last executing test programs: 58.676114545s ago: executing program 1 (id=911): lseek(0xffffffffffffffff, 0xff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) getrlimit(0x8, &(0x7f0000000900)) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@newtaction={0xf18, 0x30, 0xb, 0x0, 0x0, {}, [{0xf04, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xeb8, 0x2, 0x0, 0x0, {{0xa}, {0xe8c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x5, 0xa, 0x4, 0x1, 0x2000000}, 0x5, 0x1}, [{0x9, 0x80000001, 0x1, 0x630, 0x8, 0x1}, {0xdf, 0x4, 0x5, 0x5, 0x10, 0xe}, {0x1, 0x85a, 0x5, 0xe6db, 0x3, 0xfffffffc}, {0x6, 0x400, 0x9321, 0x9, 0x6, 0x7}, {0x5, 0x5, 0xffffffc0, 0x80, 0x3}, {0xe, 0xf5, 0x3, 0x9, 0xffffbff8, 0x3}, {0x0, 0x7, 0xfff, 0x2, 0x9163ef6c, 0x40080003}, {0x3, 0x3, 0x80, 0x0, 0xacc4, 0x2}, {0x8001, 0xffb, 0x9, 0xffff, 0xfffffffe, 0x81}, {0x8, 0xfff, 0x6, 0xeb84, 0x8, 0x30c4}, {0x7, 0x9, 0xfffffffc, 0x100, 0x4}, {0x8004, 0x80000001, 0xfffffeff, 0xdf, 0x4, 0x5}, {0x0, 0x80000001, 0x9, 0x7, 0x1000, 0x7}, {0x5, 0x2, 0xfffffffd, 0x9, 0x474, 0x594}, {0x7fffffff, 0x1, 0x8, 0xfffffff9, 0x6, 0xffffffff}, {0x24, 0x5, 0xf, 0x6, 0x6, 0x8000003}, {0xbb, 0x5, 0x2, 0x310, 0xf}, {0x9b7d, 0x52fc, 0x3, 0x3, 0x48, 0x9}, {0xbd, 0x8, 0x10, 0xe4d, 0x7f, 0x3}, {0x8, 0x8, 0x9, 0x27, 0x2, 0x5}, {0x4, 0x1000, 0x5, 0x6, 0x93e, 0x6}, {0x1, 0x7, 0x0, 0x1, 0xff, 0x3}, {0xb, 0x7f, 0xfffff417, 0x1, 0x3ff, 0x9}, {0x4, 0x8, 0x7, 0xb, 0x8, 0x80004d}, {0x34db, 0xffff, 0x0, 0x3ff, 0x1, 0x400}, {0x1, 0xcb1d, 0x8, 0x1, 0x0, 0x4}, {0x5, 0x3, 0x7, 0x8, 0x3, 0x984}, {0x2, 0xffffffff, 0x3, 0x2, 0x9, 0x40}, {0x7, 0x281, 0x7fffffff, 0x381, 0x3, 0x8}, {0x5, 0x4, 0x1, 0x8, 0x4, 0x2f}, {0x6, 0x3, 0x4, 0xd1a1, 0x9, 0x7}, {0x5, 0x3, 0x8, 0x4, 0x16, 0x2}, {0x8001, 0x87, 0x6, 0x1, 0x3, 0x4}, {0x6, 0x9e4, 0x8b7f, 0x11, 0x3, 0x7}, {0x7, 0x1, 0x800, 0x70f, 0x8001, 0x3}, {0x4, 0x10, 0x6, 0x1, 0x4, 0x22ff}, {0x5, 0x10001, 0x9, 0x0, 0x10001, 0x7}, {0xf85, 0x2e, 0x100, 0x3, 0x100, 0xe60c}, {0x2, 0x5, 0x1, 0xe000000}, {0x4e2, 0x6ae, 0x2, 0x100, 0x4, 0xd}, {0x1, 0xcad, 0xa5, 0x2, 0x4d800, 0x33}, {0x20, 0x7f, 0x33, 0x2, 0x400, 0x4}, {0x4, 0x62e, 0xb, 0x219c, 0x0, 0x5}, {0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0x945a, 0x0, 0x0, 0x8, 0x3}, {0xda1, 0x893, 0x2, 0x9, 0xfffffa2e, 0x6}, {0x1, 0xfffffff3, 0x7fffffff, 0x8, 0x0, 0x1}, {0x2, 0x8, 0x2, 0xe, 0x2, 0x2}, {0x6, 0x100, 0xe, 0x10000, 0x5, 0x7}, {0x0, 0x6, 0x7, 0x4, 0xc, 0x800}, {0x8, 0x10000, 0x1, 0x1, 0x7}, {0x7d5, 0x2, 0x4, 0x800, 0xf}, {0x1, 0x5, 0x6, 0x2, 0x8, 0xc}, {0x2, 0x1, 0x3, 0xc, 0x1, 0x2c3}, {0x1000, 0x3, 0xbc, 0x8001, 0xfa, 0x8}, {0x2, 0x3, 0x9, 0x50e, 0x55ac, 0xa5e2}, {0x0, 0x196680, 0xffffff91, 0x100, 0x3, 0x7}, {0x4, 0x4, 0x2, 0x1, 0x0, 0xe}, {0xfffffff5, 0x8, 0x7023, 0x8, 0x5, 0x851}, {0x3, 0x78, 0x7, 0xa, 0x5dec4cac, 0x6}, {0x4, 0x9, 0x3a, 0x2, 0x8, 0x602}, {0x4, 0x7fffffff, 0x0, 0x8, 0x8, 0xff}, {0x7, 0xfffffff1, 0x2f2c, 0x400, 0x6, 0x6}, {0x10001, 0x81, 0x40, 0x2, 0x89, 0x2}, {0x2, 0x8550, 0x4c, 0x3, 0xfffffffa, 0x736d}, {0x7f, 0x199, 0x5, 0x9, 0x7, 0x2}, {0x7, 0x1, 0x9, 0x7, 0x2, 0x7}, {0x9, 0x3f1, 0x4, 0x5, 0x5, 0x8}, {0x100, 0x3ff, 0x4, 0x7f53, 0x7, 0x1}, {0x3ff, 0xc, 0x4, 0x1, 0x4, 0x4}, {0x9, 0x381, 0xfff, 0x5d7c, 0x0, 0x8001}, {0x8, 0x0, 0x7, 0xfffffffb, 0x3ee, 0x4}, {0xbfffffe, 0x6, 0x101, 0x5, 0x400, 0x400}, {0x7fff, 0xb3, 0x2, 0x10000, 0x6, 0x14}, {0x0, 0x1, 0x4c90, 0x4, 0x7f, 0x8}, {0x5, 0x25b, 0x0, 0x3, 0x2, 0x2}, {0x29dbdf0, 0xd, 0xfffffffd, 0x7, 0x6, 0x3}, {0x7, 0x1, 0xa, 0x8, 0x5, 0x5}, {0x473, 0x8, 0x2, 0x400, 0x4000000, 0x69b3d6e6}, {0x1, 0xb7bb, 0x22800000, 0x3, 0x10, 0x5}, {0x7f, 0x7, 0x6, 0xffffffff, 0x3, 0x8}, {0xfffffff7, 0x80000000, 0xa, 0x40, 0x863, 0x2}, {0xb, 0x9, 0xc, 0x3c1, 0x6e, 0x40}, {0x6, 0xd, 0x6, 0xfb0000, 0x1, 0x7}, {0xe0, 0x100, 0x1, 0xb, 0x8, 0x7}, {0xfff, 0x1, 0x0, 0x38, 0x0, 0x9}, {0x82, 0x10, 0x401, 0x0, 0x4, 0xef}, {0x7, 0x2, 0x200, 0x8, 0x9, 0x2}, {0x54, 0x5, 0xa33f, 0x101, 0x2, 0x10001}, {0x1, 0x4, 0x800004, 0x10001, 0x2, 0xce}, {0x4, 0x8, 0x8, 0x3, 0xf, 0x9}, {0x6, 0x5, 0x8, 0xffffffff, 0x405b9, 0x6}, {0x9, 0x0, 0x9, 0x2, 0x9}, {0x0, 0x2, 0xb, 0x7fffffff, 0xfc0, 0x7f1b4893}, {0x4, 0xd, 0x10, 0x4, 0x7, 0x4}, {0x4, 0x5, 0xe, 0x3, 0x3dcb, 0x9}, {0x200, 0x0, 0xe8, 0x1, 0x800000d4, 0x1}, {0xc651, 0x5f83, 0x2, 0x1, 0xd, 0x8}, {0xfff, 0x5, 0x1, 0x0, 0x49, 0x5}, {0x5, 0x3, 0x7, 0x97fd, 0xef, 0x202}, {0x2, 0xa, 0x1000, 0x1, 0x6, 0xe0}, {0x800, 0x4c, 0x7, 0x0, 0xfffffff7, 0x9}, {0x6, 0xffff, 0xffff8001, 0xa, 0xae36, 0x8}, {0xcfb7, 0x0, 0x101, 0x2, 0x1, 0xaa82}, {0x6, 0x800, 0xec3d, 0xffffffff, 0xea5, 0x3}, {0x9, 0x5, 0x2, 0x0, 0x0, 0xdd}, {0x6, 0x6, 0x0, 0x1e9, 0x6, 0x1}, {0x3, 0x7, 0x7, 0x3, 0x400, 0x81}, {0x970, 0x100, 0xb2eb, 0x2, 0x3, 0x9}, {0x3, 0x6, 0x8, 0x7, 0xd, 0x474c}, {0xf, 0x101, 0x9a, 0x1000, 0x2, 0xfffffffc}, {0x3, 0x98e, 0x1a5e666b, 0x10, 0x7, 0x9}, {0xfffffffb, 0x3, 0x3, 0x2ee8000, 0x8}, {0x3, 0x2, 0x2, 0x3, 0x3, 0x2}, {0x7, 0x4, 0x1, 0x7, 0x101, 0xef}, {0x709e, 0x9, 0x425b597f, 0x1, 0x2, 0x7}, {0x6, 0xc000000, 0x3ff, 0x4, 0x8, 0x5}, {0x3, 0x6, 0x7, 0xfffffff9, 0x0, 0xffffffff}, {0x7, 0x9, 0x8, 0x0, 0x9, 0xd6}, {0x24, 0x10001, 0x6, 0x1, 0x39d6}, {0x401, 0x7d4, 0x9, 0x8000, 0xffff, 0x7}, {0x6, 0x92e4, 0x130, 0x0, 0x4, 0x9}, {0x1, 0x7fff, 0x7, 0x8001, 0x8, 0x5}, {0x7e, 0x800, 0xfffffff9, 0xa, 0x4b64, 0x80000001}, {0x2ad78a25, 0x2, 0x6, 0x6, 0x4, 0x8}, {0x2, 0x9, 0x0, 0x8a7, 0x129, 0xc}, {0x7, 0x2, 0x8, 0x3, 0xe01, 0xf933271}, {0x4a3, 0x0, 0x3, 0x514c, 0xf8a, 0x19}], [{0x5}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x4}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x4}, {0x5}, {0x3, 0x1}, {0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x1, 0x1}, {}, {0x3}, {0x2, 0x1}, {0x5}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x5}, {0x9, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x2}, {0x1}, {0x2, 0x1}, {0x6, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x2}, {0x2}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x6, 0x1}, {0x5, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x68, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf18}}, 0x0) socket$inet(0x2, 0x6, 0x4) ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000440)={0x0, 0x1, 0x0, &(0x7f0000000880)=[{}], 0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, &(0x7f0000000540), 0x0, 0x0, &(0x7f00000002c0)}) getpid() r2 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x1000000}]}]}}, 0x0, 0x42, 0x0, 0x0, 0x4000000}, 0x20) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000800)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="bc3310", 0x3}], 0x1, 0x0, 0x0, 0x8010}], 0x1, 0x40890) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000940)={@remote, @local}, 0xc) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x200}, 0x10) write(r4, &(0x7f00000000c0)="240000001e005f0214f6fffffffffff80700", 0x12) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1b, 0xe, 0x0, &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040), 0x10}, 0x94) prlimit64(0x0, 0x7, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, &(0x7f0000000300), 0x4) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 55.933880663s ago: executing program 1 (id=917): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b40)=@mangle={'mangle\x00', 0x2, 0x6, 0x538, 0xd0, 0x370, 0x1b0, 0x0, 0x0, 0x468, 0x468, 0x468, 0x468, 0x468, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [0x0, 0x0, 0xffffffff], [0x0, 0x0, 0xff000000], 'pimreg0\x00', 'macvtap0\x00', {}, {}, 0x6, 0x10, 0x0, 0x44}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000010000000}}, @HL={0x28}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @dev, [0x0, 0xff, 0xffffffff], [0x0, 0x0, 0xff000000], 'veth1_macvtap\x00', 'macvlan0\x00', {}, {}, 0x0, 0x3, 0x0, 0x1}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {0x0, 0xff}, 0xfffffffc}}}, {{@ipv6={@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffffff], [0x0, 0xffffffff, 0xff], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@CLASSIFY={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0, 0x6000000}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@mcast2}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598) 55.778012847s ago: executing program 1 (id=920): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xbf21, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x20}}}, &(0x7f0000000200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0xd}, 0x94) 55.091757965s ago: executing program 1 (id=922): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x800000000008, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) creat(0x0, 0x80166a87e08db6a7) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=ANY=[@ANYBLOB='\b\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010300000000000000001c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20040005}, 0x40040) mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6, 0x0, 0x9, 0x1) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r0, 0x4002f516, &(0x7f00000002c0)={0x5, 0x7f}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, &(0x7f0000000040)=0x5, 0x6, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r9, &(0x7f0000000240)={0x24, &(0x7f0000000280)=ANY=[@ANYRES8=r6, @ANYRESDEC=r6, @ANYRES64=r5], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r9, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB=' ', @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 50.123829342s ago: executing program 1 (id=938): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000f40)={0x2020, 0x0, 0x0, 0x0}, 0x2020) prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f00000000c0)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) quotactl_fd$Q_GETFMT(r0, 0xffffffff80000402, r2, &(0x7f0000000140)) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r6 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket(0x2, 0x80805, 0x0) write$FUSE_INIT(r6, 0x0, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000f00), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r7, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave']) chdir(&(0x7f0000000240)='./file0\x00') r8 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0x70, 0x0) ftruncate(r8, 0x2007ffc) sendfile(r8, r8, 0x0, 0x800000009) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 46.790028677s ago: executing program 1 (id=945): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r0], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYRES64=r1], 0x78}}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) sendto(r2, &(0x7f0000000100)="ac591cc8255c02ca68cc8832f6f6a4328e83079a882e8f5c80c61690534bc46d8a20c5e2463dfca879da0da11e2d07286f6c8bd80388", 0x36, 0x40, &(0x7f0000000500)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @private=0xa010101}, 0x2, 0x2, 0x0, 0x4}}, 0x80) r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x4cfb, 0x80, 0x3, 0x135}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x42}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x114, &(0x7f0000000000)=0x7fff, 0x0, 0x4) connect$unix(r6, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) r9 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10) write(r9, &(0x7f0000000000)="240000001a005fb75c2f084bf912b70002000000000000000000000008001e80ffffff00", 0x24) r10 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r10, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r10, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x6, 0x4}, 0x20) connect$l2tp6(r10, &(0x7f00000000c0)={0xa, 0x0, 0x6, @empty, 0x7}, 0x20) sendmsg$nl_xfrm(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c010000160001002bbd7000fedbdf250a010101000000000000000000000000fe8800000000000000000000000001014e2300004e2400000a0080201d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa000004d533000000ac1414100000000000000000000000000800000000000000b507000000000000000000000000000006000000000000000900000000000000faffffffffffffffffffffff000000000300000000000000020000000000000003000000000000000100000000000000faffffffffffffff0000000001000100f9ffffff2abd700000000000000002060100000000000000080000004f07000008001f00040000002c32100f060013000a010100000000000000000000000000e0000002000000000000000000000000000000000a000000"], 0x12c}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x18, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x6, 0x0, 0x0, 0x0, 0x132, 0x3}) 31.003301257s ago: executing program 32 (id=945): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r0], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYRES64=r1], 0x78}}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) sendto(r2, &(0x7f0000000100)="ac591cc8255c02ca68cc8832f6f6a4328e83079a882e8f5c80c61690534bc46d8a20c5e2463dfca879da0da11e2d07286f6c8bd80388", 0x36, 0x40, &(0x7f0000000500)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @private=0xa010101}, 0x2, 0x2, 0x0, 0x4}}, 0x80) r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x4cfb, 0x80, 0x3, 0x135}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x42}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x114, &(0x7f0000000000)=0x7fff, 0x0, 0x4) connect$unix(r6, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) r9 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10) write(r9, &(0x7f0000000000)="240000001a005fb75c2f084bf912b70002000000000000000000000008001e80ffffff00", 0x24) r10 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r10, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r10, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x6, 0x4}, 0x20) connect$l2tp6(r10, &(0x7f00000000c0)={0xa, 0x0, 0x6, @empty, 0x7}, 0x20) sendmsg$nl_xfrm(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c010000160001002bbd7000fedbdf250a010101000000000000000000000000fe8800000000000000000000000001014e2300004e2400000a0080201d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa000004d533000000ac1414100000000000000000000000000800000000000000b507000000000000000000000000000006000000000000000900000000000000faffffffffffffffffffffff000000000300000000000000020000000000000003000000000000000100000000000000faffffffffffffff0000000001000100f9ffffff2abd700000000000000002060100000000000000080000004f07000008001f00040000002c32100f060013000a010100000000000000000000000000e0000002000000000000000000000000000000000a000000"], 0x12c}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x18, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x6, 0x0, 0x0, 0x0, 0x132, 0x3}) 5.85977658s ago: executing program 0 (id=1082): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'veth1_to_bridge\x00', 0x200}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r1) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r2, 0x3e8c4ddb697c9f8f, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x80000001, '\x00', 0x0, 0x0}, 0x48) syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2000400c) sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f00000000c0)={@dev={0xfe, 0x80, '\x00', 0x3e}, 0x65}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000340)={0x3, 0x980900, 0x2}) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"}) ioctl$VIDIOC_DQEVENT(r3, 0x80885659, &(0x7f0000000100)) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x6c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'}) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000200)={0x40, 0x17, 0xe, "77d99156dc59fbe08389ecdc93c1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) 4.015457141s ago: executing program 0 (id=1093): ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 3.528043108s ago: executing program 0 (id=1101): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_BUFINFO(r0, 0xc02c640e, 0x0) 3.299251337s ago: executing program 0 (id=1104): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000038b4c2ca7a72c062070c96c001c0000001c00002002000000000000000200000d000000000000000000000000000000000000000067df0600004cbd647a284a6d10d9c1f0ff171ecd68f8479b07dbf5dcf141829b10b5628537f59a65"], 0x0, 0x36}, 0x28) syz_usb_connect(0x3, 0x56, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000014e2fc203c419b81c0a701020301090244000100000000090400000302060000052406"], 0x0) 3.062338416s ago: executing program 5 (id=977): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3c8, 0x0, 0x110, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x22}, @rand_addr=0x64010102, 0x4}}}, {{@arp={@multicast2, @private=0xa010102, 0xff, 0xffffff00, 0xd, 0x10, {@mac=@multicast, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x8, 0x0, 0x0, 0x8, 0x1, 0x5a, 'macvlan0\x00', 'ipvlan0\x00', {0xff}, {}, 0x0, 0x100}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0xf8010000, 0x0, 0x0, {@mac=@link_local, {[0xff]}}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 2.93613453s ago: executing program 5 (id=1106): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000880)={0x2, 0x0, 0x1c, 0x1b, 0x17b, 0x0}) 2.748086929s ago: executing program 2 (id=1108): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x15) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x101000) openat$sequencer(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x10001, 0x0, 0x0, 0x0, 0xf6e4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x10001, 0x2}, 0x0, 0x0) 2.692322881s ago: executing program 5 (id=1109): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 2.499908664s ago: executing program 5 (id=1110): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000003d80)=""/4102, 0x1006}, {&(0x7f00000006c0)=""/229, 0xe5}, {&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000003d00)=""/91, 0x5b}, {&(0x7f0000000340)=""/217, 0xd9}], 0x6}, 0x101}], 0x4, 0x40010020, 0x0) 2.275914566s ago: executing program 5 (id=1113): socket$kcm(0x10, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) 1.701449042s ago: executing program 2 (id=1116): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000300)={"ad3a4aed34038aa1401adc25db180802597714ad26adb926c30ed551094f891698c440d96e0edaef913a9e28228a9c2b0a919b6830a558b65ea2bdffa5dc291a73eef7bac32f340f9f59659cf04d1d58634eb6bb54ac782f23faf62e9047227388c62333d941372de26880f2b37d27b5a3d8f6693c3fc926bb4dc537a38a4145ba7909e7ae207d1d9e89423010b99e60363d90768279fb848695a61c02a229199f9d1a4dffb01f492a109a9c1e16964e436ab44c83332ddf367495bcaebd3fb30cf5a28c3800e0ad569cae49c19b6f8f88d92df1381fc37b5cb25ce74622dd75804565fd9214b7c1cd3f8a61096fc78879621188075f7a2d4cd6ab17a35e0ea0cbeb0db723ad6dfb9f0e335bea3daf4eee359f07635347388a6c03af5795a7e7055d905aad7767271981914632218971154dd04e1b46734d83260c67648098e971233f4ccb6301881503e859e14ac2083d1a427ffabf0a5d89784487c98ed96ecc72940f74afd2bec02f44960870450be845d03a09dfb572de356133364d39ae5d5861c0ddf4a15c38f9187aa3ca882d7d7fc69e3dc98dcc2f31f69e6478e5dedfb6d13be915fb20bd14ff3227fc64aa8d41b13655222acc7ffe4809000000ab5804519cb17e3e96649b187a82f3d5e61103723abd65a3faa017cd19d68ab9896cf03d623db6d317ee068cb6a0a430ce240ad7429ebe3241f4260a104dba55e3c4f8b69118461ea02afcf6117da53393f31ea02b820519791019ee6a08df8071e4ced6f857aca470bdecb89b079499b550c52ea51f252d1964377c423b9c4460abc9277d8661d9be1b0ed2c95b26624523bc11744f560441a2f129c372ea4d1c8051c8692cb4e6ce6b5fca4ed653a571320c4c021d4f9e63f85e586721a49c509d84ad00df5b9614159134060f6068ad9c551225f0110340b69e9508c7c023ec7c333b1b4ab6f9b1c7266086e686eb6ea402e9aa7c2143dd893e07b2b04fb2078284aaed761e48e6194535ecd07863072562ec00bd2f9bdc1fa6cc293420540b23a279f4b4b8ea298f4733cfbc00a45927873d3d135cfffe2888a3aacd36f27439d9575a75ccffffffffffffffff6d62d86784ef91f8f3743dd845b7aded34bb6d210fd84b5fc85ab7077e0a2083f398bdc3dc8d6a1b28002319d4ffbee40a19fbb6c2c1b9d6e7fb59ef9986b10325bec3bd522fdd008e2594c626752769c72e3131733422bd52a450d64d130121393b5120592cbc74ec713a6f0e21e37d3baacec366f9798577b8e58aa58a88aa15b29d6dd2c94653a8193b21049986a849dad1dca1de89f29a18449ef877528ac96007beb235da551382290bad2a14bff4b8e139125e5a4fdf030dcdd50f23f55a9a4c53beadcd2c91271b7a796c390a26c15f8623c9f45e8cd4d638216ff4bd4dd100"}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) 1.571960176s ago: executing program 3 (id=1117): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r1, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000)) 1.418647262s ago: executing program 3 (id=1119): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r2], 0x68}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x2c, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {0x1, 0xb}, {0xd}, {0x11, 0xfff1}}, [{0x8, 0xb, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, 0x0, 0x0) sendfile(r4, r3, 0x0, 0x20000023893) r5 = creat(&(0x7f0000000080)='./file0\x00', 0xc7) close(r5) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000200)=0x2000, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x8, r7}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, &(0x7f00000000c0), &(0x7f0000000100)='GPL\x00', 0x8001, 0x0, 0x0, 0x40f00, 0x40, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=[r3, r5, 0xffffffffffffffff], &(0x7f00000002c0)=[{0x0, 0x2, 0x6, 0x7}, {0x3, 0x4, 0x10, 0x3}, {0x3, 0x2, 0xf, 0x2}, {0x1, 0x4, 0xe, 0x2}], 0x10, 0x23}, 0x94) 1.410249151s ago: executing program 0 (id=1120): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000000000008500000026000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x8, &(0x7f0000000d80)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098ee6889900", 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.219972308s ago: executing program 2 (id=1121): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) readahead(r0, 0x1, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0) ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000040)) 1.169191674s ago: executing program 0 (id=1123): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003ac9bcc20d118af1ebb5a0102030109022400010700800b0904bb06023ae504000905070020000508ce09"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x84, &(0x7f0000000400)=ANY=[@ANYBLOB="400d02000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.119597043s ago: executing program 2 (id=1124): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x24d}, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 983.50804ms ago: executing program 3 (id=1125): unshare(0x22020600) r0 = open(&(0x7f0000000100)='.\x00', 0x200880, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0) 776.008571ms ago: executing program 2 (id=1127): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000092000040"]) 775.724994ms ago: executing program 3 (id=1128): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 719.432018ms ago: executing program 4 (id=1129): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001811"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x81, 0x1, 0x1, 0x85}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x8eb2e000f2c28467}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) 661.413193ms ago: executing program 3 (id=1130): sched_setscheduler(0x0, 0x2, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) socket$inet(0x2, 0x5, 0x2) mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil) close(r0) 496.08879ms ago: executing program 4 (id=1131): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) munmap(&(0x7f0000004000/0x1000)=nil, 0x1000) 495.833948ms ago: executing program 2 (id=1132): syz_usb_connect(0x5, 0xe4, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000040010902d2f6010000400009046a00067af4190009050f080000050801060c8b631b75072501020207000905013375dea5c2dda673ca3a22fb53d27daa", @ANYRES32, @ANYRES64=0x0], 0x0) 412.499172ms ago: executing program 5 (id=1133): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) getpriority(0xe23ca1df2bff446e, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) keyctl$set_reqkey_keyring(0xe, 0x3) r1 = request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='\x00\x00', 0x0) add_key(&(0x7f0000000040)='rxrpc_s\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, r1) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@acquire={0x174, 0x17, 0x1, 0x0, 0x0, {{@in6=@private0}, @in6=@remote, {@in=@remote, @in6=@private0}, {{@in6=@private2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@XFRMA_IF_ID={0x8, 0x1f, 0x2}, @tmpl={0x44, 0x5, [{{@in=@loopback, 0x0, 0x3c}, 0x0, @in6=@private2}]}]}, 0x174}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001400)) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 404.893047ms ago: executing program 4 (id=1134): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000380)={0x10000008}) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) 240.097563ms ago: executing program 3 (id=1135): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 194.896228ms ago: executing program 4 (id=1136): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000010280)={0x0, 0xb, 0x0, 0x5}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000000540)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x3, @loopback, 0x3}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000240)="dc", 0x1}], 0x1}}], 0x1, 0x3404c891) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x5b, 0x0, 0x0) 102.239391ms ago: executing program 4 (id=1137): connect$netlink(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000e00)=@HCI_EVENT_PKT={0x4, @hci_ev_keypress_notify={{0x3c, 0x7}, {@any, 0x10}}}, 0xa) 0s ago: executing program 4 (id=1138): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xbb5, 0xffffffffffffffca, 0x100, 0xfffffffffffffff6, 0x6, 0x401, 0x6, 0x2, 0x0, 0x8, 0x100000001, 0xba25, 0x1000, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x40080}) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): X: 000000000000000f RSI: 00007f85313e20a0 RDI: 0000000000000005 [ 155.025665][ T6552] RBP: 00007f85313e2090 R08: 0000000000000000 R09: 0000000000000000 [ 155.025678][ T6552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.025690][ T6552] R13: 0000000000000000 R14: 00007f85307b6080 R15: 00007ffc7d475ee8 [ 155.025730][ T6552] [ 156.757029][ T5978] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 156.856881][ T6581] bond_slave_0: entered promiscuous mode [ 156.863330][ T6581] bond_slave_1: entered promiscuous mode [ 156.905045][ T6581] vlan2: entered promiscuous mode [ 156.910990][ T5924] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 156.941619][ T5978] usb 2-1: Using ep0 maxpacket: 32 [ 157.232247][ T6581] bond0: entered promiscuous mode [ 157.322304][ T5924] usb 5-1: config 0 has no interfaces? [ 157.400025][ T5924] usb 5-1: New USB device found, idVendor=0499, idProduct=104f, bcdDevice=70.6f [ 157.511173][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.622608][ T5924] usb 5-1: Product: syz [ 157.674093][ T5924] usb 5-1: Manufacturer: syz [ 157.735746][ T5924] usb 5-1: SerialNumber: syz [ 157.746172][ T5978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.757519][ T5978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.767453][ T5978] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 157.777060][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.777899][ T5924] usb 5-1: config 0 descriptor?? [ 157.812961][ T5978] usb 2-1: config 0 descriptor?? [ 157.814645][ T6587] netlink: 248 bytes leftover after parsing attributes in process `syz.2.168'. [ 157.841617][ T6587] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'. [ 157.852744][ T6587] netlink: 44 bytes leftover after parsing attributes in process `syz.2.168'. [ 157.930243][ T6589] SET target dimension over the limit! [ 157.965604][ T6587] netlink: 'syz.2.168': attribute type 1 has an invalid length. [ 157.996763][ T6587] netlink: 224 bytes leftover after parsing attributes in process `syz.2.168'. [ 158.298435][ T5924] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 158.303706][ T5978] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 158.338494][ T24] usb 5-1: USB disconnect, device number 7 [ 158.491933][ T5924] usb 4-1: device descriptor read/64, error -71 [ 158.753395][ T5972] usb 2-1: USB disconnect, device number 4 [ 158.795630][ T5924] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 159.078394][ T5924] usb 4-1: device descriptor read/64, error -71 [ 159.207229][ T5924] usb usb4-port1: attempt power cycle [ 160.056306][ T5924] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 160.096734][ T5924] usb 4-1: device descriptor read/8, error -71 [ 160.336732][ T5924] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 160.405249][ T5924] usb 4-1: device descriptor read/8, error -71 [ 160.436862][ T5910] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 160.517376][ T5924] usb usb4-port1: unable to enumerate USB device [ 160.606863][ T5910] usb 2-1: Using ep0 maxpacket: 32 [ 160.614652][ T5910] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 160.649430][ T5910] usb 2-1: config 0 has no interface number 0 [ 160.682995][ T5910] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 160.692385][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.733007][ T5910] usb 2-1: Product: syz [ 160.756779][ T5910] usb 2-1: Manufacturer: syz [ 160.773069][ T5910] usb 2-1: SerialNumber: syz [ 160.812031][ T5910] usb 2-1: config 0 descriptor?? [ 160.828422][ T5910] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 161.060082][ T5910] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 161.118495][ T5910] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 161.263199][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 210 [ 161.470412][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 161.481352][ T5910] usb 2-1: USB disconnect, device number 5 [ 161.698128][ T5910] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 161.927113][ T5910] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 162.044695][ T5910] quatech2 2-1:0.51: device disconnected [ 162.506864][ T6640] tipc: Started in network mode [ 162.512700][ T6640] tipc: Node identity ac14140f, cluster identity 4711 [ 162.524414][ T6640] tipc: New replicast peer: 255.255.255.255 [ 162.538325][ T6640] tipc: Enabled bearer , priority 10 [ 162.627306][ T6640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.182'. [ 162.637059][ T6640] tipc: Disabling bearer [ 163.266749][ T5910] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 164.217530][ T5910] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 164.368244][ T5910] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 164.386954][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.395066][ T5910] usb 2-1: Product: syz [ 164.399657][ T5910] usb 2-1: Manufacturer: syz [ 164.404285][ T5910] usb 2-1: SerialNumber: syz [ 164.498321][ T5910] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 164.516857][ T5852] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 164.686999][ T5852] usb 1-1: Using ep0 maxpacket: 32 [ 164.697229][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.704682][ T6665] netlink: 12 bytes leftover after parsing attributes in process `syz.4.189'. [ 164.717291][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.731558][ T5852] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 164.760858][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.777886][ T5852] usb 1-1: config 0 descriptor?? [ 165.078465][ T5910] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 165.124637][ T5910] usb 2-1: USB disconnect, device number 6 [ 165.271480][ T5852] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 165.513825][ T5852] usb 1-1: USB disconnect, device number 5 [ 165.741467][ T6685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.882743][ T6685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.973386][ T6687] bond_slave_0: entered promiscuous mode [ 165.979140][ T6687] bond_slave_1: entered promiscuous mode [ 165.997244][ T6687] vlan2: entered promiscuous mode [ 166.002414][ T6687] bond0: entered promiscuous mode [ 166.006812][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 166.190894][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.232274][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.286304][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 166.350855][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 166.398916][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.467513][ T10] usb 5-1: config 0 descriptor?? [ 166.757446][ T6697] netlink: 28 bytes leftover after parsing attributes in process `syz.0.196'. [ 167.257425][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 167.263535][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 167.275920][ T10] usb 5-1: USB disconnect, device number 8 [ 168.731040][ T5910] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 168.907250][ T5910] usb 3-1: Using ep0 maxpacket: 32 [ 168.918963][ T5910] usb 3-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30 [ 168.930864][ T5910] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.961696][ T5910] usb 3-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 168.993342][ T5910] usb 3-1: config 0 interface 0 has no altsetting 0 [ 169.000423][ T5910] usb 3-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00 [ 169.010472][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.024217][ T5910] usb 3-1: config 0 descriptor?? [ 169.499856][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 169.603717][ T6729] netlink: 16 bytes leftover after parsing attributes in process `syz.4.205'. [ 169.621132][ T6729] netlink: 128 bytes leftover after parsing attributes in process `syz.4.205'. [ 169.714674][ T5910] zeroplus 0003:0C12:0030.0007: hidraw0: USB HID v0.03 Device [HID 0c12:0030] on usb-dummy_hcd.2-1/input0 [ 169.836701][ T10] usb 4-1: device descriptor read/64, error -71 [ 169.973415][ T5910] zeroplus 0003:0C12:0030.0007: no inputs found [ 170.158019][ T5852] usb 3-1: USB disconnect, device number 7 [ 170.176731][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 170.205333][ T6733] fido_id[6733]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 170.257257][ T5924] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 170.366856][ T10] usb 4-1: device descriptor read/64, error -71 [ 170.419313][ T5924] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 170.430644][ T5924] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.446763][ T5924] usb 1-1: config 0 interface 0 has no altsetting 0 [ 170.501257][ T5924] usb 1-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 170.501410][ T10] usb usb4-port1: attempt power cycle [ 170.510656][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.776222][ T5924] usb 1-1: config 0 descriptor?? [ 171.235200][ T6734] team0: Device gtp0 is of different type [ 171.246933][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 171.814345][ T10] usb 4-1: device descriptor read/8, error -71 [ 172.026215][ T5924] usbhid 1-1:0.0: can't add hid device: -71 [ 172.034249][ T5924] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 172.067788][ T5924] usb 1-1: USB disconnect, device number 6 [ 172.279972][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 172.327170][ T6759] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad) [ 172.336081][ T6759] PKCS7: Only support pkcs7_signedData type [ 172.526687][ T10] usb 4-1: device not accepting address 12, error -71 [ 172.667608][ T10] usb usb4-port1: unable to enumerate USB device [ 172.823468][ T6769] netlink: 'syz.2.215': attribute type 2 has an invalid length. [ 173.032230][ T6784] netlink: 24 bytes leftover after parsing attributes in process `syz.0.219'. [ 173.102559][ T5978] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 173.251613][ T6786] tipc: Started in network mode [ 173.259547][ T6786] tipc: Node identity ac14140f, cluster identity 4711 [ 173.278561][ T6786] tipc: New replicast peer: 255.255.255.255 [ 173.291575][ T6786] tipc: Enabled bearer , priority 10 [ 173.478501][ T6786] netlink: 12 bytes leftover after parsing attributes in process `syz.2.220'. [ 173.540170][ T5978] usb 5-1: Using ep0 maxpacket: 16 [ 173.555516][ T6786] tipc: Disabling bearer [ 173.556177][ T5978] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 173.588689][ T5978] usb 5-1: config 0 has no interface number 0 [ 173.597848][ T5978] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 173.641373][ T5978] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 173.671918][ T5978] usb 5-1: config 0 interface 41 has no altsetting 0 [ 173.684115][ T5978] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 173.693970][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.725643][ T5978] usb 5-1: Product: syz [ 173.737567][ T5978] usb 5-1: Manufacturer: syz [ 173.742205][ T5978] usb 5-1: SerialNumber: syz [ 173.774648][ T5978] usb 5-1: config 0 descriptor?? [ 173.788278][ T6777] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 173.795749][ T6777] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 173.889790][ T5910] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 174.007737][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 174.021543][ T6777] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 174.041008][ T6777] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 174.070315][ T5910] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 174.103920][ T5910] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 174.145560][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.184483][ T5910] usb 3-1: Product: syz [ 174.184849][ T5978] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 174.210588][ T5910] usb 3-1: Manufacturer: syz [ 174.210747][ T10] usb 1-1: device descriptor read/64, error -71 [ 174.232713][ T5910] usb 3-1: SerialNumber: syz [ 174.250219][ T5978] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71 [ 174.336056][ T5978] usb 5-1: USB disconnect, device number 9 [ 174.359716][ T5910] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 175.139417][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 175.162842][ T5910] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 175.414315][ T10] usb 1-1: device descriptor read/64, error -71 [ 175.545070][ T10] usb usb1-port1: attempt power cycle [ 176.076733][ T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 176.872086][ T10] usb 1-1: device descriptor read/8, error -71 [ 176.917508][ T5910] usb 3-1: USB disconnect, device number 8 [ 179.461079][ T6840] ieee802154 phy1 wpan1: encryption failed: -22 [ 179.577231][ T6840] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 180.237006][ T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 180.505441][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 180.560542][ T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 180.621748][ T10] usb 2-1: config 0 has no interface number 0 [ 180.997261][ T10] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 181.008536][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.047229][ T10] usb 2-1: Product: syz [ 181.084817][ T6853] netlink: 40 bytes leftover after parsing attributes in process `syz.2.237'. [ 181.239213][ T10] usb 2-1: Manufacturer: syz [ 181.296041][ T10] usb 2-1: SerialNumber: syz [ 181.315485][ T10] usb 2-1: config 0 descriptor?? [ 181.386912][ T10] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 181.903332][ T6871] Zero length message leads to an empty skb [ 181.910129][ T6871] warning: `syz.0.241' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 181.922916][ T10] gspca_spca1528: reg_w err -110 [ 181.946770][ T10] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110 [ 182.707345][ T5910] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 183.684208][ T5910] usb 1-1: Invalid ep0 maxpacket: 16 [ 183.969416][ T5910] usb 1-1: new low-speed USB device number 12 using dummy_hcd [ 184.292367][ T5910] usb 1-1: Invalid ep0 maxpacket: 16 [ 184.347107][ T5910] usb usb1-port1: attempt power cycle [ 184.382464][ T5972] usb 2-1: USB disconnect, device number 7 [ 184.736837][ T5910] usb 1-1: new low-speed USB device number 13 using dummy_hcd [ 184.998378][ T6898] tipc: Enabled bearer , priority 0 [ 185.043016][ T6898] syzkaller0: entered promiscuous mode [ 185.054231][ T6898] syzkaller0: entered allmulticast mode [ 185.549255][ T5910] usb 1-1: device descriptor read/8, error -71 [ 185.670299][ T6898] tipc: Resetting bearer [ 185.691228][ T6895] tipc: Resetting bearer [ 185.728541][ T6895] tipc: Disabling bearer [ 186.721560][ T6927] netlink: 72 bytes leftover after parsing attributes in process `syz.0.258'. [ 187.655559][ T6930] binder: 6929:6930 ioctl 4018620d 0 returned -22 [ 187.688059][ T6930] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.260'. [ 187.726728][ T6930] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 188.707667][ T6940] netlink: 28 bytes leftover after parsing attributes in process `syz.0.261'. [ 189.684917][ T6952] trusted_key: syz.1.265 sent an empty control message without MSG_MORE. [ 190.371083][ T6961] netlink: 'syz.2.269': attribute type 2 has an invalid length. [ 190.914591][ T6971] batadv1: entered promiscuous mode [ 192.635795][ T6976] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 192.698199][ T5978] kernel write not supported for file bpf-prog (pid: 5978 comm: kworker/0:7) [ 194.475183][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.371123][ T5972] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 195.570155][ T5972] usb 4-1: Using ep0 maxpacket: 32 [ 195.619821][ T5972] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 195.659375][ T5972] usb 4-1: config 0 has no interface number 0 [ 195.710921][ T5972] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 195.742387][ T5972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.773755][ T5972] usb 4-1: Product: syz [ 195.798870][ T5972] usb 4-1: Manufacturer: syz [ 195.827014][ T5972] usb 4-1: SerialNumber: syz [ 195.866137][ T5972] usb 4-1: config 0 descriptor?? [ 195.927819][ T5972] usb 4-1: can't set config #0, error -71 [ 195.989839][ T5972] usb 4-1: USB disconnect, device number 13 [ 197.272753][ T7020] netlink: 40 bytes leftover after parsing attributes in process `syz.2.286'. [ 197.376859][ T5972] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 197.615364][ T5972] usb 4-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.915469][ T5972] usb 4-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 198.101511][ T5972] usb 4-1: config 0 interface 0 has no altsetting 0 [ 198.115190][ T5972] usb 4-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.00 [ 198.158109][ T5972] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.226875][ T5972] usb 4-1: config 0 descriptor?? [ 198.481732][ T5972] usb 4-1: string descriptor 0 read error: -71 [ 198.607389][ T10] usb 3-1: new low-speed USB device number 9 using dummy_hcd [ 198.987335][ T5972] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input9 [ 199.000923][ T5192] bcm5974 4-1:0.0: could not read from device [ 199.059744][ T5192] bcm5974 4-1:0.0: could not read from device [ 199.069956][ T5972] usb 4-1: USB disconnect, device number 14 [ 199.077185][ T5192] bcm5974 4-1:0.0: could not read from device [ 199.138316][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 199.158231][ T5860] udevd[5860]: Error opening device "/dev/input/event4": No such file or directory [ 199.181065][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 199.200766][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 199.216793][ T10] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 199.236844][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 199.268187][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 199.282072][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 199.307938][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 199.315544][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 199.369143][ T10] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 199.385139][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.840781][ T7042] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 199.874141][ T10] hub 3-1:1.0: bad descriptor, ignoring hub [ 199.880679][ T10] hub 3-1:1.0: probe with driver hub failed with error -5 [ 199.915650][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 199.941105][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 199.971837][ T10] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 199.985160][ T10] cdc_wdm 3-1:1.0: Unknown control protocol [ 200.130909][ T7057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.299'. [ 200.168039][ T10] usb 3-1: USB disconnect, device number 9 [ 200.505808][ T7066] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 201.470958][ T7073] netlink: 16 bytes leftover after parsing attributes in process `syz.4.305'. [ 201.480894][ T7073] netlink: 128 bytes leftover after parsing attributes in process `syz.4.305'. [ 204.022121][ T7101] netlink: 'syz.2.312': attribute type 2 has an invalid length. [ 204.306932][ T5924] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 204.751816][ T5924] usb 4-1: device descriptor read/64, error -71 [ 204.876128][ T5969] kernel write not supported for file bpf-prog (pid: 5969 comm: kworker/0:5) [ 205.051680][ T5924] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 205.819138][ T927] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 206.016823][ T5924] usb 4-1: device descriptor read/64, error -71 [ 206.036710][ T927] usb 2-1: Using ep0 maxpacket: 16 [ 206.056240][ T927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.080291][ T5978] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 206.095615][ T927] usb 2-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 206.150922][ T5924] usb usb4-port1: attempt power cycle [ 206.190657][ T927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.307117][ T5978] usb 5-1: Using ep0 maxpacket: 16 [ 206.310016][ T927] usb 2-1: config 0 descriptor?? [ 206.441154][ T5978] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.629583][ T5978] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 206.639625][ T5978] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 206.649356][ T5978] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 206.673010][ T5978] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 206.674057][ T5924] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 206.686875][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 206.704396][ T5978] usb 5-1: SerialNumber: syz [ 207.273553][ T5978] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 207.357767][ T927] cypress 0003:04B4:07B1.0008: hidraw0: USB HID v0.00 Device [HID 04b4:07b1] on usb-dummy_hcd.1-1/input0 [ 207.462617][ T5924] usb 4-1: device descriptor read/8, error -71 [ 207.477299][ T927] usb 5-1: USB disconnect, device number 10 [ 207.722638][ T5978] usb 2-1: USB disconnect, device number 8 [ 207.763812][ T7132] fido_id[7132]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 208.270760][ T7144] netlink: 12 bytes leftover after parsing attributes in process `syz.3.324'. [ 208.303641][ T7144] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 208.636751][ T927] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 209.436949][ T927] usb 1-1: device descriptor read/64, error -71 [ 209.676687][ T927] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 209.846696][ T927] usb 1-1: device descriptor read/64, error -71 [ 209.967099][ T927] usb usb1-port1: attempt power cycle [ 210.383108][ T927] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 210.487447][ T927] usb 1-1: device descriptor read/8, error -71 [ 210.543179][ T7171] netlink: 20 bytes leftover after parsing attributes in process `syz.3.334'. [ 210.826898][ T927] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 210.866233][ T7169] fuse: Bad value for 'fd' [ 210.920685][ T927] usb 1-1: device descriptor read/8, error -71 [ 210.980701][ T7168] netlink: 18 bytes leftover after parsing attributes in process `syz.2.333'. [ 211.038429][ T927] usb usb1-port1: unable to enumerate USB device [ 211.487458][ T5862] Bluetooth: hci2: command 0x0406 tx timeout [ 211.493570][ T5862] Bluetooth: hci0: command 0x0406 tx timeout [ 211.502464][ T5862] Bluetooth: hci3: command 0x0406 tx timeout [ 211.508746][ T5157] Bluetooth: hci1: command 0x0406 tx timeout [ 211.515150][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 211.550335][ T5978] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 212.035335][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.050478][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.060596][ T5978] usb 5-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 212.070407][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.085149][ T5978] usb 5-1: config 0 descriptor?? [ 212.499911][ T7196] netlink: 16 bytes leftover after parsing attributes in process `syz.0.343'. [ 212.512950][ T7196] netlink: 128 bytes leftover after parsing attributes in process `syz.0.343'. [ 212.828274][ T5978] logitech 0003:046D:C293.0009: unbalanced collection at end of report description [ 212.869707][ T5978] logitech 0003:046D:C293.0009: parse failed [ 212.889299][ T7199] netlink: 'syz.3.344': attribute type 2 has an invalid length. [ 212.901023][ T5978] logitech 0003:046D:C293.0009: probe with driver logitech failed with error -22 [ 212.906996][ T7201] Cannot find del_set index 0 as target [ 212.956284][ T5978] usb 5-1: USB disconnect, device number 11 [ 214.173168][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.351'. [ 214.221374][ T7220] netlink: 36 bytes leftover after parsing attributes in process `syz.4.351'. [ 215.755810][ T7247] overlayfs: failed to resolve './file1': -2 [ 216.026081][ T5852] libceph: connect (1)[c::]:6789 error -13 [ 216.033432][ T5852] libceph: mon0 (1)[c::]:6789 connect error [ 216.689326][ T5852] libceph: connect (1)[c::]:6789 error -13 [ 216.782315][ T5852] libceph: mon0 (1)[c::]:6789 connect error [ 216.883272][ T7260] netlink: 16 bytes leftover after parsing attributes in process `syz.2.363'. [ 216.894065][ T7260] netlink: 128 bytes leftover after parsing attributes in process `syz.2.363'. [ 217.269671][ T7256] netlink: 16 bytes leftover after parsing attributes in process `syz.4.361'. [ 217.758572][ T5969] libceph: connect (1)[c::]:6789 error -13 [ 217.806153][ T5969] libceph: mon0 (1)[c::]:6789 connect error [ 218.743068][ T7251] ceph: No mds server is up or the cluster is laggy [ 219.052271][ T7269] Cannot find del_set index 0 as target [ 219.117519][ T7271] vlan2: entered promiscuous mode [ 220.691352][ T5972] kernel write not supported for file bpf-prog (pid: 5972 comm: kworker/0:6) [ 221.105968][ T7307] ieee802154 phy1 wpan1: encryption failed: -22 [ 221.146376][ T7309] netlink: 'syz.0.380': attribute type 10 has an invalid length. [ 221.210537][ T7309] netlink: 156 bytes leftover after parsing attributes in process `syz.0.380'. [ 221.619412][ T7316] tipc: New replicast peer: 255.255.255.255 [ 221.635269][ T7316] tipc: Enabled bearer , priority 10 [ 221.658514][ T7315] netlink: 248 bytes leftover after parsing attributes in process `syz.0.383'. [ 221.798495][ T7315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.383'. [ 221.799777][ T7320] netlink: 44 bytes leftover after parsing attributes in process `syz.0.383'. [ 221.936868][ T7315] netlink: 'syz.0.383': attribute type 1 has an invalid length. [ 221.969305][ T7315] netlink: 224 bytes leftover after parsing attributes in process `syz.0.383'. [ 222.575368][ T7313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.382'. [ 222.584386][ T7313] tipc: Disabling bearer [ 222.699701][ T7335] Cannot find del_set index 0 as target [ 222.840989][ T24] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 222.903286][ T7341] netlink: 8 bytes leftover after parsing attributes in process `syz.4.391'. [ 222.912441][ T7341] netlink: 36 bytes leftover after parsing attributes in process `syz.4.391'. [ 223.027891][ T24] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 223.051251][ T24] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 223.062190][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.070857][ T24] usb 3-1: Product: syz [ 223.075376][ T24] usb 3-1: Manufacturer: syz [ 223.082608][ T24] usb 3-1: SerialNumber: syz [ 223.102039][ T24] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 223.166785][ T5969] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 223.228187][ T7353] netlink: 36 bytes leftover after parsing attributes in process `syz.4.397'. [ 223.245150][ T7353] bridge0: port 3(vlan2) entered blocking state [ 223.251779][ T7353] bridge0: port 3(vlan2) entered disabled state [ 223.261822][ T7353] vlan2: entered allmulticast mode [ 223.267242][ T7353] dummy0: entered allmulticast mode [ 223.276276][ T7353] vlan2: entered promiscuous mode [ 223.285955][ T7353] dummy0: entered promiscuous mode [ 223.336770][ T5969] usb 1-1: Using ep0 maxpacket: 32 [ 223.353144][ T5969] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 223.371139][ T5969] usb 1-1: config 0 has no interface number 0 [ 223.391902][ T5969] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 223.411373][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.440011][ T5969] usb 1-1: Product: syz [ 223.454390][ T5969] usb 1-1: Manufacturer: syz [ 223.495886][ T5969] usb 1-1: SerialNumber: syz [ 223.552293][ T5969] usb 1-1: config 0 descriptor?? [ 223.670089][ T5969] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 224.180974][ T24] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 224.330473][ T5969] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 224.489886][ T7364] netlink: 72 bytes leftover after parsing attributes in process `syz.3.399'. [ 224.570226][ T7366] overlayfs: overlapping lowerdir path [ 225.394354][ T5969] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 226.960569][ T24] usb 3-1: USB disconnect, device number 10 [ 227.198852][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 227.245634][ T5852] usb 1-1: USB disconnect, device number 19 [ 227.546708][ T5852] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 227.566222][ T7384] tmpfs: Bad value for 'mpol' [ 227.842881][ T5852] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 228.037846][ T5852] quatech2 1-1:0.51: device disconnected [ 228.456929][ T7393] Cannot find add_set index 0 as target [ 229.066416][ T7398] netlink: 'syz.2.408': attribute type 41 has an invalid length. [ 229.122904][ T7401] ieee802154 phy1 wpan1: encryption failed: -22 [ 231.677317][ T5852] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 231.958553][ T5852] usb 1-1: Using ep0 maxpacket: 16 [ 231.995634][ T5852] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.220099][ T5852] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 235.495944][ T5852] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 235.536685][ T5852] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 235.552588][ T5852] usb 1-1: string descriptor 0 read error: -71 [ 235.558877][ T5852] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 235.570089][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 235.631437][ T5852] usb 1-1: can't set config #1, error -71 [ 235.640587][ T5852] usb 1-1: USB disconnect, device number 20 [ 235.715035][ T7449] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 236.268307][ T7466] tipc: New replicast peer: 255.255.255.255 [ 236.281820][ T7466] tipc: Enabled bearer , priority 10 [ 236.417737][ T7466] netlink: 12 bytes leftover after parsing attributes in process `syz.1.430'. [ 236.427282][ T7466] tipc: Disabling bearer [ 236.738881][ T7471] tmpfs: Bad value for 'mpol' [ 236.907075][ T10] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 237.353516][ T10] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 237.451006][ T10] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 237.471203][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.512642][ T10] usb 2-1: Product: syz [ 237.526255][ T10] usb 2-1: Manufacturer: syz [ 237.541175][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 237.558349][ T10] usb 2-1: SerialNumber: syz [ 237.576270][ T10] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 238.778506][ T10] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 238.795039][ T10] usb 2-1: USB disconnect, device number 9 [ 239.827084][ T30] audit: type=1326 audit(1754031906.196:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7491 comm="syz.4.439" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa43a18eb69 code=0x0 [ 240.086682][ T5852] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 240.271623][ T5852] usb 3-1: Using ep0 maxpacket: 16 [ 240.423926][ T5852] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 240.461180][ T5852] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 240.491155][ T5852] usb 3-1: config 0 has no interface number 0 [ 240.510288][ T5852] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 240.538440][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.547089][ T5852] usb 3-1: Product: syz [ 240.551357][ T5852] usb 3-1: Manufacturer: syz [ 240.556043][ T5852] usb 3-1: SerialNumber: syz [ 240.564722][ T5852] usb 3-1: config 0 descriptor?? [ 240.573631][ T5852] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 240.580516][ T5852] usb 3-1: No valid video chain found. [ 244.678370][ T7564] overlayfs: conflicting options: userxattr,metacopy=on [ 245.051505][ T10] usb 3-1: USB disconnect, device number 11 [ 245.754281][ T7577] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 245.780391][ C0] vkms_vblank_simulate: vblank timer overrun [ 245.786959][ T7577] CIFS mount error: No usable UNC path provided in device string! [ 245.786959][ T7577] [ 245.826856][ T7577] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 245.968514][ T7581] netlink: 'syz.3.463': attribute type 32 has an invalid length. [ 245.976312][ T7581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.463'. [ 246.038166][ T7581] (unnamed net_device) (uninitialized): option coupled_control: invalid value (98) [ 246.353967][ T7605] Cannot find add_set index 0 as target [ 249.581819][ T7639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.476'. [ 253.590500][ T5978] kernel write not supported for file bpf-prog (pid: 5978 comm: kworker/0:7) [ 253.871292][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.2.489'. [ 253.899581][ T7674] netlink: 36 bytes leftover after parsing attributes in process `syz.2.489'. [ 255.490321][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.999197][ T24] libceph: connect (1)[c::]:6789 error -101 [ 256.000716][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 256.260933][ T24] libceph: connect (1)[c::]:6789 error -101 [ 256.373020][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 256.521185][ T7690] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.737617][ T7690] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 256.947294][ T24] libceph: connect (1)[c::]:6789 error -101 [ 257.004680][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 257.153852][ T7682] ceph: No mds server is up or the cluster is laggy [ 257.426980][ T5978] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 257.471179][ T7701] SET target dimension over the limit! [ 257.625202][ T5978] usb 3-1: config index 0 descriptor too short (expected 69, got 36) [ 257.656679][ T5978] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 257.675350][ T7708] vlan2: entered promiscuous mode [ 257.710579][ T5978] usb 3-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 257.726675][ T5978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.751955][ T5978] usb 3-1: Product: syz [ 257.762317][ T5978] usb 3-1: Manufacturer: syz [ 257.770398][ T5978] usb 3-1: SerialNumber: syz [ 257.788268][ T5978] usb 3-1: config 0 descriptor?? [ 257.821129][ T5978] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 257.867375][ T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 257.892383][ T7714] netlink: 248 bytes leftover after parsing attributes in process `syz.0.504'. [ 257.902159][ T7714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.504'. [ 257.912790][ T7714] netlink: 44 bytes leftover after parsing attributes in process `syz.0.504'. [ 257.944402][ T7714] netlink: 'syz.0.504': attribute type 1 has an invalid length. [ 257.963112][ T7714] netlink: 224 bytes leftover after parsing attributes in process `syz.0.504'. [ 258.037878][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 258.050681][ T24] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 258.069511][ T24] usb 4-1: config 0 has no interface number 0 [ 258.110945][ T24] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 258.137304][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.153837][ T24] usb 4-1: Product: syz [ 258.159458][ T24] usb 4-1: Manufacturer: syz [ 258.164421][ T24] usb 4-1: SerialNumber: syz [ 258.298625][ T24] usb 4-1: config 0 descriptor?? [ 258.486259][ T24] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 259.122405][ T5978] input: gspca_pac7302 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input14 [ 259.357459][ T5852] usb 3-1: USB disconnect, device number 12 [ 260.534291][ T24] gspca_spca1528: reg_w err -110 [ 260.616268][ T24] spca1528 4-1:0.1: probe with driver spca1528 failed with error -110 [ 260.711388][ T7740] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.031050][ T7741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.509'. [ 261.354898][ T7734] Process accounting resumed [ 261.360917][ T7740] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 261.405050][ T5852] usb 4-1: USB disconnect, device number 19 [ 261.796705][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 263.656666][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 263.670043][ T10] usb 2-1: config 0 has an invalid interface number: 126 but max is 0 [ 263.836676][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.852879][ T927] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 263.890272][ T10] usb 2-1: config 0 has no interface number 0 [ 263.896450][ T10] usb 2-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 264.189079][ T927] usb 3-1: no configurations [ 264.191681][ T10] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024 [ 264.193709][ T927] usb 3-1: can't read configurations, error -22 [ 264.242088][ T10] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 264.301557][ T7767] netlink: 248 bytes leftover after parsing attributes in process `syz.3.519'. [ 264.306647][ T10] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 2053, setting to 1024 [ 264.331393][ T7767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.519'. [ 264.344156][ T7767] netlink: 44 bytes leftover after parsing attributes in process `syz.3.519'. [ 264.363285][ T10] usb 2-1: config 0 interface 126 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 264.374811][ T7767] netlink: 'syz.3.519': attribute type 1 has an invalid length. [ 264.383150][ T7767] netlink: 224 bytes leftover after parsing attributes in process `syz.3.519'. [ 264.392569][ T10] usb 2-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 264.392618][ T10] usb 2-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 264.392640][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.430242][ T927] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 264.446625][ T10] usb 2-1: config 0 descriptor?? [ 264.467321][ T7746] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 264.477946][ T7746] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 264.523736][ T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 264.593820][ T927] usb 3-1: no configurations [ 264.598589][ T927] usb 3-1: can't read configurations, error -22 [ 264.624731][ T927] usb usb3-port1: attempt power cycle [ 264.675261][ T10] usb 2-1: USB disconnect, device number 10 [ 264.986749][ T927] usb 3-1: new low-speed USB device number 15 using dummy_hcd [ 265.028414][ T927] usb 3-1: no configurations [ 265.033107][ T927] usb 3-1: can't read configurations, error -22 [ 265.147043][ T5972] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 265.177047][ T927] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 265.246859][ T5910] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 265.291984][ T927] usb 3-1: no configurations [ 265.372816][ T927] usb 3-1: can't read configurations, error -22 [ 265.451633][ T927] usb usb3-port1: unable to enumerate USB device [ 265.618652][ T5972] usb 1-1: Using ep0 maxpacket: 16 [ 265.622330][ T5910] usb 4-1: config 0 has an invalid interface number: 212 but max is 0 [ 265.639369][ T5910] usb 4-1: config 0 has no interface number 0 [ 265.647540][ T5910] usb 4-1: New USB device found, idVendor=061d, idProduct=c170, bcdDevice=b1.88 [ 265.654682][ T5972] usb 1-1: too many endpoints for config 0 interface 0 altsetting 255: 254, using maximum allowed: 30 [ 266.036689][ T5972] usb 1-1: config 0 interface 0 altsetting 255 endpoint 0x81 has an invalid bInterval 197, changing to 11 [ 266.061160][ T5972] usb 1-1: config 0 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 266.093289][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.095441][ T5972] usb 1-1: config 0 interface 0 has no altsetting 0 [ 266.118386][ T5972] usb 1-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00 [ 266.138734][ T5910] usb 4-1: config 0 descriptor?? [ 266.156554][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.166670][ T5910] quatech2 4-1:0.212: Quatech 2nd gen USB to Serial Driver converter detected [ 266.196520][ T5972] usb 1-1: config 0 descriptor?? [ 266.350665][ T5910] usb 4-1: qt2_attach - failed to power on unit: -71 [ 266.364984][ T5910] quatech2 4-1:0.212: probe with driver quatech2 failed with error -71 [ 266.387571][ T5910] usb 4-1: USB disconnect, device number 20 [ 266.707734][ T5972] topre 0003:0853:0148.000A: hidraw0: USB HID vc9.b6 Device [HID 0853:0148] on usb-dummy_hcd.0-1/input0 [ 267.145618][ T5910] usb 1-1: USB disconnect, device number 21 [ 267.346902][ T30] audit: type=1400 audit(1754031933.896:4): lsm=SMACK fn=smack_file_receive action=denied subject="w" object="_" requested=w pid=7808 comm="syz.2.531" path="socket:[13279]" dev="sockfs" ino=13279 [ 270.556785][ T927] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 270.668295][ T7840] netlink: 248 bytes leftover after parsing attributes in process `syz.3.539'. [ 270.682530][ T7840] netlink: 8 bytes leftover after parsing attributes in process `syz.3.539'. [ 270.712836][ T7840] netlink: 44 bytes leftover after parsing attributes in process `syz.3.539'. [ 270.746942][ T927] usb 5-1: Using ep0 maxpacket: 16 [ 270.796524][ T7843] netlink: 72 bytes leftover after parsing attributes in process `syz.2.540'. [ 271.229471][ T927] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.249341][ T7840] netlink: 'syz.3.539': attribute type 1 has an invalid length. [ 271.259903][ T927] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 271.274896][ T7840] netlink: 224 bytes leftover after parsing attributes in process `syz.3.539'. [ 271.299343][ T927] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 271.310513][ T927] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 271.338287][ T927] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 271.366619][ T927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 271.384867][ T927] usb 5-1: SerialNumber: syz [ 271.456546][ T927] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 272.724235][ T10] usb 5-1: USB disconnect, device number 12 [ 273.444681][ T7860] ieee802154 phy1 wpan1: encryption failed: -22 [ 274.073691][ T7859] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 274.774090][ T5910] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 276.092713][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.135625][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.180420][ T5910] usb 1-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 276.210026][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.249511][ T5910] usb 1-1: config 0 descriptor?? [ 276.351926][ T30] audit: type=1800 audit(1754031943.016:5): pid=7896 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.557" name="bus" dev="tmpfs" ino=541 res=0 errno=0 [ 276.371244][ C0] vkms_vblank_simulate: vblank timer overrun [ 277.425124][ T7904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.437167][ T7904] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.728402][ T5910] usbhid 1-1:0.0: can't add hid device: -71 [ 278.771491][ T5910] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 278.811526][ T5910] usb 1-1: USB disconnect, device number 22 [ 280.501384][ T7930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.563'. [ 280.696199][ T7930] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 280.874373][ T5969] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 281.237057][ T5969] usb 4-1: Using ep0 maxpacket: 16 [ 281.260984][ T5969] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.302256][ T5969] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 281.345972][ T5969] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 281.379593][ T5969] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 281.447330][ T5969] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 281.481527][ T5969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 281.539219][ T5969] usb 4-1: SerialNumber: syz [ 281.607529][ T5969] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12 [ 281.754828][ T7950] ieee802154 phy1 wpan1: encryption failed: -22 [ 281.829780][ T5972] usb 4-1: USB disconnect, device number 21 [ 282.158046][ T7950] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 282.414967][ T7953] random: crng reseeded on system resumption [ 283.607961][ T7968] mkiss: ax0: crc mode is auto. [ 285.313901][ T7994] 9pnet_virtio: no channels available for device syz [ 286.299589][ T7993] SET target dimension over the limit! [ 286.419085][ T7996] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 286.617115][ T8001] netlink: 72 bytes leftover after parsing attributes in process `syz.2.584'. [ 287.165510][ T8002] ieee802154 phy1 wpan1: encryption failed: -22 [ 287.310916][ T8000] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 287.768120][ T8012] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 287.790299][ T8013] netlink: zone id is out of range [ 287.847755][ T8013] netlink: del zone limit has 4 unknown bytes [ 287.908606][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.4.589'. [ 289.023893][ T8014] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 291.448026][ T8044] ieee802154 phy1 wpan1: encryption failed: -22 [ 291.561815][ T8044] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 291.973466][ T8033] program syz.2.595 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 292.028640][ T8051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.602'. [ 292.064345][ T8051] netlink: 40 bytes leftover after parsing attributes in process `syz.3.602'. [ 293.225188][ T8062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.282256][ T8062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.436799][ T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 293.800356][ T8075] netlink: 24 bytes leftover after parsing attributes in process `syz.1.607'. [ 293.850860][ T8075] erofs (device nullb0): cannot find valid erofs superblock [ 294.320705][ T8067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 295.051531][ T5910] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 295.252417][ T8086] bond_slave_0: entered promiscuous mode [ 295.258218][ T8086] bond_slave_1: entered promiscuous mode [ 295.266127][ T8086] vlan2: entered promiscuous mode [ 295.272731][ T8086] bond0: entered promiscuous mode [ 295.299099][ T5910] usb 3-1: Using ep0 maxpacket: 32 [ 295.309817][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.360758][ T5910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.360806][ T5910] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 295.360830][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.377740][ T5910] usb 3-1: config 0 descriptor?? [ 295.719865][ T51] Bluetooth: hci1: unexpected cc 0x2003 length: 5 < 9 [ 295.720248][ T51] Bluetooth: hci1: unexpected event for opcode 0x2003 [ 296.435321][ T8108] netlink: 'syz.0.619': attribute type 4 has an invalid length. [ 296.435346][ T8108] netlink: 152 bytes leftover after parsing attributes in process `syz.0.619'. [ 296.440910][ T8108] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 296.644804][ T8116] netlink: 32 bytes leftover after parsing attributes in process `syz.0.620'. [ 296.843160][ T8122] tipc: Started in network mode [ 296.855621][ T8122] tipc: Node identity 82c3611d62d4, cluster identity 4711 [ 296.864194][ T8122] tipc: Enabled bearer , priority 0 [ 296.949394][ T8128] netlink: 27 bytes leftover after parsing attributes in process `syz.4.624'. [ 297.296778][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 297.641472][ T8122] syzkaller0: entered promiscuous mode [ 297.648897][ T8122] syzkaller0: entered allmulticast mode [ 297.655466][ T8122] tipc: Resetting bearer [ 297.874899][ T43] tipc: Node number set to 3759628573 [ 298.333798][ T5910] usbhid 3-1:0.0: can't add hid device: -71 [ 298.358643][ T5910] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 298.391542][ T5910] usb 3-1: USB disconnect, device number 17 [ 298.514942][ T8138] netlink: 'syz.2.627': attribute type 1 has an invalid length. [ 298.609896][ T36] tipc: Resetting bearer [ 298.661927][ T8138] 8021q: adding VLAN 0 to HW filter on device bond1 [ 298.682796][ T8121] tipc: Resetting bearer [ 299.727948][ T51] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 299.739056][ T51] Bluetooth: hci1: Injecting HCI hardware error event [ 299.751117][ T51] Bluetooth: hci1: hardware error 0x00 [ 299.916720][ T8156] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 300.619335][ T8171] fuse: Unknown parameter 'f5}0x0000000000000006' [ 302.218892][ T51] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 303.170839][ T8121] tipc: Disabling bearer [ 303.446924][ T30] audit: type=1804 audit(1754031970.106:6): pid=8189 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.639" name=2F6E6577726F6F742F3132362F66696C65302FE91F7189591E9233614B dev="hugetlbfs" ino=14904 res=1 errno=0 [ 304.647197][ T8202] ieee802154 phy1 wpan1: encryption failed: -22 [ 304.839131][ T8202] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 305.245314][ T8209] ieee802154 phy1 wpan1: encryption failed: -22 [ 305.511282][ T8209] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 305.754405][ T8214] ieee802154 phy1 wpan1: encryption failed: -22 [ 306.209437][ T8213] 9pnet_fd: Insufficient options for proto=fd [ 306.218722][ T8210] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 306.600837][ T8223] netlink: 72 bytes leftover after parsing attributes in process `syz.0.650'. [ 306.953554][ T30] audit: type=1326 audit(1754031973.336:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.009945][ T30] audit: type=1326 audit(1754031973.686:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.215914][ T30] audit: type=1326 audit(1754031973.716:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.237604][ T30] audit: type=1326 audit(1754031973.716:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.257582][ T8218] vlan2: entered promiscuous mode [ 307.389057][ T30] audit: type=1326 audit(1754031973.746:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.436316][ T30] audit: type=1326 audit(1754031973.746:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.530863][ T30] audit: type=1326 audit(1754031973.746:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.555171][ T30] audit: type=1326 audit(1754031973.746:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 307.576920][ T30] audit: type=1326 audit(1754031973.746:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.2.651" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f853058d4d0 code=0x7ffc0000 [ 307.598240][ C0] vkms_vblank_simulate: vblank timer overrun [ 307.782129][ T8231] dvmrp0: entered allmulticast mode [ 307.818058][ T8230] dvmrp0: left allmulticast mode [ 308.597637][ T8247] ieee802154 phy1 wpan1: encryption failed: -22 [ 308.753064][ T8247] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 314.213196][ T8298] ceph: No mds server is up or the cluster is laggy [ 314.377430][ T8315] ieee802154 phy1 wpan1: encryption failed: -22 [ 314.421893][ T8315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 315.235981][ T8329] netlink: 248 bytes leftover after parsing attributes in process `syz.0.677'. [ 315.260335][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.677'. [ 315.269375][ T5972] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 315.287415][ T8329] netlink: 44 bytes leftover after parsing attributes in process `syz.0.677'. [ 315.359503][ T8331] netlink: 'syz.0.677': attribute type 1 has an invalid length. [ 315.379747][ T8331] netlink: 224 bytes leftover after parsing attributes in process `syz.0.677'. [ 315.440049][ T5972] usb 3-1: Using ep0 maxpacket: 16 [ 315.454293][ T5972] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.494782][ T5972] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 315.538090][ T5972] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 315.558188][ T5972] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 315.592761][ T5972] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 315.611577][ T5972] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 315.625778][ T5972] usb 3-1: SerialNumber: syz [ 315.861568][ T5972] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12 [ 316.153220][ T5972] usb 3-1: USB disconnect, device number 18 [ 316.416710][ T927] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 316.430122][ T8349] 9pnet_fd: Insufficient options for proto=fd [ 316.576972][ T927] usb 2-1: device descriptor read/64, error -71 [ 316.817791][ T927] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 316.855443][ T8359] netlink: 40 bytes leftover after parsing attributes in process `syz.2.686'. [ 316.935958][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.286765][ T927] usb 2-1: device descriptor read/64, error -71 [ 317.409415][ T927] usb usb2-port1: attempt power cycle [ 317.581751][ T8364] netlink: 40 bytes leftover after parsing attributes in process `syz.3.687'. [ 317.970006][ T927] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 318.713057][ T8373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.690'. [ 318.967693][ T927] usb 2-1: device descriptor read/8, error -71 [ 319.256636][ T927] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 319.297740][ T8377] tipc: New replicast peer: 255.255.255.255 [ 319.330915][ T8377] tipc: Enabled bearer , priority 10 [ 319.432046][ T8377] netlink: 12 bytes leftover after parsing attributes in process `syz.3.691'. [ 319.441164][ T8377] tipc: Disabling bearer [ 319.523454][ T927] usb 2-1: device not accepting address 14, error -71 [ 319.532182][ T927] usb usb2-port1: unable to enumerate USB device [ 320.846367][ T10] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 321.082657][ T8391] netlink: zone id is out of range [ 321.109056][ T8391] netlink: del zone limit has 4 unknown bytes [ 321.261191][ T10] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 321.298380][ T10] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 321.331920][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.490995][ T8396] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.606347][ T8396] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 321.777574][ T10] usb 4-1: Product: syz [ 321.781791][ T10] usb 4-1: Manufacturer: syz [ 321.786402][ T10] usb 4-1: SerialNumber: syz [ 321.851948][ T8392] netlink: 'syz.1.695': attribute type 41 has an invalid length. [ 321.882860][ T10] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 321.901955][ T8392] netlink: 28 bytes leftover after parsing attributes in process `syz.1.695'. [ 322.478708][ T10] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 322.551490][ T10] usb 4-1: USB disconnect, device number 23 [ 322.619456][ T8408] loop2: detected capacity change from 0 to 7 [ 322.640242][ T8408] Dev loop2: unable to read RDB block 7 [ 322.647781][ T8408] loop2: AHDI p3 p4 [ 322.652797][ T8408] loop2: partition table partially beyond EOD, truncated [ 322.667586][ T8408] loop2: p3 start 1869967406 is beyond EOD, truncated [ 324.906657][ T5969] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 325.336924][ T5969] usb 1-1: Using ep0 maxpacket: 16 [ 325.457223][ T5972] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 325.466827][ T5969] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.478703][ T5969] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 325.493028][ T5969] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 325.511101][ T5969] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 325.673504][ T5969] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 325.683840][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 325.697123][ T5969] usb 1-1: SerialNumber: syz [ 325.716638][ T5972] usb 3-1: device descriptor read/64, error -71 [ 326.547169][ T5972] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 326.754555][ T5969] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12 [ 326.897039][ T5972] usb 3-1: device descriptor read/64, error -71 [ 326.956223][ T10] usb 1-1: USB disconnect, device number 23 [ 327.007183][ T5972] usb usb3-port1: attempt power cycle [ 327.973231][ T5972] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 327.981066][ T5969] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 328.146691][ T5972] usb 3-1: device descriptor read/8, error -71 [ 328.247190][ T5969] usb 2-1: device descriptor read/64, error -71 [ 328.726706][ T5969] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 328.834580][ T8479] SET target dimension over the limit! [ 328.876677][ T5969] usb 2-1: device descriptor read/64, error -71 [ 329.945497][ T5969] usb usb2-port1: attempt power cycle [ 331.233472][ T8507] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 331.768472][ T5969] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 331.825707][ T8517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.732'. [ 331.979232][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 332.219621][ T8517] netlink: 36 bytes leftover after parsing attributes in process `syz.2.732'. [ 332.618162][ T49] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 332.651576][ T8529] vlan2: entered promiscuous mode [ 333.745248][ T5972] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 333.966831][ T8545] ieee802154 phy1 wpan1: encryption failed: -22 [ 334.126939][ T49] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 334.256929][ T49] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 334.449455][ T8536] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 334.637825][ T5924] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 335.075602][ T8556] 9pnet_fd: Insufficient options for proto=fd [ 335.321855][ T8563] ieee802154 phy1 wpan1: encryption failed: -22 [ 335.490691][ T8565] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 336.290105][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 338.046790][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 338.536368][ T8589] netlink: 16 bytes leftover after parsing attributes in process `syz.1.753'. [ 338.546757][ T8589] netlink: 128 bytes leftover after parsing attributes in process `syz.1.753'. [ 339.260289][ T8602] netlink: 52 bytes leftover after parsing attributes in process `syz.4.756'. [ 339.737778][ T8604] x_tables: ip_tables: osf match: only valid for protocol 6 [ 340.526858][ T43] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 340.546709][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 340.546908][ T30] audit: type=1326 audit(1754032007.146:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 340.661402][ T30] audit: type=1326 audit(1754032007.166:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 340.691035][ T30] audit: type=1326 audit(1754032007.226:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 340.713096][ T30] audit: type=1326 audit(1754032007.226:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 340.737883][ T30] audit: type=1326 audit(1754032007.226:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853058eb69 code=0x7ffc0000 [ 340.806676][ T43] usb 1-1: Using ep0 maxpacket: 16 [ 340.807553][ T30] audit: type=1326 audit(1754032007.266:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f853058d4d0 code=0x7ffc0000 [ 340.849729][ T43] usb 1-1: config 0 has an invalid interface number: 15 but max is 0 [ 340.866952][ T5972] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 340.880980][ T43] usb 1-1: config 0 has no interface number 0 [ 340.900332][ T8615] netlink: 12 bytes leftover after parsing attributes in process `syz.4.761'. [ 340.927377][ T43] usb 1-1: New USB device found, idVendor=05ac, idProduct=e7da, bcdDevice=4b.a9 [ 340.948039][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.976731][ T43] usb 1-1: Product: syz [ 340.986136][ T43] usb 1-1: Manufacturer: syz [ 340.996446][ T30] audit: type=1326 audit(1754032007.266:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f853058e76b code=0x7ffc0000 [ 341.046819][ T43] usb 1-1: SerialNumber: syz [ 341.052568][ T5972] usb 3-1: Using ep0 maxpacket: 8 [ 341.062793][ T30] audit: type=1326 audit(1754032007.266:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f853058e76b code=0x7ffc0000 [ 341.099644][ T43] usb 1-1: config 0 descriptor?? [ 341.100151][ T5972] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.124368][ T5972] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 341.239067][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 341.365497][ T30] audit: type=1326 audit(1754032007.266:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f853058e76b code=0x7ffc0000 [ 341.509350][ T5972] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 341.522275][ T30] audit: type=1326 audit(1754032007.266:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8609 comm="syz.2.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f853058e76b code=0x7ffc0000 [ 341.774014][ T5972] usb 3-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 341.796278][ T5972] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.836499][ T5972] usb 3-1: Product: syz [ 341.850602][ T5972] usb 3-1: Manufacturer: syz [ 341.868568][ T5972] usb 3-1: SerialNumber: syz [ 341.904508][ T5972] usb 3-1: config 0 descriptor?? [ 341.984183][ T8631] ieee802154 phy1 wpan1: encryption failed: -22 [ 342.201547][ T8631] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 342.296204][ T5972] radioshark 3-1:0.0: Invalid radioSHARK device [ 342.462918][ T5972] radioshark 3-1:0.0: probe with driver radioshark failed with error -22 [ 342.639903][ T5972] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 342.651220][ T5972] usb 3-1: USB disconnect, device number 23 [ 343.275452][ T8612] netlink: 36 bytes leftover after parsing attributes in process `syz.0.760'. [ 343.426809][ T927] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 343.442517][ T43] ipheth 1-1:0.15: Unable to find alternate settings interface [ 343.494352][ T43] usb 1-1: USB disconnect, device number 24 [ 343.606780][ T927] usb 3-1: Using ep0 maxpacket: 8 [ 343.639435][ T927] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 343.663961][ T927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.674234][ T927] usb 3-1: Product: syz [ 343.682254][ T927] usb 3-1: Manufacturer: syz [ 343.688959][ T927] usb 3-1: SerialNumber: syz [ 343.733630][ T927] usb 3-1: config 0 descriptor?? [ 343.959085][ T927] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 344.177283][ T5852] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 344.351562][ T5852] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.384169][ T5852] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.424466][ T5852] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 344.451799][ T5852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.494690][ T5852] usb 4-1: config 0 descriptor?? [ 344.558298][ T8663] netlink: 24 bytes leftover after parsing attributes in process `syz.0.776'. [ 344.730968][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 345.145082][ T5852] hkems 0003:2006:0118.000B: unbalanced delimiter at end of report description [ 345.157520][ T5852] hkems 0003:2006:0118.000B: parse failed [ 345.163309][ T5852] hkems 0003:2006:0118.000B: probe with driver hkems failed with error -22 [ 345.441075][ T8671] ieee802154 phy1 wpan1: encryption failed: -22 [ 345.685672][ T5852] usb 4-1: USB disconnect, device number 24 [ 345.736700][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 345.913686][ T8673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.778'. [ 345.931524][ T8673] netlink: 128 bytes leftover after parsing attributes in process `syz.1.778'. [ 346.396164][ T8669] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 346.877122][ T8683] ieee802154 phy1 wpan1: encryption failed: -22 [ 348.129007][ T8683] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 348.446819][ T927] usb write operation failed. (-71) [ 348.584658][ T8688] ieee802154 phy1 wpan1: encryption failed: -22 [ 348.618036][ T8688] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 348.628403][ T927] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 348.739341][ T927] dvbdev: DVB: registering new adapter (Terratec H7) [ 348.794575][ T927] usb 3-1: media controller created [ 348.795011][ T927] usb read operation failed. (-71) [ 348.795522][ T927] usb write operation failed. (-71) [ 348.809159][ T927] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 348.846080][ T8701] FAULT_INJECTION: forcing a failure. [ 348.846080][ T8701] name failslab, interval 1, probability 0, space 0, times 0 [ 348.846124][ T8701] CPU: 1 UID: 0 PID: 8701 Comm: syz.2.786 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 348.846139][ T8701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 348.846149][ T8701] Call Trace: [ 348.846155][ T8701] [ 348.846161][ T8701] dump_stack_lvl+0x189/0x250 [ 348.846181][ T8701] ? __pfx____ratelimit+0x10/0x10 [ 348.846196][ T8701] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.846211][ T8701] ? __pfx__printk+0x10/0x10 [ 348.846230][ T8701] ? __pfx___might_resched+0x10/0x10 [ 348.846244][ T8701] ? fs_reclaim_acquire+0x7d/0x100 [ 348.846264][ T8701] should_fail_ex+0x414/0x560 [ 348.846281][ T8701] should_failslab+0xa8/0x100 [ 348.846296][ T8701] __kmalloc_noprof+0xcb/0x4f0 [ 348.846308][ T8701] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 348.846321][ T8701] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 348.846340][ T8701] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 348.846360][ T8701] genl_family_rcv_msg_doit+0xb8/0x300 [ 348.846379][ T8701] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 348.846395][ T8701] ? rcu_is_watching+0x15/0xb0 [ 348.846410][ T8701] ? cap_capable+0x11f/0x460 [ 348.846424][ T8701] ? safesetid_security_capable+0xa9/0x1a0 [ 348.846447][ T8701] ? bpf_lsm_capable+0x9/0x20 [ 348.846463][ T8701] ? security_capable+0x7e/0x2e0 [ 348.846484][ T8701] genl_rcv_msg+0x60e/0x790 [ 348.846502][ T8701] ? __pfx_genl_rcv_msg+0x10/0x10 [ 348.846514][ T8701] ? ref_tracker_free+0x63a/0x7d0 [ 348.846531][ T8701] ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10 [ 348.846559][ T8701] ? __pfx_ref_tracker_free+0x10/0x10 [ 348.846589][ T8701] netlink_rcv_skb+0x205/0x470 [ 348.846615][ T8701] ? __pfx_genl_rcv_msg+0x10/0x10 [ 348.846635][ T8701] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 348.846677][ T8701] ? down_read+0x1ad/0x2e0 [ 348.846697][ T8701] genl_rcv+0x28/0x40 [ 348.846710][ T8701] netlink_unicast+0x75c/0x8e0 [ 348.846734][ T8701] netlink_sendmsg+0x805/0xb30 [ 348.846759][ T8701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 348.846801][ T8701] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 348.846814][ T8701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 348.846835][ T8701] __sock_sendmsg+0x21c/0x270 [ 348.846854][ T8701] ____sys_sendmsg+0x505/0x830 [ 348.846879][ T8701] ? __pfx_____sys_sendmsg+0x10/0x10 [ 348.846908][ T8701] ? import_iovec+0x74/0xa0 [ 348.846930][ T8701] ___sys_sendmsg+0x21f/0x2a0 [ 348.846954][ T8701] ? __pfx____sys_sendmsg+0x10/0x10 [ 348.847007][ T8701] ? __fget_files+0x2a/0x420 [ 348.847022][ T8701] ? __fget_files+0x3a0/0x420 [ 348.847052][ T8701] __x64_sys_sendmsg+0x19b/0x260 [ 348.847088][ T8701] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 348.847115][ T8701] ? __pfx_ksys_write+0x10/0x10 [ 348.847144][ T8701] ? rcu_is_watching+0x15/0xb0 [ 348.847162][ T8701] ? do_syscall_64+0xbe/0x3b0 [ 348.847182][ T8701] do_syscall_64+0xfa/0x3b0 [ 348.847196][ T8701] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.847210][ T8701] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.847224][ T8701] ? clear_bhb_loop+0x60/0xb0 [ 348.847241][ T8701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.847254][ T8701] RIP: 0033:0x7f853058eb69 [ 348.847270][ T8701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.847283][ T8701] RSP: 002b:00007f85313e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 348.847298][ T8701] RAX: ffffffffffffffda RBX: 00007f85307b6080 RCX: 00007f853058eb69 [ 348.847308][ T8701] RDX: 0000000000004010 RSI: 0000200000000040 RDI: 0000000000000005 [ 348.847317][ T8701] RBP: 00007f85313e2090 R08: 0000000000000000 R09: 0000000000000000 [ 348.847325][ T8701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 348.847334][ T8701] R13: 0000000000000000 R14: 00007f85307b6080 R15: 00007ffc7d475ee8 [ 348.847355][ T8701] [ 348.870410][ T927] usb 3-1: USB disconnect, device number 24 [ 351.222284][ T8714] tty tty1: ldisc open failed (-12), clearing slot 0 [ 353.200196][ T5972] libceph: connect (1)[c::]:6789 error -101 [ 353.213519][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 353.438407][ T8739] ieee802154 phy1 wpan1: encryption failed: -22 [ 353.575949][ T8739] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 353.775789][ T5972] libceph: connect (1)[c::]:6789 error -101 [ 353.785438][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 354.109902][ T8743] ieee802154 phy1 wpan1: encryption failed: -22 [ 354.177669][ T8743] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 354.405407][ T8728] ceph: No mds server is up or the cluster is laggy [ 354.412665][ T5972] libceph: connect (1)[c::]:6789 error -101 [ 354.423594][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 355.711267][ T8746] netlink: 4 bytes leftover after parsing attributes in process `syz.1.799'. [ 356.306744][ T5852] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 356.509444][ T5852] usb 5-1: Using ep0 maxpacket: 32 [ 356.559517][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 245, changing to 11 [ 357.173275][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 357.204962][ T5852] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 357.214348][ T5852] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.228637][ T5852] usb 5-1: config 0 descriptor?? [ 357.234518][ T8757] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 357.695286][ T5852] savu 0003:1E7D:2D5A.000C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 357.712568][ T5969] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 357.900206][ T5969] usb 1-1: Using ep0 maxpacket: 32 [ 357.923539][ T5969] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 357.943136][ T5969] usb 1-1: config 0 has no interface number 0 [ 358.179193][ T5852] usb 5-1: USB disconnect, device number 13 [ 358.270264][ T8783] ieee802154 phy1 wpan1: encryption failed: -22 [ 358.305599][ T5969] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 358.448615][ T8784] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 358.476333][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.502826][ T5969] usb 1-1: Product: syz [ 358.513658][ T5969] usb 1-1: Manufacturer: syz [ 358.525950][ T5969] usb 1-1: SerialNumber: syz [ 358.549811][ T5969] usb 1-1: config 0 descriptor?? [ 358.598686][ T5969] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 358.894793][ T8797] ieee802154 phy1 wpan1: encryption failed: -22 [ 358.949946][ T5852] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 359.142707][ T5969] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 359.173741][ T5969] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 359.319497][ T5852] usb 2-1: Using ep0 maxpacket: 16 [ 359.335788][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 359.390427][ T5852] usb 2-1: unable to get BOS descriptor or descriptor too short [ 360.446692][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 361.024553][ T5969] usb 1-1: USB disconnect, device number 25 [ 361.042142][ T5852] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 361.089343][ T5852] usb 2-1: config 1 has no interface number 1 [ 361.100367][ T5969] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 361.113533][ T5852] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 361.150670][ T5969] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 361.186201][ T5852] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 361.214680][ T5969] quatech2 1-1:0.51: device disconnected [ 361.235290][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.270469][ T5852] usb 2-1: Product: syz [ 361.276292][ T5852] usb 2-1: Manufacturer: syz [ 361.283675][ T5852] usb 2-1: SerialNumber: syz [ 361.493824][ T8810] netlink: 4 bytes leftover after parsing attributes in process `syz.3.815'. [ 361.591529][ T8815] 9pnet_fd: Insufficient options for proto=fd [ 361.759707][ T5852] usb 2-1: 2:1 : no UAC_FORMAT_TYPE desc [ 362.074070][ T5852] usb 2-1: USB disconnect, device number 18 [ 362.347590][ T8803] ceph: No mds server is up or the cluster is laggy [ 362.573522][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 362.883295][ T8837] tipc: New replicast peer: 255.255.255.255 [ 362.894256][ T8837] tipc: Enabled bearer , priority 10 [ 363.005129][ T8837] netlink: 12 bytes leftover after parsing attributes in process `syz.1.825'. [ 363.023167][ T8837] tipc: Disabling bearer [ 363.783822][ T5969] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 364.122664][ T5969] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 365.040897][ T5969] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 365.051231][ T5969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.059316][ T5969] usb 2-1: Product: syz [ 365.066260][ T5969] usb 2-1: Manufacturer: syz [ 365.073890][ T5969] usb 2-1: SerialNumber: syz [ 365.089849][ T5969] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 365.623883][ T5969] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 367.746713][ T927] usb 2-1: USB disconnect, device number 19 [ 368.122850][ T5846] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 368.222234][ T8877] ieee802154 phy1 wpan1: encryption failed: -22 [ 368.556697][ T5846] usb 1-1: Using ep0 maxpacket: 32 [ 369.351672][ T5846] usb 1-1: config 2 has an invalid interface number: 190 but max is 0 [ 369.567098][ T5846] usb 1-1: config 2 has no interface number 0 [ 369.576214][ T5846] usb 1-1: config 2 interface 190 has no altsetting 0 [ 369.830579][ T5846] usb 1-1: language id specifier not provided by device, defaulting to English [ 369.860583][ T5846] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 369.870995][ T8873] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 369.899840][ T5846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.909466][ T5846] usb 1-1: Product: syz [ 369.913794][ T5846] usb 1-1: Manufacturer: 藗ǻ孕糨柫謶뻐掉眭긬࿄㢥⑍俗ᵮ蛓ᣊ쾰 [ 369.933657][ T5846] usb 1-1: SerialNumber: syz [ 370.101064][ T8897] netlink: zone id is out of range [ 370.140187][ T8897] netlink: del zone limit has 4 unknown bytes [ 370.230553][ T8898] ieee802154 phy1 wpan1: encryption failed: -22 [ 370.770190][ T5846] usb 1-1: USB disconnect, device number 26 [ 371.406631][ T10] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 371.576822][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 371.586842][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.601129][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 371.621037][ T10] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 371.643176][ T10] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 371.718107][ T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 371.737209][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 371.746668][ T5910] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 371.760986][ T10] usb 2-1: SerialNumber: syz [ 371.808959][ T10] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12 [ 371.918991][ T5910] usb 5-1: Using ep0 maxpacket: 8 [ 371.955006][ T5910] usb 5-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=d2.54 [ 371.969706][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.980277][ T5910] usb 5-1: Product: syz [ 371.984555][ T5910] usb 5-1: Manufacturer: syz [ 371.992132][ T5910] usb 5-1: SerialNumber: syz [ 372.014783][ T5969] usb 2-1: USB disconnect, device number 20 [ 372.020475][ T5910] usb 5-1: config 0 descriptor?? [ 372.213056][ T5910] usb 5-1: invalid MIDI EP [ 372.221569][ T5910] usb 5-1: snd-bcd2000: error during probing [ 372.236386][ T5910] snd-bcd2000 5-1:0.0: probe with driver snd-bcd2000 failed with error -22 [ 373.595162][ T8937] binder: 8936:8937 ioctl c0306201 200000000380 returned -14 [ 373.603151][ T8937] binder: 8936:8937 ioctl c0306201 200000000640 returned -22 [ 373.638382][ T8939] binder: 8936:8939 ioctl c0306201 200000000080 returned -22 [ 374.158523][ T5969] libceph: connect (1)[c::]:6789 error -101 [ 374.274056][ T5969] libceph: mon0 (1)[c::]:6789 connect error [ 374.618810][ T10] libceph: connect (1)[c::]:6789 error -101 [ 374.704214][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 375.320888][ T10] libceph: connect (1)[c::]:6789 error -101 [ 375.431422][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 375.910262][ T8957] /dev/sg0: Can't lookup blockdev [ 376.698164][ T5852] libceph: connect (1)[c::]:6789 error -101 [ 376.776144][ T5852] libceph: mon0 (1)[c::]:6789 connect error [ 376.894981][ T8944] ceph: No mds server is up or the cluster is laggy [ 377.192486][ T5846] usb 5-1: USB disconnect, device number 14 [ 378.370876][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.601203][ T8977] netlink: 248 bytes leftover after parsing attributes in process `syz.4.861'. [ 378.780365][ T8986] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.584595][ T8989] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 380.176992][ T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 380.356762][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 380.384404][ T10] usb 2-1: config 0 has an invalid interface number: 31 but max is 0 [ 380.410176][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 380.443731][ T10] usb 2-1: config 0 has no interface number 0 [ 380.460402][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 380.482206][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.768898][ T10] usb 2-1: Product: syz [ 380.855171][ T10] usb 2-1: Manufacturer: syz [ 380.950417][ T5978] libceph: connect (1)[c::]:6789 error -13 [ 380.970680][ T10] usb 2-1: SerialNumber: syz [ 381.010395][ T5978] libceph: mon0 (1)[c::]:6789 connect error [ 381.092368][ T9015] netlink: 8 bytes leftover after parsing attributes in process `syz.4.871'. [ 381.196624][ T10] usb 2-1: config 0 descriptor?? [ 381.238021][ T9015] netlink: 36 bytes leftover after parsing attributes in process `syz.4.871'. [ 381.376355][ T5978] libceph: connect (1)[c::]:6789 error -13 [ 381.458536][ T10] usb 2-1: Found UVC 0.00 device syz (046d:08c3) [ 381.529380][ T5978] libceph: mon0 (1)[c::]:6789 connect error [ 381.639944][ T10] usb 2-1: No valid video chain found. [ 381.913079][ T10] usb 2-1: USB disconnect, device number 21 [ 382.413881][ T5972] libceph: connect (1)[c::]:6789 error -13 [ 382.574456][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 383.456643][ T9011] ceph: No mds server is up or the cluster is laggy [ 384.151551][ T5972] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 384.489850][ T5972] usb 5-1: Using ep0 maxpacket: 16 [ 384.720533][ T9043] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 384.818966][ T5972] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 385.085282][ T9047] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 51572 - 0 [ 385.094410][ T9047] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 51572 - 0 [ 385.108535][ T9047] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 51572 - 0 [ 385.118108][ T9047] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 51572 - 0 [ 385.129141][ T9047] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 39367 - 0 [ 385.138203][ T9047] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 39367 - 0 [ 385.147261][ T9047] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 39367 - 0 [ 385.156194][ T9047] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 39367 - 0 [ 385.165731][ T9047] geneve2: entered promiscuous mode [ 385.171316][ T9047] geneve2: entered allmulticast mode [ 386.567656][ T5972] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.575814][ T5972] usb 5-1: Product: syz [ 386.584354][ T5972] usb 5-1: Manufacturer: syz [ 386.590259][ T5972] usb 5-1: SerialNumber: syz [ 386.597678][ T5972] usb 5-1: config 0 descriptor?? [ 386.689871][ T5972] usb 5-1: can't set config #0, error -71 [ 386.718217][ T5972] usb 5-1: USB disconnect, device number 15 [ 388.041640][ T9061] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 388.070449][ T9062] team0: Device gtp0 is of different type [ 389.246704][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 389.866664][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 390.464606][ T5978] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 390.816618][ T5978] usb 5-1: Using ep0 maxpacket: 32 [ 390.922412][ T5852] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 392.413605][ T5846] libceph: connect (1)[c::]:6789 error -13 [ 392.803791][ T5846] libceph: mon0 (1)[c::]:6789 connect error [ 392.933117][ T5852] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 392.944087][ T5978] usb 5-1: device descriptor read/all, error -71 [ 392.971364][ T5852] usb 3-1: can't read configurations, error -61 [ 393.137110][ T5846] libceph: connect (1)[c::]:6789 error -13 [ 393.147372][ T5852] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 393.154496][ T5846] libceph: mon0 (1)[c::]:6789 connect error [ 393.231846][ T9113] FAULT_INJECTION: forcing a failure. [ 393.231846][ T9113] name failslab, interval 1, probability 0, space 0, times 0 [ 393.397975][ T9113] CPU: 0 UID: 0 PID: 9113 Comm: syz.0.896 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 393.398002][ T9113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 393.398012][ T9113] Call Trace: [ 393.398020][ T9113] [ 393.398035][ T9113] dump_stack_lvl+0x189/0x250 [ 393.398062][ T9113] ? __pfx____ratelimit+0x10/0x10 [ 393.398082][ T9113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 393.398102][ T9113] ? __pfx__printk+0x10/0x10 [ 393.398130][ T9113] ? __pfx___might_resched+0x10/0x10 [ 393.398149][ T9113] ? fs_reclaim_acquire+0x7d/0x100 [ 393.398176][ T9113] should_fail_ex+0x414/0x560 [ 393.398200][ T9113] ? __pfx_sock_alloc_inode+0x10/0x10 [ 393.398221][ T9113] should_failslab+0xa8/0x100 [ 393.398241][ T9113] ? __pfx_sock_alloc_inode+0x10/0x10 [ 393.398260][ T9113] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 393.398277][ T9113] ? sock_alloc_inode+0x28/0xc0 [ 393.398301][ T9113] ? __pfx_sock_alloc_inode+0x10/0x10 [ 393.398321][ T9113] sock_alloc_inode+0x28/0xc0 [ 393.398340][ T9113] alloc_inode+0x67/0x1b0 [ 393.398361][ T9113] do_accept+0x111/0x680 [ 393.398390][ T9113] ? __pfx_do_accept+0x10/0x10 [ 393.398437][ T9113] __sys_accept4+0x11c/0x1c0 [ 393.398464][ T9113] ? __pfx___sys_accept4+0x10/0x10 [ 393.398488][ T9113] ? __pfx_ksys_write+0x10/0x10 [ 393.398513][ T9113] __x64_sys_accept4+0x9a/0xb0 [ 393.398540][ T9113] do_syscall_64+0xfa/0x3b0 [ 393.398559][ T9113] ? lockdep_hardirqs_on+0x9c/0x150 [ 393.398578][ T9113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.398597][ T9113] ? clear_bhb_loop+0x60/0xb0 [ 393.398619][ T9113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.398635][ T9113] RIP: 0033:0x7fd97458eb69 [ 393.398651][ T9113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.398667][ T9113] RSP: 002b:00007fd97532a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 393.398687][ T9113] RAX: ffffffffffffffda RBX: 00007fd9747b6080 RCX: 00007fd97458eb69 [ 393.398701][ T9113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 393.398712][ T9113] RBP: 00007fd97532a090 R08: 0000000000000000 R09: 0000000000000000 [ 393.398723][ T9113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.398734][ T9113] R13: 0000000000000000 R14: 00007fd9747b6080 R15: 00007ffecc6d3b28 [ 393.398763][ T9113] [ 393.711479][ T5978] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 393.731751][ T5910] libceph: connect (1)[c::]:6789 error -13 [ 393.745607][ T5910] libceph: mon0 (1)[c::]:6789 connect error [ 394.432572][ T9092] ceph: No mds server is up or the cluster is laggy [ 394.855429][ T9122] vivid-000: kernel_thread() failed [ 394.945549][ T5852] usb 3-1: device not accepting address 26, error -71 [ 394.946241][ T5846] libceph: connect (1)[c::]:6789 error -13 [ 394.956881][ T5852] usb usb3-port1: attempt power cycle [ 395.167210][ T5978] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 395.176308][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.179099][ T5846] libceph: mon0 (1)[c::]:6789 connect error [ 395.616702][ T5978] usb 5-1: Product: syz [ 395.621119][ T5978] usb 5-1: Manufacturer: syz [ 395.625753][ T5978] usb 5-1: SerialNumber: syz [ 395.715615][ T5978] usb 5-1: config 0 descriptor?? [ 395.733027][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 395.873806][ T5978] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 396.731132][ T5978] usb 5-1: USB disconnect, device number 17 [ 396.855195][ T9144] 9pnet_fd: Insufficient options for proto=fd [ 398.885961][ T9173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.909'. [ 398.924775][ T9173] bridge7: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 401.513065][ T5852] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 401.583576][ T9200] ieee802154 phy1 wpan1: encryption failed: -22 [ 401.979234][ T5852] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 401.998402][ T9189] delete_channel: no stack [ 402.195593][ T9203] Cannot find add_set index 0 as target [ 402.361505][ T9208] erspan0: entered promiscuous mode [ 402.507817][ T9208] vlan3: entered promiscuous mode [ 403.539033][ T9232] syz.4.926: attempt to access beyond end of device [ 403.539033][ T9232] loop4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 403.561296][ T9232] gfs2: error -5 reading superblock [ 405.993173][ T9245] delete_channel: no stack [ 406.118154][ T9252] ieee802154 phy1 wpan1: encryption failed: -22 [ 406.685110][ T9252] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 407.476836][ T927] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 407.782760][ T927] usb 4-1: Using ep0 maxpacket: 32 [ 407.871101][ T927] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 407.884796][ T927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.910159][ T927] usb 4-1: config 0 descriptor?? [ 407.939195][ T927] as10x_usb: device has been detected [ 407.959913][ T927] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 408.056715][ T927] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 408.153588][ T9272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 408.180068][ T9272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 408.212709][ T927] as10x_usb: error during firmware upload part1 [ 408.225194][ T927] Registered device nBox DVB-T Dongle [ 408.256865][ T5846] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 408.717214][ T5846] usb 2-1: Using ep0 maxpacket: 16 [ 409.101516][ T5846] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 409.373365][ T5846] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 410.510366][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.909852][ T5846] usb 2-1: Product: syz [ 410.944779][ T5846] usb 2-1: Manufacturer: syz [ 411.189552][ T5846] usb 2-1: SerialNumber: syz [ 411.201665][ T9292] delete_channel: no stack [ 411.209315][ T5846] usb 2-1: config 0 descriptor?? [ 411.219962][ T43] usb 4-1: USB disconnect, device number 25 [ 411.256470][ T5846] usb 2-1: can't set config #0, error -71 [ 411.544722][ T5846] usb 2-1: USB disconnect, device number 22 [ 411.569198][ T43] Unregistered device nBox DVB-T Dongle [ 411.573201][ T43] as10x_usb: device has been disconnected [ 411.776846][ T9286] ceph: No mds server is up or the cluster is laggy [ 413.179314][ T9310] tipc: New replicast peer: 255.255.255.255 [ 413.190896][ T9310] tipc: Enabled bearer , priority 10 [ 413.389792][ T9317] tipc: New replicast peer: 255.255.255.255 [ 413.393266][ T9318] netlink: 44 bytes leftover after parsing attributes in process `syz.1.945'. [ 413.396478][ T9317] tipc: Enabled bearer , priority 10 [ 414.749220][ T5852] tipc: Node number set to 2886997007 [ 414.832176][ T9312] netlink: 12 bytes leftover after parsing attributes in process `syz.2.947'. [ 414.841299][ T9312] tipc: Disabling bearer [ 414.969625][ T9328] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12) [ 414.976544][ T9328] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 415.020213][ T9328] vhci_hcd vhci_hcd.0: Device attached [ 415.106658][ T5846] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 415.266788][ T43] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 415.519123][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 415.596327][ T5846] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 415.716332][ T9330] vhci_hcd: connection reset by peer [ 415.738161][ T5846] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 415.747493][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.755506][ T5846] usb 3-1: Product: syz [ 415.757210][ T13] vhci_hcd: stop threads [ 415.774293][ T5846] usb 3-1: Manufacturer: syz [ 415.796091][ T13] vhci_hcd: release socket [ 415.815236][ T13] vhci_hcd: disconnect device [ 415.817445][ T5846] usb 3-1: SerialNumber: syz [ 415.869420][ T5846] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 415.936596][ T927] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 416.079134][ T5846] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 416.121360][ T927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.166045][ T927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.191477][ T5846] usb 3-1: USB disconnect, device number 28 [ 416.226042][ T927] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 416.274683][ T927] usb 4-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00 [ 416.321123][ T927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.371873][ T927] usb 4-1: config 0 descriptor?? [ 417.022585][ T927] dragonrise 0003:0079:0011.000E: invalid report_count -326368751 [ 417.061740][ T9359] delete_channel: no stack [ 417.066921][ T927] dragonrise 0003:0079:0011.000E: item 0 4 1 9 parsing failed [ 417.081829][ T9364] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 417.102251][ T927] dragonrise 0003:0079:0011.000E: parse failed [ 417.117680][ T927] dragonrise 0003:0079:0011.000E: probe with driver dragonrise failed with error -22 [ 417.257330][ T927] usb 4-1: USB disconnect, device number 26 [ 417.467477][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 417.549348][ T5978] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 418.326712][ T5978] usb 1-1: Using ep0 maxpacket: 16 [ 418.347308][ T9373] FAULT_INJECTION: forcing a failure. [ 418.347308][ T9373] name failslab, interval 1, probability 0, space 0, times 0 [ 418.361437][ T5978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.399875][ T5978] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 418.437236][ T5978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.455894][ T9373] CPU: 1 UID: 0 PID: 9373 Comm: syz.4.959 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 418.455921][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 418.455934][ T9373] Call Trace: [ 418.455943][ T9373] [ 418.455953][ T9373] dump_stack_lvl+0x189/0x250 [ 418.455981][ T9373] ? __pfx____ratelimit+0x10/0x10 [ 418.456007][ T9373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.456031][ T9373] ? __pfx__printk+0x10/0x10 [ 418.456066][ T9373] ? __pfx___might_resched+0x10/0x10 [ 418.456088][ T9373] ? fs_reclaim_acquire+0x7d/0x100 [ 418.456120][ T9373] should_fail_ex+0x414/0x560 [ 418.456148][ T9373] should_failslab+0xa8/0x100 [ 418.456175][ T9373] kmem_cache_alloc_noprof+0x73/0x3c0 [ 418.456196][ T9373] ? alloc_empty_file+0x55/0x1d0 [ 418.456228][ T9373] alloc_empty_file+0x55/0x1d0 [ 418.456257][ T9373] alloc_file_pseudo+0x13d/0x210 [ 418.456298][ T9373] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 418.456324][ T9373] ? evm_inode_alloc_security+0x40/0xb0 [ 418.456351][ T9373] ? security_inode_alloc+0xd5/0x330 [ 418.456395][ T9373] sock_alloc_file+0xb8/0x2e0 [ 418.456424][ T9373] do_accept+0x34b/0x680 [ 418.456460][ T9373] ? __pfx_do_accept+0x10/0x10 [ 418.456517][ T9373] __sys_accept4+0x11c/0x1c0 [ 418.456557][ T9373] ? __pfx___sys_accept4+0x10/0x10 [ 418.456582][ T9373] ? __pfx_ksys_write+0x10/0x10 [ 418.456597][ T9373] ? rcu_is_watching+0x15/0xb0 [ 418.456624][ T9373] __x64_sys_accept4+0x9a/0xb0 [ 418.456650][ T9373] do_syscall_64+0xfa/0x3b0 [ 418.456669][ T9373] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.456688][ T9373] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.456706][ T9373] ? clear_bhb_loop+0x60/0xb0 [ 418.456730][ T9373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.456747][ T9373] RIP: 0033:0x7fa43a18eb69 [ 418.456763][ T9373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.456780][ T9373] RSP: 002b:00007fa437fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 418.456798][ T9373] RAX: ffffffffffffffda RBX: 00007fa43a3b6160 RCX: 00007fa43a18eb69 [ 418.456812][ T9373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 418.456823][ T9373] RBP: 00007fa437fb4090 R08: 0000000000000000 R09: 0000000000000000 [ 418.456835][ T9373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.456846][ T9373] R13: 0000000000000001 R14: 00007fa43a3b6160 R15: 00007ffc120e56b8 [ 418.456875][ T9373] [ 418.704444][ T5978] usb 1-1: config 0 descriptor?? [ 420.517460][ T9364] bond0: entered allmulticast mode [ 420.522356][ T5978] mcp2221 0003:04D8:00DD.000F: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 420.559416][ T9364] bond_slave_0: entered allmulticast mode [ 422.126706][ T9364] bond_slave_1: entered allmulticast mode [ 422.186936][ T43] vhci_hcd: vhci_device speed not set [ 422.453231][ T5846] usb 1-1: USB disconnect, device number 27 [ 424.281103][ T9385] ceph: No mds server is up or the cluster is laggy [ 426.401555][ T9429] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 428.107306][ T51] Bluetooth: Unexpected continuation frame (len 4) [ 428.526859][ T9456] netlink: 72 bytes leftover after parsing attributes in process `syz.4.981'. [ 429.582973][ T9461] netlink: 468 bytes leftover after parsing attributes in process `syz.0.983'. [ 430.002219][ T9472] netlink: 16 bytes leftover after parsing attributes in process `syz.2.985'. [ 430.023510][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 430.032753][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 430.040718][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 430.053437][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 430.065816][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 430.088540][ T3587] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.099842][ T3587] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 51572 - 0 [ 430.110552][ T3587] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 39367 - 0 [ 430.200049][ T3587] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.237202][ T3587] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 51572 - 0 [ 430.260965][ T3587] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 39367 - 0 [ 430.422509][ T3587] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.433474][ T3587] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 51572 - 0 [ 430.448071][ T3587] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 39367 - 0 [ 430.692304][ T3587] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.703134][ T3587] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 51572 - 0 [ 430.979714][ T3587] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 39367 - 0 [ 432.137993][ T51] Bluetooth: hci2: command tx timeout [ 432.814909][ T10] kernel write not supported for file bpf-prog (pid: 10 comm: kworker/0:1) [ 432.827128][ T3587] bridge_slave_1: left allmulticast mode [ 432.833983][ T3587] bridge_slave_1: left promiscuous mode [ 432.890852][ T9509] autofs: Bad value for 'fd' [ 432.907297][ T3587] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.972501][ T3587] bridge_slave_0: left allmulticast mode [ 432.986561][ T3587] bridge_slave_0: left promiscuous mode [ 433.004093][ T3587] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.126584][ T10] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 433.591742][ T10] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 433.604580][ T10] usb 4-1: config 0 has no interface number 0 [ 433.642092][ T10] usb 4-1: config 0 interface 41 has no altsetting 0 [ 433.673737][ T10] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 433.703709][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.751464][ T10] usb 4-1: Product: syz [ 433.770562][ T10] usb 4-1: Manufacturer: syz [ 433.790514][ T10] usb 4-1: SerialNumber: syz [ 433.823420][ T10] usb 4-1: config 0 descriptor?? [ 434.207177][ T5858] Bluetooth: hci2: command tx timeout [ 434.510635][ T10] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71 [ 434.730260][ T10] usb 4-1: USB disconnect, device number 27 [ 436.296742][ T5858] Bluetooth: hci2: command tx timeout [ 437.037958][ T9547] ceph: No mds server is up or the cluster is laggy [ 438.373536][ T5858] Bluetooth: hci2: command tx timeout [ 438.815839][ T9578] netlink: 'syz.2.1012': attribute type 83 has an invalid length. [ 438.883919][ T3587] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 438.899425][ T3587] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 438.911024][ T3587] bond0 (unregistering): Released all slaves [ 438.979072][ T9569] vlan2: entered promiscuous mode [ 439.153805][ T9471] chnl_net:caif_netlink_parms(): no params data found [ 439.194863][ T3587] tipc: Left network mode [ 440.605170][ T9609] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1015'. [ 440.616939][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.844536][ T9609] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 441.292570][ T9471] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.314160][ T9471] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.347365][ T9471] bridge_slave_0: entered allmulticast mode [ 441.375618][ T9471] bridge_slave_0: entered promiscuous mode [ 441.407298][ T9471] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.446749][ T9471] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.469305][ T9471] bridge_slave_1: entered allmulticast mode [ 441.485866][ T9471] bridge_slave_1: entered promiscuous mode [ 441.560573][ T9626] loop2: detected capacity change from 0 to 7 [ 441.571675][ T9626] Dev loop2: unable to read RDB block 7 [ 441.582119][ T9626] loop2: AHDI p3 p4 [ 441.586042][ T9626] loop2: partition table partially beyond EOD, truncated [ 441.596746][ T5852] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 441.615397][ T9626] loop2: p3 start 1869967406 is beyond EOD, truncated [ 443.272851][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.394899][ T5852] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 443.646264][ T5852] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.647880][ T3587] hsr_slave_0: left promiscuous mode [ 443.758271][ T5852] usb 5-1: config 0 descriptor?? [ 443.798269][ T3587] hsr_slave_1: left promiscuous mode [ 444.070314][ T3587] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 444.141567][ T3587] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 444.204198][ T5852] usbhid 5-1:0.0: can't add hid device: -71 [ 444.217449][ T3587] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 444.245515][ T3587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 444.247724][ T5852] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 444.350214][ T5852] usb 5-1: USB disconnect, device number 18 [ 444.356641][ T3587] veth1_macvtap: left promiscuous mode [ 444.370164][ T5846] libceph: mon0 (1)[c::]:6789 socket closed (con state V1_BANNER) [ 444.394414][ T3587] veth0_macvtap: left promiscuous mode [ 444.419716][ T3587] veth1_vlan: left promiscuous mode [ 444.439123][ T3587] veth0_vlan: left promiscuous mode [ 444.530835][ T9628] ceph: No mds server is up or the cluster is laggy [ 444.926805][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 446.430794][ T9661] Falling back ldisc for ptm0. [ 446.855070][ T3587] team0 (unregistering): Port device team_slave_1 removed [ 447.702787][ T3587] team0 (unregistering): Port device team_slave_0 removed [ 448.276158][ T9471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.316074][ T9471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.582312][ T9471] team0: Port device team_slave_0 added [ 448.636939][ T9471] team0: Port device team_slave_1 added [ 448.818560][ T9471] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.825552][ T9471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.929760][ T9720] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1045'. [ 448.941712][ T9471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.974479][ T9471] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.994892][ T9471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.054429][ T9471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.176575][ T5846] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 449.216553][ T10] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 449.328365][ T5846] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 449.337094][ T5846] usb 1-1: config 0 has no interface number 0 [ 449.347039][ T5846] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 449.377896][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.422898][ T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 449.422938][ T5846] usb 1-1: config 0 descriptor?? [ 449.446838][ T10] usb 4-1: config 0 has no interface number 0 [ 449.452977][ T10] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 449.463334][ T5846] usb 1-1: selecting invalid altsetting 1 [ 449.478423][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.499902][ T5846] dvb_ttusb_budget: ttusb_init_controller: error [ 449.504690][ T10] usb 4-1: config 0 descriptor?? [ 449.525882][ T5846] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 449.527842][ T10] usb 4-1: selecting invalid altsetting 1 [ 449.576261][ T10] dvb_ttusb_budget: ttusb_init_controller: error [ 449.607585][ T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 449.743661][ T5846] DVB: Unable to find symbol cx22700_attach() [ 449.816071][ T10] DVB: Unable to find symbol cx22700_attach() [ 449.848035][ T9471] hsr_slave_0: entered promiscuous mode [ 449.878334][ T9471] hsr_slave_1: entered promiscuous mode [ 449.934921][ T5846] DVB: Unable to find symbol tda10046_attach() [ 449.975264][ T5846] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 449.991581][ T10] DVB: Unable to find symbol tda10046_attach() [ 450.003246][ T5846] usb 1-1: USB disconnect, device number 28 [ 450.005122][ T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 450.062551][ T10] usb 4-1: USB disconnect, device number 28 [ 450.416601][ T5910] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 450.427013][ T5846] IPVS: starting estimator thread 0... [ 450.516933][ T9765] IPVS: using max 28 ests per chain, 67200 per kthread [ 450.607895][ T5910] usb 5-1: Using ep0 maxpacket: 16 [ 450.625812][ T5910] usb 5-1: config 0 descriptor has 1 excess byte, ignoring [ 450.644607][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024 [ 450.662677][ T9471] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 450.673540][ T5910] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 450.684462][ T5910] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 223 [ 450.719759][ T9471] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 450.750267][ T9471] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 450.763831][ T5910] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 450.780313][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.792916][ T9471] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 450.800630][ T5910] usb 5-1: Product: syz [ 450.805215][ T5910] usb 5-1: Manufacturer: syz [ 450.814099][ T5910] usb 5-1: SerialNumber: syz [ 450.852694][ T5910] usb 5-1: config 0 descriptor?? [ 450.871141][ T9758] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 450.899238][ T9758] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 451.032781][ C1] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71) [ 451.049629][ T9793] program syz.2.1065 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 451.061597][ T5910] mcba_usb 5-1:0.0: Microchip CAN BUS Analyzer connected [ 451.068775][ C1] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71) [ 451.179128][ T9471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.191166][ T5852] usb 5-1: USB disconnect, device number 19 [ 451.212906][ T5852] mcba_usb 5-1:0.0 can0: device disconnected [ 451.252060][ T9471] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.409012][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.416310][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.468414][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.475695][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.479529][ T9809] sctp: [Deprecated]: syz.2.1071 (pid 9809) Use of int in max_burst socket option. [ 451.479529][ T9809] Use struct sctp_assoc_value instead [ 452.014887][ T9831] netlink: 'syz.3.1077': attribute type 1 has an invalid length. [ 452.125977][ T9471] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 452.333773][ T9849] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 452.337163][ T9846] IPVS: stopping backup sync thread 9849 ... [ 452.667906][ T9865] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 452.789876][ T9869] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 453.958436][ T9471] veth0_vlan: entered promiscuous mode [ 453.995498][ T9471] veth1_vlan: entered promiscuous mode [ 454.093197][ T9471] veth0_macvtap: entered promiscuous mode [ 454.135075][ T9471] veth1_macvtap: entered promiscuous mode [ 454.201661][ T9471] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 454.250030][ T9471] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 454.279962][ T9471] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.335541][ T9471] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.367757][ T9471] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.386584][ T9471] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.650293][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.680810][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.804303][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 454.817968][ T9900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 454.845156][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.857037][ T9900] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 454.877566][ T9900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 454.884806][ T9900] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 454.891667][ T9917] ceph: No mds server is up or the cluster is laggy [ 454.931977][ T9900] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 454.942485][ T9900] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 455.003710][ T9900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 455.043777][ T9900] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 455.070365][ T9900] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 455.396602][ T5917] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 455.414697][ T9936] program syz.4.1107 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 455.576652][ T5917] usb 1-1: Using ep0 maxpacket: 32 [ 455.591602][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.636889][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 455.685920][ T5917] usb 1-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 455.705243][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.733800][ T5917] usb 1-1: Product: syz [ 455.746853][ T5917] usb 1-1: Manufacturer: syz [ 455.764509][ T5917] usb 1-1: SerialNumber: syz [ 455.844665][ T5917] usb 1-1: config 0 descriptor?? [ 455.872751][ T5917] qmi_wwan 1-1:0.0: bogus CDC Union: master=101, slave=0 [ 455.886954][ T5917] qmi_wwan 1-1:0.0: probe with driver qmi_wwan failed with error -22 [ 455.915992][ T9955] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1114'. [ 456.003173][ T9952] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.093809][ T5917] usb 1-1: USB disconnect, device number 29 [ 456.169732][ T9952] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.254824][ T9952] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.383532][ T9952] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.663188][ T9975] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1118'. [ 456.702848][ T9975] batman_adv: batadv0: Adding interface: ipvlan2 [ 456.709766][ T9975] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 456.735203][ T9975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 456.745735][ T9975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.755697][ T9975] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active [ 456.770804][ T5858] Bluetooth: hci0: command 0x0406 tx timeout [ 456.835487][ T9952] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.883588][ T9982] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1119'. [ 456.915920][ T9952] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.926788][ T5858] Bluetooth: hci3: command 0x0406 tx timeout [ 456.982145][ T9952] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.006184][ T9952] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.006802][ T5858] Bluetooth: hci2: command 0x0405 tx timeout [ 457.020527][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 457.169144][ T5917] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 457.346555][ T5917] usb 1-1: Using ep0 maxpacket: 32 [ 457.358935][ T5917] usb 1-1: unable to get BOS descriptor or descriptor too short [ 457.371407][ T5917] usb 1-1: config 7 has an invalid interface number: 187 but max is 0 [ 457.400575][ T5917] usb 1-1: config 7 has no interface number 0 [ 457.420783][ T5917] usb 1-1: config 7 interface 187 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 457.465288][ T5917] usb 1-1: config 7 interface 187 has no altsetting 0 [ 457.480242][ T5917] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 457.491876][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.530852][ T5917] usb 1-1: Product: syz [ 457.542206][ T5917] usb 1-1: Manufacturer: syz [ 457.592483][ T5917] usb 1-1: SerialNumber: syz [ 457.824028][ T5917] usb 1-1: Invalid number of CPorts: 0 [ 457.834839][ T5917] es2_ap_driver 1-1:7.187: probe with driver es2_ap_driver failed with error -22 [ 457.896876][ T5910] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 457.977278][ T5846] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 458.029990][ T5917] usb 1-1: USB disconnect, device number 30 [ 458.059962][ T5910] usb 3-1: config index 0 descriptor too short (expected 63186, got 210) [ 458.072616][ T5910] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 458.084282][ T5910] usb 3-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config [ 458.099853][ T5910] usb 3-1: config 0 has no interface number 0 [ 458.106121][ T5910] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 458.117045][ T5910] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 165, changing to 11 [ 458.131483][ T5910] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 50805, setting to 1024 [ 458.143918][ T5910] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 458.157531][ T5846] usb 6-1: Using ep0 maxpacket: 16 [ 458.164891][T10039] ------------[ cut here ]------------ [ 458.167614][ T5846] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 458.170942][T10039] WARNING: CPU: 0 PID: 10039 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 458.178731][ T5846] usb 6-1: config 0 has no interface number 0 [ 458.188482][T10039] Modules linked in: [ 458.195342][ T5910] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 458.198641][T10039] CPU: 0 UID: 0 PID: 10039 Comm: syz.4.1138 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 458.198668][T10039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 458.198686][T10039] RIP: 0010:folio_memcg+0x1a8/0x310 [ 458.198715][T10039] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 458.198734][T10039] RSP: 0018:ffffc9000234f250 EFLAGS: 00010283 [ 458.228129][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=64 [ 458.228153][ T5910] usb 3-1: SerialNumber: syz [ 458.236214][ T5910] usb 3-1: config 0 descriptor?? [ 458.254081][T10039] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 458.285360][T10039] RDX: ffffc9000ca5a000 RSI: 0000000000000782 RDI: 0000000000000783 [ 458.293467][T10039] RBP: 0000000000000000 R08: ffffea0001e1dd47 R09: 1ffffd40003c3ba8 [ 458.301857][T10039] R10: dffffc0000000000 R11: fffff940003c3ba9 R12: ffffea0001e1dd70 [ 458.309934][T10039] R13: dffffc0000000000 R14: ffff888078826b00 R15: 0000000000000002 [ 458.311015][ T5846] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 458.317956][T10039] FS: 00007fa437ff66c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 458.317980][T10039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 458.317995][T10039] CR2: ffffffffd88f0000 CR3: 00000000535a4000 CR4: 00000000003526f0 [ 458.318021][T10039] Call Trace: [ 458.318036][T10039] [ 458.318052][T10039] workingset_activation+0x5f/0x4a0 [ 458.318082][T10039] ? folio_mark_accessed+0x361/0x4a0 [ 458.339493][T10022] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 458.343499][T10039] folio_mark_accessed+0x3b5/0x4a0 [ 458.357967][ T5846] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.362616][T10039] kvm_release_page_clean+0x9a/0xe0 [ 458.362651][T10039] kvm_tdp_page_fault+0x2dd/0x370 [ 458.362686][T10039] kvm_mmu_do_page_fault+0x2c5/0x640 [ 458.385355][ T5846] usb 6-1: Product: syz [ 458.408131][T10039] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 458.408157][ T5846] usb 6-1: Manufacturer: syz [ 458.408175][ T5846] usb 6-1: SerialNumber: syz [ 458.413973][T10039] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 458.414001][T10039] ? __pfx_current_save_fsgs+0x10/0x10 [ 458.434296][T10039] kvm_mmu_page_fault+0x22f/0xb70 [ 458.439775][T10039] ? __pfx_handle_ept_violation+0x10/0x10 [ 458.445889][T10039] vmx_handle_exit+0x1090/0x18a0 [ 458.451046][T10039] ? vcpu_run+0x361c/0x6f70 [ 458.455605][T10039] vcpu_run+0x432e/0x6f70 [ 458.458934][ T5846] usb 6-1: config 0 descriptor?? [ 458.460030][T10039] ? vcpu_run+0x361c/0x6f70 [ 458.469594][T10039] ? __pfx_vcpu_run+0x10/0x10 [ 458.474318][T10039] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 458.480147][T10039] ? rcu_is_watching+0x15/0xb0 [ 458.480227][ T5846] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 458.484931][T10039] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 458.484973][T10039] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 458.502600][T10039] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 458.508681][T10039] ? rcu_is_watching+0x15/0xb0 [ 458.513482][T10039] ? trace_contention_end+0x39/0x120 [ 458.518851][T10039] ? __mutex_lock+0x330/0xe80 [ 458.523574][T10039] ? kasan_quarantine_put+0xdd/0x220 [ 458.529238][T10039] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 458.534138][T10039] ? __pfx___mutex_lock+0x10/0x10 [ 458.539625][T10039] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 458.545656][T10039] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 458.551368][T10039] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 458.557433][T10039] kvm_vcpu_ioctl+0x95c/0xe90 [ 458.562154][T10039] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 458.567434][T10039] ? __lock_acquire+0xab9/0xd20 [ 458.572338][T10039] ? __asan_memset+0x22/0x50 [ 458.577096][T10039] ? smack_file_ioctl+0x302/0x340 [ 458.582155][T10039] ? __pfx_smack_file_ioctl+0x10/0x10 [ 458.587610][T10039] ? __fget_files+0x2a/0x420 [ 458.592239][T10039] ? __fget_files+0x3a0/0x420 [ 458.597026][T10039] ? __fget_files+0x2a/0x420 [ 458.601658][T10039] ? bpf_lsm_file_ioctl+0x9/0x20 [ 458.606719][T10039] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 458.611952][T10039] __se_sys_ioctl+0xfc/0x170 [ 458.616652][T10039] do_syscall_64+0xfa/0x3b0 [ 458.621195][T10039] ? lockdep_hardirqs_on+0x9c/0x150 [ 458.626449][T10039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.632574][T10039] ? clear_bhb_loop+0x60/0xb0 [ 458.637314][T10039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.643618][T10039] RIP: 0033:0x7fa43a18eb69 [ 458.648446][T10039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.668137][T10039] RSP: 002b:00007fa437ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 458.676627][T10039] RAX: ffffffffffffffda RBX: 00007fa43a3b5fa0 RCX: 00007fa43a18eb69 [ 458.684633][T10039] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 458.693019][T10039] RBP: 00007fa43a211df1 R08: 0000000000000000 R09: 0000000000000000 [ 458.701081][T10039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.709141][T10039] R13: 0000000000000000 R14: 00007fa43a3b5fa0 R15: 00007ffc120e56b8 [ 458.717203][T10039] [ 458.720271][T10039] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 458.727576][T10039] CPU: 0 UID: 0 PID: 10039 Comm: syz.4.1138 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 458.737573][T10039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 458.747637][T10039] Call Trace: [ 458.750925][T10039] [ 458.753868][T10039] dump_stack_lvl+0x99/0x250 [ 458.758471][T10039] ? __asan_memcpy+0x40/0x70 [ 458.763085][T10039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 458.768295][T10039] ? __pfx__printk+0x10/0x10 [ 458.772904][T10039] panic+0x2db/0x790 [ 458.776812][T10039] ? __pfx_panic+0x10/0x10 [ 458.781264][T10039] __warn+0x31b/0x4b0 [ 458.785262][T10039] ? folio_memcg+0x1a8/0x310 [ 458.789869][T10039] ? folio_memcg+0x1a8/0x310 [ 458.794478][T10039] report_bug+0x2be/0x4f0 [ 458.798816][T10039] ? folio_memcg+0x1a8/0x310 [ 458.803414][T10039] ? folio_memcg+0x1a8/0x310 [ 458.808010][T10039] ? folio_memcg+0x1aa/0x310 [ 458.812610][T10039] handle_bug+0x84/0x160 [ 458.816865][T10039] exc_invalid_op+0x1a/0x50 [ 458.821382][T10039] asm_exc_invalid_op+0x1a/0x20 [ 458.826247][T10039] RIP: 0010:folio_memcg+0x1a8/0x310 [ 458.831456][T10039] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 458.851075][T10039] RSP: 0018:ffffc9000234f250 EFLAGS: 00010283 [ 458.857153][T10039] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 458.865129][T10039] RDX: ffffc9000ca5a000 RSI: 0000000000000782 RDI: 0000000000000783 [ 458.873105][T10039] RBP: 0000000000000000 R08: ffffea0001e1dd47 R09: 1ffffd40003c3ba8 [ 458.881078][T10039] R10: dffffc0000000000 R11: fffff940003c3ba9 R12: ffffea0001e1dd70 [ 458.889065][T10039] R13: dffffc0000000000 R14: ffff888078826b00 R15: 0000000000000002 [ 458.897053][T10039] ? folio_memcg+0x1a7/0x310 [ 458.901665][T10039] workingset_activation+0x5f/0x4a0 [ 458.906872][T10039] ? folio_mark_accessed+0x361/0x4a0 [ 458.912172][T10039] folio_mark_accessed+0x3b5/0x4a0 [ 458.917307][T10039] kvm_release_page_clean+0x9a/0xe0 [ 458.922526][T10039] kvm_tdp_page_fault+0x2dd/0x370 [ 458.927570][T10039] kvm_mmu_do_page_fault+0x2c5/0x640 [ 458.932883][T10039] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 458.938715][T10039] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 458.944268][T10039] ? __pfx_current_save_fsgs+0x10/0x10 [ 458.949737][T10039] kvm_mmu_page_fault+0x22f/0xb70 [ 458.954778][T10039] ? __pfx_handle_ept_violation+0x10/0x10 [ 458.960505][T10039] vmx_handle_exit+0x1090/0x18a0 [ 458.965446][T10039] ? vcpu_run+0x361c/0x6f70 [ 458.969979][T10039] vcpu_run+0x432e/0x6f70 [ 458.974331][T10039] ? vcpu_run+0x361c/0x6f70 [ 458.978881][T10039] ? __pfx_vcpu_run+0x10/0x10 [ 458.983574][T10039] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 458.989305][T10039] ? rcu_is_watching+0x15/0xb0 [ 458.994086][T10039] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 458.999647][T10039] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 459.005377][T10039] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 459.011375][T10039] ? rcu_is_watching+0x15/0xb0 [ 459.016144][T10039] ? trace_contention_end+0x39/0x120 [ 459.021439][T10039] ? __mutex_lock+0x330/0xe80 [ 459.026160][T10039] ? kasan_quarantine_put+0xdd/0x220 [ 459.031475][T10039] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 459.036337][T10039] ? __pfx___mutex_lock+0x10/0x10 [ 459.041373][T10039] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 459.047012][T10039] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 459.052654][T10039] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 459.058663][T10039] kvm_vcpu_ioctl+0x95c/0xe90 [ 459.063374][T10039] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 459.068583][T10039] ? __lock_acquire+0xab9/0xd20 [ 459.073442][T10039] ? __asan_memset+0x22/0x50 [ 459.078058][T10039] ? smack_file_ioctl+0x302/0x340 [ 459.083088][T10039] ? __pfx_smack_file_ioctl+0x10/0x10 [ 459.088476][T10039] ? __fget_files+0x2a/0x420 [ 459.093073][T10039] ? __fget_files+0x3a0/0x420 [ 459.097762][T10039] ? __fget_files+0x2a/0x420 [ 459.102365][T10039] ? bpf_lsm_file_ioctl+0x9/0x20 [ 459.107311][T10039] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 459.112517][T10039] __se_sys_ioctl+0xfc/0x170 [ 459.117128][T10039] do_syscall_64+0xfa/0x3b0 [ 459.121642][T10039] ? lockdep_hardirqs_on+0x9c/0x150 [ 459.126847][T10039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.132931][T10039] ? clear_bhb_loop+0x60/0xb0 [ 459.137615][T10039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.143535][T10039] RIP: 0033:0x7fa43a18eb69 [ 459.147979][T10039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.167593][T10039] RSP: 002b:00007fa437ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 459.176012][T10039] RAX: ffffffffffffffda RBX: 00007fa43a3b5fa0 RCX: 00007fa43a18eb69 [ 459.184005][T10039] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 459.191982][T10039] RBP: 00007fa43a211df1 R08: 0000000000000000 R09: 0000000000000000 [ 459.199959][T10039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.207930][T10039] R13: 0000000000000000 R14: 00007fa43a3b5fa0 R15: 00007ffc120e56b8 [ 459.215922][T10039] [ 459.219263][T10039] Kernel Offset: disabled [ 459.223590][T10039] Rebooting in 86400 seconds..