: hci1: unexpected event for opcode 0x040e [ 347.268934][T10244] mac80211_hwsim hwsim4 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 347.321211][ T5867] usb 3-1: Using ep0 maxpacket: 8 [ 347.331614][ T5867] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 347.371567][ T5867] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 347.402392][ T5867] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 347.507143][ T5867] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 347.602976][ T5867] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 347.735867][ T5867] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 347.786675][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.230550][ T5867] usb 3-1: usb_control_msg returned -32 [ 348.236152][ T5867] usbtmc 3-1:16.0: can't read capabilities [ 349.336343][ T970] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 349.352455][T10275] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 349.598605][ T5907] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 349.638892][ T970] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 349.651151][ T970] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 349.663584][ T970] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 349.675941][ T970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.709971][T10262] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 349.730593][ T970] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 349.864868][ T5907] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 349.874564][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.883578][ T5907] usb 2-1: Product: syz [ 349.888242][ T5907] usb 2-1: Manufacturer: syz [ 349.892840][ T5907] usb 2-1: SerialNumber: syz [ 349.915104][ T5907] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 349.931848][ T5870] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 350.122968][ T35] wlan0: Trigger new scan to find an IBSS to join [ 350.130715][ T5906] usb 5-1: USB disconnect, device number 59 [ 350.177055][T10273] netlink: 'syz.1.1236': attribute type 4 has an invalid length. [ 350.200924][T10273] netlink: 'syz.1.1236': attribute type 4 has an invalid length. [ 350.379341][T10290] netlink: 'syz.0.1240': attribute type 4 has an invalid length. [ 350.392038][T10290] netlink: 'syz.0.1240': attribute type 4 has an invalid length. [ 350.740914][ T29] audit: type=1400 audit(2000000077.385:627): avc: denied { recv } for pid=10291 comm="syz.3.1241" saddr=10.128.0.169 src=32976 daddr=10.128.0.92 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 350.821726][ T5906] usb 2-1: USB disconnect, device number 43 [ 350.828625][ T5867] usb 3-1: USB disconnect, device number 37 [ 350.887727][ T29] audit: type=1400 audit(2000000077.525:628): avc: denied { set_context_mgr } for pid=10295 comm="syz.2.1242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 350.974490][ T29] audit: type=1400 audit(2000000077.572:629): avc: denied { call } for pid=10295 comm="syz.2.1242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 351.137877][T10306] FAULT_INJECTION: forcing a failure. [ 351.137877][T10306] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.162789][T10306] CPU: 1 UID: 0 PID: 10306 Comm: syz.3.1246 Not tainted 6.13.0-rc1-syzkaller #0 [ 351.171833][T10306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 351.181889][T10306] Call Trace: [ 351.185162][T10306] [ 351.188092][T10306] dump_stack_lvl+0x16c/0x1f0 [ 351.192778][T10306] should_fail_ex+0x497/0x5b0 [ 351.197470][T10306] _copy_from_user+0x2e/0xd0 [ 351.202066][T10306] ____sys_sendmsg+0x590/0xc90 [ 351.206836][T10306] ? __pfx_____sys_sendmsg+0x10/0x10 [ 351.212124][T10306] ? __lock_acquire+0xcc5/0x3c40 [ 351.217078][T10306] ___sys_sendmsg+0x135/0x1e0 [ 351.221757][T10306] ? __pfx____sys_sendmsg+0x10/0x10 [ 351.226972][T10306] ? trace_lock_acquire+0x14e/0x1f0 [ 351.232198][T10306] __sys_sendmmsg+0x201/0x420 [ 351.236879][T10306] ? __pfx___sys_sendmmsg+0x10/0x10 [ 351.242088][T10306] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 351.248083][T10306] ? fput+0x67/0x440 [ 351.251984][T10306] ? ksys_write+0x1ba/0x250 [ 351.256488][T10306] ? __pfx_ksys_write+0x10/0x10 [ 351.261342][T10306] __x64_sys_sendmmsg+0x9c/0x100 [ 351.266280][T10306] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.271480][T10306] do_syscall_64+0xcd/0x250 [ 351.275988][T10306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.281885][T10306] RIP: 0033:0x7efd74980849 [ 351.286299][T10306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.305909][T10306] RSP: 002b:00007efd75831058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 351.314321][T10306] RAX: ffffffffffffffda RBX: 00007efd74b45fa0 RCX: 00007efd74980849 [ 351.322289][T10306] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000003 [ 351.330257][T10306] RBP: 00007efd758310a0 R08: 0000000000000000 R09: 0000000000000000 [ 351.333091][ T5870] usb 2-1: Service connection timeout for: 256 [ 351.338210][T10306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.352309][T10306] R13: 0000000000000000 R14: 00007efd74b45fa0 R15: 00007ffd8eb7b7f8 [ 351.354935][ T5870] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 351.360275][T10306] [ 351.406959][ T5870] ath9k_htc: Failed to initialize the device [ 351.496322][ T7375] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 351.883635][ T5906] usb 2-1: ath9k_htc: USB layer deinitialized [ 352.070026][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1250'. [ 352.276209][T10321] input: syz1 as /devices/virtual/input/input16 [ 352.292984][ T5865] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 353.297396][T10325] netlink: 'syz.1.1248': attribute type 2 has an invalid length. [ 353.353731][T10321] FAULT_INJECTION: forcing a failure. [ 353.353731][T10321] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.386076][T10322] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1248'. [ 353.398226][T10321] CPU: 0 UID: 0 PID: 10321 Comm: syz.2.1251 Not tainted 6.13.0-rc1-syzkaller #0 [ 353.407263][T10321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 353.417322][T10321] Call Trace: [ 353.420597][T10321] [ 353.423525][T10321] dump_stack_lvl+0x16c/0x1f0 [ 353.428210][T10321] should_fail_ex+0x497/0x5b0 [ 353.432902][T10321] _copy_to_user+0x32/0xd0 [ 353.437323][T10321] simple_read_from_buffer+0xd0/0x160 [ 353.442707][T10321] proc_fail_nth_read+0x198/0x270 [ 353.447742][T10321] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 353.453302][T10321] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 353.458859][T10321] vfs_read+0x1df/0xbe0 [ 353.463033][T10321] ? __fget_files+0x1fc/0x3a0 [ 353.467708][T10321] ? __pfx___mutex_lock+0x10/0x10 [ 353.472721][T10321] ? __pfx_vfs_read+0x10/0x10 [ 353.477388][T10321] ? __fget_files+0x206/0x3a0 [ 353.482052][T10321] ksys_read+0x12b/0x250 [ 353.486278][T10321] ? __pfx_ksys_read+0x10/0x10 [ 353.491031][T10321] do_syscall_64+0xcd/0x250 [ 353.495523][T10321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.501403][T10321] RIP: 0033:0x7f6b3377f25c [ 353.505800][T10321] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 8e 02 00 48 [ 353.525392][T10321] RSP: 002b:00007f6b3456b050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 353.533789][T10321] RAX: ffffffffffffffda RBX: 00007f6b33945fa0 RCX: 00007f6b3377f25c [ 353.541743][T10321] RDX: 000000000000000f RSI: 00007f6b3456b0b0 RDI: 0000000000000004 [ 353.549699][T10321] RBP: 00007f6b3456b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 353.557652][T10321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.565607][T10321] R13: 0000000000000000 R14: 00007f6b33945fa0 R15: 00007ffc4f575428 [ 353.573570][T10321] [ 353.799948][ T5865] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 353.809171][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.820591][ T5865] usb 1-1: Product: syz [ 353.831967][ T5865] usb 1-1: Manufacturer: syz [ 353.836578][ T5865] usb 1-1: SerialNumber: syz [ 353.860790][ T5865] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 353.995943][ T5907] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 354.046772][ T5870] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 354.184913][ T8] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 354.270348][ T5907] usb 2-1: Using ep0 maxpacket: 8 [ 354.288572][ T5907] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 354.302313][ T5907] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 354.338759][ T5907] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 354.352331][T10315] netlink: 'syz.0.1247': attribute type 4 has an invalid length. [ 354.360764][ T5907] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 354.371590][ T5907] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 354.384836][ T5907] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 354.390706][T10315] netlink: 'syz.0.1247': attribute type 4 has an invalid length. [ 354.393950][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.410114][ T7375] wlan0: Trigger new scan to find an IBSS to join [ 354.444253][ T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 354.460279][ T8] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 354.471051][ T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 354.481003][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.502973][T10337] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 354.514500][ T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 354.642394][ T5907] usb 2-1: usb_control_msg returned -32 [ 354.649781][ T5907] usbtmc 2-1:16.0: can't read capabilities [ 355.511812][ T5870] usb 1-1: Service connection timeout for: 256 [ 355.530721][ T5870] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 355.586345][ T8] usb 1-1: USB disconnect, device number 48 [ 355.603292][ T5870] ath9k_htc: Failed to initialize the device [ 355.610325][ T8] usb 1-1: ath9k_htc: USB layer deinitialized [ 355.645727][ T970] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 355.973321][ T29] audit: type=1400 audit(2000000082.277:630): avc: denied { mounton } for pid=10348 comm="syz.2.1258" path="/261/file0" dev="tmpfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 356.065690][ T970] usb 4-1: Using ep0 maxpacket: 32 [ 356.072605][ T970] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 356.081064][ T970] usb 4-1: config 0 has no interface number 0 [ 356.089382][ T970] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 356.098583][ T970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.106610][ T970] usb 4-1: Product: syz [ 356.110886][ T970] usb 4-1: Manufacturer: syz [ 356.115752][ T970] usb 4-1: SerialNumber: syz [ 356.123409][ T5870] usb 5-1: USB disconnect, device number 60 [ 356.334068][ T35] wlan0: Creating new IBSS network, BSSID 4a:aa:7f:25:46:ba [ 356.417166][ T970] usb 4-1: config 0 descriptor?? [ 356.541690][ T970] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 356.637983][T10361] netlink: 'syz.0.1260': attribute type 4 has an invalid length. [ 356.653068][T10361] netlink: 'syz.0.1260': attribute type 4 has an invalid length. [ 356.662359][ T970] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 356.673478][ T970] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 357.047064][T10346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.079495][T10346] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.320090][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 357.320738][ T8] usb 4-1: USB disconnect, device number 41 [ 357.407153][ T8] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 357.421284][ T8] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 357.438866][ T8] quatech2 4-1:0.51: device disconnected [ 357.720900][T10386] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1267'. [ 359.450593][T10409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1270'. [ 359.702826][ T5828] Bluetooth: hci2: unexpected event for opcode 0x040e [ 359.996786][T10414] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 360.299759][T10351] usbtmc 2-1:16.0: usb_control_msg returned -110 [ 360.649100][ T5865] usb 2-1: USB disconnect, device number 44 [ 360.821863][T10425] netlink: 'syz.4.1275': attribute type 4 has an invalid length. [ 360.887096][T10435] netlink: 'syz.4.1275': attribute type 4 has an invalid length. [ 361.369986][T10447] netlink: 'syz.2.1278': attribute type 2 has an invalid length. [ 361.387690][T10447] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1278'. [ 361.916500][T10450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1281'. [ 361.932311][T10452] binder: 10451:10452 ioctl 4018620d 0 returned -22 [ 361.950415][T10450] syz_tun: entered promiscuous mode [ 362.281497][T10457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1282'. [ 362.551181][T10462] fuse: Bad value for 'group_id' [ 362.559611][T10462] fuse: Bad value for 'group_id' [ 362.789170][ T5828] Bluetooth: hci0: unexpected event for opcode 0x040e [ 362.797210][T10478] mac80211_hwsim hwsim2 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 362.880259][ T5868] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 362.888114][ T970] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 362.950478][ T5867] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 362.953615][ T6440] wlan0: Trigger new scan to find an IBSS to join [ 363.046735][ T5868] usb 3-1: Using ep0 maxpacket: 32 [ 363.062859][ T970] usb 5-1: Using ep0 maxpacket: 8 [ 363.075381][ T5868] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 363.087157][ T5868] usb 3-1: config 0 has no interface number 0 [ 363.122002][ T970] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 363.136318][ T970] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 363.147249][ T970] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 363.159390][ T5867] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 363.173462][ T5868] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 363.186179][ T5867] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 363.196067][ T970] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 363.206697][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.216442][ T5867] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 363.225743][ T5868] usb 3-1: Product: syz [ 363.231121][ T970] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 363.244428][ T5868] usb 3-1: Manufacturer: syz [ 363.249106][ T5868] usb 3-1: SerialNumber: syz [ 363.254085][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.263045][ T970] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 363.272894][ T5868] usb 3-1: config 0 descriptor?? [ 363.282782][ T970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.294853][ T5868] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 363.307404][T10467] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 363.327223][ T5867] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 363.522728][ T5868] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 363.549407][ T5868] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 363.634476][ T970] usb 5-1: usb_control_msg returned -32 [ 363.845627][ T970] usbtmc 5-1:16.0: can't read capabilities [ 364.361343][T10486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 364.417065][T10486] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 364.513182][T10489] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1293'. [ 364.581916][ T970] usb 2-1: USB disconnect, device number 45 [ 364.823362][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 364.840568][ T5867] usb 3-1: USB disconnect, device number 38 [ 364.872368][ T5867] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 364.990470][ T5867] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 365.030677][ T5867] quatech2 3-1:0.51: device disconnected [ 365.089471][ T7373] wlan0: Trigger new scan to find an IBSS to join [ 365.129059][T10495] FAULT_INJECTION: forcing a failure. [ 365.129059][T10495] name failslab, interval 1, probability 0, space 0, times 0 [ 365.144854][T10495] CPU: 0 UID: 0 PID: 10495 Comm: syz.3.1295 Not tainted 6.13.0-rc1-syzkaller #0 [ 365.153892][T10495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 365.163944][T10495] Call Trace: [ 365.167226][T10495] [ 365.170161][T10495] dump_stack_lvl+0x16c/0x1f0 [ 365.174853][T10495] should_fail_ex+0x497/0x5b0 [ 365.179544][T10495] ? fs_reclaim_acquire+0xae/0x150 [ 365.184674][T10495] should_failslab+0xc2/0x120 [ 365.189358][T10495] __kmalloc_noprof+0xcb/0x510 [ 365.194127][T10495] ? d_absolute_path+0x137/0x1b0 [ 365.199077][T10495] ? rcu_is_watching+0x12/0xc0 [ 365.203849][T10495] tomoyo_encode2+0x100/0x3e0 [ 365.208524][T10495] tomoyo_encode+0x29/0x50 [ 365.212928][T10495] tomoyo_realpath_from_path+0x19d/0x720 [ 365.218552][T10495] tomoyo_path_number_perm+0x248/0x590 [ 365.223993][T10495] ? tomoyo_path_number_perm+0x235/0x590 [ 365.229618][T10495] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 365.235614][T10495] ? __pfx_lock_release+0x10/0x10 [ 365.240629][T10495] ? trace_lock_acquire+0x14e/0x1f0 [ 365.245819][T10495] ? lock_acquire+0x2f/0xb0 [ 365.250305][T10495] ? __fget_files+0x40/0x3a0 [ 365.254882][T10495] ? __fget_files+0x206/0x3a0 [ 365.259549][T10495] security_file_ioctl+0x9b/0x240 [ 365.264564][T10495] __x64_sys_ioctl+0xb7/0x200 [ 365.269231][T10495] do_syscall_64+0xcd/0x250 [ 365.273725][T10495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.279607][T10495] RIP: 0033:0x7efd74980849 [ 365.284008][T10495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.303603][T10495] RSP: 002b:00007efd75831058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 365.311999][T10495] RAX: ffffffffffffffda RBX: 00007efd74b45fa0 RCX: 00007efd74980849 [ 365.319953][T10495] RDX: 0000000020000600 RSI: 00000000c0306201 RDI: 0000000000000003 [ 365.327913][T10495] RBP: 00007efd758310a0 R08: 0000000000000000 R09: 0000000000000000 [ 365.335867][T10495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 365.343821][T10495] R13: 0000000000000000 R14: 00007efd74b45fa0 R15: 00007ffd8eb7b7f8 [ 365.351788][T10495] [ 365.359527][T10495] ERROR: Out of memory at tomoyo_realpath_from_path. [ 365.520790][T10501] fuse: Bad value for 'group_id' [ 365.525767][T10501] fuse: Bad value for 'group_id' [ 365.859596][ T970] usb 5-1: USB disconnect, device number 61 [ 366.160323][T10508] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 367.227261][ T3011] wlan0: Trigger new scan to find an IBSS to join [ 367.363211][T10525] netlink: 'syz.2.1305': attribute type 2 has an invalid length. [ 367.381722][T10525] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1305'. [ 367.911775][T10529] netlink: 'syz.4.1308': attribute type 4 has an invalid length. [ 368.086083][T10532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1304'. [ 368.323276][T10529] netlink: 'syz.4.1308': attribute type 4 has an invalid length. [ 368.363051][T10536] fuse: Bad value for 'group_id' [ 368.368017][T10536] fuse: Bad value for 'group_id' [ 368.424053][ T5865] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 368.587343][ T5865] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 368.599496][ T5865] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 368.610235][ T5907] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 368.619180][ T5865] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 368.629856][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.664359][T10527] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 368.678300][ T5865] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 368.788083][ T5907] usb 3-1: Using ep0 maxpacket: 8 [ 368.803184][ T5907] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 368.835461][ T5907] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 368.872889][ T5907] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 368.929553][ T5907] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 368.955485][ T5907] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 368.977827][ T5907] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 368.987763][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.056125][ T5865] usb 4-1: USB disconnect, device number 42 [ 369.150046][ T6440] wlan0: Creating new IBSS network, BSSID 46:07:4a:ea:2b:81 [ 369.366714][ T6440] wlan0: Trigger new scan to find an IBSS to join [ 369.514948][ T5907] usb 3-1: usb_control_msg returned -32 [ 369.520800][ T5907] usbtmc 3-1:16.0: can't read capabilities [ 369.645411][ T5828] Bluetooth: hci1: unexpected event for opcode 0x040e [ 369.653169][T10549] mac80211_hwsim hwsim4 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 370.303082][ T5828] Bluetooth: hci2: unexpected event for opcode 0x040e [ 370.391108][ T12] wlan0: Trigger new scan to find an IBSS to join [ 370.442102][T10554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1314'. [ 370.531382][T10557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1316'. [ 370.965079][T10566] mac80211_hwsim hwsim9 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 371.236355][ T5865] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 371.367911][ T5907] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 371.379657][ T3011] wlan0: Creating new IBSS network, BSSID 6e:44:7b:39:95:d9 [ 371.556814][ T5907] usb 5-1: Using ep0 maxpacket: 32 [ 371.612085][T10571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1321'. [ 371.622015][ T5865] usb 4-1: Using ep0 maxpacket: 8 [ 371.821684][ T5865] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 371.830610][ T5865] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 371.841354][ T5865] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 371.851735][ T5865] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 371.862049][ T5865] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 371.875489][ T5865] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 371.885154][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.896124][ T5907] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 371.904794][ T5907] usb 5-1: config 0 has no interface number 0 [ 371.915608][ T5865] usbtmc 4-1:16.0: bulk endpoints not found [ 371.924453][ T5907] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 371.934315][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.942868][ T5907] usb 5-1: Product: syz [ 371.947037][ T5907] usb 5-1: Manufacturer: syz [ 371.951642][ T5907] usb 5-1: SerialNumber: syz [ 371.959587][ T5907] usb 5-1: config 0 descriptor?? [ 371.967005][ T5907] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 372.186871][ T5907] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 372.200292][ T5907] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 372.529344][ T3011] wlan0: Trigger new scan to find an IBSS to join [ 372.855127][T10564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.886341][T10564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.171904][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 373.172266][ T5867] usb 5-1: USB disconnect, device number 62 [ 373.368950][ T5867] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 373.392282][ T5867] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 373.446597][ T5867] quatech2 5-1:0.51: device disconnected [ 373.573709][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1328'. [ 373.641278][ T6440] wlan0: Trigger new scan to find an IBSS to join [ 374.182554][T10603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1329'. [ 374.667445][ T35] wlan0: Trigger new scan to find an IBSS to join [ 375.202357][T10550] usbtmc 3-1:16.0: usb_control_msg returned -110 [ 375.328519][ T5867] usb 3-1: USB disconnect, device number 39 [ 375.399150][ T970] usb 4-1: USB disconnect, device number 43 [ 376.264400][ T35] wlan0: Creating new IBSS network, BSSID 36:4d:4b:d1:c2:0d [ 376.426017][T10643] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 376.436537][ T6440] ------------[ cut here ]------------ [ 376.442680][ T6440] WARNING: CPU: 0 PID: 6440 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x4bb/0x560 [ 376.452483][ T6440] Modules linked in: [ 376.456678][ T6440] CPU: 0 UID: 0 PID: 6440 Comm: kworker/u8:10 Not tainted 6.13.0-rc1-syzkaller #0 [ 376.466200][ T6440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 376.476671][ T6440] Workqueue: cfg80211 cfg80211_event_work [ 376.482485][ T6440] RIP: 0010:__cfg80211_ibss_joined+0x4bb/0x560 [ 376.489033][ T6440] Code: ff ff e8 38 6f 0e f7 90 0f 0b 90 e9 66 fe ff ff e8 3a 57 71 f7 e9 3d fc ff ff e8 d0 56 71 f7 e9 81 fc ff ff e8 16 6f 0e f7 90 <0f> 0b 90 e9 8a fc ff ff e8 08 6f 0e f7 90 0f 0b e8 40 57 71 f7 e9 [ 376.508954][ T6440] RSP: 0018:ffffc9000cfbfb50 EFLAGS: 00010293 [ 376.515001][ T6440] RAX: 0000000000000000 RBX: ffff888045148d90 RCX: 1ffffffff2dd020d [ 376.523244][ T6440] RDX: ffff888027500000 RSI: ffffffff8a8b96fa RDI: ffffffff8bd1b360 [ 376.531666][ T6440] RBP: ffffc9000cfbfc00 R08: 0000000000000001 R09: fffffbfff2dca5a6 [ 376.539926][ T6440] R10: ffffffff96e52d37 R11: 0000000000000003 R12: ffff888045148000 [ 376.547874][ T6440] R13: 1ffff920019f7f6e R14: 0000000000000000 R15: ffffc9000cfbfb90 [ 376.555933][ T6440] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 376.564855][ T6440] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 376.571463][ T6440] CR2: 00007f6b34549fb8 CR3: 0000000065ec8000 CR4: 00000000003526f0 [ 376.579414][ T6440] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 376.587668][ T6440] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 376.595897][ T6440] Call Trace: [ 376.599155][ T6440] [ 376.602070][ T6440] ? __warn+0xea/0x3c0 [ 376.606456][ T6440] ? __cfg80211_ibss_joined+0x4bb/0x560 [ 376.612002][ T6440] ? report_bug+0x3c0/0x580 [ 376.616780][ T6440] ? handle_bug+0x54/0xa0 [ 376.621099][ T6440] ? exc_invalid_op+0x17/0x50 [ 376.626271][ T6440] ? asm_exc_invalid_op+0x1a/0x20 [ 376.631322][ T6440] ? __cfg80211_ibss_joined+0x4ba/0x560 [ 376.637492][ T6440] ? __cfg80211_ibss_joined+0x4bb/0x560 [ 376.643055][ T6440] ? __pfx_lock_release+0x10/0x10 [ 376.648676][ T6440] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 376.654574][ T6440] ? mark_held_locks+0x9f/0xe0 [ 376.659850][ T6440] ? cfg80211_process_wdev_events+0x3e6/0x5d0 [ 376.665938][ T6440] cfg80211_process_wdev_events+0x3e6/0x5d0 [ 376.672179][ T6440] cfg80211_process_rdev_events+0x9f/0x130 [ 376.678249][ T6440] cfg80211_event_work+0x2b/0x40 [ 376.683164][ T6440] process_one_work+0x9c5/0x1ba0 [ 376.688399][ T6440] ? __pfx_batadv_nc_worker+0x10/0x10 [ 376.693793][ T6440] ? __pfx_process_one_work+0x10/0x10 [ 376.699428][ T6440] ? rcu_is_watching+0x12/0xc0 [ 376.704181][ T6440] ? assign_work+0x1a0/0x250 [ 376.708757][ T6440] worker_thread+0x6c8/0xf00 [ 376.713622][ T6440] ? __pfx_worker_thread+0x10/0x10 [ 376.718719][ T6440] kthread+0x2c1/0x3a0 [ 376.723094][ T6440] ? _raw_spin_unlock_irq+0x23/0x50 [ 376.728269][ T6440] ? __pfx_kthread+0x10/0x10 [ 376.733112][ T6440] ret_from_fork+0x45/0x80 [ 376.737504][ T6440] ? __pfx_kthread+0x10/0x10 [ 376.742348][ T6440] ret_from_fork_asm+0x1a/0x30 [ 376.747157][ T6440] [ 376.750163][ T6440] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 376.757414][ T6440] CPU: 0 UID: 0 PID: 6440 Comm: kworker/u8:10 Not tainted 6.13.0-rc1-syzkaller #0 [ 376.766579][ T6440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 376.776612][ T6440] Workqueue: cfg80211 cfg80211_event_work [ 376.782312][ T6440] Call Trace: [ 376.785567][ T6440] [ 376.788474][ T6440] dump_stack_lvl+0x3d/0x1f0 [ 376.793041][ T6440] panic+0x71d/0x800 [ 376.796921][ T6440] ? __pfx_panic+0x10/0x10 [ 376.801327][ T6440] ? show_trace_log_lvl+0x29d/0x3d0 [ 376.806505][ T6440] ? check_panic_on_warn+0x1f/0xb0 [ 376.811590][ T6440] ? __cfg80211_ibss_joined+0x4bb/0x560 [ 376.817110][ T6440] check_panic_on_warn+0xab/0xb0 [ 376.822020][ T6440] __warn+0xf6/0x3c0 [ 376.825886][ T6440] ? __cfg80211_ibss_joined+0x4bb/0x560 [ 376.831413][ T6440] report_bug+0x3c0/0x580 [ 376.835719][ T6440] handle_bug+0x54/0xa0 [ 376.839851][ T6440] exc_invalid_op+0x17/0x50 [ 376.844331][ T6440] asm_exc_invalid_op+0x1a/0x20 [ 376.849157][ T6440] RIP: 0010:__cfg80211_ibss_joined+0x4bb/0x560 [ 376.855284][ T6440] Code: ff ff e8 38 6f 0e f7 90 0f 0b 90 e9 66 fe ff ff e8 3a 57 71 f7 e9 3d fc ff ff e8 d0 56 71 f7 e9 81 fc ff ff e8 16 6f 0e f7 90 <0f> 0b 90 e9 8a fc ff ff e8 08 6f 0e f7 90 0f 0b e8 40 57 71 f7 e9 [ 376.874864][ T6440] RSP: 0018:ffffc9000cfbfb50 EFLAGS: 00010293 [ 376.880902][ T6440] RAX: 0000000000000000 RBX: ffff888045148d90 RCX: 1ffffffff2dd020d [ 376.888847][ T6440] RDX: ffff888027500000 RSI: ffffffff8a8b96fa RDI: ffffffff8bd1b360 [ 376.896791][ T6440] RBP: ffffc9000cfbfc00 R08: 0000000000000001 R09: fffffbfff2dca5a6 [ 376.904735][ T6440] R10: ffffffff96e52d37 R11: 0000000000000003 R12: ffff888045148000 [ 376.912678][ T6440] R13: 1ffff920019f7f6e R14: 0000000000000000 R15: ffffc9000cfbfb90 [ 376.920626][ T6440] ? __cfg80211_ibss_joined+0x4ba/0x560 [ 376.926152][ T6440] ? __pfx_lock_release+0x10/0x10 [ 376.931149][ T6440] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 376.937016][ T6440] ? mark_held_locks+0x9f/0xe0 [ 376.941755][ T6440] ? cfg80211_process_wdev_events+0x3e6/0x5d0 [ 376.947800][ T6440] cfg80211_process_wdev_events+0x3e6/0x5d0 [ 376.953692][ T6440] cfg80211_process_rdev_events+0x9f/0x130 [ 376.959473][ T6440] cfg80211_event_work+0x2b/0x40 [ 376.964397][ T6440] process_one_work+0x9c5/0x1ba0 [ 376.969313][ T6440] ? __pfx_batadv_nc_worker+0x10/0x10 [ 376.974665][ T6440] ? __pfx_process_one_work+0x10/0x10 [ 376.980013][ T6440] ? rcu_is_watching+0x12/0xc0 [ 376.984758][ T6440] ? assign_work+0x1a0/0x250 [ 376.989331][ T6440] worker_thread+0x6c8/0xf00 [ 376.993925][ T6440] ? __pfx_worker_thread+0x10/0x10 [ 376.999024][ T6440] kthread+0x2c1/0x3a0 [ 377.003073][ T6440] ? _raw_spin_unlock_irq+0x23/0x50 [ 377.008244][ T6440] ? __pfx_kthread+0x10/0x10 [ 377.012807][ T6440] ret_from_fork+0x45/0x80 [ 377.017197][ T6440] ? __pfx_kthread+0x10/0x10 [ 377.021774][ T6440] ret_from_fork_asm+0x1a/0x30 [ 377.026521][ T6440] [ 377.029704][ T6440] Kernel Offset: disabled [ 377.034073][ T6440] Rebooting in 86400 seconds..