last executing test programs: 2m22.716374192s ago: executing program 1 (id=8): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x184, r1, 0x10, 0x70bd29, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x80000}, {0x6, 0x11, 0xb9}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xc}, {0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4ee43f8c}, {0x6, 0x11, 0xf}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x210}, {0x6, 0x11, 0x1}}]}, 0x184}, 0x1, 0x0, 0x0, 0x10000001}, 0x4000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) setxattr$system_posix_acl(0x0, 0x0, &(0x7f00000001c0)={{}, {0x1, 0x2}, [{0x2, 0x2, 0xee01}]}, 0x2c, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="12000000040000000800000001"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0xe, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x1009, &(0x7f00000014c0)=""/4105, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000200)=0x70, 0x4) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='cgroup\x00', 0x20002, &(0x7f0000000180)='\x03') r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x48, 0x0, 0x38, 0x22}, {0x6, 0x0, 0x0, 0xffffffff}]}) write$ppp(r2, &(0x7f00000010c0)="1e00", 0x2) r3 = openat$fb0(0xffffff9c, &(0x7f00000001c0), 0x80080, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0xffffff80, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490) ioctl$FBIOPAN_DISPLAY(r3, 0x4606, &(0x7f0000000380)={0x30, 0x140, 0x80, 0x78, 0xfffffff8, 0x0, 0x1, 0x1, {0x3}, {0x4, 0x6, 0x1}, {0x1, 0xcd3, 0x1}, {0xa}, 0x1, 0x10, 0x4, 0x2, 0x1, 0xffffff81, 0x81, 0x0, 0x7, 0xffd7, 0xb, 0x10001, 0x10, 0x100, 0x0, 0x6}) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) r6 = socket(0x10, 0x3, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4) r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x54, 0x0, 'syz0\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0xc1105518, &(0x7f0000000040)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x7, 0xfffffffffffffffc, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5fa, 0x0, 0x0, 0x8000000000000, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x40000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7ff, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x6, 0x4, 0x6, 0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x8001]}) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r6], 0x20}}, 0x0) syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="001306000000ec19d02303f6136e5eaebfacd61981cccb16a3ad36ead9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m19.300854959s ago: executing program 1 (id=18): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$notify(r3, 0x402, 0x14) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x2c, r5, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x38, r5, 0x1, 0x0, 0xfffffffd, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffff8000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6b32}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(r6, &(0x7f0000009780)={0x2020}, 0x2020) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000100)={0x10, 0x0, 0x3}, 0x10) r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) signalfd(r7, &(0x7f0000000240)={[0x22]}, 0x8) syz_open_procfs(0x0, &(0x7f0000000000)='attr/current\x00') socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x1822, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{}, [{}]}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa}, 0x6e, &(0x7f0000000300)={0x5, 0xf, 0x6e, 0x3, [@generic={0x49, 0x10, 0x0, "06e754cd1765caf11e44d320635d35e7726afeb5ad6617e3b35cca4c3de2a84e76da9055670bf90ede0f820d9599f5975a151a1668ef66678077b1fa70559d93d06de6c7a85b"}, @ssp_cap={0xc}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "a3b7a98f9bd081fe0017d01bac7864d3"}]}, 0x2, [{0x4, &(0x7f0000000240)=@lang_id={0x4}}, {0x4, &(0x7f0000000440)=@lang_id={0x4}}]}) 2m16.036051082s ago: executing program 1 (id=26): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="d50ff29975f9d8d4e9e4bd081349eb2594b7e5fa28280e15c15ff2b7f99f56e3f81fe733b1b01fbae8f77bae1f794462a90ca98d6ecb2dbd3fbbb474cd2119d772a8256f1dcbf5cd2cf933a520f9c5a7d773430c6d229f4b6a1ebcf96d132a68a8df075b405a46a67a15c295d442979f33571c6f4be181b9dc78167208f202bda904aaa9dfcad2784d8e3d83c2207b577f480165877ef9ebc1aa59acb62c303e1356e49b74a1d1ca06bb28d0eaa1111067b3d3f385c85d2624d4325089dad0d9c65d9e21d794d441b6822a6caaa5aa31c630604ff5f31e734d451d0f0718c1d4f8be7d06cf49f50f80ba80c8ec779a5828de6b6095283c"], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28) (async, rerun: 64) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000240)='n7', 0x2}], 0x1}, 0x0) (rerun: 64) setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f00000002c0)=0x1, 0x4) (async, rerun: 32) r1 = socket$alg(0x26, 0x5, 0x0) (rerun: 32) bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) (async) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) (async, rerun: 64) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x14}, 0x9}]}, &(0x7f0000000500)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000600)={r5, 0x4000000, 0x8, 0x200, 0x5, 0x1, 0x1, 0x9957, {0x0, @in={{0x2, 0x4e22, @multicast2}}, 0xff, 0x2a, 0x9, 0x60d, 0x6}}, &(0x7f0000000480)=0xb0) (async, rerun: 32) sendto$unix(r2, &(0x7f0000000380)="a3669abdf2b1ea3fbd7dc3b16cfb13624793cbab5c677dda8d7282deb2", 0x1d, 0x18854, 0x0, 0x0) (rerun: 32) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f00000001c0)=0x1, 0x4) recvfrom$packet(r2, 0x0, 0x0, 0x12000, 0x0, 0x0) (async) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "9f2dccacf7364d6e1bd9000000000008", "32ec00", "bb10000000000001"}, 0x28) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='r', 0x200420}], 0x1}, 0x48000) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001240)="9670", 0x2}, {&(0x7f0000000540)="7805b1e2787cc4dfbe46e3947000a1e1720aea76ec2b1a9f3b8bf2d12f752fee96c50d7651b649a872aaa4a0715a2e607058176ab898c213e9f7414db7a2f9eb026412df4159fcb8153943bd2f39ccfe7a828496b15b7f8e8391dd2808a0b53d4e51f23ced3544062556923461258f7dac624f7badfc8c5b4455dd60a0939cd774dcca9fb75ad1c1b1c3e9612c4522c78ea610803ed454fdb6be5c1c56bb7fc9068dc56529b0a5", 0xa7}, {&(0x7f00000007c0)="12a5fd28ad44fdd5552856110a0647b169de0c1edfcc13b0a2036707214ce39e30dae4d5f0188451329e0d3241f570389ac140d61280d7670e60014e1f773fa83e940b4056e389502b3bf4d76f089bb76a3069a251827b199edc31ffdde74625bcd39d1d99e720cc63d787e5e39a7f30df5228f831a07f298804b57d1a1e43baa46f4ce2d513e64fa9084849f047c6bc537b6d0c0e53afc9afc5d7536c6954ba6fc87aa925940e02c9de4c631351070000005c084eb11c94d73f9d664a46f75b1c069fa6ffea092e0200"/217, 0xd9}, {&(0x7f0000001340)="1b86532b27f2db883591879c63eebc5cd209b3e4f54dc35d96d05f6228a26852f7e322221eb9a17a8ef1ad5968088ba34f6aebebe5f7223685dce60361ebc0bc6704493c1ffd09045a6d89b6fdaa9f8bfd3041ebca41c7c8d42c9f956162cedcda2eabdf5439637f09c71c3636e2a7dc86928fde4aa26030dff27c3119d39e7d075e827cc5cea849cef8568c07fd779239fe440b86d6aa0fad76860bc9913b0d3466eadf7822df85f0f6b43031accc97659d1a471c57ed81200f0ce0bfb041d6bbd1860d4f12be24235afe88f7220efa2b69c38a9b11c151a17f5451ab21d0c2c459956e59ab536c7a55093df05fa459d96508784da18e01a8c00c4af54797b5d103dfb96e05fde1f4b78c031a04cc17115ce04fe33c2c1f4565cb539add7141f38465327278dfa0859e70159f77f45a8fe5196628430f34aeef163cd7156bda1efc6777462a4d0097266f82dad6c78a5b1e5e1afed0c0f36587b3ac7d8c50af0b3c0595e8800024e42ae71f5e68ef944103df5156661f752506efca7b33b7fc05dca4456ae2f4e5fa730886701c5e29b0d0758d830c801128db1736581aad1996a0056557f82b8daedd516ae0baaac05e6704f811ba1750bd8bb7f506432ca4fe74fd1b953cce2c295fa417201593cb26e70d7ae4bf1b59dc8e8b672b48a58a14c945f48a79f908765d53f26e4409f08f94ca9e8c09a38ba3a3b66d15784487f35895e8ca759abfa228ea944eaac5b1d314bd8429bae8d2f4db07360c624dbd5fd81933cb50493a72f52f7a18722cddaa473ed4faed21043593a139f3ecda07acbe8a484a854c5de6ca84ed7b747cb6211558837de6d14ceaa05572eae008e311af49850dd959f684ed23169a3ae923b9bf20fae3abdd97f4448d10c1c7bbe7786426fd0af8e1ad67d35f58d306d60767f0c88a3c8c1979c1e076697130d9c62df90d948b8c10da7eb19214e0f8a6ab4ad88ccfa71fc000b94d73b3cdaf9685ef0a465932743a2017dac2edd7ae20b3378e5348bef66cad1ea690bdebbe939b29a963d3498c08e952331b9264a2dbde8859d5cccb3489a67ffd681c83aa513d56797442c06c8e948157d3e719e110aa250ea0b23fb7f6bacfae09a9458f8080835a210d97e8df0b2df363fe581a5d79262263b5458da1eabac746da9ce834f1363fb597804e599b5a3fd192989745b46cb536d7ead986f51ef215793513294db901cfc6897bc8c50477a46f76b7f81940f1ff2dc239f89f5c4f40bef40b7bdda71ef29272c24c633665592c87b6214bcc91cb4f40192c909d7e0f376e3ee1f503cf670fb4898db0a03162513f39ba35e48c140b654c7f7661325d10a031a7b2e74f6d744fa744a42aa16dd21cbd43d889ce5b9dbf51ea5f2707a43d208faa2590dcd3bd2ab2db6621262c00da4ae8436b9e37e6dfc99e30c5696974ad12bb727f8ebe2dc4f6c23783d06849d62e6bb0a55b7185fcd8bc4b1f394cda2b46860f1e232936ee0ee4201a73c62abfd95ba76891d406ccb241bc99b85a8f46fda571436b17ed2e3e9518470db9b41fa5d9c38601de42a123d9fd3f10ace60add1f390d019d014d8499281e08866323fac5fd617785f981714ebda00badb0d2c47457f15925ca7e0c746b948bc9593020e92524e5f3ed8094c781f7d79e4d1962bdce0957d915d58c77125a226b8babeaf5030b5c53e5f685d67851f5a44d31471ccce42e1221e4be4204638548f74a89546071074a50202d3e38e9b7b22f99d8a5bb3cafcb6595a1ff5132875f7844f79612155866104a432c9d4697909e30b310153d7933c273f0a41de2587d4a6c53be054a0b5d654c84f67b84f78436f96cb35abaecb4a4fa37f9d425e22724884bfabd9d726be72c5abc02c6aa31b2e952748450cc641d93d59c94efb54bbf3121dc2ecb1837e222b8e41515b0293d5f71e2303dfa439faf2fb75b5512f8c6c81b884447adb3ddb9443f68d727b1ccf3a47b485783841de1617d7cb0040906cb2f3e9b7a550e6a5720f62e32da66654265112065da7d733bda2f21c1c96a37e55e162983402ec3ef5c8295046f9ba19fd537ae04da22dc60be4bdbeff5641b0429615cbee35cd45bdd5e9f53a4443c03c666fc7e639abd136c91759e42e43ae5bb23724d07ff0c7ec1319dcf42becdb726ec9ae17d681b9ad8f3cccea9e8d0d7ebe9f5a15184980ef366064f3f681e7b1305a555b880ad0d9029211df2c9a0f33c453c29158974f5e59621dbca1f47b333708a99712f959907c0dd29f3ab0cfcd196e02387b244e7320662fd5929f8d1ed945cbc8945fcd9e4ef68e67ef9ff6bca22888caf8040776c7bd795a1ed230d4e2aa76771e3a2eb9d6559dc9e5171a54e4be3da2b8951d0231d17350a93500471a1810691423da8ed383e3bec8f850a1c289721431d1e9715d76e326daf75150498232b21417c488885a09d8bd3bf9b64d298268ad4a44eaf7bebe69da636df798153b6e3aedae1cf49f22a1dfe745deceb8be272501a51daee884d3d90fe9ca2892cc9261dd499f6d38cbf3bcd6ab7ac29f7f635635ea1705044c172f71a17f4b7cd24b373695751f7ca8b9837b3a8d07377ad9f09a1db4cc912d9cf21627999f881ecf57b1e15f536c9a83b43633e4a4586e300817ad8c5a40775b991dcc00de7d359574926348b4fe8ba7ba4954c8ff3de681aef9280d060745f6ab4f36c1f24dc7440537a777140a1babcc6756f070cc819d25810fca89f2c040d503ac31ad39baf3e491d266cb70ccc80c9c572e09f6c993e7465f58d024eef6529eef7ed4c659265e2cd4e4f702c812b3478909d49dfd1dffefbc187f15cc74f57c76417ad291baba8b505cb2b2cf0f0a371661d14fba8c54d06fbd8fe7ccd918340d96f0c51665fe68cf481fbaf51b774755cb3cc0d6df8ea0c301b8bd8fc5bdc6d3fef5b2ed21911c31dec4b403a268dfb44795075b18188ce46b6f04b6fcfd43a790fcdf2da485d1c0d6cc16755be0a061d9c0b4589eb01fae04692060b6708fa8a2be427044b1b1b52cc9273b15e8969c7a9038925def058199b919e28239a20a851354896e8c7fd23a9f27d66290ba830b15b4df2feb549600e921c6cd90379a8e091a63a4968f218bd85c81faf1a4d0b5afbf6236283314f2dcfb466f5799bb2063d5bf6de3a4e49e5f5e9cce96495b81976d81512a65a39ca2705ce6e4f41c7bb44b050b581ea9826e0cdfb19c0fd16affa8755a5fc78d822e260368340a8e3089f1b8deb03f5f4341739685c168e5c02062d95847d7da1ccf02e1d012c8a79f4d7f82eaf743295b5bc2963cf1a78d1118781b9a6be5f7398d832dee05d6d75c5cc0758605b6a9e90a81a696d443227659baf652b63aef6fcf50fa5e5bca6a8a7c9d56ca6bf9bf0b4d25142d9d1c0a6b322da5c67a9bd8ca31153e6a878a15d7f77283d984747a911661d3660d742f01cc8e3e89f89a34aecbccc4d878b8441283348426d1dca3e97d83b57af3d42c3ee6675a6bbc341b8bdc5fa82b18cda5bf32d554e6d88b8bc9f1589300a8bc52aa5e4a575e670bb1ea959555380dcd1b4dcf6ea19688d1ecb7a6be1c194e4be49d3835e83a9c57e923852e5db4b538418e94baac69fc223e58f2faee00049b388827438590150f883f682069e924a0e7ca96899937851cccc12f871595179bc27c2d4a8d72caa35b986128379bb977f8f7e3ba32d625bc32a9ec4c8228252c38b89c175cca66656429c0c76abecae1ea133b6020e4bb7582ff2ac46c6195a195a75b436cd56b3efb77c8dcfad1f4610b001e2f5f46e2bc6aad8e34b7973a4bd1aaef528a9c6678efd995cd5ed0b9b5052be0fa32b45bc970f0c54118a578da9214d6ebc334468fd11d19de3a260a9c76ea8166bc0c2d7160d4a3076590b1b54835f7c52333ec5a2544e3d3eadca2a341760ee7b8d3de393651127bf7e5f290c83102ae9e9ceb1ed2c5e96d8bac50e8d9eda79bda8ec9bde3b18017295f5995fde13e06f0d49d01250b44495a45a9bfbbac6dd6b17944f9add78df4fef03270327f2817dab39d38b96f318c6e0a89340776c73245d5917425c9a540d9c39b9ad2e8a0691482ada34e60dfefb4c632a35cb2aa44e60cf9c5a8a59d674d2c27a0b20a8614c868cc858241f20c948f2a4d40e316de3e6418848a573a5f09ec797182237839c9bb2cd9e5f820ac22bd7e11983e7b54e880530061fa6b4c543313dc2b6ed6d74ce8ef3b294041bf9f647fe3650ea22da63f3df58b2e423dfbd7321507b908373d26a7f64b91e9e171fd1ac78d4fa87b9eb7b866eb3ba6b749e840c1b50df43d61b17e02d8021dd75460ae46a35b7586d570698f0840599ed87f808d27c05501f796b2d549b0113832421d0f5520b682edc96028db1663d749f2f1fc5a19e6b5351874f6e4437ce33d0ccd5dce01ddd9be638579e0502d4da5bc567dc14fbcbf7ce23d7a97baf7f3059f0bed1967a35cc300b4dbfc415bcdffb9517b3b74062fe4fb1c81f510d6075061dd1f7b48941f4c4d858956b1c917a1ac1afcc96e2da4410907742cfb7f61eac354727965ddbb1fef776f83c244b2d447d9a6ca3445c81f5ef5c73a32b1c60b2f150def56def7cc086e623a5404be113516159ab0521ef3116e396d43fb3d0fe0484d1525e8577e2fe31293c9d69178bc48fc727ca23317f520a84071090598039d55fd960836e1bd7aff039d53368cdd4b305b7a3738cb1bf04a9c121e83b4d31c0767a937110e250823a9ecc786c8f3f755354ce5e9c6ca13956dcefa5eb3fca6336258f1af991351bb47f6bf64c93f9d858ed0a07c669982584fd9bda8f9f6a5205b78eb873e4690113c17c211426f24f9ce477e94216011e9e7309ab60399691d17995ac79929f4ba698315d4f792e20f8e93607ec2e9863ef8883e37223ae0226390a07389e27d3d3dc24c4935865e375b29cee23dbd82b5c063b2097916eb266974892bc519149e7cd799fef222dfd718757b9760888df0b43c60993d3b7256f8b18e90731ba5f88097a305198961ca609d5fa212aaf9c91ac475f95ef6cde12aedc18ac36b059292abbd6d38bbefb8b4c46d552fd0e8a43f455cf2ab0cc0a04efda7ed77f9117b68de401a6af6e813b07fe06437b62b53b593ce3973e3bb84a4edc884a17f20fec114764436f4ce5b4166966351071639cd65de13d5677640d0f46785ecc0288aa8996896288a83ccf0b07ae32df11be9d14d4ff4636f6e8a1a84ca5c6d9188fcf05b17d4b90595c3370e4e9fd01e20d8fdd66652e1b4f0a0116c6d1ed25853769f25d5d3f388a8a17210402d55b75d04e835c551e83163679f0e7691f2f2998f072c21b1b2da8226aa7f946e26e19b09af52defa60cf424b2fac84c7e4e611d4a28d44024558384bc51655df997a8fc2f400099dc87dfbeb303e486f818a0a8d9b6f775a4128ad981560a5e0d9b9223fc54471b88c5db9df1f83bc395d8e4322f834036e37b1125b60a10c9b0ee6228ebf541b500aa343fd39a8d76e841ad8bf1d9c3546e5bcd03df14720d089d227616fda1a0e47d44abbe159ad7810dc0629d7209c5ae120a7c1bb183d2291dd0ab4acc72d2d794481fb7627c189083614c5c698c408e85ac4a3c7007e81267126f6bbfaa9cbd15f49082c38add7a331d978dfbd4b3f827f4a7f70c1d8d3b854a0a3405ccedfda98a8f41a5da78e63f5d8892cba5717b11d2b31af0da2a7f204dc80cf91e2354b2bf799b005373d981b9bf49cc527d69d42dec0ee901b47a16b251a6cd0c4763d257a9bdc7589dfb", 0x1000}], 0x4}, 0x24004895) r6 = socket$key(0xf, 0x3, 0x2) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000300)) (async) sendmsg$key(r6, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020300020c0032ff000000000000000000000200080008000000fd00000000000000030006000000000002000000ac14140000000000000000000200010000000000000000000000000003000500000000000200"/96], 0x60}, 0x1, 0x7}, 0x0) (async) recvfrom$inet6(r0, &(0x7f0000000100)=""/19, 0x1ff4, 0x40, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) 2m15.157353729s ago: executing program 1 (id=28): socket$inet6(0xa, 0x6, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x9101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x6) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x3c) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000043000701000000fbffffff00047c0000"], 0x14}}, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000580)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf4fffff7, 0x12, r0, 0x0) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x100, 0x0) mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r5, &(0x7f0000000300)="080b010000000000", 0x8) r6 = syz_usb_connect(0x2, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000000)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @random="4803219e00"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, 0x0, &(0x7f0000000140)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x19, 0x2}, 0x0, 0x0, 0x0, 0x0}) close(0xffffffffffffffff) syz_open_dev$sndpcmc(&(0x7f0000000080), 0xb, 0x2) r7 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r7, 0x40044160, 0x3) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r10, @ANYBLOB="3c005a80380000800c0001000202"], 0x58}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) 2m10.478533792s ago: executing program 1 (id=39): setgroups(0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010010905"], 0x0) r0 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) readv(r0, &(0x7f00000001c0)=[{&(0x7f00000011c0)=""/4096, 0x1000}, {0x0}], 0x2) 2m9.866447287s ago: executing program 1 (id=42): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)={[], [], 0x2c}) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000bc0)={{0x0, 0x8, 0x1, 0x401, 0x61, 0x4, 0x40, 0xfffffffa, 0x80000000, 0x8, 0x3ff, 0x3, 0x7fffffff, 0x25e5, 0x382}}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x20, 0x0) r1 = gettid() bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000140)={0x5, 0x8000000eb39}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) io_setup(0x202, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(r1, 0xd, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x4000001) kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{&(0x7f00000004c0), 0x0, 0x0, 0x1000}], 0x0) 2m8.730942221s ago: executing program 32 (id=42): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)={[], [], 0x2c}) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000bc0)={{0x0, 0x8, 0x1, 0x401, 0x61, 0x4, 0x40, 0xfffffffa, 0x80000000, 0x8, 0x3ff, 0x3, 0x7fffffff, 0x25e5, 0x382}}) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x20, 0x0) r1 = gettid() bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000140)={0x5, 0x8000000eb39}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) io_setup(0x202, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(r1, 0xd, 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x4000001) kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{&(0x7f00000004c0), 0x0, 0x0, 0x1000}], 0x0) 5.728906175s ago: executing program 0 (id=366): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8906, 0x0) 5.522633425s ago: executing program 0 (id=369): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x20000000009) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000000)=0x3) 5.198838966s ago: executing program 0 (id=372): syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x91) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x3, 0x0, @void}, 0x62) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 4.99744644s ago: executing program 0 (id=374): r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 4.602865212s ago: executing program 3 (id=379): syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) syz_usbip_server_init(0x0) syz_usbip_server_init(0x4) syz_usbip_server_init(0x2) 4.4936327s ago: executing program 5 (id=381): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0) close(r2) ioctl$KVM_CHECK_EXTENSION(r3, 0xae01, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000300)={0xeeee0000, 0x100000, 0x8}) close_range(r0, 0xffffffffffffffff, 0x0) 4.173249763s ago: executing program 5 (id=382): socket$inet6(0xa, 0x3, 0x6f1) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, 0x0) connect$bt_sco(r0, &(0x7f0000000000), 0x8) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c58b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) 4.053422097s ago: executing program 0 (id=383): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x8000, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988ca", 0xe}], 0x1) 3.807881818s ago: executing program 2 (id=384): getrandom(0x0, 0x0, 0x2) syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x126}, &(0x7f0000000000), &(0x7f0000000100)) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080), 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) socket$netlink(0x10, 0x3, 0x4) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000000000)=""/10, 0x21}, 0x20) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x1}, 0x4) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2000}, 0x4) socket$inet6_udp(0xa, 0x2, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$RNDGETENTCNT(r4, 0x80086c41, 0x0) socket$inet6(0xa, 0x2, 0x0) 3.757315927s ago: executing program 3 (id=385): rmdir(&(0x7f0000000040)='./cgroup/../file0\x00') 3.633540577s ago: executing program 2 (id=386): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000980)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="10000000170100000200000000000000100000001701"], 0x20, 0x800}], 0x1, 0x0) 3.567931042s ago: executing program 3 (id=388): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="b8000000140001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\b\x00'/17], 0xb8}}, 0x0) 3.429629095s ago: executing program 2 (id=389): sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x28}}, 0x8081) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0) 3.419553784s ago: executing program 2 (id=390): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="afd17a04bbff8109f6662acdda8793b24c03da968ce5cbf2a4ab83ea1537c1c784d222981c0bb6fb2b82762eedcd3a1ef61671cc15d179d8c852c2a29bf1966f38fb10043e4aaf86d96a6033645a9ad759439f140ca0016dc659b2c84d80e926459fad21d1e45de6fa98c545aa1ee1589b13b9bd59e578fad9b76c8bad54924631229b51d35d1998a9b48baf813c27573061a059068b1583b8c83c317a86b8c07b517b6e75e66026924f384eac573ec4d21470b8705dd2003315db232b629bde8a0d5d79b3008072638db8588b1426f319b8e329897ef194400e645cc38b0326450dd8638e5b7e9a7a1235e5639042b7561d60bcb31d3f5b605ef24dc66f17503ff9e326df10852864bd3f04b70f30c8b520aea1ec92352284db74d8afaa4a16e0ca6f77e15dfc5f513366ac9309daa549007c8e2d052fcd5ebfe61300ceede2c7589f701a87e9e748b2ca825c6341371e8e18e63c16121b138d47013beddc36420c3481fabda074acdc1c48ce1f074f85efdeee69f031561321354ea949adf0328ca1ff3906511657b842211092f0fa66b490bd542a02702f75938c3f9d2887006f16d6de7c8561205a7279dec6d67f0bcce7495613016d09d4a258ee892be05e555c89c6e7d9299a59d3b74f380549c76f701bf6b777ed1b285ba6f6384eeaf154b40ad5c894f24b5a71f25800384a6e18074b274b6e14ce810a8f05d982e4581c907ca4f7e0bb304f4117d80d80ca489e669fab43f0278165", 0x21a, 0x800, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 3.289629916s ago: executing program 3 (id=392): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000200)={0x980000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 3.24804069s ago: executing program 5 (id=393): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000140)="580000001400ad", 0x7}], 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.154546572s ago: executing program 3 (id=394): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00\f\x00\b\x00\x00', @ANYRES64], 0x0, 0x0, 0x0, 0x0}) 2.981274732s ago: executing program 5 (id=395): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, 0x0, &(0x7f0000001080)) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000000c0)=0xa0000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) socket(0x40000000015, 0x5, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x10, 0x6, 0x0, 0x6, 0x0, 0x6, 0x0, 0x0, 0x7, 0x3, 0x2, 0x7, 0x400000000004}, {0x4, 0x0, 0x0, 0xf7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {0x80, 0x8, 0x0, 0xff, 0x0, 0x4, 0x1, 0x2, 0x0, 0xff}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair(0x29, 0xa, 0x0, &(0x7f00000001c0)) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r3, 0x7b1, &(0x7f0000000000)={{@local}, 0x2}) r7 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r7, 0x400455c8, 0x20000000009) ioctl$TIOCSETD(r7, 0x5412, &(0x7f0000000000)=0x3) ioctl$AUTOFS_DEV_IOCTL_VERSION(r7, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) 2.403337937s ago: executing program 4 (id=396): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3, 0x80, 0xc2, 0x0, 0x0, 0x1}, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @private=0x7f000001}, "00186371ae9b1c03"}}}}}, 0x0) 2.278044401s ago: executing program 4 (id=397): ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x4, 0x2c00000000000000, 0xb, 0x6a}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x3, 0x7, 0xfb6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x5}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.937716775s ago: executing program 4 (id=398): syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xfc}, @hci_rp_read_local_name={{0x7}, {0x5, "474221c8cd3cc61580bd0ad21825c47f9d6d1a219650bdf8b13ad8a9435bb90b62855660dee51f8715dc87c72ed4a0c390ef56605a2fa65275c6a372f919b18ebaee2082dfc2f5e2351ac476b9e03fe67b8aa64e7f2144e2162b64e3941e465df66a330d2b47928c2887e33ac55369a4f4c70809cdd4e78e1c64ff3473936751de8a04cb48ab436b479224d5af190918f08dbe611e6027ea1200f122c57d60bf10f40a0365fd1c68f07cb74625dab1ce5f799ad6071235e9d60e81eff940adcd4f227041fe542c664049b760447b6dc7174eea18e43f8898f54959dd2eff356f82377964f764736fab2b82603b62c81aea9a862ca0c1a949"}}}}, 0xff) 1.871716363s ago: executing program 4 (id=399): ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x4, 0x2c00000000000000, 0xb, 0x6a}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x3, 0x7, 0xfb6}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_IOVA_RANGES(r2, 0x3b84, &(0x7f0000000100)={0x20, 0x0, 0x1, 0x0, &(0x7f0000000040)=[{}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x5}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.013516482s ago: executing program 2 (id=400): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000080)={0x20000, 0x0, [0x0, 0x6, 0x8, 0x10000, 0x31, 0x2, 0x73, 0x8e6]}) 957.504627ms ago: executing program 5 (id=401): unshare(0x62060200) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x42020600) 920.454952ms ago: executing program 0 (id=402): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) dup(r1) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 763.738458ms ago: executing program 4 (id=403): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7ffffffe}]}) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone3(&(0x7f00000008c0)={0x15340180, 0x0, 0x0, 0x0, {0x38}, 0x0, 0x0, 0x0, 0x0}, 0x58) 669.076682ms ago: executing program 2 (id=404): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10) r2 = socket(0x10, 0x3, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r3, 0x0, 0x2000000, 0x20000) ioctl$F2FS_IOC_SEC_TRIM_FILE(r3, 0x4018f514, &(0x7f0000000040)={0x1, 0x6, 0x3}) r4 = socket$netlink(0x10, 0x3, 0xf) r5 = socket$netlink(0x10, 0x3, 0xf) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32=r1, @ANYBLOB="e66f399a542286837e8395f4f8291d666f36a7516fc8f83a8038be4be026a17b7a1e"], 0x48) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, &(0x7f00000001c0)={'veth1\x00', {0x2, 0x4e20, @loopback}}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000009000000000000000020000018110000", @ANYRESOCT=r3, @ANYRESDEC=r3, @ANYRES32=0x0, @ANYRES64=r0], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) unshare(0x40000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8000}, 0x1c) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000d52f1f23cc4a9560769f64cfcb2ba5b2cdb801f756845b044760adae7dc692521d66ef46ee3aa046cbd2de5871ad6aa8b75462f58b75ddf9611ff27a6f04ba3b61d81505c8524c13019559fc1e98b480094b3bb4e127ce72329cd05dcb68c89292626ec4aedf95a8d79f927716d23c4873006e9be46be1ee44be4d7ad140fcddb42a502b1f1626e5a004bcb41e2a46c78eb6efa4ce2af73d286cd92b306a374602c8612df146300fd15755edcac0019f544708ccec4e71"], 0x48}}, 0x90) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='\x00'/12], 0x14}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005e000102"], 0x1c}}, 0x0) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r5) 426.05065ms ago: executing program 5 (id=405): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f00000000c0)=ANY=[@ANYRES32=r0]) 191.359618ms ago: executing program 4 (id=406): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 0s ago: executing program 3 (id=407): r0 = socket(0x22, 0x2, 0x4) accept4$bt_l2cap(r0, 0x0, 0x0, 0x80800) kernel console output (not intermixed with test programs): g, handler #40!!! [ 88.253881][ T5875] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 88.278753][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.291742][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.347888][ T5875] usb 2-1: Product: syz [ 88.366318][ T5875] usb 2-1: Manufacturer: syz [ 88.391821][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.599208][ T5875] usb 2-1: SerialNumber: syz [ 88.742976][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.790834][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.816364][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.831622][ T5875] usb 2-1: config 0 descriptor?? [ 88.876843][ T5875] gspca_main: sq930x-2.14.0 probing 2770:930c [ 89.272734][ T5833] Bluetooth: hci1: command tx timeout [ 89.287043][ T5875] gspca_sq930x: ucbus_write failed -71 [ 89.303966][ T5875] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 89.343249][ T5833] Bluetooth: hci2: command tx timeout [ 89.348731][ T5833] Bluetooth: hci3: command tx timeout [ 89.354527][ T5837] Bluetooth: hci0: command tx timeout [ 89.359965][ T5837] Bluetooth: hci4: command tx timeout [ 89.377073][ T5875] usb 2-1: USB disconnect, device number 2 [ 89.428496][ T5946] FAULT_INJECTION: forcing a failure. [ 89.428496][ T5946] name failslab, interval 1, probability 0, space 0, times 1 [ 89.493703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.510004][ T5946] CPU: 1 UID: 0 PID: 5946 Comm: syz.4.5 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 89.510036][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 89.510049][ T5946] Call Trace: [ 89.510063][ T5946] [ 89.510070][ T5946] dump_stack_lvl+0x241/0x360 [ 89.510112][ T5946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.510137][ T5946] should_fail_ex+0x40a/0x550 [ 89.510162][ T5946] should_failslab+0xac/0x100 [ 89.510187][ T5946] __kmalloc_node_noprof+0xe1/0x4d0 [ 89.510203][ T5946] ? alloc_slab_obj_exts+0x3a/0xa0 [ 89.510228][ T5946] alloc_slab_obj_exts+0x3a/0xa0 [ 89.510248][ T5946] __memcg_slab_post_alloc_hook+0x319/0x7e0 [ 89.510275][ T5946] ? alloc_empty_file+0x9e/0x1d0 [ 89.510291][ T5946] ? alloc_empty_file+0x9e/0x1d0 [ 89.510304][ T5946] kmem_cache_alloc_noprof+0x287/0x380 [ 89.510329][ T5946] alloc_empty_file+0x9e/0x1d0 [ 89.510346][ T5946] path_openat+0x107/0x3590 [ 89.510373][ T5946] ? __pfx_stack_trace_save+0x10/0x10 [ 89.510396][ T5946] ? mark_lock+0x9a/0x360 [ 89.510429][ T5946] ? __pfx_path_openat+0x10/0x10 [ 89.510461][ T5946] do_filp_open+0x27f/0x4e0 [ 89.510483][ T5946] ? __pfx_do_filp_open+0x10/0x10 [ 89.510500][ T5946] ? do_raw_spin_lock+0x14f/0x370 [ 89.510546][ T5946] do_sys_openat2+0x13e/0x1d0 [ 89.510566][ T5946] ? __pfx_do_sys_openat2+0x10/0x10 [ 89.510578][ T5946] ? __fget_files+0x2a/0x410 [ 89.510595][ T5946] ? __fget_files+0x2a/0x410 [ 89.510612][ T5946] __x64_sys_openat+0x247/0x2a0 [ 89.510637][ T5946] ? __pfx___x64_sys_openat+0x10/0x10 [ 89.510655][ T5946] ? do_syscall_64+0x100/0x230 [ 89.510679][ T5946] ? do_syscall_64+0xb6/0x230 [ 89.510703][ T5946] do_syscall_64+0xf3/0x230 [ 89.510724][ T5946] ? clear_bhb_loop+0x35/0x90 [ 89.510747][ T5946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.510771][ T5946] RIP: 0033:0x7f5ea378d169 [ 89.510790][ T5946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.510803][ T5946] RSP: 002b:00007f5ea467d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 89.510827][ T5946] RAX: ffffffffffffffda RBX: 00007f5ea39a5fa0 RCX: 00007f5ea378d169 [ 89.510837][ T5946] RDX: 0000000000101042 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 89.510848][ T5946] RBP: 00007f5ea467d090 R08: 0000000000000000 R09: 0000000000000000 [ 89.510857][ T5946] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 89.510866][ T5946] R13: 0000000000000000 R14: 00007f5ea39a5fa0 R15: 00007ffe502d58e8 [ 89.510890][ T5946] [ 89.712787][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 89.769802][ C0] vkms_vblank_simulate: vblank timer overrun [ 90.455112][ T5954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.622952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.703869][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.873793][ T5954] netlink: 'syz.0.15': attribute type 4 has an invalid length. [ 91.053025][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 91.067333][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.142481][ T5959] netlink: 60 bytes leftover after parsing attributes in process `syz.4.17'. [ 91.153925][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 91.188101][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 91.228672][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 91.250469][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 91.263532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 91.367804][ T5962] tipc: Started in network mode [ 91.372873][ T5962] tipc: Node identity 7, cluster identity 4711 [ 91.379021][ T5962] tipc: Node number set to 7 [ 91.384207][ T5962] tipc: Cannot configure node identity twice [ 91.413312][ T10] IPVS: starting estimator thread 0... [ 91.470939][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 91.511842][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 91.550215][ T9] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 91.572932][ T5964] IPVS: using max 27 ests per chain, 64800 per kthread [ 91.632980][ T5904] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 91.743788][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 91.812537][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.682751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 92.683258][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 92.967989][ T5904] usb 2-1: not running at top speed; connect to a high speed hub [ 92.985084][ T9] usb 4-1: Product: syz [ 92.993662][ T5904] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 93.006739][ T9] usb 4-1: Manufacturer: syz [ 93.011700][ T9] usb 4-1: SerialNumber: syz [ 93.065455][ T5904] usb 2-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 93.078646][ T9] usb 4-1: config 0 descriptor?? [ 93.093371][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.101510][ T5904] usb 2-1: Product: syz [ 93.109107][ T9] usb 4-1: can't set config #0, error -71 [ 93.112865][ T5904] usb 2-1: SerialNumber: syz [ 93.129624][ T5904] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 93.169476][ T9] usb 4-1: USB disconnect, device number 2 [ 93.334728][ T5904] usb 2-1: USB disconnect, device number 3 [ 93.936979][ T5982] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25'. [ 94.453009][ T5904] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 94.720776][ T26] cfg80211: failed to load regulatory.db [ 94.758113][ T5904] usb 4-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 94.787693][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.806132][ T5904] usb 4-1: Product: syz [ 94.823192][ T5904] usb 4-1: Manufacturer: syz [ 94.847857][ T5904] usb 4-1: SerialNumber: syz [ 94.912825][ T5904] usb 4-1: config 0 descriptor?? [ 94.928055][ T5904] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 94.989532][ T6005] x_tables: duplicate underflow at hook 3 [ 94.997135][ T6002] ======================================================= [ 94.997135][ T6002] WARNING: The mand mount option has been deprecated and [ 94.997135][ T6002] and is ignored by this kernel. Remove the mand [ 94.997135][ T6002] option from the mount to silence this warning. [ 94.997135][ T6002] ======================================================= [ 95.032064][ C0] vkms_vblank_simulate: vblank timer overrun [ 96.068534][ T9] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 96.097059][ T5904] sonixb 4-1:0.0: Error reading register 00: -110 [ 96.475469][ T9] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 96.503336][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.522611][ T9] usb 2-1: config 0 descriptor?? [ 96.647293][ T6018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.31'. [ 96.672966][ T6018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.31'. [ 96.792298][ T6021] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.809144][ T5875] hid-generic 0000:0003:0000.0001: unknown main item tag 0x0 [ 96.820828][ T5875] hid-generic 0000:0003:0000.0001: unknown main item tag 0x0 [ 97.854363][ T5875] hid-generic 0000:0003:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 98.838481][ T6002] netlink: 40 bytes leftover after parsing attributes in process `syz.1.28'. [ 98.873443][ T5875] usb 4-1: USB disconnect, device number 3 [ 98.901300][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 98.973241][ T9] asix 2-1:0.0: probe with driver asix failed with error -71 [ 99.011342][ T9] usb 2-1: USB disconnect, device number 4 [ 99.472824][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 99.687159][ T9] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 99.702758][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 99.738470][ T9] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.781935][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 99.801339][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.864769][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 99.893420][ T9] usb 4-1: invalid MIDI out EP 0 [ 100.165183][ T6045] overlayfs: failed to resolve './file1': -2 [ 100.570075][ T1155] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.621994][ T9] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 100.681939][ T9] usb 4-1: USB disconnect, device number 4 [ 100.902217][ T5827] udevd[5827]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 101.069966][ T1155] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.665828][ T5904] hid-generic 0000:0003:0000.0002: unknown main item tag 0x0 [ 103.143889][ T5904] hid-generic 0000:0003:0000.0002: unknown main item tag 0x0 [ 103.204518][ T6060] FAULT_INJECTION: forcing a failure. [ 103.204518][ T6060] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 103.253326][ T5904] hid-generic 0000:0003:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz1 [ 103.316816][ T1155] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.327392][ T6060] CPU: 0 UID: 0 PID: 6060 Comm: syz.2.44 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 103.327414][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 103.327424][ T6060] Call Trace: [ 103.327430][ T6060] [ 103.327438][ T6060] dump_stack_lvl+0x241/0x360 [ 103.327464][ T6060] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.327480][ T6060] ? __pfx__printk+0x10/0x10 [ 103.327520][ T6060] ? __pfx_lock_release+0x10/0x10 [ 103.327550][ T6060] should_fail_ex+0x40a/0x550 [ 103.327577][ T6060] _copy_from_user+0x2d/0xb0 [ 103.327599][ T6060] __sys_bpf+0x1be/0x820 [ 103.327623][ T6060] ? __pfx___sys_bpf+0x10/0x10 [ 103.327656][ T6060] ? __might_fault+0xc6/0x120 [ 103.327676][ T6060] ? trace_sys_enter+0x74/0x120 [ 103.327699][ T6060] ? rcu_is_watching+0x15/0xb0 [ 103.327720][ T6060] __x64_sys_bpf+0x7c/0x90 [ 103.327739][ T6060] do_syscall_64+0xf3/0x230 [ 103.327761][ T6060] ? clear_bhb_loop+0x35/0x90 [ 103.327784][ T6060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.327805][ T6060] RIP: 0033:0x7f321bd8d169 [ 103.327820][ T6060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.327838][ T6060] RSP: 002b:00007f321cbf1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 103.327855][ T6060] RAX: ffffffffffffffda RBX: 00007f321bfa5fa0 RCX: 00007f321bd8d169 [ 103.327867][ T6060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000300 [ 103.327876][ T6060] RBP: 00007f321cbf1090 R08: 0000000000000000 R09: 0000000000000000 [ 103.327886][ T6060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.327895][ T6060] R13: 0000000000000000 R14: 00007f321bfa5fa0 R15: 00007ffcc3782ba8 [ 103.327919][ T6060] [ 104.516417][ T1155] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.659321][ T6057] netlink: 8 bytes leftover after parsing attributes in process `syz.4.46'. [ 105.120321][ T6068] netlink: 'syz.2.48': attribute type 4 has an invalid length. [ 105.654990][ T1155] bridge_slave_1: left allmulticast mode [ 105.660930][ T1155] bridge_slave_1: left promiscuous mode [ 106.255558][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.479233][ T1155] bridge_slave_0: left allmulticast mode [ 106.522857][ T1155] bridge_slave_0: left promiscuous mode [ 106.530119][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.535453][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.547322][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.555985][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.564987][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.574053][ T5837] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 106.583376][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 107.359812][ T6079] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 108.732525][ T6088] netlink: 'syz.0.53': attribute type 4 has an invalid length. [ 108.873618][ T5833] Bluetooth: hci2: command tx timeout [ 109.301182][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 109.318990][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 109.330181][ T1155] bond0 (unregistering): Released all slaves [ 109.532810][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 109.541959][ T1155] tipc: Left network mode [ 109.685194][ T6098] FAULT_INJECTION: forcing a failure. [ 109.685194][ T6098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.729551][ T10] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 109.741123][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 109.753394][ T10] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 109.767132][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 109.776951][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.793143][ T6098] CPU: 0 UID: 0 PID: 6098 Comm: syz.0.55 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 109.793170][ T6098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.793180][ T6098] Call Trace: [ 109.793186][ T6098] [ 109.793194][ T6098] dump_stack_lvl+0x241/0x360 [ 109.793221][ T6098] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.793238][ T6098] ? __pfx__printk+0x10/0x10 [ 109.793267][ T6098] ? snprintf+0xda/0x120 [ 109.793294][ T6098] should_fail_ex+0x40a/0x550 [ 109.793322][ T6098] _copy_to_user+0x31/0xb0 [ 109.793345][ T6098] simple_read_from_buffer+0xca/0x150 [ 109.793374][ T6098] proc_fail_nth_read+0x1e9/0x250 [ 109.793404][ T6098] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.793431][ T6098] ? rw_verify_area+0x243/0x630 [ 109.793450][ T6098] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.793475][ T6098] vfs_read+0x1f8/0xb40 [ 109.793507][ T6098] ? fdget_pos+0x254/0x320 [ 109.793526][ T6098] ? __pfx___mutex_lock+0x10/0x10 [ 109.793549][ T6098] ? __pfx_vfs_read+0x10/0x10 [ 109.793572][ T6098] ? __fget_files+0x2a/0x410 [ 109.793590][ T6098] ? __fget_files+0x395/0x410 [ 109.793605][ T6098] ? __fget_files+0x2a/0x410 [ 109.793630][ T6098] ksys_read+0x18f/0x2b0 [ 109.793652][ T6098] ? __pfx_ksys_read+0x10/0x10 [ 109.793672][ T6098] ? do_syscall_64+0x100/0x230 [ 109.793697][ T6098] ? do_syscall_64+0xb6/0x230 [ 109.793721][ T6098] do_syscall_64+0xf3/0x230 [ 109.793742][ T6098] ? clear_bhb_loop+0x35/0x90 [ 109.793765][ T6098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.793799][ T6098] RIP: 0033:0x7f07d338bb7c [ 109.793815][ T6098] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 109.793828][ T6098] RSP: 002b:00007f07d11f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 109.793846][ T6098] RAX: ffffffffffffffda RBX: 00007f07d35a6080 RCX: 00007f07d338bb7c [ 109.793857][ T6098] RDX: 000000000000000f RSI: 00007f07d11f60a0 RDI: 0000000000000004 [ 109.793867][ T6098] RBP: 00007f07d11f6090 R08: 0000000000000000 R09: 0000000000000000 [ 109.793877][ T6098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.793885][ T6098] R13: 0000000000000001 R14: 00007f07d35a6080 R15: 00007ffd7aad4d48 [ 109.793911][ T6098] [ 110.023833][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.076968][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 110.090594][ T10] usb 5-1: invalid MIDI out EP 0 [ 110.942850][ T5833] Bluetooth: hci2: command tx timeout [ 111.079094][ T6110] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 111.155212][ T10] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 111.167972][ T10] usb 5-1: USB disconnect, device number 2 [ 111.351659][ T5827] udevd[5827]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 111.436349][ T1155] hsr_slave_0: left promiscuous mode [ 111.577078][ T1155] hsr_slave_1: left promiscuous mode [ 111.586887][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 111.599281][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 111.616323][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.632834][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.716799][ T1155] veth1_macvtap: left promiscuous mode [ 111.725500][ T1155] veth0_macvtap: left promiscuous mode [ 111.732120][ T1155] veth1_vlan: left promiscuous mode [ 111.739177][ T1155] veth0_vlan: left promiscuous mode [ 111.759499][ T6129] x_tables: duplicate underflow at hook 3 [ 112.882913][ T5905] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 113.033182][ T5833] Bluetooth: hci2: command tx timeout [ 113.039547][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 113.049320][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 113.063967][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 113.087777][ T5905] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 113.097016][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.105297][ T5905] usb 5-1: Product: syz [ 113.109615][ T5905] usb 5-1: Manufacturer: syz [ 113.114574][ T5905] usb 5-1: SerialNumber: syz [ 113.131713][ T5905] usb 5-1: config 0 descriptor?? [ 113.158277][ T5905] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 113.170806][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 113.179595][ T5905] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 113.236940][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 113.771758][ T6073] chnl_net:caif_netlink_parms(): no params data found [ 113.789698][ T5905] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 113.811505][ T5905] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 114.135076][ T6073] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.143568][ T6073] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.186359][ T6073] bridge_slave_0: entered allmulticast mode [ 114.212601][ T6073] bridge_slave_0: entered promiscuous mode [ 114.246611][ T6073] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.280272][ T6073] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.317229][ T6073] bridge_slave_1: entered allmulticast mode [ 114.641460][ T5905] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 114.802355][ T6144] overlayfs: failed to resolve './file2': -2 [ 114.813104][ T6073] bridge_slave_1: entered promiscuous mode [ 114.875560][ T5905] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 114.962758][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 115.082045][ T5905] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 115.100352][ T5905] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 115.109008][ T5833] Bluetooth: hci2: command tx timeout [ 115.146905][ T6073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.214480][ T6073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.224263][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 115.241077][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.268202][ T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 115.350846][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 115.396185][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 115.428983][ T6073] team0: Port device team_slave_0 added [ 115.439182][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 115.477923][ T6073] team0: Port device team_slave_1 added [ 115.511181][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 115.531611][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.689114][ T10] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 116.319297][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.328764][ T10] usb 4-1: Product: syz [ 116.333402][ T10] usb 4-1: Manufacturer: syz [ 116.338405][ T10] usb 4-1: SerialNumber: syz [ 116.422350][ T6073] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.428737][ T10] usb 4-1: config 0 descriptor?? [ 116.437968][ T6143] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 116.465423][ T5905] em28xx 5-1:0.0: AC97 command still being executed: not handled properly! [ 116.501443][ T6073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.517958][ T5905] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 116.535027][ T10] ati_remote 4-1:0.0: Initializing ati_remote hardware failed. [ 116.554921][ T10] ati_remote 4-1:0.0: probe with driver ati_remote failed with error -5 [ 116.564101][ T6073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.582171][ T6073] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.589776][ T6073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.777561][ T6073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.726097][ T976] usb 5-1: USB disconnect, device number 3 [ 117.806113][ T5877] usb 4-1: USB disconnect, device number 5 [ 117.852380][ T6172] netlink: 28 bytes leftover after parsing attributes in process `syz.2.65'. [ 117.863339][ T6172] netlink: 28 bytes leftover after parsing attributes in process `syz.2.65'. [ 117.961622][ T6172] syz_tun: entered promiscuous mode [ 117.988675][ T6172] syz_tun: left promiscuous mode [ 119.049570][ T6073] hsr_slave_0: entered promiscuous mode [ 119.068340][ T6073] hsr_slave_1: entered promiscuous mode [ 119.382467][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'. [ 119.440969][ T6189] netlink: 27 bytes leftover after parsing attributes in process `syz.0.68'. [ 120.483687][ T976] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 120.695506][ T6191] netlink: 8 bytes leftover after parsing attributes in process `syz.2.70'. [ 120.898143][ T976] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 121.015048][ T976] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 121.030422][ T976] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 121.043839][ T976] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 121.053302][ T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.069629][ T976] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 121.089531][ T976] usb 4-1: invalid MIDI out EP 0 [ 121.155701][ T976] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 121.480057][ T6209] netlink: 'syz.2.71': attribute type 4 has an invalid length. [ 122.290066][ T5877] usb 4-1: USB disconnect, device number 6 [ 122.338852][ T6073] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 122.545157][ T6073] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 122.612137][ T6073] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 122.674381][ T5841] udevd[5841]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.695787][ T6073] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 122.778775][ T976] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 122.823924][ T6222] process 'syz.0.74' launched './file0' with NULL argv: empty string added [ 122.886933][ T6222] warning: `syz.0.74' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 122.917651][ T6073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.947292][ T6073] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.969197][ T976] usb 3-1: Using ep0 maxpacket: 16 [ 122.978244][ T976] usb 3-1: config 102 has too many interfaces: 159, using maximum allowed: 32 [ 122.978274][ T976] usb 3-1: config 102 has 1 interface, different from the descriptor's value: 159 [ 122.983621][ T976] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 122.983650][ T976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.983669][ T976] usb 3-1: Product: syz [ 122.983684][ T976] usb 3-1: Manufacturer: syz [ 122.983698][ T976] usb 3-1: SerialNumber: syz [ 123.062548][ T6073] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 123.062575][ T6073] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 123.132989][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.133074][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.135873][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.135913][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.230701][ T6215] netlink: 28 bytes leftover after parsing attributes in process `syz.2.73'. [ 123.230732][ T6215] netlink: 28 bytes leftover after parsing attributes in process `syz.2.73'. [ 123.230761][ T6215] netlink: 12 bytes leftover after parsing attributes in process `syz.2.73'. [ 124.018286][ T976] ssu100 3-1:102.0: Quatech SSU-100 USB to Serial Driver converter detected [ 124.020268][ T976] ssu100 3-1:102.0: probe with driver ssu100 failed with error -71 [ 124.041970][ T976] usb 3-1: USB disconnect, device number 2 [ 124.060678][ T6222] tty tty4: ldisc open failed (-12), clearing slot 3 [ 124.702540][ T6073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.204667][ T6257] overlayfs: failed to resolve './file1': -2 [ 127.493630][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 128.024102][ T9] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 128.275799][ T6281] netlink: 'syz.0.82': attribute type 4 has an invalid length. [ 128.752971][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 128.823075][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 128.852810][ T9] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 128.913631][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 128.952727][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.990534][ T6073] veth0_vlan: entered promiscuous mode [ 129.005801][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 129.023925][ T9] usb 4-1: invalid MIDI out EP 0 [ 129.035779][ T6284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.83'. [ 129.051480][ T6284] netlink: 27 bytes leftover after parsing attributes in process `syz.0.83'. [ 129.088640][ T6073] veth1_vlan: entered promiscuous mode [ 129.169283][ T9] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 129.204652][ T6073] veth0_macvtap: entered promiscuous mode [ 129.226366][ T9] usb 4-1: USB disconnect, device number 7 [ 129.233919][ T6073] veth1_macvtap: entered promiscuous mode [ 129.326297][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.372718][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.382588][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.424184][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.452739][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.472934][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.494227][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.512986][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.534356][ T6073] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.573266][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.602806][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.612757][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 129.623703][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.643987][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.657268][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.668077][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.679240][ T6073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.691973][ T6073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.710714][ T6073] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.741627][ T6073] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.753500][ T6073] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.762476][ T6073] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.771480][ T6073] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.796082][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 129.827923][ T9] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 129.840886][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 129.850609][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.866743][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 129.924745][ T9] usb 4-1: invalid MIDI out EP 0 [ 130.028454][ T5952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.202128][ T5952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.522604][ T9] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 130.559107][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.569688][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 130.586179][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.604227][ T9] usb 4-1: USB disconnect, device number 8 [ 130.686663][ T6300] netlink: 'syz.4.87': attribute type 4 has an invalid length. [ 130.848234][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 131.393756][ T6320] overlayfs: failed to resolve './file1': -2 [ 131.697139][ T6328] FAULT_INJECTION: forcing a failure. [ 131.697139][ T6328] name failslab, interval 1, probability 0, space 0, times 0 [ 131.727883][ T6328] CPU: 1 UID: 0 PID: 6328 Comm: syz.5.91 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 131.727908][ T6328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 131.727931][ T6328] Call Trace: [ 131.727938][ T6328] [ 131.727946][ T6328] dump_stack_lvl+0x241/0x360 [ 131.727974][ T6328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.727992][ T6328] ? __pfx__printk+0x10/0x10 [ 131.728018][ T6328] ? fs_reclaim_acquire+0x93/0x130 [ 131.728040][ T6328] ? __pfx___might_resched+0x10/0x10 [ 131.728064][ T6328] should_fail_ex+0x40a/0x550 [ 131.728094][ T6328] should_failslab+0xac/0x100 [ 131.728121][ T6328] __kmalloc_noprof+0xdd/0x4c0 [ 131.728137][ T6328] ? kstrtouint_from_user+0x128/0x190 [ 131.728153][ T6328] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 131.728177][ T6328] tomoyo_realpath_from_path+0xcf/0x5e0 [ 131.728207][ T6328] tomoyo_path_number_perm+0x239/0x770 [ 131.728231][ T6328] ? __lock_acquire+0x1397/0x2100 [ 131.728256][ T6328] ? tomoyo_path_number_perm+0x209/0x770 [ 131.728280][ T6328] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 131.728341][ T6328] ? __fget_files+0x2a/0x410 [ 131.728362][ T6328] ? __fget_files+0x2a/0x410 [ 131.728384][ T6328] security_file_ioctl+0xc6/0x2a0 [ 131.728417][ T6328] __se_sys_ioctl+0x46/0x170 [ 131.728441][ T6328] do_syscall_64+0xf3/0x230 [ 131.728466][ T6328] ? clear_bhb_loop+0x35/0x90 [ 131.728491][ T6328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.728518][ T6328] RIP: 0033:0x7fd09bb8d169 [ 131.728534][ T6328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.728547][ T6328] RSP: 002b:00007fd09c9d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 131.728566][ T6328] RAX: ffffffffffffffda RBX: 00007fd09bda5fa0 RCX: 00007fd09bb8d169 [ 131.728578][ T6328] RDX: 00004000000002c0 RSI: 00000000c058560f RDI: 0000000000000003 [ 131.728589][ T6328] RBP: 00007fd09c9d0090 R08: 0000000000000000 R09: 0000000000000000 [ 131.728600][ T6328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.728610][ T6328] R13: 0000000000000000 R14: 00007fd09bda5fa0 R15: 00007ffda00f29b8 [ 131.728636][ T6328] [ 131.728644][ T6328] ERROR: Out of memory at tomoyo_realpath_from_path. [ 131.752837][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 132.124728][ T10] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 132.146110][ T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 132.193825][ T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 132.222987][ T6347] overlayfs: failed to resolve './file1': -2 [ 132.227027][ T10] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 132.441343][ T976] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 132.477038][ T6349] netlink: 'syz.0.95': attribute type 4 has an invalid length. [ 132.568247][ T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 132.797353][ T976] usb 6-1: Using ep0 maxpacket: 8 [ 132.819362][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.880320][ T976] usb 6-1: config 150 has an invalid interface number: 204 but max is 1 [ 132.906118][ T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 132.921388][ T976] usb 6-1: config 150 has no interface number 0 [ 132.959555][ T976] usb 6-1: config 150 interface 204 has no altsetting 0 [ 132.967348][ T10] usb 4-1: invalid MIDI out EP 0 [ 132.978576][ T976] usb 6-1: config 150 interface 1 has no altsetting 0 [ 133.025571][ T976] usb 6-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 133.052786][ T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.091599][ T976] usb 6-1: Product: syz [ 133.105845][ T6324] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 133.125771][ T10] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 133.149325][ T976] usb 6-1: Manufacturer: syz [ 133.162738][ T976] usb 6-1: SerialNumber: syz [ 133.830641][ T976] xr_serial 6-1:150.204: xr_serial converter detected [ 134.172079][ T6366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.200793][ T6051] udevd[6051]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 134.206782][ T6367] overlayfs: failed to resolve './file2': -2 [ 134.288087][ T6366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.319418][ T6357] netlink: 'syz.2.98': attribute type 4 has an invalid length. [ 134.596222][ T5905] usb 4-1: USB disconnect, device number 9 [ 134.922002][ T976] usb 6-1: xr_serial converter now attached to ttyUSB0 [ 135.695756][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.702549][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.759023][ T26] usb 6-1: USB disconnect, device number 2 [ 135.803333][ T26] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0 [ 135.865504][ T26] xr_serial 6-1:150.204: device disconnected [ 137.745461][ T6389] netlink: 'syz.3.103': attribute type 4 has an invalid length. [ 138.205023][ T976] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 139.233841][ T976] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.284514][ T976] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 139.336399][ T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.393176][ T976] usb 6-1: Product: syz [ 139.397403][ T976] usb 6-1: Manufacturer: syz [ 139.859247][ T976] usb 6-1: SerialNumber: syz [ 139.903444][ T6414] overlayfs: failed to resolve './file1': -2 [ 140.028031][ T6427] x_tables: duplicate underflow at hook 3 [ 140.395233][ T6434] lo: entered promiscuous mode [ 140.409199][ T6434] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 141.021653][ T976] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 141.045591][ T976] cdc_ncm 6-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 141.081338][ T976] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 141.964166][ T976] cdc_ncm 6-1:1.0: setting tx_max = 88 [ 142.103577][ T976] cdc_ncm 6-1:1.0 eth5: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 142.179111][ T976] usb 6-1: USB disconnect, device number 3 [ 142.197250][ T976] cdc_ncm 6-1:1.0 eth5: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 142.417776][ T6456] fuse: root generation should be zero [ 142.543236][ T5837] Bluetooth: hci2: command 0x0405 tx timeout [ 142.873131][ T976] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 142.974556][ T5873] IPVS: starting estimator thread 0... [ 143.515953][ T976] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 143.744022][ T6483] IPVS: using max 31 ests per chain, 74400 per kthread [ 143.999500][ T976] usb 6-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 144.010538][ T976] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 144.020107][ T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.038643][ T976] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 144.046251][ T976] usb 6-1: invalid MIDI out EP 0 [ 144.709353][ T976] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 144.727619][ T976] usb 6-1: USB disconnect, device number 4 [ 144.804852][ T6505] x_tables: duplicate underflow at hook 3 [ 145.137219][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 145.524701][ T5873] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 145.593141][ T6529] netlink: 28 bytes leftover after parsing attributes in process `syz.5.128'. [ 145.629117][ T6529] netlink: 28 bytes leftover after parsing attributes in process `syz.5.128'. [ 145.672015][ T6529] syz_tun: entered promiscuous mode [ 145.682771][ T5905] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 145.687870][ T5873] usb 3-1: Using ep0 maxpacket: 32 [ 145.711271][ T6529] syz_tun: left promiscuous mode [ 145.722146][ T5873] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 145.746200][ T5873] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 145.778030][ T5873] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 145.792267][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.824761][ T5873] usb 3-1: Product: syz [ 145.828999][ T5873] usb 3-1: Manufacturer: syz [ 145.838793][ T5873] usb 3-1: SerialNumber: syz [ 145.853571][ T5905] usb 5-1: Using ep0 maxpacket: 32 [ 145.867452][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.930693][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.961486][ T5905] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 145.978568][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.998680][ T5905] usb 5-1: config 0 descriptor?? [ 146.023568][ T5905] hub 5-1:0.0: USB hub found [ 146.060359][ T6543] FAULT_INJECTION: forcing a failure. [ 146.060359][ T6543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.074788][ T6543] CPU: 1 UID: 0 PID: 6543 Comm: syz.5.131 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 146.074812][ T6543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 146.074835][ T6543] Call Trace: [ 146.074841][ T6543] [ 146.074849][ T6543] dump_stack_lvl+0x241/0x360 [ 146.074878][ T6543] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.074894][ T6543] ? __pfx__printk+0x10/0x10 [ 146.074919][ T6543] ? __pfx_lock_release+0x10/0x10 [ 146.074940][ T6543] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 146.074967][ T6543] should_fail_ex+0x40a/0x550 [ 146.074996][ T6543] _copy_from_user+0x2d/0xb0 [ 146.075017][ T6543] copy_clone_args_from_user+0x1ca/0x840 [ 146.075052][ T6543] ? __pfx_copy_clone_args_from_user+0x10/0x10 [ 146.075099][ T6543] __se_sys_clone3+0xf4/0x380 [ 146.075121][ T6543] ? __pfx___se_sys_clone3+0x10/0x10 [ 146.075150][ T6543] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 146.075188][ T6543] do_syscall_64+0xf3/0x230 [ 146.075208][ T6543] ? clear_bhb_loop+0x35/0x90 [ 146.075231][ T6543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.075249][ T6543] RIP: 0033:0x7fd09bb8d169 [ 146.075263][ T6543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.075275][ T6543] RSP: 002b:00007fd09c9cff08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 146.075292][ T6543] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fd09bb8d169 [ 146.075303][ T6543] RDX: 00007fd09c9cff20 RSI: 0000000000000058 RDI: 00007fd09c9cff20 [ 146.075314][ T6543] RBP: 00007fd09c9d0090 R08: 0000000000000000 R09: 0000000000000058 [ 146.075322][ T6543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.075331][ T6543] R13: 0000000000000000 R14: 00007fd09bda5fa0 R15: 00007ffda00f29b8 [ 146.075353][ T6543] [ 146.268702][ T5905] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 146.496667][ T6550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.506324][ T6550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.973798][ T5905] hid-generic 0003:046D:C31C.0003: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0 [ 147.063390][ T6554] x_tables: duplicate underflow at hook 3 [ 147.072369][ T5905] usb 5-1: USB disconnect, device number 4 [ 147.653521][ T6559] x_tables: duplicate underflow at hook 3 [ 148.731086][ T6582] FAULT_INJECTION: forcing a failure. [ 148.731086][ T6582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.760901][ T6582] CPU: 0 UID: 0 PID: 6582 Comm: syz.4.137 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 148.760930][ T6582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.760940][ T6582] Call Trace: [ 148.760946][ T6582] [ 148.760954][ T6582] dump_stack_lvl+0x241/0x360 [ 148.760979][ T6582] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.760996][ T6582] ? __pfx__printk+0x10/0x10 [ 148.761019][ T6582] ? __pfx_lock_release+0x10/0x10 [ 148.761056][ T6582] should_fail_ex+0x40a/0x550 [ 148.761084][ T6582] _copy_from_user+0x2d/0xb0 [ 148.761104][ T6582] copy_msghdr_from_user+0xae/0x680 [ 148.761149][ T6582] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 148.761172][ T6582] ? __fget_files+0x2a/0x410 [ 148.761193][ T6582] ? __fget_files+0x2a/0x410 [ 148.761217][ T6582] __sys_sendmsg+0x209/0x350 [ 148.761239][ T6582] ? __pfx___sys_sendmsg+0x10/0x10 [ 148.761266][ T6582] ? do_sys_openat2+0x17a/0x1d0 [ 148.761303][ T6582] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 148.761325][ T6582] ? do_syscall_64+0x100/0x230 [ 148.761349][ T6582] ? do_syscall_64+0xb6/0x230 [ 148.761371][ T6582] do_syscall_64+0xf3/0x230 [ 148.761392][ T6582] ? clear_bhb_loop+0x35/0x90 [ 148.761416][ T6582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.761436][ T6582] RIP: 0033:0x7f5ea378d169 [ 148.761451][ T6582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.761463][ T6582] RSP: 002b:00007f5ea467d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.761481][ T6582] RAX: ffffffffffffffda RBX: 00007f5ea39a5fa0 RCX: 00007f5ea378d169 [ 148.761492][ T6582] RDX: 0000000000000000 RSI: 0000400000000180 RDI: 0000000000000003 [ 148.761502][ T6582] RBP: 00007f5ea467d090 R08: 0000000000000000 R09: 0000000000000000 [ 148.761511][ T6582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.761519][ T6582] R13: 0000000000000000 R14: 00007f5ea39a5fa0 R15: 00007ffe502d58e8 [ 148.761543][ T6582] [ 149.571662][ T6595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 149.621450][ T6595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.203160][ T5877] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 150.370696][ T5877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.389884][ T5877] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 150.399246][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.424036][ T5877] usb 5-1: Product: syz [ 150.431763][ T5877] usb 5-1: Manufacturer: syz [ 150.450180][ T5877] usb 5-1: SerialNumber: syz [ 150.647094][ T5873] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 150.676414][ T5873] usb 3-1: 2:1 : invalid channels 0 [ 150.749150][ T5873] usb 3-1: USB disconnect, device number 3 [ 150.988261][ T6218] udevd[6218]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 151.494909][ T5877] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 151.516418][ T5877] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 151.545791][ T5877] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 151.666485][ T6621] capability: warning: `syz.2.145' uses 32-bit capabilities (legacy support in use) [ 151.765753][ T6621] capability: warning: `syz.2.145' uses deprecated v2 capabilities in a way that may be insecure [ 151.900044][ T5877] cdc_ncm 5-1:1.0: setting tx_max = 88 [ 151.938135][ T5877] cdc_ncm 5-1:1.0 eth5: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 152.013180][ T5877] usb 5-1: USB disconnect, device number 5 [ 152.034217][ T5877] cdc_ncm 5-1:1.0 eth5: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 153.253056][ T6640] overlayfs: failed to resolve './file1': -2 [ 154.909401][ T6657] 9pnet_fd: Insufficient options for proto=fd [ 154.935733][ T6657] overlayfs: failed to resolve './file1': -2 [ 156.863466][ T5905] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 157.062494][ T30] audit: type=1804 audit(1741421006.086:2): pid=6683 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.160" name="/newroot/37/file0" dev="tmpfs" ino=211 res=1 errno=0 [ 157.091707][ T5905] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 157.146993][ T5905] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 157.186640][ T5905] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 157.213748][ T5905] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 157.251798][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.316284][ T5905] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 157.487611][ T5905] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 157.548015][ T5905] usb 5-1: USB disconnect, device number 6 [ 157.803009][ T5877] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 157.838250][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 158.030600][ T5877] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.135839][ T5877] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 158.225519][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.336310][ T5877] usb 4-1: Product: syz [ 158.448774][ T5877] usb 4-1: Manufacturer: syz [ 158.464194][ T5877] usb 4-1: SerialNumber: syz [ 159.064962][ T6708] overlayfs: failed to resolve './file1': -2 [ 159.400398][ T6710] netlink: 28 bytes leftover after parsing attributes in process `syz.4.166'. [ 159.640409][ T6710] netlink: 28 bytes leftover after parsing attributes in process `syz.4.166'. [ 159.642774][ T5877] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 159.662921][ T5877] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 159.670627][ T5877] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 159.678986][ T6710] syz_tun: entered promiscuous mode [ 159.778532][ T6716] overlayfs: failed to resolve './file1': -2 [ 159.915131][ T6710] syz_tun: left promiscuous mode [ 160.115553][ T5877] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 160.129965][ T5877] cdc_ncm 4-1:1.0 eth5: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 160.225550][ T5877] usb 4-1: USB disconnect, device number 10 [ 160.237646][ T5877] cdc_ncm 4-1:1.0 eth5: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 160.323003][ T9] IPVS: starting estimator thread 0... [ 161.039260][ T6725] IPVS: using max 38 ests per chain, 91200 per kthread [ 161.584220][ T6739] FAULT_INJECTION: forcing a failure. [ 161.584220][ T6739] name failslab, interval 1, probability 0, space 0, times 0 [ 161.673155][ T6739] CPU: 1 UID: 0 PID: 6739 Comm: syz.4.171 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 161.673181][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 161.673190][ T6739] Call Trace: [ 161.673196][ T6739] [ 161.673204][ T6739] dump_stack_lvl+0x241/0x360 [ 161.673246][ T6739] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.673260][ T6739] ? __pfx__printk+0x10/0x10 [ 161.673283][ T6739] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 161.673298][ T6739] ? __pfx___might_resched+0x10/0x10 [ 161.673314][ T6739] ? rcu_is_watching+0x15/0xb0 [ 161.673332][ T6739] should_fail_ex+0x40a/0x550 [ 161.673359][ T6739] should_failslab+0xac/0x100 [ 161.673385][ T6739] __kmalloc_node_noprof+0xe1/0x4d0 [ 161.673401][ T6739] ? __kvmalloc_node_noprof+0x72/0x190 [ 161.673419][ T6739] ? seq_read_iter+0xb4/0xd70 [ 161.673444][ T6739] __kvmalloc_node_noprof+0x72/0x190 [ 161.673464][ T6739] traverse+0xd6/0x550 [ 161.673486][ T6739] ? __pfx_validate_chain+0x10/0x10 [ 161.673502][ T6739] ? __lock_acquire+0x1397/0x2100 [ 161.673528][ T6739] seq_read_iter+0xc8c/0xd70 [ 161.673566][ T6739] seq_read+0x3a9/0x4f0 [ 161.673591][ T6739] ? __pfx_seq_read+0x10/0x10 [ 161.673626][ T6739] ? rw_verify_area+0x243/0x630 [ 161.673649][ T6739] vfs_readv+0x6bc/0xa80 [ 161.673675][ T6739] ? __pfx_seq_read+0x10/0x10 [ 161.673694][ T6739] ? __pfx_vfs_readv+0x10/0x10 [ 161.673708][ T6739] ? vfs_write+0x7fa/0xd10 [ 161.673742][ T6739] ? __fget_files+0x2a/0x410 [ 161.673760][ T6739] ? __fget_files+0x395/0x410 [ 161.673775][ T6739] ? __fget_files+0x2a/0x410 [ 161.673800][ T6739] __x64_sys_preadv+0x1b7/0x2d0 [ 161.673824][ T6739] ? __pfx___x64_sys_preadv+0x10/0x10 [ 161.673846][ T6739] ? do_syscall_64+0x100/0x230 [ 161.673878][ T6739] ? do_syscall_64+0xb6/0x230 [ 161.673902][ T6739] do_syscall_64+0xf3/0x230 [ 161.673923][ T6739] ? clear_bhb_loop+0x35/0x90 [ 161.673954][ T6739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.673975][ T6739] RIP: 0033:0x7f5ea378d169 [ 161.673991][ T6739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.674003][ T6739] RSP: 002b:00007f5ea465c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 161.674022][ T6739] RAX: ffffffffffffffda RBX: 00007f5ea39a6080 RCX: 00007f5ea378d169 [ 161.674033][ T6739] RDX: 0000000000000001 RSI: 0000400000000040 RDI: 0000000000000003 [ 161.674043][ T6739] RBP: 00007f5ea465c090 R08: 0000000000000000 R09: 0000000000000000 [ 161.674052][ T6739] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 161.674059][ T6739] R13: 0000000000000001 R14: 00007f5ea39a6080 R15: 00007ffe502d58e8 [ 161.674082][ T6739] [ 161.942814][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.378670][ T6749] netlink: 'syz.0.174': attribute type 4 has an invalid length. [ 164.424157][ T6756] netlink: 8 bytes leftover after parsing attributes in process `syz.0.178'. [ 164.724085][ T6756] netlink: 27 bytes leftover after parsing attributes in process `syz.0.178'. [ 165.208606][ T6777] overlayfs: failed to resolve './file1': -2 [ 167.922849][ T5905] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 168.446841][ T5905] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.510647][ T5905] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 168.562731][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.573575][ T6811] netlink: 'syz.5.187': attribute type 4 has an invalid length. [ 168.635288][ T5905] usb 5-1: Product: syz [ 168.639507][ T5905] usb 5-1: Manufacturer: syz [ 168.672868][ T5905] usb 5-1: SerialNumber: syz [ 169.257039][ T6830] netlink: 'syz.0.194': attribute type 4 has an invalid length. [ 170.640608][ T5905] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 170.668079][ T5905] cdc_ncm 5-1:1.0: bind() failure [ 170.696150][ T5905] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 170.872851][ T5905] cdc_ncm 5-1:1.1: bind() failure [ 171.797262][ T6843] overlayfs: failed to resolve './file1': -2 [ 172.046341][ T5905] usb 5-1: USB disconnect, device number 7 [ 172.742952][ T5905] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 173.140726][ T6860] netlink: 'syz.0.203': attribute type 4 has an invalid length. [ 173.365323][ T5905] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 173.417794][ T5905] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 173.491779][ T5905] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 173.549370][ T5905] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 173.804580][ T5905] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 175.223755][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.295232][ T5905] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 175.317950][ T5905] usb 5-1: invalid MIDI out EP 0 [ 175.664192][ T6889] overlayfs: failed to resolve './file1': -2 [ 175.959462][ T5905] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 176.050756][ T5905] usb 5-1: USB disconnect, device number 8 [ 176.103349][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 176.264551][ T6901] FAULT_INJECTION: forcing a failure. [ 176.264551][ T6901] name failslab, interval 1, probability 0, space 0, times 0 [ 176.277454][ T6901] CPU: 0 UID: 0 PID: 6901 Comm: syz.4.211 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 176.277476][ T6901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 176.277486][ T6901] Call Trace: [ 176.277492][ T6901] [ 176.277497][ T6901] dump_stack_lvl+0x241/0x360 [ 176.277516][ T6901] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.277526][ T6901] ? __pfx__printk+0x10/0x10 [ 176.277540][ T6901] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 176.277550][ T6901] ? __pfx___might_resched+0x10/0x10 [ 176.277564][ T6901] should_fail_ex+0x40a/0x550 [ 176.277581][ T6901] should_failslab+0xac/0x100 [ 176.277597][ T6901] kmem_cache_alloc_node_noprof+0x77/0x380 [ 176.277606][ T6901] ? __alloc_skb+0x1c3/0x440 [ 176.277634][ T6901] __alloc_skb+0x1c3/0x440 [ 176.277650][ T6901] ? __pfx___alloc_skb+0x10/0x10 [ 176.277664][ T6901] ? netlink_autobind+0xd6/0x2f0 [ 176.277675][ T6901] ? netlink_autobind+0x2b0/0x2f0 [ 176.277691][ T6901] netlink_sendmsg+0x634/0xcb0 [ 176.277701][ T6901] ? mark_lock+0x9a/0x360 [ 176.277719][ T6901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.277734][ T6901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.277743][ T6901] __sock_sendmsg+0x221/0x270 [ 176.277758][ T6901] sock_write_iter+0x2d7/0x3f0 [ 176.277770][ T6901] ? __pfx_sock_write_iter+0x10/0x10 [ 176.277786][ T6901] ? kvm_sched_clock_read+0x11/0x20 [ 176.277802][ T6901] do_iter_readv_writev+0x71a/0x9d0 [ 176.277818][ T6901] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 176.277832][ T6901] ? bpf_lsm_file_permission+0x9/0x10 [ 176.277847][ T6901] ? rw_verify_area+0x243/0x630 [ 176.277859][ T6901] vfs_writev+0x38b/0xbc0 [ 176.277875][ T6901] ? __pfx_vfs_writev+0x10/0x10 [ 176.277891][ T6901] ? __fget_files+0x2a/0x410 [ 176.277902][ T6901] ? __fget_files+0x395/0x410 [ 176.277910][ T6901] ? __fget_files+0x2a/0x410 [ 176.277923][ T6901] do_writev+0x1b6/0x360 [ 176.277935][ T6901] ? __pfx_do_writev+0x10/0x10 [ 176.277947][ T6901] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 176.277958][ T6901] ? __irq_exit_rcu+0x105/0x220 [ 176.277970][ T6901] ? do_syscall_64+0xb6/0x230 [ 176.277984][ T6901] do_syscall_64+0xf3/0x230 [ 176.277997][ T6901] ? clear_bhb_loop+0x35/0x90 [ 176.278012][ T6901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.278024][ T6901] RIP: 0033:0x7f5ea378d169 [ 176.278035][ T6901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.278042][ T6901] RSP: 002b:00007f5ea463b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 176.278053][ T6901] RAX: ffffffffffffffda RBX: 00007f5ea39a6160 RCX: 00007f5ea378d169 [ 176.278059][ T6901] RDX: 0000000000000001 RSI: 0000400000000180 RDI: 0000000000000006 [ 176.278065][ T6901] RBP: 00007f5ea463b090 R08: 0000000000000000 R09: 0000000000000000 [ 176.278070][ T6901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.278076][ T6901] R13: 0000000000000001 R14: 00007f5ea39a6160 R15: 00007ffe502d58e8 [ 176.278089][ T6901] [ 176.925713][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.938815][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 176.947958][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.956004][ T10] usb 3-1: Product: syz [ 176.960148][ T10] usb 3-1: Manufacturer: syz [ 176.964765][ T10] usb 3-1: SerialNumber: syz [ 176.993476][ T6051] udevd[6051]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 177.146493][ T6906] Illegal XDP return value 183 on prog (id 27) dev syz_tun, expect packet loss! [ 177.418488][ T6922] FAULT_INJECTION: forcing a failure. [ 177.418488][ T6922] name failslab, interval 1, probability 0, space 0, times 0 [ 177.448354][ T6922] CPU: 1 UID: 0 PID: 6922 Comm: syz.3.217 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 177.448379][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 177.448388][ T6922] Call Trace: [ 177.448395][ T6922] [ 177.448418][ T6922] dump_stack_lvl+0x241/0x360 [ 177.448444][ T6922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.448459][ T6922] ? __pfx__printk+0x10/0x10 [ 177.448481][ T6922] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 177.448498][ T6922] ? __pfx___might_resched+0x10/0x10 [ 177.448520][ T6922] should_fail_ex+0x40a/0x550 [ 177.448544][ T6922] should_failslab+0xac/0x100 [ 177.448565][ T6922] kmem_cache_alloc_node_noprof+0x77/0x380 [ 177.448580][ T6922] ? __alloc_skb+0x1c3/0x440 [ 177.448605][ T6922] __alloc_skb+0x1c3/0x440 [ 177.448622][ T6922] ? __lock_acquire+0x1397/0x2100 [ 177.448644][ T6922] ? __pfx___alloc_skb+0x10/0x10 [ 177.448675][ T6922] alloc_skb_with_frags+0xc3/0x820 [ 177.448702][ T6922] ? validate_chain+0x11e/0x5920 [ 177.448720][ T6922] ? __pfx_lock_acquire+0x10/0x10 [ 177.448744][ T6922] sock_alloc_send_pskb+0x91a/0xa60 [ 177.448774][ T6922] ? __lock_acquire+0x1397/0x2100 [ 177.448796][ T6922] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 177.448834][ T6922] tun_get_user+0xcf6/0x48a0 [ 177.448866][ T6922] ? __lock_acquire+0x1397/0x2100 [ 177.448891][ T6922] ? __pfx_tun_get_user+0x10/0x10 [ 177.448925][ T6922] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 177.448946][ T6922] ? tun_get+0x1e/0x2f0 [ 177.448967][ T6922] ? __pfx_lock_release+0x10/0x10 [ 177.448997][ T6922] ? tun_get+0x1e/0x2f0 [ 177.449013][ T6922] ? tun_get+0x27d/0x2f0 [ 177.449030][ T6922] tun_chr_write_iter+0x10d/0x1f0 [ 177.449048][ T6922] vfs_write+0xacf/0xd10 [ 177.449070][ T6922] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 177.449086][ T6922] ? __pfx_vfs_write+0x10/0x10 [ 177.449103][ T6922] ? do_sys_openat2+0x17a/0x1d0 [ 177.449122][ T6922] ? __fget_files+0x2a/0x410 [ 177.449149][ T6922] ? __fget_files+0x2a/0x410 [ 177.449173][ T6922] ksys_write+0x18f/0x2b0 [ 177.449193][ T6922] ? __pfx_ksys_write+0x10/0x10 [ 177.449212][ T6922] ? do_syscall_64+0x100/0x230 [ 177.449236][ T6922] ? do_syscall_64+0xb6/0x230 [ 177.449259][ T6922] do_syscall_64+0xf3/0x230 [ 177.449279][ T6922] ? clear_bhb_loop+0x35/0x90 [ 177.449304][ T6922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.449324][ T6922] RIP: 0033:0x7effbd18bc1f [ 177.449340][ T6922] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 177.449353][ T6922] RSP: 002b:00007effbe079000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 177.449372][ T6922] RAX: ffffffffffffffda RBX: 00007effbd3a5fa0 RCX: 00007effbd18bc1f [ 177.449384][ T6922] RDX: 0000000000000d81 RSI: 0000400000001380 RDI: 00000000000000c8 [ 177.449393][ T6922] RBP: 00007effbe079090 R08: 0000000000000000 R09: 0000000000000000 [ 177.449402][ T6922] R10: 0000000000000d81 R11: 0000000000000293 R12: 0000000000000001 [ 177.449416][ T6922] R13: 0000000000000000 R14: 00007effbd3a5fa0 R15: 00007ffcd56620c8 [ 177.449441][ T6922] [ 177.750061][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.816565][ T6923] netlink: 'syz.5.216': attribute type 4 has an invalid length. [ 177.824792][ T6923] netlink: 'syz.5.216': attribute type 27 has an invalid length. [ 177.907002][ T6931] use of bytesused == 0 is deprecated and will be removed in the future, [ 177.915999][ T6931] use the actual size instead. [ 178.324809][ T10] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 178.341285][ T30] audit: type=1326 audit(1741421027.286:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6917 comm="syz.5.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd09bb8d169 code=0x7fc00000 [ 178.373611][ T10] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 178.421764][ T10] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 178.744600][ T10] cdc_ncm 3-1:1.0: setting tx_max = 88 [ 178.797324][ T10] cdc_ncm 3-1:1.0 eth5: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 179.065145][ T5905] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 179.331878][ T5905] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 179.501491][ T5905] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 179.567494][ T5905] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 179.573807][ T10] usb 3-1: USB disconnect, device number 4 [ 179.585569][ T10] cdc_ncm 3-1:1.0 eth5: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 179.621281][ T5905] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 179.673098][ T5905] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 179.728324][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.967404][ T5905] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 180.070269][ T5905] usb 4-1: invalid MIDI out EP 0 [ 180.307883][ T5905] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 180.361394][ T9] usb 4-1: USB disconnect, device number 11 [ 180.382834][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 180.419325][ T6963] FAULT_INJECTION: forcing a failure. [ 180.419325][ T6963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.433273][ T6963] CPU: 1 UID: 0 PID: 6963 Comm: syz.4.226 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 180.433291][ T6963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 180.433297][ T6963] Call Trace: [ 180.433301][ T6963] [ 180.433305][ T6963] dump_stack_lvl+0x241/0x360 [ 180.433322][ T6963] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.433332][ T6963] ? __pfx__printk+0x10/0x10 [ 180.433346][ T6963] ? __pfx_lock_release+0x10/0x10 [ 180.433363][ T6963] should_fail_ex+0x40a/0x550 [ 180.433380][ T6963] _copy_from_user+0x2d/0xb0 [ 180.433393][ T6963] move_addr_to_kernel+0x82/0x150 [ 180.433407][ T6963] __sys_sendto+0x268/0x4c0 [ 180.433422][ T6963] ? __pfx___sys_sendto+0x10/0x10 [ 180.433441][ T6963] ? __fget_files+0x2a/0x410 [ 180.433459][ T6963] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 180.433472][ T6963] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 180.433487][ T6963] __x64_sys_sendto+0xde/0x100 [ 180.433502][ T6963] do_syscall_64+0xf3/0x230 [ 180.433516][ T6963] ? clear_bhb_loop+0x35/0x90 [ 180.433531][ T6963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.433543][ T6963] RIP: 0033:0x7f5ea378d169 [ 180.433553][ T6963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.433560][ T6963] RSP: 002b:00007f5ea467d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 180.433571][ T6963] RAX: ffffffffffffffda RBX: 00007f5ea39a5fa0 RCX: 00007f5ea378d169 [ 180.433578][ T6963] RDX: 0000000000000001 RSI: 0000400000000180 RDI: 0000000000000003 [ 180.433584][ T6963] RBP: 00007f5ea467d090 R08: 0000400000000200 R09: 000000000000001c [ 180.433590][ T6963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.433595][ T6963] R13: 0000000000000000 R14: 00007f5ea39a5fa0 R15: 00007ffe502d58e8 [ 180.433608][ T6963] [ 180.713947][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 180.993518][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.023554][ T10] usb 6-1: config 0 has an invalid interface number: 105 but max is 0 [ 181.031860][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.044313][ T10] usb 6-1: config 0 has no interface number 0 [ 181.053101][ T10] usb 6-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 181.063725][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.082422][ T10] usb 6-1: Product: syz [ 181.109878][ T10] usb 6-1: Manufacturer: syz [ 181.132535][ T10] usb 6-1: SerialNumber: syz [ 181.155153][ T10] usb 6-1: config 0 descriptor?? [ 181.362119][ T10] usb 6-1: USB disconnect, device number 5 [ 181.882787][ T10] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 182.079830][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 182.101462][ T10] usb 4-1: not running at top speed; connect to a high speed hub [ 182.121150][ T10] usb 4-1: config 8 has 0 interfaces, different from the descriptor's value: 1 [ 182.143661][ T10] usb 4-1: New USB device found, idVendor=06f8, idProduct=3004, bcdDevice=5b.9e [ 182.162563][ T7006] FAULT_INJECTION: forcing a failure. [ 182.162563][ T7006] name failslab, interval 1, probability 0, space 0, times 0 [ 182.179512][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.187014][ T7006] CPU: 1 UID: 0 PID: 7006 Comm: syz.4.236 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 182.187041][ T7006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 182.187050][ T7006] Call Trace: [ 182.187057][ T7006] [ 182.187065][ T7006] dump_stack_lvl+0x241/0x360 [ 182.187092][ T7006] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.187109][ T7006] ? __pfx__printk+0x10/0x10 [ 182.187134][ T7006] ? __kmalloc_noprof+0xb5/0x4c0 [ 182.187151][ T7006] ? __pfx___might_resched+0x10/0x10 [ 182.187175][ T7006] should_fail_ex+0x40a/0x550 [ 182.187202][ T7006] should_failslab+0xac/0x100 [ 182.187227][ T7006] __kmalloc_noprof+0xdd/0x4c0 [ 182.187243][ T7006] ? kernfs_fop_write_iter+0x15a/0x500 [ 182.187281][ T7006] kernfs_fop_write_iter+0x15a/0x500 [ 182.187306][ T7006] vfs_write+0xacf/0xd10 [ 182.187335][ T7006] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 182.187355][ T7006] ? __pfx_vfs_write+0x10/0x10 [ 182.187371][ T7006] ? do_sys_openat2+0x17a/0x1d0 [ 182.187389][ T7006] ? __fget_files+0x2a/0x410 [ 182.187409][ T7006] ? __fget_files+0x2a/0x410 [ 182.187434][ T7006] ksys_write+0x18f/0x2b0 [ 182.187454][ T7006] ? __pfx_ksys_write+0x10/0x10 [ 182.187478][ T7006] ? do_syscall_64+0x100/0x230 [ 182.187504][ T7006] ? do_syscall_64+0xb6/0x230 [ 182.187527][ T7006] do_syscall_64+0xf3/0x230 [ 182.187546][ T7006] ? clear_bhb_loop+0x35/0x90 [ 182.187566][ T7006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.187586][ T7006] RIP: 0033:0x7f5ea378d169 [ 182.187600][ T7006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.187610][ T7006] RSP: 002b:00007f5ea467d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.187627][ T7006] RAX: ffffffffffffffda RBX: 00007f5ea39a5fa0 RCX: 00007f5ea378d169 [ 182.187637][ T7006] RDX: 0000000000000008 RSI: 0000400000000480 RDI: 0000000000000004 [ 182.187646][ T7006] RBP: 00007f5ea467d090 R08: 0000000000000000 R09: 0000000000000000 [ 182.187654][ T7006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.187663][ T7006] R13: 0000000000000000 R14: 00007f5ea39a5fa0 R15: 00007ffe502d58e8 [ 182.187687][ T7006] [ 182.441313][ T10] usb 4-1: Product: syz [ 182.446857][ T10] usb 4-1: Manufacturer: syz [ 182.456986][ T10] usb 4-1: SerialNumber: syz [ 182.478123][ T10] usb 4-1: rejected 1 configuration due to insufficient available bus power [ 182.503508][ T10] usb 4-1: no configuration chosen from 1 choice [ 182.562797][ T5873] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 182.714541][ T5873] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.728096][ T5873] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 182.738076][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.752124][ T5873] usb 6-1: Product: syz [ 182.762833][ T5873] usb 6-1: Manufacturer: syz [ 182.772737][ T5873] usb 6-1: SerialNumber: syz [ 182.862846][ T5877] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 183.196438][ T5877] usb 5-1: device descriptor read/64, error -71 [ 183.454143][ T5877] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 183.612837][ T5877] usb 5-1: device descriptor read/64, error -71 [ 183.753698][ T5877] usb usb5-port1: attempt power cycle [ 183.884516][ T5873] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 183.891178][ T5873] cdc_ncm 6-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 183.915607][ T5873] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 183.942997][ T5905] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 184.102927][ T5877] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 184.105017][ T5905] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 184.147176][ T5905] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 184.153589][ T5877] usb 5-1: device descriptor read/8, error -71 [ 184.171877][ T5905] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 184.192763][ T5905] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 184.220950][ T5905] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 184.240019][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.261486][ T5905] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 184.269973][ T5905] usb 3-1: invalid MIDI out EP 0 [ 184.288779][ T5873] cdc_ncm 6-1:1.0: setting tx_max = 88 [ 184.315401][ T5873] cdc_ncm 6-1:1.0 eth5: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 184.350584][ T5873] usb 6-1: USB disconnect, device number 6 [ 184.384755][ T5873] cdc_ncm 6-1:1.0 eth5: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 184.384958][ T5905] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 184.428228][ T5877] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 184.483844][ T5877] usb 5-1: device descriptor read/8, error -71 [ 184.539644][ T5840] udevd[5840]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 184.594380][ T5877] usb usb5-port1: unable to enumerate USB device [ 184.624230][ T10] usb 3-1: USB disconnect, device number 5 [ 184.671347][ T5905] usb 4-1: USB disconnect, device number 12 [ 184.929317][ T7064] FAULT_INJECTION: forcing a failure. [ 184.929317][ T7064] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 184.943618][ T7064] CPU: 1 UID: 0 PID: 7064 Comm: syz.3.243 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 184.943642][ T7064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 184.943652][ T7064] Call Trace: [ 184.943658][ T7064] [ 184.943665][ T7064] dump_stack_lvl+0x241/0x360 [ 184.943690][ T7064] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.943706][ T7064] ? __pfx__printk+0x10/0x10 [ 184.943733][ T7064] ? unwind_next_frame+0x18e6/0x22d0 [ 184.943759][ T7064] should_fail_ex+0x40a/0x550 [ 184.943787][ T7064] prepare_alloc_pages+0x1da/0x5b0 [ 184.943816][ T7064] __alloc_frozen_pages_noprof+0x16f/0x710 [ 184.943840][ T7064] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 184.943866][ T7064] ? __lock_acquire+0x1397/0x2100 [ 184.943897][ T7064] __alloc_pages_noprof+0xa/0x30 [ 184.943916][ T7064] ___kmalloc_large_node+0x8b/0x1d0 [ 184.943937][ T7064] __kmalloc_large_node_noprof+0x1a/0x80 [ 184.943954][ T7064] __kmalloc_noprof+0x339/0x4c0 [ 184.943969][ T7064] ? iovec_from_user+0x87/0x240 [ 184.943990][ T7064] iovec_from_user+0x87/0x240 [ 184.944011][ T7064] process_vm_rw+0x2d9/0xc50 [ 184.944037][ T7064] ? __pfx_process_vm_rw+0x10/0x10 [ 184.944053][ T7064] ? ksys_write+0x22a/0x2b0 [ 184.944071][ T7064] ? __pfx_lock_release+0x10/0x10 [ 184.944111][ T7064] ? sb_end_write+0xe9/0x1c0 [ 184.944136][ T7064] ? do_sys_openat2+0x17a/0x1d0 [ 184.944167][ T7064] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 184.944189][ T7064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 184.944212][ T7064] __x64_sys_process_vm_readv+0xe0/0x100 [ 184.944232][ T7064] do_syscall_64+0xf3/0x230 [ 184.944253][ T7064] ? clear_bhb_loop+0x35/0x90 [ 184.944276][ T7064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.944295][ T7064] RIP: 0033:0x7effbd18d169 [ 184.944310][ T7064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.944321][ T7064] RSP: 002b:00007effbe079038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 184.944337][ T7064] RAX: ffffffffffffffda RBX: 00007effbd3a5fa0 RCX: 00007effbd18d169 [ 184.944347][ T7064] RDX: 0000000000000002 RSI: 0000400000008400 RDI: 000000000000009f [ 184.944356][ T7064] RBP: 00007effbe079090 R08: 00000000000002aa R09: 0000000000000000 [ 184.944366][ T7064] R10: 0000400000008640 R11: 0000000000000246 R12: 0000000000000001 [ 184.944375][ T7064] R13: 0000000000000000 R14: 00007effbd3a5fa0 R15: 00007ffcd56620c8 [ 184.944395][ T7064] [ 185.193415][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 185.347941][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 185.366759][ T10] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 185.393694][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 185.420241][ T10] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 185.487412][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 185.507657][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 185.528077][ T10] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 185.539516][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 185.557755][ T10] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 185.570623][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 185.590743][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 185.617960][ T10] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 185.632935][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 185.644384][ T10] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 185.678938][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 185.690645][ T10] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 185.737503][ T10] usb 6-1: string descriptor 0 read error: -22 [ 185.872920][ T10] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 185.934069][ T7093] FAULT_INJECTION: forcing a failure. [ 185.934069][ T7093] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.947485][ T7093] CPU: 0 UID: 0 PID: 7093 Comm: syz.4.249 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 185.947507][ T7093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 185.947517][ T7093] Call Trace: [ 185.947524][ T7093] [ 185.947531][ T7093] dump_stack_lvl+0x241/0x360 [ 185.947556][ T7093] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.947573][ T7093] ? __pfx__printk+0x10/0x10 [ 185.947606][ T7093] ? __pfx_lock_release+0x10/0x10 [ 185.947636][ T7093] should_fail_ex+0x40a/0x550 [ 185.947682][ T7093] _copy_from_user+0x2d/0xb0 [ 185.947703][ T7093] copy_msghdr_from_user+0xae/0x680 [ 185.947730][ T7093] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 185.947748][ T7093] ? __fget_files+0x2a/0x410 [ 185.947768][ T7093] ? __fget_files+0x2a/0x410 [ 185.947790][ T7093] __sys_sendmsg+0x209/0x350 [ 185.947805][ T7093] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.947829][ T7093] ? __pfx___sys_sendmsg+0x10/0x10 [ 185.947872][ T7093] ? __pfx___schedule+0x10/0x10 [ 185.947901][ T7093] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.947923][ T7093] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.947947][ T7093] ? do_syscall_64+0xb6/0x230 [ 185.947971][ T7093] do_syscall_64+0xf3/0x230 [ 185.947992][ T7093] ? clear_bhb_loop+0x35/0x90 [ 185.948016][ T7093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.948036][ T7093] RIP: 0033:0x7f5ea378d169 [ 185.948051][ T7093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.948064][ T7093] RSP: 002b:00007f5ea465c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.948082][ T7093] RAX: ffffffffffffffda RBX: 00007f5ea39a6080 RCX: 00007f5ea378d169 [ 185.948093][ T7093] RDX: 0000000000000000 RSI: 00004000000005c0 RDI: 0000000000000006 [ 185.948103][ T7093] RBP: 00007f5ea465c090 R08: 0000000000000000 R09: 0000000000000000 [ 185.948113][ T7093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.948123][ T7093] R13: 0000000000000000 R14: 00007f5ea39a6080 R15: 00007ffe502d58e8 [ 185.948149][ T7093] [ 186.233055][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.468908][ T10] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 186.619633][ T5873] usb 6-1: USB disconnect, device number 7 [ 188.175892][ T7116] overlayfs: failed to resolve './file2': -2 [ 188.291176][ T26] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 188.371385][ T7118] netlink: 96 bytes leftover after parsing attributes in process `syz.5.258'. [ 188.460307][ T26] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.897693][ T26] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 188.908774][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.939021][ T26] usb 4-1: Product: syz [ 188.966661][ T26] usb 4-1: Manufacturer: syz [ 188.974560][ T26] usb 4-1: SerialNumber: syz [ 189.163535][ T5873] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 189.304535][ T5873] usb 6-1: device descriptor read/64, error -71 [ 189.552964][ T5873] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 189.704871][ T5873] usb 6-1: device descriptor read/64, error -71 [ 189.834907][ T5873] usb usb6-port1: attempt power cycle [ 190.067206][ T26] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 190.082722][ T26] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 190.090238][ T26] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 190.534537][ T26] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 190.710777][ T26] cdc_ncm 4-1:1.0 eth5: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 190.752788][ T5873] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 190.783186][ T26] usb 4-1: USB disconnect, device number 13 [ 190.789952][ T26] cdc_ncm 4-1:1.0 eth5: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 190.873632][ T5873] usb 6-1: device descriptor read/8, error -71 [ 191.653175][ T5873] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 191.683914][ T5873] usb 6-1: device descriptor read/8, error -71 [ 191.802407][ T5873] usb usb6-port1: unable to enumerate USB device [ 192.742791][ T5873] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 192.830673][ T7165] program syz.4.275 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 192.934612][ T5873] usb 3-1: too many configurations: 192, using maximum allowed: 8 [ 192.952304][ T5873] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 192.966457][ T5873] usb 3-1: can't read configurations, error -61 [ 193.003744][ C1] sd 0:0:1:0: [sda] tag#5311 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 193.014285][ C1] sd 0:0:1:0: [sda] tag#5311 CDB: Write(6) 0a 00 00 00 00 00 [ 193.122785][ T5873] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 193.441425][ T5873] usb 3-1: too many configurations: 192, using maximum allowed: 8 [ 194.214773][ T5873] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 194.222366][ T5873] usb 3-1: can't read configurations, error -61 [ 194.302301][ T5873] usb usb3-port1: attempt power cycle [ 194.358567][ T7174] netlink: 'syz.0.276': attribute type 4 has an invalid length. [ 195.372801][ T5873] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 195.403030][ T5904] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 195.403824][ T5873] usb 3-1: too many configurations: 192, using maximum allowed: 8 [ 195.437710][ T5873] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 195.451141][ T5873] usb 3-1: can't read configurations, error -61 [ 195.618244][ T5904] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 195.711190][ T5904] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 195.787697][ T5904] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 195.879889][ T5904] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 195.938811][ T5904] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 195.972806][ T26] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 196.076536][ T5904] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.138306][ T5904] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 196.211322][ T5833] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 196.219190][ T5904] usb 6-1: invalid MIDI out EP 0 [ 196.242750][ T26] usb 5-1: device descriptor read/64, error -71 [ 196.387479][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.2.286'. [ 196.407554][ T7201] netlink: 28 bytes leftover after parsing attributes in process `syz.2.286'. [ 196.489912][ T5904] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 196.511028][ T26] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 196.562777][ T5904] usb 6-1: USB disconnect, device number 12 [ 196.683287][ T26] usb 5-1: device descriptor read/64, error -71 [ 196.806578][ T26] usb usb5-port1: attempt power cycle [ 197.107733][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 197.125234][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.160340][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 197.532811][ T26] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 197.563522][ T26] usb 5-1: device descriptor read/8, error -71 [ 199.015520][ T26] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 199.947307][ T26] usb 5-1: device not accepting address 17, error -71 [ 200.323043][ T7229] FAULT_INJECTION: forcing a failure. [ 200.323043][ T7229] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.336387][ T7229] CPU: 0 UID: 0 PID: 7229 Comm: syz.4.292 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 200.336409][ T7229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 200.336419][ T7229] Call Trace: [ 200.336427][ T7229] [ 200.336435][ T7229] dump_stack_lvl+0x241/0x360 [ 200.336455][ T7229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.336465][ T7229] ? __pfx__printk+0x10/0x10 [ 200.336479][ T7229] ? __pfx_lock_release+0x10/0x10 [ 200.336494][ T7229] ? security_capable+0x278/0x2d0 [ 200.336509][ T7229] should_fail_ex+0x40a/0x550 [ 200.336527][ T7229] _copy_from_user+0x2d/0xb0 [ 200.336541][ T7229] do_ip_vs_set_ctl+0x2e3/0xe40 [ 200.336559][ T7229] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 200.336573][ T7229] ? __mutex_lock+0x397/0x1010 [ 200.336591][ T7229] ? __mutex_unlock_slowpath+0x227/0x800 [ 200.336607][ T7229] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 200.336619][ T7229] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 200.336638][ T7229] nf_setsockopt+0x295/0x2c0 [ 200.336653][ T7229] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 200.336667][ T7229] do_sock_setsockopt+0x3af/0x720 [ 200.336685][ T7229] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 200.336698][ T7229] ? __rcu_read_unlock+0xa1/0x110 [ 200.336713][ T7229] ? __fget_files+0x395/0x410 [ 200.336724][ T7229] ? __fget_files+0x2a/0x410 [ 200.336737][ T7229] __x64_sys_setsockopt+0x1ee/0x280 [ 200.336754][ T7229] do_syscall_64+0xf3/0x230 [ 200.336767][ T7229] ? clear_bhb_loop+0x35/0x90 [ 200.336783][ T7229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.336796][ T7229] RIP: 0033:0x7f5ea378d169 [ 200.336806][ T7229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.336813][ T7229] RSP: 002b:00007f5ea465c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 200.336825][ T7229] RAX: ffffffffffffffda RBX: 00007f5ea39a6080 RCX: 00007f5ea378d169 [ 200.336831][ T7229] RDX: 0000000000000482 RSI: 0000000000000000 RDI: 0000000000000004 [ 200.336837][ T7229] RBP: 00007f5ea465c090 R08: 000000000000002c R09: 0000000000000000 [ 200.336842][ T7229] R10: 0000400000000040 R11: 0000000000000246 R12: 0000000000000001 [ 200.336848][ T7229] R13: 0000000000000001 R14: 00007f5ea39a6080 R15: 00007ffe502d58e8 [ 200.336861][ T7229] [ 200.610836][ T26] usb usb5-port1: unable to enumerate USB device [ 200.717836][ T5833] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 200.855930][ T7239] FAULT_INJECTION: forcing a failure. [ 200.855930][ T7239] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.872904][ T7239] CPU: 0 UID: 0 PID: 7239 Comm: syz.4.297 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 200.872934][ T7239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 200.872944][ T7239] Call Trace: [ 200.872951][ T7239] [ 200.872958][ T7239] dump_stack_lvl+0x241/0x360 [ 200.872985][ T7239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.873001][ T7239] ? __pfx__printk+0x10/0x10 [ 200.873026][ T7239] ? __pfx_lock_release+0x10/0x10 [ 200.873056][ T7239] should_fail_ex+0x40a/0x550 [ 200.873084][ T7239] _copy_from_user+0x2d/0xb0 [ 200.873105][ T7239] copy_msghdr_from_user+0xae/0x680 [ 200.873136][ T7239] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 200.873154][ T7239] ? __fget_files+0x2a/0x410 [ 200.873174][ T7239] ? __fget_files+0x2a/0x410 [ 200.873199][ T7239] __sys_sendmsg+0x209/0x350 [ 200.873220][ T7239] ? __pfx___sys_sendmsg+0x10/0x10 [ 200.873248][ T7239] ? do_sys_openat2+0x17a/0x1d0 [ 200.873289][ T7239] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 200.873312][ T7239] ? do_syscall_64+0x100/0x230 [ 200.873338][ T7239] ? do_syscall_64+0xb6/0x230 [ 200.873361][ T7239] do_syscall_64+0xf3/0x230 [ 200.873383][ T7239] ? clear_bhb_loop+0x35/0x90 [ 200.873407][ T7239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.873428][ T7239] RIP: 0033:0x7f5ea378d169 [ 200.873442][ T7239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.873456][ T7239] RSP: 002b:00007f5ea467d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 200.873475][ T7239] RAX: ffffffffffffffda RBX: 00007f5ea39a5fa0 RCX: 00007f5ea378d169 [ 200.873487][ T7239] RDX: 0000000020000000 RSI: 0000400000006040 RDI: 0000000000000004 [ 200.873498][ T7239] RBP: 00007f5ea467d090 R08: 0000000000000000 R09: 0000000000000000 [ 200.873508][ T7239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.873518][ T7239] R13: 0000000000000000 R14: 00007f5ea39a5fa0 R15: 00007ffe502d58e8 [ 200.873543][ T7239] [ 201.199974][ T7245] netlink: 28 bytes leftover after parsing attributes in process `syz.2.299'. [ 201.210595][ T7245] netlink: 28 bytes leftover after parsing attributes in process `syz.2.299'. [ 201.302877][ T5873] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 201.534582][ T5873] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 201.549771][ T5873] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 201.561595][ T5873] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 201.576120][ T5873] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 201.627340][ T5873] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 201.657806][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.808794][ T5873] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 201.819939][ T5873] usb 4-1: invalid MIDI out EP 0 [ 203.176155][ T5873] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 203.229167][ T10] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 203.244531][ T5873] usb 4-1: USB disconnect, device number 14 [ 203.573486][ T10] usb 3-1: device descriptor read/64, error -71 [ 203.835638][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 203.852850][ T10] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 204.812995][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 204.819086][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 204.826741][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 204.833009][ T5830] Bluetooth: hci1: command 0x0406 tx timeout [ 204.928105][ T7273] overlayfs: failed to resolve './file1': -2 [ 205.279356][ T56] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 205.816250][ T7283] FAULT_INJECTION: forcing a failure. [ 205.816250][ T7283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.647820][ T7288] netlink: 'syz.0.313': attribute type 4 has an invalid length. [ 206.655904][ T7283] CPU: 0 UID: 0 PID: 7283 Comm: syz.2.312 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 206.655920][ T7283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 206.655927][ T7283] Call Trace: [ 206.655931][ T7283] [ 206.655936][ T7283] dump_stack_lvl+0x241/0x360 [ 206.655956][ T7283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.655966][ T7283] ? __pfx__printk+0x10/0x10 [ 206.655992][ T7283] ? __pfx_lock_release+0x10/0x10 [ 206.656006][ T7283] ? vfs_write+0x7fa/0xd10 [ 206.656020][ T7283] should_fail_ex+0x40a/0x550 [ 206.656036][ T7283] _copy_from_user+0x2d/0xb0 [ 206.656050][ T7283] move_addr_to_kernel+0x82/0x150 [ 206.656064][ T7283] __sys_bind+0x124/0x290 [ 206.656077][ T7283] ? __pfx___sys_bind+0x10/0x10 [ 206.656094][ T7283] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 206.656107][ T7283] ? do_syscall_64+0x100/0x230 [ 206.656123][ T7283] __x64_sys_bind+0x7a/0x90 [ 206.656136][ T7283] do_syscall_64+0xf3/0x230 [ 206.656148][ T7283] ? clear_bhb_loop+0x35/0x90 [ 206.656164][ T7283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.656177][ T7283] RIP: 0033:0x7f321bd8d169 [ 206.656186][ T7283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.656194][ T7283] RSP: 002b:00007f321cbf1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 206.656205][ T7283] RAX: ffffffffffffffda RBX: 00007f321bfa5fa0 RCX: 00007f321bd8d169 [ 206.656212][ T7283] RDX: 0000000000000010 RSI: 0000400000000100 RDI: 0000000000000004 [ 206.656218][ T7283] RBP: 00007f321cbf1090 R08: 0000000000000000 R09: 0000000000000000 [ 206.656224][ T7283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.656229][ T7283] R13: 0000000000000000 R14: 00007f321bfa5fa0 R15: 00007ffcc3782ba8 [ 206.656242][ T7283] [ 206.844919][ T5823] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 207.012807][ T5823] usb 4-1: Using ep0 maxpacket: 32 [ 207.118779][ T5823] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 207.142166][ T5823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 207.172958][ T5823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 207.205232][ T5823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 207.222914][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 207.242710][ T5823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 207.286472][ T5823] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 207.299280][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.314441][ T5823] usb 4-1: Product: syz [ 207.320336][ T5823] usb 4-1: Manufacturer: syz [ 207.342416][ T5823] usb 4-1: SerialNumber: syz [ 207.383362][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 207.387231][ T5823] usb 4-1: config 0 descriptor?? [ 207.394385][ T9] usb 5-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 207.421763][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.479108][ T9] usb 5-1: config 0 descriptor?? [ 207.517139][ T9] usb 5-1: selecting invalid altsetting 3 [ 207.526042][ T9] comedi comedi0: could not set alternate setting 3 in high speed [ 207.537482][ T9] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 207.559319][ T9] usbduxsigma 5-1:0.0: probe with driver usbduxsigma failed with error -22 [ 207.734943][ T9] usb 5-1: USB disconnect, device number 18 [ 208.766660][ T7300] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 208.794723][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -110 [ 208.806365][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 208.841889][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 208.873571][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 208.901238][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 208.979410][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 208.992907][ T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 209.041436][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.225421][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.233985][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.240302][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.256550][ T9] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 209.273758][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.287423][ T9] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 209.301441][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.313514][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.320925][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.331717][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.341945][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.374922][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.396095][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.402320][ T9] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 209.432856][ T10] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 209.433638][ T5823] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 209.446411][ T9] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.532842][ T9] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 209.570205][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.590055][ T5823] input input7: Timeout waiting for response from device. [ 209.632791][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 209.650747][ T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 209.677251][ T10] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 209.705311][ T9] usb 6-1: invalid MIDI out EP 0 [ 209.712801][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.750467][ T10] usb 5-1: config 0 descriptor?? [ 209.781978][ T10] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 209.837414][ T9] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 209.943413][ T5905] usb 6-1: USB disconnect, device number 13 [ 209.967773][ T9] usb 4-1: USB disconnect, device number 15 [ 210.167617][ T7311] netlink: 44 bytes leftover after parsing attributes in process `syz.4.319'. [ 210.207918][ T7311] netlink: 43 bytes leftover after parsing attributes in process `syz.4.319'. [ 210.252748][ T7311] netlink: 'syz.4.319': attribute type 6 has an invalid length. [ 210.262446][ T7311] netlink: 'syz.4.319': attribute type 5 has an invalid length. [ 210.271171][ T7311] netlink: 43 bytes leftover after parsing attributes in process `syz.4.319'. [ 210.325339][ T5840] udevd[5840]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 210.345739][ T10] gspca_nw80x: reg_w err -71 [ 210.354804][ T10] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 210.369238][ T10] usb 5-1: USB disconnect, device number 19 [ 210.574550][ T7317] overlayfs: failed to resolve './file1': -2 [ 211.746707][ T7327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.325'. [ 211.882953][ T10] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 212.072948][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 212.135082][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 212.952839][ T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 212.985476][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 213.025474][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 213.137988][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 213.484013][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 213.559889][ T7338] FAULT_INJECTION: forcing a failure. [ 213.559889][ T7338] name failslab, interval 1, probability 0, space 0, times 0 [ 213.572554][ T7338] CPU: 1 UID: 0 PID: 7338 Comm: syz.2.329 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 213.572569][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 213.572575][ T7338] Call Trace: [ 213.572581][ T7338] [ 213.572586][ T7338] dump_stack_lvl+0x241/0x360 [ 213.572604][ T7338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.572614][ T7338] ? __pfx__printk+0x10/0x10 [ 213.572634][ T7338] ? fs_reclaim_acquire+0x93/0x130 [ 213.572655][ T7338] ? __pfx___might_resched+0x10/0x10 [ 213.572678][ T7338] should_fail_ex+0x40a/0x550 [ 213.572703][ T7338] should_failslab+0xac/0x100 [ 213.572728][ T7338] __kmalloc_noprof+0xdd/0x4c0 [ 213.572741][ T7338] ? kstrtouint_from_user+0x128/0x190 [ 213.572755][ T7338] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 213.572778][ T7338] tomoyo_realpath_from_path+0xcf/0x5e0 [ 213.572800][ T7338] tomoyo_path_number_perm+0x239/0x770 [ 213.572813][ T7338] ? __lock_acquire+0x1397/0x2100 [ 213.572840][ T7338] ? tomoyo_path_number_perm+0x209/0x770 [ 213.572854][ T7338] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 213.572887][ T7338] ? __fget_files+0x2a/0x410 [ 213.572899][ T7338] ? __fget_files+0x2a/0x410 [ 213.572911][ T7338] security_file_ioctl+0xc6/0x2a0 [ 213.572927][ T7338] __se_sys_ioctl+0x46/0x170 [ 213.572941][ T7338] do_syscall_64+0xf3/0x230 [ 213.572956][ T7338] ? clear_bhb_loop+0x35/0x90 [ 213.572972][ T7338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.572984][ T7338] RIP: 0033:0x7f321bd8d169 [ 213.573000][ T7338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.573009][ T7338] RSP: 002b:00007f321cbd0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.573020][ T7338] RAX: ffffffffffffffda RBX: 00007f321bfa6080 RCX: 00007f321bd8d169 [ 213.573027][ T7338] RDX: 0000400000000080 RSI: 0000000000005408 RDI: 0000000000000008 [ 213.573033][ T7338] RBP: 00007f321cbd0090 R08: 0000000000000000 R09: 0000000000000000 [ 213.573039][ T7338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.573045][ T7338] R13: 0000000000000000 R14: 00007f321bfa6080 R15: 00007ffcc3782ba8 [ 213.573059][ T7338] [ 213.786357][ T7338] ERROR: Out of memory at tomoyo_realpath_from_path. [ 214.023830][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.116061][ T7345] netlink: 'syz.0.330': attribute type 4 has an invalid length. [ 214.135344][ T10] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 214.185606][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.226531][ T10] usb 6-1: Product: syz [ 214.251309][ T10] usb 6-1: Manufacturer: syz [ 214.275264][ T10] usb 6-1: SerialNumber: syz [ 214.296631][ T10] usb 6-1: config 0 descriptor?? [ 214.323059][ T10] usb 6-1: can't set config #0, error -71 [ 214.357954][ T10] usb 6-1: USB disconnect, device number 14 [ 215.293042][ T7357] FAULT_INJECTION: forcing a failure. [ 215.293042][ T7357] name failslab, interval 1, probability 0, space 0, times 0 [ 215.446567][ T7357] CPU: 0 UID: 0 PID: 7357 Comm: syz.3.335 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 215.446587][ T7357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 215.446593][ T7357] Call Trace: [ 215.446597][ T7357] [ 215.446602][ T7357] dump_stack_lvl+0x241/0x360 [ 215.446620][ T7357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.446630][ T7357] ? __pfx__printk+0x10/0x10 [ 215.446644][ T7357] ? fs_reclaim_acquire+0x93/0x130 [ 215.446658][ T7357] ? __pfx___might_resched+0x10/0x10 [ 215.446671][ T7357] should_fail_ex+0x40a/0x550 [ 215.446688][ T7357] should_failslab+0xac/0x100 [ 215.446703][ T7357] __kmalloc_noprof+0xdd/0x4c0 [ 215.446713][ T7357] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 215.446727][ T7357] tomoyo_realpath_from_path+0xcf/0x5e0 [ 215.446743][ T7357] tomoyo_check_open_permission+0x258/0x4f0 [ 215.446759][ T7357] ? tomoyo_check_open_permission+0x207/0x4f0 [ 215.446772][ T7357] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 215.446806][ T7357] ? __pfx_lock_acquire+0x10/0x10 [ 215.446828][ T7357] ? __fget_files+0x2a/0x410 [ 215.446842][ T7357] ? __fget_files+0x395/0x410 [ 215.446851][ T7357] ? __fget_files+0x2a/0x410 [ 215.446860][ T7357] ? tomoyo_file_fcntl+0x16d/0x200 [ 215.446873][ T7357] security_file_fcntl+0x9a/0x2a0 [ 215.446889][ T7357] __se_sys_fcntl+0x94/0x1e0 [ 215.446902][ T7357] do_syscall_64+0xf3/0x230 [ 215.446916][ T7357] ? clear_bhb_loop+0x35/0x90 [ 215.446931][ T7357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.446944][ T7357] RIP: 0033:0x7effbd18d169 [ 215.446953][ T7357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.446961][ T7357] RSP: 002b:00007effbe058038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 215.446973][ T7357] RAX: ffffffffffffffda RBX: 00007effbd3a6080 RCX: 00007effbd18d169 [ 215.446980][ T7357] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 215.446986][ T7357] RBP: 00007effbe058090 R08: 0000000000000000 R09: 0000000000000000 [ 215.446991][ T7357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.446997][ T7357] R13: 0000000000000000 R14: 00007effbd3a6080 R15: 00007ffcd56620c8 [ 215.447011][ T7357] [ 215.447016][ T7357] ERROR: Out of memory at tomoyo_realpath_from_path. [ 215.994065][ T10] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 216.002798][ T5877] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 216.402022][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 216.407661][ T7362] overlayfs: failed to resolve './file1': -2 [ 216.588983][ T5877] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 216.617293][ T10] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 216.625818][ T5877] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 216.636993][ T10] usb 6-1: config 0 has no interface number 0 [ 216.644134][ T5877] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 216.655091][ T10] usb 6-1: config 0 interface 12 has no altsetting 0 [ 216.663446][ T5877] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 216.677173][ T10] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 216.688305][ T5877] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 216.697469][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.707834][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.716253][ T10] usb 6-1: Product: syz [ 216.721119][ T10] usb 6-1: Manufacturer: syz [ 216.737574][ T5877] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 216.756673][ T10] usb 6-1: SerialNumber: syz [ 216.765942][ T5877] usb 3-1: invalid MIDI out EP 0 [ 216.801023][ T10] usb 6-1: config 0 descriptor?? [ 216.871267][ T5877] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 216.901780][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 218.583640][ T9] usb 3-1: USB disconnect, device number 12 [ 218.815196][ T7372] netlink: 'syz.4.338': attribute type 4 has an invalid length. [ 219.622793][ T10] f81534 6-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 219.672860][ T10] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71 [ 219.680231][ T10] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 219.706865][ T10] f81534 6-1:0.12: probe with driver f81534 failed with error -71 [ 219.778262][ T10] usb 6-1: USB disconnect, device number 15 [ 219.943751][ T7381] netlink: 28 bytes leftover after parsing attributes in process `syz.5.342'. [ 219.960265][ T7381] netlink: 28 bytes leftover after parsing attributes in process `syz.5.342'. [ 220.652891][ T10] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 220.842786][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 221.038498][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.065215][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 221.782769][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 221.825679][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 221.885826][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 222.065721][ T7404] overlayfs: failed to resolve './file1': -2 [ 222.137363][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 222.258972][ T7397] FAULT_INJECTION: forcing a failure. [ 222.258972][ T7397] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.356777][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 222.380314][ T7397] CPU: 0 UID: 0 PID: 7397 Comm: syz.5.347 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 222.380339][ T7397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 222.380348][ T7397] Call Trace: [ 222.380355][ T7397] [ 222.380362][ T7397] dump_stack_lvl+0x241/0x360 [ 222.380390][ T7397] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.380407][ T7397] ? __pfx__printk+0x10/0x10 [ 222.380436][ T7397] ? snprintf+0xda/0x120 [ 222.380458][ T7397] should_fail_ex+0x40a/0x550 [ 222.380486][ T7397] _copy_to_user+0x31/0xb0 [ 222.380509][ T7397] simple_read_from_buffer+0xca/0x150 [ 222.380538][ T7397] proc_fail_nth_read+0x1e9/0x250 [ 222.380567][ T7397] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 222.380595][ T7397] ? rw_verify_area+0x243/0x630 [ 222.380614][ T7397] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 222.380640][ T7397] vfs_read+0x1f8/0xb40 [ 222.380660][ T7397] ? fdget_pos+0x254/0x320 [ 222.380678][ T7397] ? __pfx___mutex_lock+0x10/0x10 [ 222.380700][ T7397] ? __pfx_vfs_read+0x10/0x10 [ 222.380723][ T7397] ? __fget_files+0x2a/0x410 [ 222.380742][ T7397] ? __fget_files+0x395/0x410 [ 222.380757][ T7397] ? __fget_files+0x2a/0x410 [ 222.380783][ T7397] ksys_read+0x18f/0x2b0 [ 222.380804][ T7397] ? __pfx_ksys_read+0x10/0x10 [ 222.380824][ T7397] ? do_syscall_64+0x100/0x230 [ 222.380849][ T7397] ? do_syscall_64+0xb6/0x230 [ 222.380874][ T7397] do_syscall_64+0xf3/0x230 [ 222.380895][ T7397] ? clear_bhb_loop+0x35/0x90 [ 222.380918][ T7397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.380938][ T7397] RIP: 0033:0x7fd09bb8bb7c [ 222.380969][ T7397] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 222.380982][ T7397] RSP: 002b:00007fd09c9d0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 222.381001][ T7397] RAX: ffffffffffffffda RBX: 00007fd09bda5fa0 RCX: 00007fd09bb8bb7c [ 222.381013][ T7397] RDX: 000000000000000f RSI: 00007fd09c9d00a0 RDI: 0000000000000005 [ 222.381024][ T7397] RBP: 00007fd09c9d0090 R08: 0000000000000000 R09: 0000000000000000 [ 222.381034][ T7397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.381044][ T7397] R13: 0000000000000000 R14: 00007fd09bda5fa0 R15: 00007ffda00f29b8 [ 222.381070][ T7397] [ 223.043696][ T10] usb 3-1: string descriptor 0 read error: -71 [ 223.061247][ T10] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 223.101397][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.150723][ T10] usb 3-1: config 0 descriptor?? [ 223.197322][ T10] usb 3-1: can't set config #0, error -71 [ 223.262899][ T10] usb 3-1: USB disconnect, device number 13 [ 224.002524][ T5028] Bluetooth: hci5: Frame reassembly failed (-84) [ 224.540633][ T7451] netlink: 'syz.4.368': attribute type 3 has an invalid length. [ 224.573264][ T7451] netlink: 8 bytes leftover after parsing attributes in process `syz.4.368'. [ 224.637804][ T5833] Bluetooth: hci6: sending frame failed (-49) [ 224.645647][ T5830] Bluetooth: hci6: Entering manufacturer mode failed (-49) [ 225.435316][ T7477] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 225.442119][ T7477] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 225.503303][ T7477] vhci_hcd vhci_hcd.0: Device attached [ 225.530175][ T7482] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(6) [ 225.536760][ T7482] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 225.586435][ T7482] vhci_hcd vhci_hcd.0: Device attached [ 225.595219][ T7477] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 225.608599][ T7477] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(8) [ 225.615138][ T7477] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 225.635571][ T7477] vhci_hcd vhci_hcd.0: Device attached [ 225.647241][ T7477] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(11) [ 225.653892][ T7477] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 225.662035][ T7477] vhci_hcd vhci_hcd.0: Device attached [ 225.667656][ T5830] Bluetooth: hci2: command 0x0405 tx timeout [ 225.674213][ T5875] vhci_hcd: vhci_device speed not set [ 225.681443][ T7491] vhci_hcd: connection closed [ 225.683661][ T7483] vhci_hcd: connection closed [ 225.689052][ T7478] vhci_hcd: connection closed [ 225.689103][ T7488] vhci_hcd: connection closed [ 225.703485][ T5952] vhci_hcd: stop threads [ 225.716958][ T5952] vhci_hcd: release socket [ 225.722836][ T5952] vhci_hcd: disconnect device [ 225.729596][ T5952] vhci_hcd: stop threads [ 225.738223][ T5952] vhci_hcd: release socket [ 225.743362][ T5875] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 225.753087][ T5952] vhci_hcd: disconnect device [ 225.761491][ T5952] vhci_hcd: stop threads [ 225.765926][ T5952] vhci_hcd: release socket [ 225.770464][ T5952] vhci_hcd: disconnect device [ 225.780736][ T5952] vhci_hcd: stop threads [ 225.786261][ T5952] vhci_hcd: release socket [ 225.790804][ T5952] vhci_hcd: disconnect device [ 225.972927][ T7497] tipc: Started in network mode [ 225.978103][ T7497] tipc: Node identity 6abd36207843, cluster identity 4711 [ 225.985808][ T7497] tipc: Enabled bearer , priority 0 [ 225.997149][ T7496] tipc: Resetting bearer [ 226.065604][ T5830] Bluetooth: hci5: command 0x1003 tx timeout [ 226.072302][ T5825] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 226.490732][ T5825] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 226.515730][ T7507] netlink: 104 bytes leftover after parsing attributes in process `syz.3.388'. [ 226.996334][ T5823] tipc: Node number set to 318649888 [ 227.155235][ T5877] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 227.199745][ T7524] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 227.230147][ T7524] kvm: pic: single mode not supported [ 227.230318][ T7524] kvm: pic: level sensitive irq not supported [ 227.244256][ T7524] kvm: pic: non byte read [ 227.269851][ T7524] kvm: pic: single mode not supported [ 227.269901][ T7524] kvm: pic: level sensitive irq not supported [ 227.276143][ T7524] kvm: pic: non byte read [ 227.314770][ T5877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.325330][ T5877] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 227.337739][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.349346][ T5877] usb 4-1: config 0 descriptor?? [ 227.371143][ T5877] pwc: Askey VC010 type 2 USB webcam detected. [ 227.600393][ T5877] pwc: send_video_command error -71 [ 227.616114][ T5877] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 227.644298][ T5877] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 227.659561][ T5877] usb 4-1: USB disconnect, device number 16 [ 227.903050][ T5825] Bluetooth: hci2: command 0x0405 tx timeout [ 228.071115][ T5825] Bluetooth: hci0: unexpected event for opcode 0x0c14 [ 228.143249][ T5877] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 228.328645][ T5877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.347019][ T5877] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 228.356591][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.396347][ T5877] usb 4-1: config 0 descriptor?? [ 228.405899][ T5877] pwc: Askey VC010 type 2 USB webcam detected. [ 228.823708][ T5877] pwc: recv_control_msg error -32 req 02 val 2b00 [ 228.831453][ T5877] pwc: recv_control_msg error -32 req 02 val 2700 [ 228.854808][ T5877] pwc: recv_control_msg error -32 req 02 val 2c00 [ 228.886628][ T5877] pwc: recv_control_msg error -32 req 04 val 1000 [ 228.893912][ T5877] pwc: recv_control_msg error -32 req 04 val 1300 [ 228.901659][ T5877] pwc: recv_control_msg error -32 req 04 val 1400 [ 228.902263][ T7496] tipc: Disabling bearer [ 228.909800][ T5877] pwc: recv_control_msg error -32 req 02 val 2000 [ 228.922166][ T5877] pwc: recv_control_msg error -32 req 02 val 2100 [ 228.929927][ T5877] pwc: recv_control_msg error -32 req 04 val 1500 [ 228.950829][ T5877] pwc: recv_control_msg error -32 req 02 val 2500 [ 229.167268][ T5877] pwc: recv_control_msg error -71 req 02 val 2600 [ 229.186169][ T5877] pwc: recv_control_msg error -71 req 02 val 2900 [ 229.203441][ T5877] pwc: recv_control_msg error -71 req 02 val 2800 [ 229.211909][ T5877] pwc: recv_control_msg error -71 req 04 val 1100 [ 229.219394][ T5877] pwc: recv_control_msg error -71 req 04 val 1200 [ 229.231145][ T5877] pwc: Registered as video103. [ 229.251655][ T5877] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8 [ 229.323751][ T5877] usb 4-1: USB disconnect, device number 17 [ 229.413679][ T7554] netlink: 40 bytes leftover after parsing attributes in process `syz.2.404'. [ 229.984809][ T5825] Bluetooth: hci2: command 0x0405 tx timeout [ 230.115912][ T7559] ================================================================== [ 230.124008][ T7559] BUG: KASAN: slab-use-after-free in cfusbl_device_notify+0x188/0x6e0 [ 230.132186][ T7559] Read of size 8 at addr ffff88802a144bf0 by task syz.5.405/7559 [ 230.139898][ T7559] [ 230.142215][ T7559] CPU: 0 UID: 0 PID: 7559 Comm: syz.5.405 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 230.142232][ T7559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 230.142241][ T7559] Call Trace: [ 230.142248][ T7559] [ 230.142254][ T7559] dump_stack_lvl+0x241/0x360 [ 230.142274][ T7559] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.142288][ T7559] ? __pfx__printk+0x10/0x10 [ 230.142308][ T7559] ? _printk+0xd5/0x120 [ 230.142326][ T7559] ? __virt_addr_valid+0x183/0x530 [ 230.142348][ T7559] ? __virt_addr_valid+0x183/0x530 [ 230.142367][ T7559] print_report+0x16e/0x5b0 [ 230.142386][ T7559] ? __virt_addr_valid+0x183/0x530 [ 230.142403][ T7559] ? __virt_addr_valid+0x183/0x530 [ 230.142420][ T7559] ? __virt_addr_valid+0x45f/0x530 [ 230.142439][ T7559] ? __phys_addr+0xba/0x170 [ 230.142459][ T7559] ? cfusbl_device_notify+0x188/0x6e0 [ 230.142479][ T7559] kasan_report+0x143/0x180 [ 230.142497][ T7559] ? cfusbl_device_notify+0x188/0x6e0 [ 230.142519][ T7559] cfusbl_device_notify+0x188/0x6e0 [ 230.142553][ T7559] ? __pfx_cfusbl_device_notify+0x10/0x10 [ 230.142578][ T7559] ? __pfx_caif_device_notify+0x10/0x10 [ 230.142599][ T7559] ? smc_pnet_netdev_event+0x38f/0x690 [ 230.142621][ T7559] ? lockdep_rtnl_is_held+0x26/0x40 [ 230.142645][ T7559] notifier_call_chain+0x1a5/0x3f0 [ 230.142669][ T7559] register_netdevice+0x126c/0x1b60 [ 230.142683][ T7559] ? __mutex_lock+0x602/0x1010 [ 230.142707][ T7559] ? __pfx_register_netdevice+0x10/0x10 [ 230.142720][ T7559] ? __kvmalloc_node_noprof+0x72/0x190 [ 230.142742][ T7559] ? dev_addr_mod+0xf1/0x430 [ 230.142760][ T7559] ? __asan_memset+0x23/0x50 [ 230.142779][ T7559] register_netdev+0x40/0x50 [ 230.142792][ T7559] bnep_add_connection+0x823/0xe10 [ 230.142816][ T7559] ? __pfx_bnep_add_connection+0x10/0x10 [ 230.142836][ T7559] ? __fget_files+0x395/0x410 [ 230.142853][ T7559] do_bnep_sock_ioctl+0x4f8/0x8d0 [ 230.142875][ T7559] ? __pfx_do_bnep_sock_ioctl+0x10/0x10 [ 230.142894][ T7559] ? tomoyo_path_number_perm+0x5dd/0x770 [ 230.142915][ T7559] ? tomoyo_path_number_perm+0x5dd/0x770 [ 230.142935][ T7559] ? __lock_acquire+0x1397/0x2100 [ 230.142958][ T7559] sock_do_ioctl+0x158/0x460 [ 230.142975][ T7559] ? __pfx_smack_log+0x10/0x10 [ 230.142991][ T7559] ? __pfx_sock_do_ioctl+0x10/0x10 [ 230.143007][ T7559] ? smk_tskacc+0x300/0x370 [ 230.143024][ T7559] ? smack_file_ioctl+0x2a5/0x3b0 [ 230.143043][ T7559] sock_ioctl+0x626/0x8e0 [ 230.143058][ T7559] ? __pfx_sock_ioctl+0x10/0x10 [ 230.143073][ T7559] ? __fget_files+0x2a/0x410 [ 230.143086][ T7559] ? __fget_files+0x2a/0x410 [ 230.143100][ T7559] ? __pfx_sock_ioctl+0x10/0x10 [ 230.143115][ T7559] __se_sys_ioctl+0xf5/0x170 [ 230.143136][ T7559] do_syscall_64+0xf3/0x230 [ 230.143155][ T7559] ? clear_bhb_loop+0x35/0x90 [ 230.143176][ T7559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.143194][ T7559] RIP: 0033:0x7fd09bb8d169 [ 230.143216][ T7559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.143228][ T7559] RSP: 002b:00007fd09c9d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.143245][ T7559] RAX: ffffffffffffffda RBX: 00007fd09bda5fa0 RCX: 00007fd09bb8d169 [ 230.143255][ T7559] RDX: 00004000000000c0 RSI: 00000000400442c8 RDI: 0000000000000005 [ 230.143265][ T7559] RBP: 00007fd09bc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 230.143274][ T7559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.143284][ T7559] R13: 0000000000000000 R14: 00007fd09bda5fa0 R15: 00007ffda00f29b8 [ 230.143298][ T7559] [ 230.143304][ T7559] [ 230.490546][ T7559] Allocated by task 5833: [ 230.494876][ T7559] kasan_save_track+0x3f/0x80 [ 230.499551][ T7559] __kasan_kmalloc+0x98/0xb0 [ 230.504143][ T7559] __kmalloc_cache_noprof+0x243/0x390 [ 230.509502][ T7559] __hci_conn_add+0x2f9/0x1890 [ 230.514256][ T7559] hci_conn_request_evt+0x642/0xf00 [ 230.519441][ T7559] hci_event_packet+0xac1/0x1540 [ 230.524365][ T7559] hci_rx_work+0x3f3/0xdb0 [ 230.528771][ T7559] process_scheduled_works+0xabe/0x18e0 [ 230.534306][ T7559] worker_thread+0x870/0xd30 [ 230.538886][ T7559] kthread+0x7a9/0x920 [ 230.542948][ T7559] ret_from_fork+0x4b/0x80 [ 230.547370][ T7559] ret_from_fork_asm+0x1a/0x30 [ 230.552125][ T7559] [ 230.554523][ T7559] Freed by task 56: [ 230.558310][ T7559] kasan_save_track+0x3f/0x80 [ 230.562979][ T7559] kasan_save_free_info+0x40/0x50 [ 230.567989][ T7559] __kasan_slab_free+0x59/0x70 [ 230.572744][ T7559] kfree+0x196/0x430 [ 230.576633][ T7559] device_release+0x99/0x1c0 [ 230.581211][ T7559] kobject_put+0x22f/0x480 [ 230.585620][ T7559] hci_conn_del+0x8c4/0xc40 [ 230.590116][ T7559] hci_conn_failed+0x319/0x400 [ 230.594870][ T7559] hci_abort_conn_sync+0xd27/0x1340 [ 230.600059][ T7559] hci_cmd_sync_work+0x22b/0x400 [ 230.604989][ T7559] process_scheduled_works+0xabe/0x18e0 [ 230.610539][ T7559] worker_thread+0x870/0xd30 [ 230.615127][ T7559] kthread+0x7a9/0x920 [ 230.619188][ T7559] ret_from_fork+0x4b/0x80 [ 230.623598][ T7559] ret_from_fork_asm+0x1a/0x30 [ 230.628358][ T7559] [ 230.630674][ T7559] Last potentially related work creation: [ 230.636384][ T7559] kasan_save_stack+0x3f/0x60 [ 230.641057][ T7559] kasan_record_aux_stack+0xaa/0xc0 [ 230.646249][ T7559] insert_work+0x3e/0x330 [ 230.650565][ T7559] __queue_work+0xc62/0x1090 [ 230.655148][ T7559] queue_delayed_work_on+0x1ca/0x390 [ 230.660423][ T7559] l2cap_chan_del+0x291/0x5d0 [ 230.665089][ T7559] l2cap_conn_del+0x391/0x690 [ 230.669757][ T7559] l2cap_connect_cfm+0xcc/0x1090 [ 230.674683][ T7559] hci_conn_failed+0x287/0x400 [ 230.679435][ T7559] hci_abort_conn_sync+0xd27/0x1340 [ 230.684630][ T7559] hci_cmd_sync_work+0x22b/0x400 [ 230.689558][ T7559] process_scheduled_works+0xabe/0x18e0 [ 230.695095][ T7559] worker_thread+0x870/0xd30 [ 230.699673][ T7559] kthread+0x7a9/0x920 [ 230.703733][ T7559] ret_from_fork+0x4b/0x80 [ 230.708138][ T7559] ret_from_fork_asm+0x1a/0x30 [ 230.712887][ T7559] [ 230.715197][ T7559] Second to last potentially related work creation: [ 230.721768][ T7559] kasan_save_stack+0x3f/0x60 [ 230.726434][ T7559] kasan_record_aux_stack+0xaa/0xc0 [ 230.731621][ T7559] insert_work+0x3e/0x330 [ 230.735937][ T7559] __queue_work+0xd9a/0x1090 [ 230.740515][ T7559] call_timer_fn+0x187/0x650 [ 230.745099][ T7559] __run_timer_base+0x695/0x8e0 [ 230.749942][ T7559] run_timer_softirq+0xb7/0x170 [ 230.754783][ T7559] handle_softirqs+0x2d4/0x9b0 [ 230.759547][ T7559] __irq_exit_rcu+0xf7/0x220 [ 230.764124][ T7559] irq_exit_rcu+0x9/0x30 [ 230.768350][ T7559] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 230.773973][ T7559] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 230.779945][ T7559] [ 230.782255][ T7559] The buggy address belongs to the object at ffff88802a144000 [ 230.782255][ T7559] which belongs to the cache kmalloc-8k of size 8192 [ 230.796293][ T7559] The buggy address is located 3056 bytes inside of [ 230.796293][ T7559] freed 8192-byte region [ffff88802a144000, ffff88802a146000) [ 230.810254][ T7559] [ 230.812566][ T7559] The buggy address belongs to the physical page: [ 230.818960][ T7559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a140 [ 230.827731][ T7559] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 230.836223][ T7559] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 230.843760][ T7559] page_type: f5(slab) [ 230.847726][ T7559] raw: 00fff00000000040 ffff88801b042280 dead000000000100 dead000000000122 [ 230.856294][ T7559] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 230.864883][ T7559] head: 00fff00000000040 ffff88801b042280 dead000000000100 dead000000000122 [ 230.873558][ T7559] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 230.882225][ T7559] head: 00fff00000000003 ffffea0000a85001 ffffffffffffffff 0000000000000000 [ 230.890885][ T7559] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 230.899554][ T7559] page dumped because: kasan: bad access detected [ 230.905962][ T7559] page_owner tracks the page as allocated [ 230.911663][ T7559] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5492, tgid 5492 (dhcpcd), ts 52951754975, free_ts 52926841730 [ 230.932326][ T7559] post_alloc_hook+0x1f4/0x240 [ 230.937090][ T7559] get_page_from_freelist+0x3651/0x37a0 [ 230.942627][ T7559] __alloc_frozen_pages_noprof+0x292/0x710 [ 230.948430][ T7559] alloc_pages_mpol+0x311/0x660 [ 230.953280][ T7559] allocate_slab+0x8f/0x3a0 [ 230.957773][ T7559] ___slab_alloc+0xc27/0x14a0 [ 230.962437][ T7559] __slab_alloc+0x58/0xa0 [ 230.966755][ T7559] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0 [ 230.973163][ T7559] kmalloc_reserve+0x111/0x2a0 [ 230.977922][ T7559] __alloc_skb+0x1f3/0x440 [ 230.982333][ T7559] netlink_dump+0x1ee/0xe10 [ 230.986826][ T7559] netlink_recvmsg+0x6ec/0x11a0 [ 230.991665][ T7559] sock_recvmsg+0x22f/0x280 [ 230.996157][ T7559] ____sys_recvmsg+0x1c6/0x480 [ 231.000916][ T7559] __sys_recvmsg+0x291/0x390 [ 231.005496][ T7559] do_syscall_64+0xf3/0x230 [ 231.009995][ T7559] page last free pid 5491 tgid 5491 stack trace: [ 231.016304][ T7559] free_frozen_pages+0xe04/0x10e0 [ 231.021319][ T7559] __put_partials+0x160/0x1c0 [ 231.025990][ T7559] put_cpu_partial+0x17c/0x250 [ 231.030746][ T7559] __slab_free+0x290/0x380 [ 231.035156][ T7559] qlist_free_all+0x9a/0x140 [ 231.039741][ T7559] kasan_quarantine_reduce+0x14f/0x170 [ 231.045192][ T7559] __kasan_slab_alloc+0x23/0x80 [ 231.050032][ T7559] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 231.055943][ T7559] __alloc_skb+0x1c3/0x440 [ 231.060352][ T7559] alloc_skb_with_frags+0xc3/0x820 [ 231.065458][ T7559] sock_alloc_send_pskb+0x91a/0xa60 [ 231.070640][ T7559] unix_dgram_sendmsg+0x5e8/0x1df0 [ 231.075736][ T7559] __sock_sendmsg+0x221/0x270 [ 231.080401][ T7559] sock_write_iter+0x2d7/0x3f0 [ 231.085153][ T7559] do_iter_readv_writev+0x71a/0x9d0 [ 231.090337][ T7559] vfs_writev+0x38b/0xbc0 [ 231.094654][ T7559] [ 231.096963][ T7559] Memory state around the buggy address: [ 231.102576][ T7559] ffff88802a144a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 231.110622][ T7559] ffff88802a144b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 231.118666][ T7559] >ffff88802a144b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 231.126724][ T7559] ^ [ 231.134429][ T7559] ffff88802a144c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 231.142480][ T7559] ffff88802a144c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 231.150527][ T7559] ================================================================== [ 231.210093][ T7559] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 231.217339][ T7559] CPU: 1 UID: 0 PID: 7559 Comm: syz.5.405 Not tainted 6.14.0-rc5-syzkaller-00214-g21e4543a2e2f #0 [ 231.227936][ T7559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 231.238005][ T7559] Call Trace: [ 231.241290][ T7559] [ 231.244218][ T7559] dump_stack_lvl+0x241/0x360 [ 231.248891][ T7559] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.254087][ T7559] ? __pfx__printk+0x10/0x10 [ 231.258673][ T7559] ? preempt_schedule+0xe1/0xf0 [ 231.263516][ T7559] ? vscnprintf+0x5d/0x90 [ 231.267835][ T7559] panic+0x349/0x880 [ 231.271720][ T7559] ? check_panic_on_warn+0x21/0xb0 [ 231.276831][ T7559] ? __pfx_panic+0x10/0x10 [ 231.281242][ T7559] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 231.287216][ T7559] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 231.293532][ T7559] ? print_report+0x519/0x5b0 [ 231.298204][ T7559] check_panic_on_warn+0x86/0xb0 [ 231.303136][ T7559] ? cfusbl_device_notify+0x188/0x6e0 [ 231.308514][ T7559] end_report+0x77/0x160 [ 231.312768][ T7559] kasan_report+0x154/0x180 [ 231.317285][ T7559] ? cfusbl_device_notify+0x188/0x6e0 [ 231.322671][ T7559] cfusbl_device_notify+0x188/0x6e0 [ 231.327888][ T7559] ? __pfx_cfusbl_device_notify+0x10/0x10 [ 231.333612][ T7559] ? __pfx_caif_device_notify+0x10/0x10 [ 231.339155][ T7559] ? smc_pnet_netdev_event+0x38f/0x690 [ 231.344608][ T7559] ? lockdep_rtnl_is_held+0x26/0x40 [ 231.349801][ T7559] notifier_call_chain+0x1a5/0x3f0 [ 231.354919][ T7559] register_netdevice+0x126c/0x1b60 [ 231.360108][ T7559] ? __mutex_lock+0x602/0x1010 [ 231.364870][ T7559] ? __pfx_register_netdevice+0x10/0x10 [ 231.370415][ T7559] ? __kvmalloc_node_noprof+0x72/0x190 [ 231.375868][ T7559] ? dev_addr_mod+0xf1/0x430 [ 231.380452][ T7559] ? __asan_memset+0x23/0x50 [ 231.385038][ T7559] register_netdev+0x40/0x50 [ 231.389614][ T7559] bnep_add_connection+0x823/0xe10 [ 231.394724][ T7559] ? __pfx_bnep_add_connection+0x10/0x10 [ 231.400351][ T7559] ? __fget_files+0x395/0x410 [ 231.405021][ T7559] do_bnep_sock_ioctl+0x4f8/0x8d0 [ 231.410062][ T7559] ? __pfx_do_bnep_sock_ioctl+0x10/0x10 [ 231.415600][ T7559] ? tomoyo_path_number_perm+0x5dd/0x770 [ 231.421227][ T7559] ? tomoyo_path_number_perm+0x5dd/0x770 [ 231.426853][ T7559] ? __lock_acquire+0x1397/0x2100 [ 231.431877][ T7559] sock_do_ioctl+0x158/0x460 [ 231.436458][ T7559] ? __pfx_smack_log+0x10/0x10 [ 231.441211][ T7559] ? __pfx_sock_do_ioctl+0x10/0x10 [ 231.446316][ T7559] ? smk_tskacc+0x300/0x370 [ 231.450808][ T7559] ? smack_file_ioctl+0x2a5/0x3b0 [ 231.455825][ T7559] sock_ioctl+0x626/0x8e0 [ 231.460147][ T7559] ? __pfx_sock_ioctl+0x10/0x10 [ 231.464985][ T7559] ? __fget_files+0x2a/0x410 [ 231.469567][ T7559] ? __fget_files+0x2a/0x410 [ 231.474146][ T7559] ? __pfx_sock_ioctl+0x10/0x10 [ 231.478984][ T7559] __se_sys_ioctl+0xf5/0x170 [ 231.483568][ T7559] do_syscall_64+0xf3/0x230 [ 231.488067][ T7559] ? clear_bhb_loop+0x35/0x90 [ 231.492737][ T7559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.498622][ T7559] RIP: 0033:0x7fd09bb8d169 [ 231.503034][ T7559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.522648][ T7559] RSP: 002b:00007fd09c9d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.531067][ T7559] RAX: ffffffffffffffda RBX: 00007fd09bda5fa0 RCX: 00007fd09bb8d169 [ 231.539036][ T7559] RDX: 00004000000000c0 RSI: 00000000400442c8 RDI: 0000000000000005 [ 231.546996][ T7559] RBP: 00007fd09bc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 231.554959][ T7559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.562920][ T7559] R13: 0000000000000000 R14: 00007fd09bda5fa0 R15: 00007ffda00f29b8 [ 231.570886][ T7559] [ 231.574131][ T7559] Kernel Offset: disabled [ 231.578440][ T7559] Rebooting in 86400 seconds..