last executing test programs: 1m15.226704272s ago: executing program 0 (id=453): syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.empty_time\x00', 0x275a, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000080)=@x86={0x5, 0x10, 0xa3, 0x0, 0x401, 0x81, 0x3, 0x1, 0xff, 0x9, 0xa3, 0x2, 0x0, 0x1, 0x21, 0x7, 0x10, 0x7, 0x1, '\x00', 0x8, 0xa}) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') pread64(r4, &(0x7f0000000300)=""/67, 0x43, 0x4000000000000f4) mq_getsetattr(r4, &(0x7f0000000080)={0x3, 0x9, 0x7ff}, &(0x7f0000000180)) r5 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) write$UHID_CREATE2(r4, &(0x7f0000000400)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x20, 0x4, 0x2, 0x8, 0x80, 0xff, "63aa23be0623abf36bfa584d64dda5ed1ec1b64be46591075eeebc2c22fd2244"}}, 0x138) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x4008f50a, &(0x7f0000000040)={0x5, 0x70}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090226000100000000090400000103000000092105000001220500090581030002000007"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io(r6, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r6, 0x81, 0x2, &(0x7f0000000080)="4004") connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) 1m14.830495594s ago: executing program 1 (id=455): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000004000900041122000b00000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f00000000c0), 0x2, r0}, 0x38) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = openat$incfs(0xffffffffffffff9c, &(0x7f00000001c0)='.log\x00', 0x8000, 0x86) ioctl$FBIO_WAITFORVSYNC(r2, 0x40044620, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000140)={{0x2, 0x4e23, @local}, {0x6, @multicast}, 0x30, {0x2, 0x4e23, @empty}, 'gre0\x00'}) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f0000000000)=""/56, &(0x7f00000001c0), &(0x7f00000000c0), 0x1, r0}, 0x38) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace(0x4211, r4) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000300)={@multicast1, @local, 0x1}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb250d6707540288a83e0088641100feff44080021"], 0x0) 1m10.297862014s ago: executing program 2 (id=459): socket$inet6(0xa, 0x3, 0x8000000003c) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) pselect6(0x40, &(0x7f00000001c0)={0x6, 0x0, 0x5, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x100, 0xa, 0x1000, 0xa, 0x7fffffff, 0x2}, 0x0, 0x0) 1m9.974791212s ago: executing program 3 (id=460): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd000411000400000000006eec00be10a42f01fe8000000000000000000000000000aaff02000000000000000000000012000133006558"], 0x10da) 1m9.90756444s ago: executing program 0 (id=461): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x8000000000000000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r1, @ANYRES16=r1], 0x78}, 0x1, 0x0, 0x0, 0x880}, 0x24000810) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000005c0)={0xfffff2f9, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x41}}}, {{0x2, 0x4e21, @broadcast}}}, 0x108) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYRES32=r2, @ANYRESOCT=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}}, 0x0) shutdown(r1, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000001c0), 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0x41}, 0x4}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000003c0)={r3}, &(0x7f0000000280)=0x8) timer_settime(0x0, 0x1, &(0x7f0000000140)={{0x77359400}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) socket(0x27, 0x3, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getdents64(0xffffffffffffffff, &(0x7f00000001c0)=""/23, 0x17) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x6, 0x1000002c, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1, 0x20000008}, 0x0) syz_usb_connect(0x2, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) 1m9.679227447s ago: executing program 1 (id=462): syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x500, 0x4e22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "000000000000000000000000000000000000000000000000000500"}}}}}}, 0x0) syz_emit_ethernet(0x6b, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x49, 0x0, @wg=@data={0x4, 0x0, 0x0, '\x00'/49}}}}}}, 0x0) 1m9.342892206s ago: executing program 1 (id=463): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6000000010000104a0518fd50000000000000000", @ANYRES32=0x0, @ANYBLOB="096b0200000000002c00128009000100626f6e64000000001c00028006001900ff03000008000900010000f0080007000000020014003500626f6e6430"], 0x60}, 0x1, 0x0, 0xf3ffffff, 0x20004040}, 0x0) 1m9.251509574s ago: executing program 2 (id=464): r0 = socket$netlink(0x10, 0x3, 0x0) move_pages(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil], &(0x7f00000000c0), &(0x7f00000000c0)=[0x0], 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x68, r2, 0x101, 0x0, 0x80000, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x4b, 0x2a, [@rann={0x7e, 0x15, {{0x1, 0x4d}, 0x3, 0x40, @device_a, 0x5c, 0x4, 0x9}}, @link_id={0x65, 0x12, {@random="cc18162d107f", @device_a, @device_b}}, @ht={0x2d, 0x1a, {0x20, 0x3, 0x0, 0x0, {0x3, 0xff, 0x0, 0x3, 0x0, 0x1, 0x1}, 0x6, 0x8, 0x9}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x4804) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000100)) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xa14a}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0x500}]}, 0x48}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) 1m8.937775754s ago: executing program 4 (id=465): syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) (fail_nth: 29) 1m8.865894487s ago: executing program 1 (id=466): accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x100000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = dup(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) ioctl$KVM_SET_MSRS(r0, 0xc008ae88, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000002d40)=ANY=[@ANYBLOB="000086dd0000110000080000000060ec97000f982c00fe8000000000000000000000000000aaff0200000000000000000000004000013a00000000000000880090780e000000fe8000000000000000000000000000bb1fefd0893dd62e55c6091c844939536e230e91c0c8eba3aec1ac3badb48bdb505e62565135d2c15b8bb0bd6c6826290c70d21ecea6754ab03304a05ea2706029c29219e5421b5e405c97818b7a02e3606948fac9ec702c9d01ae1fdec9db67c82edc19e89e6f14c370fa92a7b79f3845543450ba8351332a902190a7962d7fe220fa4a898650c22a2599a2388e760460b3c79f3fea804501867a6bf3ba0826ae60104f8be7170b2acc693ab5af4f3a2cd00b38c570c9618b86a3c21c70ca47e99b5621e6ad3137e2d7421a95fc73da52ca8b51e84e61f131a3908f6adfa06668b31dcf898a6f53ce0d45e7207da31c57d24fa838408cd9d44c6add0a480851d25c079ea1074de36806577b4c5a2398494d0d61a7a58be366e022d059623af7e5e3fafb333bedafcf795e58dc0f5ac6249aaf79eca15539aa6cda548b40ebbdd7e9c124194a0dfc386830c7189e613a118d78a3c1f99b779677b3f177edd889bd68c28a3b8cfe9bf4d9ec7a30fe1a5be3b508a11c5ae975bb07bcd4019e380854bdf1ed901bad9660e427b46981ae00cc24d0d7da597813497ab3d1b5f45bbb6854eea15ab2"], 0xfce) 1m8.865534117s ago: executing program 3 (id=467): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x38) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0) fcntl$setsig(r0, 0xa, 0x21) fcntl$setlease(r0, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, 0x0, 0x0) 1m8.705400577s ago: executing program 0 (id=468): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000030500000000000000000000ffff", @ANYRES32=0x0, @ANYBLOB="01000000000000001c0012800b0001006d616373656300000c00028005000f000200000008000500", @ANYRES32=r1], 0x44}, 0x1, 0x0, 0x0, 0x20000005}, 0x0) 1m8.300846757s ago: executing program 2 (id=469): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000050000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) 1m8.194663651s ago: executing program 3 (id=470): r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x4000400) preadv2(r0, &(0x7f0000001540), 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r2, 0x3b82, &(0x7f00000000c0)={0x18, r3, 0x2, 0x0, &(0x7f0000000280)=[{0x7fff, 0xffffffffffffffff}, {0x0, 0x1542}]}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000000)={0x28, 0x2, r3, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1}) syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}]}}}}}}}}, 0x0) 1m8.080714226s ago: executing program 3 (id=471): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000200000000ffffffffffffffff0000000000000000602d3183000000000000000000000000000a000000000000000000000080400000000000000000000044000500ac1414aa00"], 0xfc}}, 0x0) 1m8.056404968s ago: executing program 3 (id=472): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d3000fc000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1m7.858976061s ago: executing program 3 (id=473): socket(0x1, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getuid() sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {r4, 0xfffffffc, 0x0, 0x30, 0x0, @ib={0x1b, 0x8, 0x5, {}, 0x1, 0x2, 0x4}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x80000001}}}, 0x118) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r4, 0x2}}, 0x18) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) r5 = fanotify_init(0x202, 0x101000) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x4f, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x1, 0x3, 0x10, 0x5, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x68, {{0x7, 0x24, 0x6, 0x0, 0x0, "d0ed"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0x3, 0x81}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x8, 0x5, 0x7f}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x3, 0x3, 0xfe}}}}}]}}]}}, &(0x7f0000000c80)={0xa, &(0x7f00000009c0)={0xa, 0x6, 0x250, 0x2, 0x3, 0x2, 0x8, 0x20}, 0x5f, &(0x7f0000000a40)={0x5, 0xf, 0x5f, 0x5}, 0x3, [{0x35, &(0x7f0000000ac0)=@string={0x35, 0x3, "a04a24dab03cf1509dacde02ef6df62f316bb02eb5d2d9388ba19abd47b2693f0b55a8461a043b30f741fa33c4fb1bacbeaafe"}}, {0x97, &(0x7f0000000b00)=@string={0x97, 0x3, "705a57512c1bf95717d7f5e03dcd251d6e07dd0ea02eb108690192af7762944b05b9ae05871c38ee9dd903d910b049b37de4e90a3b5abebebe4f2ad0a4ddccd8999139cbbadff92f6599cd2c677cf32979c4ed398c0445306ba6d842d73e59b9d47e8c9295e073beb7ca61cc0e2ff1a6a394de24dcbfb4eebef5b7766b761ad681b42df98ca952d33cd8cae5a9098b0a496f4d83d2"}}, {0xb9, &(0x7f0000000bc0)=@string={0xb9, 0x3, "925a0d29a3dc54485a59887106105dbec316563b674dd4618c997a28899ac81a1c7131960faa05bbcce5f5b855802af368a4952b924c06b76966015952c4ae2ee2559def4e69ada923741857df0ee309965833a87d72b5494b6a63bfaf86d24afa532d67f7aafd41f4750a8989068774d1619f03f0dcf3e0c24fc0a3b0066781967ac2d93fefedbd156ab72e0b9f33c510dc707eb96e2f8982af9432dbcd7fb057784a77fdb1a8f89a70ba103ba414f32fbd5d9cb36906"}}]}) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r6, 0xc0145b0d, 0x0) dup2(r5, 0xffffffffffffffff) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x200) ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x0, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xff}, {0x0, 0x9, 0x80, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0xb9}, {0x11, 0xb}, {}, {0x0, 0x1, 0x4, '\x00', 0x2}, {0xfd, 0x0, 0x6}, {}, {0x0, 0x8f, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x1}, {0xb}, {0x5, 0x99, 0x2, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x0, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0xfd, 0x21, 0x80, '\x00', 0x5}, {0x3}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x0, 0xd}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x0, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}}) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000004e040100000000002d400200000000004704000001ed00007b130000000000001d440200000000007a0a00fe00ffffffc3030000e1000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a6c3692e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5be14ecf7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e347a8ad880d2cd829b847400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c35b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af8612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5e69048ddff6da409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f50000e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc286463a2b1e992894269f478341d02d0f5ad4bcb524a5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39e415140200000020cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a22048516d6aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe0e669e5e20100005353193f82ade69d0540059fe6c7fe7cd8697502c7596566d6740300da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc02290beaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24c87afce829ba0f85da6d8a8f18ea40ab959f6074ab2a4009b9e5f07ab5138aa6e3d37fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e6b0b384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208160fb04c98375b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27feeb741680f6f2f9a6a8346962a350845ffa0d829e4f79ad7d87906943408e6df3adbfd03aac93df8866fb010aecfed9092ca4d0f3e1116a0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a530600d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe92c7719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b1dba94a6ea80c33ead5722c3293986e02c8e0a6dda1eca493f14795bd068826fe8df15efaaeea831555877f958a19e499666a38d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a8784d0899ed888141e2fae6691d1aee1da02ba516467df3e7d1daac19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa57d2c93f49c47944fec01a8aa7749f3187e9efb00000000e0884160b765b07ec9ba020362310223c81e48d6d3b6e5b50d45248efe43a409773e3ed01cd663f3aaab9e1c0000f43b64bb54e5b30be3399e3dd1eb1cfd1935a323023fe5792879833c7eb356b95cfb135045b1d8f7da2fa5bfedef411d0791523a9e64c884e9dfed9cd413afe66bd8ee831cdb34726fe0434fbf44c7b33a853330bcaf37ba4e36705807468b37d32087e599165f1bce015145444ef5967b443222f46173cc876015b2d1874be9846f7c1653c02d2ef9a75fdc45820c69bbe1cb575f9aa21aa9d3d58bd5e5fe026142a72e24049b8400c4a28b2d5db8d5f53cb354fba19975fb0b3739baae51cb4b034993ef1463dcdba2da419b320420efdd091d7f6e83c8ac2ccc6c9392a42a33907421ab847c9590c213eda9a7e1db598a23e75a3c0933fc803ca994a86476b995c37c445f68fd99fb4d335ff00d15bc4630c993fffffe000000000000a236a791bcb6eff8d488041db6b8f2c158c2c3f4baacd0c8cc7eb1fd7fba93237e598771cf6f281aa72139"], &(0x7f00000001c0)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1m7.722495667s ago: executing program 2 (id=474): socket$inet6(0xa, 0x3, 0x8000000003c) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) openat$sndseq(0xffffffffffffff9c, 0x0, 0x42202) pselect6(0x40, &(0x7f00000001c0)={0x6, 0x0, 0x5, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x100, 0xa, 0x1000, 0xa, 0x7fffffff, 0x2}, 0x0, 0x0) 1m7.685824389s ago: executing program 4 (id=475): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000200000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010017"], 0x58}, 0x1, 0x7}, 0x0) 1m7.58933299s ago: executing program 0 (id=476): syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0xfcff0000}, 0x1c) 1m7.227954249s ago: executing program 2 (id=477): openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) (async) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000040)) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000080)=0x7ff) (async) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000080)=0x7ff) getdents64(r0, &(0x7f00000000c0)=""/93, 0x5d) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14) newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={&(0x7f00000002c0)=@updsa={0x268, 0x1a, 0x0, 0x70bd2b, 0x25dfdbfe, {{@in=@remote, @in6=@empty, 0x4e23, 0x6, 0x4e21, 0x5a00, 0x2, 0x20, 0x20, 0x1d, r2, r3}, {@in=@remote, 0x4d5, 0x648e15318e4b189}, @in6=@mcast1, {0xff, 0x6, 0xffffffff, 0x8001, 0x7f, 0x64e7, 0x6, 0x1ff}, {0x10, 0x1, 0xbf3, 0x108f}, {0x3ff, 0x5, 0x6}, 0x70bd28, 0x3506, 0x8caee252d176b0db, 0x1, 0x85, 0x5}, [@user_kmaddress={0x2c, 0x13, {@in6=@private2, @in6=@mcast2, 0x0, 0xa}}, @mark={0xc, 0x15, {0x350759, 0x6}}, @lifetime_val={0x24, 0x9, {0x1, 0x7, 0x400, 0x8}}, @sec_ctx={0x9c, 0x8, {0x98, 0x8, 0x0, 0x2, 0x90, "fe8100f449ee72bc4491d03eb1d13997fde43ed049cbe000fe08390eb84a8383e2d3b4a92f8dd157c26541a162eafe1d3cb69ba41077ea1295d07a3d58fc4e812a53f18a27b8013cea57d9b1b4d9ac326ee12a9fc05964c8006895abae8836b3dfe683da8eff6f91ce9b5ea16a4420af6ccf5f35da91582250269d7e45308fbdd13f02f446c37782d8aa6becef589732"}}, @algo_auth={0x75, 0x1, {{'sha256-arm64\x00'}, 0x168, "c1bf0250959e3c9a62bce33b971106e53527507ea74afdcf835df82aff90ceb3c9c9c75fec0d184709dc52d3bd"}}, @replay_thresh={0x8, 0xb, 0x9}]}, 0x268}, 0x1, 0x0, 0x0, 0xc080}, 0x800) unlink(&(0x7f00000005c0)='./file0\x00') r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000600), 0x101000, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000640)={0xc, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000680)={0x48, 0x2, r5}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x4000, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000007c0)={'ip_vti0\x00', &(0x7f0000000740)={'gre0\x00', r2, 0x7, 0x7800, 0x2, 0x35ee, {{0xa, 0x4, 0x0, 0x8, 0x28, 0x65, 0x0, 0x2, 0x2d, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, @dev={0xac, 0x14, 0x14, 0x10}, {[@lsrr={0x83, 0x7, 0x51, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x7, 0xbd, [@empty]}]}}}}}) open(&(0x7f0000000800)='./file0\x00', 0x24800, 0x19e) (async) r7 = open(&(0x7f0000000800)='./file0\x00', 0x24800, 0x19e) sendmsg$L2TP_CMD_SESSION_CREATE(r7, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x4c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6=r1}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x3}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8850}, 0x1) ioctl$FIOCLEX(r1, 0x5451) (async) ioctl$FIOCLEX(r1, 0x5451) eventfd(0x680) (async) eventfd(0x680) syz_usb_connect$uac1(0x5, 0xe2, &(0x7f0000000980)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd0, 0x3, 0x1, 0x9, 0x10, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3, 0x5}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x205, 0x1, 0x9d, 0x100, 0x0, 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x6, 0x6, 0xb9, "8bcb"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xd, 0x3, 0x0, 0x8}, @as_header={0x7, 0x24, 0x1, 0x1, 0xa8, 0x4}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xa6, 0x3, 0x9, {0x7, 0x25, 0x1, 0x1, 0x2, 0xfffb}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x9f, 0x2, 0xd, 0x3, "f0f7", "8a89bc"}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x6, 0x400, 0x0, "bf613379ff"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x3, 0x4, 0x4, "399a16f5"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x4, 0x2, 0x7, 0x2}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x9, 0x3, "d0c909f631e5"}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x6, 0x3, 0x40, 0xff, "90ee52d0"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x9, 0x0, 0x8d, {0x7, 0x25, 0x1, 0x0, 0x5, 0x7}}}}}}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000a80)={0xa, 0x6, 0x300, 0x9, 0xe2, 0x0, 0x8, 0x2}, 0x5, &(0x7f0000000ac0)={0x5, 0xf, 0x5}, 0x5, [{0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x411}}, {0x55, &(0x7f0000000b40)=@string={0x55, 0x3, "d1cbb6c5d0ecf3bab6034e257f57caaeddd64b53d1f5b5c2622103707b6e39f2d7d36725de8d46fc9ffa749b2bf4f8033bb60625990c632ec224e6b8b07181fba9d2eba41698f27c23e6e0aa426d81a09274d3"}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x40c}}, {0xae, &(0x7f0000000c00)=@string={0xae, 0x3, "a748c6636758a941350ed36e180d72221510b7e8922bb4ae1f5c396f3f7dff0adff1c0a3f37abccb52d1b507948d5212fe02d00d611ea344b6c335db5af656cdcf35a6786a09834ea5729acb382cf6b4863245d8879488cd86128054447dcb825196b111efc567e671f7a0efddd2f3cb1864e81c67f70a5821e3e024b3614045201dd2806f3978ab983f413b0e0cc1dbfe1d72082802ea1040f04a7700e3f67194d62d1580f7aeacb518bfcd"}}, {0xf4, &(0x7f0000000cc0)=@string={0xf4, 0x3, "19ee7d376d21d628864755e8255fe3eac7201b6117a9fd4939f10af9e90f6049bbfff907cbe14396b2c35491a3c7bd188177a8d53e12fe1e47391d89351cb4351d9675598040dcc017d94429f6f82656caef12766de2dcdea5e29901c43517ed5f933bba3e069bc01de57ed6060616d2f5c0f1a6c0a1b66822d70bdf373c88a1cfe939c616054587b247ada02b8bd384ea4cb1956b1dde8c6848f53c8e705581d7fc1a20c9b19165fcc9b347ae008d36996bdfee7d1b8a737f6a7231bf4987f3012ab5538568bbe3a1f51ae4b6cd01aed84e8f73d3451610cccda0c1c1e7865424ee9b89666b5e8a5db2f4dde434acb3ce6a"}}]}) (async) syz_usb_connect$uac1(0x5, 0xe2, &(0x7f0000000980)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd0, 0x3, 0x1, 0x9, 0x10, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3, 0x5}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x205, 0x1, 0x9d, 0x100, 0x0, 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x6, 0x6, 0xb9, "8bcb"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0xd, 0x3, 0x0, 0x8}, @as_header={0x7, 0x24, 0x1, 0x1, 0xa8, 0x4}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xa6, 0x3, 0x9, {0x7, 0x25, 0x1, 0x1, 0x2, 0xfffb}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x9f, 0x2, 0xd, 0x3, "f0f7", "8a89bc"}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x6, 0x400, 0x0, "bf613379ff"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x3, 0x4, 0x4, "399a16f5"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x4, 0x2, 0x7, 0x2}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x9, 0x3, "d0c909f631e5"}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x6, 0x3, 0x40, 0xff, "90ee52d0"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x9, 0x0, 0x8d, {0x7, 0x25, 0x1, 0x0, 0x5, 0x7}}}}}}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000a80)={0xa, 0x6, 0x300, 0x9, 0xe2, 0x0, 0x8, 0x2}, 0x5, &(0x7f0000000ac0)={0x5, 0xf, 0x5}, 0x5, [{0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x411}}, {0x55, &(0x7f0000000b40)=@string={0x55, 0x3, "d1cbb6c5d0ecf3bab6034e257f57caaeddd64b53d1f5b5c2622103707b6e39f2d7d36725de8d46fc9ffa749b2bf4f8033bb60625990c632ec224e6b8b07181fba9d2eba41698f27c23e6e0aa426d81a09274d3"}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x40c}}, {0xae, &(0x7f0000000c00)=@string={0xae, 0x3, "a748c6636758a941350ed36e180d72221510b7e8922bb4ae1f5c396f3f7dff0adff1c0a3f37abccb52d1b507948d5212fe02d00d611ea344b6c335db5af656cdcf35a6786a09834ea5729acb382cf6b4863245d8879488cd86128054447dcb825196b111efc567e671f7a0efddd2f3cb1864e81c67f70a5821e3e024b3614045201dd2806f3978ab983f413b0e0cc1dbfe1d72082802ea1040f04a7700e3f67194d62d1580f7aeacb518bfcd"}}, {0xf4, &(0x7f0000000cc0)=@string={0xf4, 0x3, "19ee7d376d21d628864755e8255fe3eac7201b6117a9fd4939f10af9e90f6049bbfff907cbe14396b2c35491a3c7bd188177a8d53e12fe1e47391d89351cb4351d9675598040dcc017d94429f6f82656caef12766de2dcdea5e29901c43517ed5f933bba3e069bc01de57ed6060616d2f5c0f1a6c0a1b66822d70bdf373c88a1cfe939c616054587b247ada02b8bd384ea4cb1956b1dde8c6848f53c8e705581d7fc1a20c9b19165fcc9b347ae008d36996bdfee7d1b8a737f6a7231bf4987f3012ab5538568bbe3a1f51ae4b6cd01aed84e8f73d3451610cccda0c1c1e7865424ee9b89666b5e8a5db2f4dde434acb3ce6a"}}]}) ioctl$EVIOCGLED(r7, 0x80404519, &(0x7f0000000e40)=""/7) getsockopt$inet_opts(r6, 0x0, 0x9, &(0x7f0000000e80)=""/230, &(0x7f0000000f80)=0xe6) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000fc0)='bic\x00', 0x4) ioctl$PPPIOCSFLAGS1(r7, 0x40047459, &(0x7f0000001000)=0x20000) (async) ioctl$PPPIOCSFLAGS1(r7, 0x40047459, &(0x7f0000001000)=0x20000) syz_open_dev$video4linux(&(0x7f0000001040), 0x5, 0x80) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001080), 0x1, 0x0) (async) r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001080), 0x1, 0x0) write$tcp_congestion(r8, &(0x7f00000010c0)='cdg\x00', 0x4) modify_ldt$read(0x0, &(0x7f0000001100)=""/153, 0x99) syz_usb_connect(0x4, 0x638, &(0x7f00000011c0)={{0x12, 0x1, 0x310, 0xaa, 0x94, 0xc9, 0x10, 0x1b3d, 0x1d2, 0x37d2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x626, 0x2, 0x89, 0xa0, 0x0, 0xc, [{{0x9, 0x4, 0x3c, 0x6, 0xe, 0x20, 0xe8, 0x3f, 0x0, [], [{{0x9, 0x5, 0x0, 0x10, 0x8, 0x3, 0x2, 0x4e, [@generic={0x77, 0x10, "2f0f51bb8d99a98aa836c8cc047fe5afae1617fcda45a82896178fb7bbfb9d58a50db410d02429ea21d498badef9a6f22d70be43ae377248fdb8a4171b0f5957e2cf363669a7fd3663604a39ad20527127890208e23b35dd683d5c737a003fcb2017f37a045a5ec76f6e07c73e40a022c38bd2be25"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x8, 0x10, 0x7, 0xfd}}, {{0x9, 0x5, 0x1, 0x10, 0x200, 0x7, 0x0, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x401}]}}, {{0x9, 0x5, 0x7, 0x3, 0x20, 0x54, 0x10, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xbd, 0x8000}, @generic={0x8a, 0x21, "ec6c343555d96dd44749b6340a4cb650307b1acbf5a464233ae4b6066d108eb815be21569e190c99d870992261cf534ad8946f48fb31c319a9a4074640971946c4acdd4a8a1ad75fc2e1ec3161f811fbafc5446ca012d4b0dcf79e50c3b097699cc9318b767dd7b74f3caca31abb96a8d98912802889dc296a16288665f80bd1703aaa1ebd8134a0"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x200, 0x6, 0x0, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf8, 0x6}, @generic={0x31, 0xf, "5251e52bc3596b6c14df24789f8f1cefb05b1d17b72f88a9b8a56ca92ee48e6ec4fe2b1bdfd142e3c4eab1b724f767"}]}}, {{0x9, 0x5, 0xe, 0xc, 0x3ff, 0x6, 0x3, 0x45, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x8}, @generic={0x31, 0x11, "52777b982a6b38ffbdd548e3379b83e2dfb1c299d5d16eb94bbe63f4bc2e0518b481e96a18b4fd6578f7ab5ddc5b68"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x40, 0x40, 0xd0, 0x81}}, {{0x9, 0x5, 0x4, 0x1, 0x20, 0x6, 0x8, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x81, 0xea}]}}, {{0x9, 0x5, 0x0, 0x0, 0x20, 0x6, 0x2, 0xcb, [@generic={0xea, 0x7, "5d8efb5ef867e7215624570c30b12f1122f7a59ed4747bf09f619b82eb68d785496526e3af2be3f6266bd0c359dfc5ddb201f6447c67382a21a577fc5a0674705da067c75676948ce804523db274c81bf1363f18e38ceafe8019f4c9b6557c4b990316943edbbebf01eff741c209b7635efa0f435d9dfd078f8f30e0a1977fa4c68e3c651d382a982a120773ecfccaa09f2201b3b6a973c629d1ffcd9e93618f787d3d9538c2f3e3987500a9e07a713c927314b2438dd10a4ff50287f06af479ad0f64b7c7cd11059e95fc2d86eb13c26ed3afe0cc67260a952de07eed73d35f9dca27ab0a5801e2"}]}}, {{0x9, 0x5, 0xb, 0x0, 0x410, 0x6, 0x0, 0x1f}}, {{0x9, 0x5, 0xb, 0x1, 0x10, 0x3, 0x9, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x21, 0x7fff}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x9, 0x7}]}}, {{0x9, 0x5, 0x80, 0x10, 0x8, 0x40, 0x8, 0x5, [@generic={0x2a, 0x6, "4623e4c0fb819465933fccef841f14dc2eb2caf2ff5502747b58298c79e99cf6efe0a263c82711cf"}]}}, {{0x9, 0x5, 0x2, 0x16, 0x200, 0x7f, 0x5, 0x80, [@generic={0x95, 0xc, "c2ce34a3adb0ae70562c776c3928d777c50266fea839fbc6e5e38ca44ad4e1cb9ad8c924c35d8733777b45657b6331bccb3929d2ea1931393a24001d647061dafde83ec08372051624ea963950dc697a23f6806cee17d9b16282c1c6e96ed535ac6a04d24d78986042c9b77cfbfcf14f0776ae413a5123d48afa07fd07206a50bd584f40197ba0f48fe7318ecec0b375ddc8de"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x20, 0xc0, 0x5, 0xbd, [@generic={0xad, 0xf, "3d67602833acb50b0a3c27f5f88f717d967a206994e1ea78cd95dc0141048d2c2ef985efb32592e9d26b6c85b8bf7bcd152ac7711c144b6b0718755cd7be7196b60ecf6f8593ff98d7b37979b857cb588782e6e7a0c3ece03b179aad7810f54e7820f0d14a3deed366cb47cc5d565e60ca3a8296d4ae334dc9cda3d7f96f0aef5917bff003c61b2f2c59da8426b2e73364d42c3d73e09b7d3aed0a5e19d993bd46191c448f85b82361ebdc"}]}}]}}, {{0x9, 0x4, 0xf9, 0x1f, 0x1, 0x13, 0x66, 0x44, 0x12, [@cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, "31a815"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x400, 0x0, 0x7}, {0x6, 0x24, 0x1a, 0x4, 0x39}, [@mbim={0xc, 0x24, 0x1b, 0x1, 0x8000, 0x9, 0x7, 0x7, 0x2}, @dmm={0x7, 0x24, 0x14, 0x59, 0x5}, @country_functional={0x12, 0x24, 0x7, 0x88, 0x2, [0x463, 0x2, 0x0, 0x1ff, 0x9, 0xe17]}, @mdlm={0x15}]}], [{{0x9, 0x5, 0x0, 0x3, 0x400, 0x9, 0x7, 0x2, [@generic={0x92, 0x1, "1a1c908a9608bbae2755f4e96099d7e151be09001cedffea9416d5612c9f4b610c6dee070e928d88f0fe04fc144a580041143f2beb9c7ab4455000f76ef1940992ebb7cc9ae7a270909ea497bd53be62aee158aa1cdf11f77ea5adc7cba3d98d6bd2e7741f543b5e9d082743df5c93c931ede9380b187088026a34b83302fddd14a80c68767de9fde7a500214d9f5e46"}, @generic={0xae, 0x8, "4e78488dd9aeafe0bef30726637bc389bd0270558e3b0a8e49f3e4b27267cdb2b005957cbba42dd66b53ee98dabea0b9372b6a987cc6239c77c05e06ceda28d003cf4589971722419ba02d9897c5cc43fbdb9f3dfdb9f7317c8dbb3028ff121bf744e4151dd48c0cdae6c9d288d79b2fcf76cc9c3d7403effcf61bc17b2af56a1fb0d2b6ec2dbdc6217579c5be5b2bcde4319c25de61a444a281874ae454488586e2fbea1cec215056c59814"}]}}]}}]}}]}}, &(0x7f00000019c0)={0xa, &(0x7f0000001800)={0xa, 0x6, 0x110, 0x8, 0x69, 0x4, 0x8, 0x5}, 0x1c, &(0x7f0000001840)={0x5, 0xf, 0x1c, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0xe1, 0x40, 0xff}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xd, 0x1, 0xb, 0x40}, @ptm_cap={0x3}]}, 0x2, [{0xeb, &(0x7f0000001880)=@string={0xeb, 0x3, "76ceb904b7f0a3a1a356fd866dcf234a33bfb3a45b1d8c79a2ee537c13f67f8460c5a46c13f44b8f39013b84df2da32742a17d8a369bc324ed79ae54227bae4800ac82f84be86f763a6f3bcc4be156feff22c0634df95a10da399847146addc1597fd856503862d349d1277f30f86c0287e503202e3f16f1978cb197c3efa544ee83a01105a00a0ada1915df6ad16c00071ee6ff5b312b19e749e2838b8085a609002256ee89f0e88bcf156c4ec3d9c879f136792c9ffcc7124ede6d97d7cf2b65d21db30d98a10dd3dc2c6bec4acd8147c81e1188a5da1373bd1e779a1bb81e3f6980246f4d04a3de"}}, {0x33, &(0x7f0000001980)=@string={0x33, 0x3, "cb4cc5d3772557d336b3a06b170c2879b968a144c7e508d6acd558fc751d37959c12e10997eaf1a028afba13defff1a187"}}]}) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000001a00)) 1m7.039198204s ago: executing program 1 (id=478): syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0x14, 0xa, 0x2, 0x0, [{@remote}, {@loopback}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0", @ANYRESOCT]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1m6.979981966s ago: executing program 4 (id=479): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000280)=0x2) close(0x3) r3 = syz_io_uring_setup(0x22f, &(0x7f00000001c0)={0x0, 0x5325, 0x10000, 0x0, 0x259}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565b, 0x0) syz_io_uring_submit(r4, r5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x1, 0xffffffff, 0x2, {0x0, 0x0, 0x0, r7, 0x18f40, 0x820}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x40}}, 0x0) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmmsg(r1, &(0x7f0000002400)=[{{&(0x7f0000000280)=@l2tp6={0xa, 0x0, 0x7600, @private0={0xfc, 0x0, '\x00', 0x9}, 0x32, 0x2}, 0x80, 0x0}}], 0x1, 0x40000) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) (async) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) (async) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) (async) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) (async) syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) (async) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) (async) ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) (async) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000280)=0x2) (async) close(0x3) (async) syz_io_uring_setup(0x22f, &(0x7f00000001c0)={0x0, 0x5325, 0x10000, 0x0, 0x259}, &(0x7f0000000000), &(0x7f0000000040)) (async) close_range(r3, 0xffffffffffffffff, 0x0) (async) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565b, 0x0) (async) syz_io_uring_submit(r4, r5, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00'}) (async) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x1, 0xffffffff, 0x2, {0x0, 0x0, 0x0, r7, 0x18f40, 0x820}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x40}}, 0x0) (async) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async) sendmmsg(r1, &(0x7f0000002400)=[{{&(0x7f0000000280)=@l2tp6={0xa, 0x0, 0x7600, @private0={0xfc, 0x0, '\x00', 0x9}, 0x32, 0x2}, 0x80, 0x0}}], 0x1, 0x40000) (async) 1m5.69006032s ago: executing program 0 (id=480): r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x38) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0) fcntl$setsig(r0, 0xa, 0x21) fcntl$setlease(r0, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, 0x0, 0x0) 1m5.272342427s ago: executing program 1 (id=481): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x5, "810000cc2b000000000000fa25ffff00ffffff"}) r1 = syz_open_pts(r0, 0x141601) fcntl$setstatus(r1, 0x4, 0x102800) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c000100"], 0xe4}}, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) r7 = userfaultfd(0x1) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) r8 = socket(0x40000000015, 0x5, 0x0) connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r8, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) recvmmsg(r8, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) socket$inet6(0xa, 0x3, 0x4) openat$audio(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x1, r9, 0x0, r4}, 0x10) r10 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r10, 0x0) r11 = mmap$IORING_OFF_SQ_RING(&(0x7f000062a000/0x1000)=nil, 0x1000, 0x1000000, 0x12, r10, 0x0) ioctl$PTP_SYS_OFFSET(r10, 0x43403d05, &(0x7f0000000540)={0x10}) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@delnexthop={0x20, 0x69, 0x400, 0x70bd27, 0x25dfdbff, {}, [{0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x2400c081) sendmmsg$inet_sctp(r2, &(0x7f0000000280)=[{&(0x7f0000000040)=@in={0x2, 0x8, @rand_addr=0x64010101}, 0x10, &(0x7f0000000200), 0x0, &(0x7f0000000300)=ANY=[@ANYRES8=r11], 0x48}], 0x1, 0x4044040) 1m5.208808408s ago: executing program 4 (id=482): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000002d40)=ANY=[@ANYBLOB="000086dd0000110000080000000060ec97000f982c00fe80000000fffffff5000000000000aafd8300aa0000000000000000000000013a000000000000008800"], 0xfce) 1m4.828180791s ago: executing program 0 (id=483): socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844) r2 = socket(0x11, 0xa, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8, 0x0, 0x0, 0x4}, 0x0) r3 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r3, &(0x7f0000002a80)=[{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000000100)="b6", 0x1}], 0x1, &(0x7f0000002700)=ANY=[@ANYBLOB="3000000000000000845760951b28734195c88e6bbecd210fe7f0db73ae780322cf00fbff0102000007000000", @ANYRES32=0x0, @ANYBLOB="180000000000000084000000050000000000000072000000"], 0x48}], 0x1, 0x0) r4 = getpgid(0xffffffffffffffff) sched_setattr(r4, &(0x7f0000000180)={0x38, 0x0, 0x0, 0x2ae, 0x6, 0x4, 0x4, 0x8, 0x1, 0x1c8}, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f00000000c0)=0x3, 0x4) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0) add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x7d}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00010016800080fbdbdf250a0080000000000000100000"], 0x1c}, 0x1, 0x0, 0x0, 0x24000050}, 0x20000050) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "ffff01e03d64a831683fdc3fd440829c82cfc400"}, 0x3c) setsockopt$MRT_FLUSH(r5, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/254, &(0x7f0000000040)=0xfe) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000080)={0xfefc, 0x7}, 0x4) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4) 1m3.698864291s ago: executing program 4 (id=484): memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="78010000170001000000000000000000fc0000000000000000000000000000000000000000000000fe8000000000000000000000000000bbac1414bb000000000000000000000000fc00000000000000000000000000000300"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000ffffffff00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000440005007f000001000000000000000000000000000000003c00000000000000fc02000000000000000000000000000000000000000000000000000000000000000000000c000800"], 0x178}}, 0x0) 1m2.969410681s ago: executing program 2 (id=485): syz_open_dev$sndmidi(0x0, 0x2, 0x141101) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x80000400, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) (async) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r0, 0x0, 0x0) (async) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r0, &(0x7f0000000180)=""/56, 0x38, 0x102, 0x0, 0x0) (async) recvfrom(r0, &(0x7f0000000180)=""/56, 0x38, 0x102, 0x0, 0x0) io_setup(0x3ff, 0x0) r4 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r4, 0x40000000af01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) (async) r5 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) (async) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_GET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="030700000000000000000800000068000480", @ANYRESDEC=r7], 0x7c}}, 0x0) (async) sendmsg$TIPC_NL_LINK_GET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="030700000000000000000800000068000480", @ANYRESDEC=r7], 0x7c}}, 0x0) unshare(0x68040200) (async) unshare(0x68040200) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="30000000000b01020000000000000000030000000800024000000000080003400000008d3bd4888fb84b4603681dae75"], 0x30}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x5, 0x0, 0x100}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x13}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0xb3}]}}}]}, @NFTA_RULE_TABLE={0xd, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0xfffffffffffffea8, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x94}}, 0x24008044) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000001c0)) (async) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000001c0)) 1m2.567173976s ago: executing program 4 (id=486): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000064000008000a000100000008001800ac1414aa08001900"], 0x58}}, 0x0) 48.152300621s ago: executing program 32 (id=473): socket(0x1, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getuid() sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {r4, 0xfffffffc, 0x0, 0x30, 0x0, @ib={0x1b, 0x8, 0x5, {}, 0x1, 0x2, 0x4}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x80000001}}}, 0x118) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r4, 0x2}}, 0x18) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) r5 = fanotify_init(0x202, 0x101000) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x4f, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x1, 0x3, 0x10, 0x5, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x68, {{0x7, 0x24, 0x6, 0x0, 0x0, "d0ed"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0x3, 0x81}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x8, 0x5, 0x7f}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x3, 0x3, 0xfe}}}}}]}}]}}, &(0x7f0000000c80)={0xa, &(0x7f00000009c0)={0xa, 0x6, 0x250, 0x2, 0x3, 0x2, 0x8, 0x20}, 0x5f, &(0x7f0000000a40)={0x5, 0xf, 0x5f, 0x5}, 0x3, [{0x35, &(0x7f0000000ac0)=@string={0x35, 0x3, "a04a24dab03cf1509dacde02ef6df62f316bb02eb5d2d9388ba19abd47b2693f0b55a8461a043b30f741fa33c4fb1bacbeaafe"}}, {0x97, &(0x7f0000000b00)=@string={0x97, 0x3, "705a57512c1bf95717d7f5e03dcd251d6e07dd0ea02eb108690192af7762944b05b9ae05871c38ee9dd903d910b049b37de4e90a3b5abebebe4f2ad0a4ddccd8999139cbbadff92f6599cd2c677cf32979c4ed398c0445306ba6d842d73e59b9d47e8c9295e073beb7ca61cc0e2ff1a6a394de24dcbfb4eebef5b7766b761ad681b42df98ca952d33cd8cae5a9098b0a496f4d83d2"}}, {0xb9, &(0x7f0000000bc0)=@string={0xb9, 0x3, "925a0d29a3dc54485a59887106105dbec316563b674dd4618c997a28899ac81a1c7131960faa05bbcce5f5b855802af368a4952b924c06b76966015952c4ae2ee2559def4e69ada923741857df0ee309965833a87d72b5494b6a63bfaf86d24afa532d67f7aafd41f4750a8989068774d1619f03f0dcf3e0c24fc0a3b0066781967ac2d93fefedbd156ab72e0b9f33c510dc707eb96e2f8982af9432dbcd7fb057784a77fdb1a8f89a70ba103ba414f32fbd5d9cb36906"}}]}) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r6, 0xc0145b0d, 0x0) dup2(r5, 0xffffffffffffffff) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x200) ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x0, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xff}, {0x0, 0x9, 0x80, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0xb9}, {0x11, 0xb}, {}, {0x0, 0x1, 0x4, '\x00', 0x2}, {0xfd, 0x0, 0x6}, {}, {0x0, 0x8f, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x1}, {0xb}, {0x5, 0x99, 0x2, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x0, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0xfd, 0x21, 0x80, '\x00', 0x5}, {0x3}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x0, 0xd}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x0, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}}) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000004e040100000000002d400200000000004704000001ed00007b130000000000001d440200000000007a0a00fe00ffffffc3030000e1000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a6c3692e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5be14ecf7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e347a8ad880d2cd829b847400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c35b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af8612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5e69048ddff6da409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f50000e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc286463a2b1e992894269f478341d02d0f5ad4bcb524a5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39e415140200000020cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a22048516d6aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe0e669e5e20100005353193f82ade69d0540059fe6c7fe7cd8697502c7596566d6740300da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc02290beaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24c87afce829ba0f85da6d8a8f18ea40ab959f6074ab2a4009b9e5f07ab5138aa6e3d37fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e6b0b384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208160fb04c98375b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27feeb741680f6f2f9a6a8346962a350845ffa0d829e4f79ad7d87906943408e6df3adbfd03aac93df8866fb010aecfed9092ca4d0f3e1116a0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a530600d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe92c7719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b1dba94a6ea80c33ead5722c3293986e02c8e0a6dda1eca493f14795bd068826fe8df15efaaeea831555877f958a19e499666a38d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a8784d0899ed888141e2fae6691d1aee1da02ba516467df3e7d1daac19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa57d2c93f49c47944fec01a8aa7749f3187e9efb00000000e0884160b765b07ec9ba020362310223c81e48d6d3b6e5b50d45248efe43a409773e3ed01cd663f3aaab9e1c0000f43b64bb54e5b30be3399e3dd1eb1cfd1935a323023fe5792879833c7eb356b95cfb135045b1d8f7da2fa5bfedef411d0791523a9e64c884e9dfed9cd413afe66bd8ee831cdb34726fe0434fbf44c7b33a853330bcaf37ba4e36705807468b37d32087e599165f1bce015145444ef5967b443222f46173cc876015b2d1874be9846f7c1653c02d2ef9a75fdc45820c69bbe1cb575f9aa21aa9d3d58bd5e5fe026142a72e24049b8400c4a28b2d5db8d5f53cb354fba19975fb0b3739baae51cb4b034993ef1463dcdba2da419b320420efdd091d7f6e83c8ac2ccc6c9392a42a33907421ab847c9590c213eda9a7e1db598a23e75a3c0933fc803ca994a86476b995c37c445f68fd99fb4d335ff00d15bc4630c993fffffe000000000000a236a791bcb6eff8d488041db6b8f2c158c2c3f4baacd0c8cc7eb1fd7fba93237e598771cf6f281aa72139"], &(0x7f00000001c0)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 0s ago: executing program 33 (id=483): socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844) r2 = socket(0x11, 0xa, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8, 0x0, 0x0, 0x4}, 0x0) r3 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r3, &(0x7f0000002a80)=[{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000000100)="b6", 0x1}], 0x1, &(0x7f0000002700)=ANY=[@ANYBLOB="3000000000000000845760951b28734195c88e6bbecd210fe7f0db73ae780322cf00fbff0102000007000000", @ANYRES32=0x0, @ANYBLOB="180000000000000084000000050000000000000072000000"], 0x48}], 0x1, 0x0) r4 = getpgid(0xffffffffffffffff) sched_setattr(r4, &(0x7f0000000180)={0x38, 0x0, 0x0, 0x2ae, 0x6, 0x4, 0x4, 0x8, 0x1, 0x1c8}, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f00000000c0)=0x3, 0x4) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0) add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x7d}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00010016800080fbdbdf250a0080000000000000100000"], 0x1c}, 0x1, 0x0, 0x0, 0x24000050}, 0x20000050) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "ffff01e03d64a831683fdc3fd440829c82cfc400"}, 0x3c) setsockopt$MRT_FLUSH(r5, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/254, &(0x7f0000000040)=0xfe) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000080)={0xfefc, 0x7}, 0x4) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4) kernel console output (not intermixed with test programs): tions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 101.842344][ T5986] netlink: 68 bytes leftover after parsing attributes in process `syz.3.32'. [ 102.076101][ T5992] loop8: detected capacity change from 0 to 7 [ 102.092254][ T43] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.111717][ T5992] Dev loop8: unable to read RDB block 7 [ 102.139450][ T5992] loop8: unable to read partition table [ 102.150670][ T5992] loop8: partition table beyond EOD, truncated [ 102.172770][ T5992] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 102.262095][ T43] usb 3-1: device descriptor read/64, error -71 [ 102.348227][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.418049][ T30] audit: type=1326 audit(1748819657.709:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.454145][ T30] audit: type=1326 audit(1748819657.739:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.482461][ T30] audit: type=1326 audit(1748819657.739:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa220f8d2d0 code=0x7ffc0000 [ 102.509948][ T30] audit: type=1326 audit(1748819657.739:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.532135][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 102.542269][ T43] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 102.550124][ T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 102.551704][ T30] audit: type=1326 audit(1748819657.739:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.590487][ T30] audit: type=1326 audit(1748819657.739:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.591113][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 102.617850][ T30] audit: type=1326 audit(1748819657.739:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa220f8e9a3 code=0x7ffc0000 [ 102.649624][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.669082][ T9] usb 1-1: Product: syz [ 102.673137][ T43] usb 3-1: device descriptor read/64, error -71 [ 102.674515][ T9] usb 1-1: Manufacturer: syz [ 102.688773][ T30] audit: type=1326 audit(1748819657.739:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa220f8e9a3 code=0x7ffc0000 [ 102.714985][ T30] audit: type=1326 audit(1748819657.739:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.737920][ T9] usb 1-1: SerialNumber: syz [ 102.748830][ T30] audit: type=1326 audit(1748819657.739:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6000 comm="syz.3.37" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa220f8e969 code=0x7ffc0000 [ 102.749193][ T9] usb 1-1: config 0 descriptor?? [ 102.783006][ T43] usb usb3-port1: attempt power cycle [ 102.802460][ T9] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 102.805894][ T6007] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.918761][ T6011] bond0: option arp_validate: invalid value (18446744073441116161) [ 103.122392][ T43] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 103.143861][ T43] usb 3-1: device descriptor read/8, error -71 [ 103.215640][ T5994] netlink: 'syz.0.34': attribute type 2 has an invalid length. [ 103.249872][ T5994] netlink: 1 bytes leftover after parsing attributes in process `syz.0.34'. [ 103.290315][ T5995] netlink: 'syz.0.34': attribute type 2 has an invalid length. [ 103.341182][ T5995] netlink: 1 bytes leftover after parsing attributes in process `syz.0.34'. [ 103.412093][ T43] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 103.455023][ T43] usb 3-1: device descriptor read/8, error -71 [ 103.469871][ T6025] FAULT_INJECTION: forcing a failure. [ 103.469871][ T6025] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 103.489935][ T6025] CPU: 1 UID: 0 PID: 6025 Comm: syz.3.46 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 103.489966][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.489978][ T6025] Call Trace: [ 103.489986][ T6025] [ 103.489995][ T6025] dump_stack_lvl+0x189/0x250 [ 103.490041][ T6025] ? __pfx____ratelimit+0x10/0x10 [ 103.490066][ T6025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.490096][ T6025] ? __pfx__printk+0x10/0x10 [ 103.490118][ T6025] ? __might_fault+0xb0/0x130 [ 103.490159][ T6025] should_fail_ex+0x414/0x560 [ 103.490191][ T6025] _copy_from_iter+0x1db/0x16f0 [ 103.490229][ T6025] ? __lock_acquire+0xab9/0xd20 [ 103.490252][ T6025] ? __pfx__copy_from_iter+0x10/0x10 [ 103.490293][ T6025] ? page_copy_sane+0x4e/0x280 [ 103.490324][ T6025] copy_page_from_iter+0xdd/0x170 [ 103.490359][ T6025] tun_get_user+0x1c4d/0x3ce0 [ 103.490392][ T6025] ? tun_get_user+0x693/0x3ce0 [ 103.490436][ T6025] ? aa_file_perm+0x11f/0xed0 [ 103.490463][ T6025] ? __pfx_tun_get_user+0x10/0x10 [ 103.490490][ T6025] ? aa_file_perm+0x11f/0xed0 [ 103.490514][ T6025] ? aa_file_perm+0x3e7/0xed0 [ 103.490556][ T6025] ? ref_tracker_alloc+0x318/0x460 [ 103.490582][ T6025] ? __lock_acquire+0xab9/0xd20 [ 103.490606][ T6025] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 103.490638][ T6025] ? tun_get+0x1c/0x2f0 [ 103.490672][ T6025] ? tun_get+0x1c/0x2f0 [ 103.490700][ T6025] ? tun_get+0x1c/0x2f0 [ 103.490734][ T6025] tun_chr_write_iter+0x113/0x200 [ 103.490767][ T6025] vfs_write+0x54b/0xa90 [ 103.490801][ T6025] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 103.490829][ T6025] ? __pfx_vfs_write+0x10/0x10 [ 103.490859][ T6025] ? do_sys_openat2+0x154/0x1c0 [ 103.490879][ T6025] ? kmem_cache_free+0x18f/0x400 [ 103.490926][ T6025] ksys_write+0x145/0x250 [ 103.490953][ T6025] ? __pfx_ksys_write+0x10/0x10 [ 103.490976][ T6025] ? rcu_is_watching+0x15/0xb0 [ 103.491009][ T6025] ? do_syscall_64+0xbe/0x3b0 [ 103.491050][ T6025] do_syscall_64+0xfa/0x3b0 [ 103.491074][ T6025] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.491099][ T6025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.491119][ T6025] ? clear_bhb_loop+0x60/0xb0 [ 103.491143][ T6025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.491163][ T6025] RIP: 0033:0x7fa220f8d41f [ 103.491182][ T6025] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 103.491198][ T6025] RSP: 002b:00007fa221e9a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 103.491220][ T6025] RAX: ffffffffffffffda RBX: 00007fa2211b5fa0 RCX: 00007fa220f8d41f [ 103.491234][ T6025] RDX: 0000000000000052 RSI: 0000200000000080 RDI: 00000000000000c8 [ 103.491250][ T6025] RBP: 00007fa221e9a090 R08: 0000000000000000 R09: 0000000000000000 [ 103.491262][ T6025] R10: 0000000000000052 R11: 0000000000000293 R12: 0000000000000001 [ 103.491274][ T6025] R13: 0000000000000000 R14: 00007fa2211b5fa0 R15: 00007fa2212dfa28 [ 103.491305][ T6025] [ 103.866511][ T43] usb usb3-port1: unable to enumerate USB device [ 104.279242][ T6038] netlink: 44 bytes leftover after parsing attributes in process `syz.4.51'. [ 104.867890][ T6057] fuse: Unknown parameter 'rooñäe' [ 105.038213][ T6062] loop2: detected capacity change from 0 to 7 [ 105.059387][ T5883] Dev loop2: unable to read RDB block 7 [ 105.066265][ T5883] loop2: unable to read partition table [ 105.096587][ T5883] loop2: partition table beyond EOD, truncated [ 105.123089][ T9] gspca_zc3xx: reg_w_i err -110 [ 105.139468][ T6062] Dev loop2: unable to read RDB block 7 [ 105.145421][ T6062] loop2: unable to read partition table [ 105.151689][ T6062] loop2: partition table beyond EOD, truncated [ 105.158454][ T6062] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 105.530695][ T6064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'. [ 105.732708][ T9] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 105.749425][ T9] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 105.853091][ T6068] netlink: 20 bytes leftover after parsing attributes in process `syz.1.60'. [ 105.918153][ T9] usb 1-1: USB disconnect, device number 2 [ 106.084155][ T6074] FAULT_INJECTION: forcing a failure. [ 106.084155][ T6074] name failslab, interval 1, probability 0, space 0, times 0 [ 106.152489][ T6074] CPU: 1 UID: 0 PID: 6074 Comm: syz.0.63 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 106.152518][ T6074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.152530][ T6074] Call Trace: [ 106.152538][ T6074] [ 106.152546][ T6074] dump_stack_lvl+0x189/0x250 [ 106.152583][ T6074] ? __pfx____ratelimit+0x10/0x10 [ 106.152609][ T6074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.152639][ T6074] ? __pfx__printk+0x10/0x10 [ 106.152677][ T6074] should_fail_ex+0x414/0x560 [ 106.152710][ T6074] should_failslab+0xa8/0x100 [ 106.152743][ T6074] __kmalloc_cache_noprof+0x70/0x3d0 [ 106.152772][ T6074] ? sctp_add_bind_addr+0x8c/0x370 [ 106.152804][ T6074] sctp_add_bind_addr+0x8c/0x370 [ 106.152837][ T6074] sctp_copy_local_addr_list+0x30b/0x4e0 [ 106.152869][ T6074] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 106.152896][ T6074] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 106.152926][ T6074] ? sctp_v6_is_any+0x64/0x80 [ 106.152957][ T6074] ? sctp_copy_one_addr+0x93/0x360 [ 106.152988][ T6074] sctp_bind_addr_copy+0xb3/0x3c0 [ 106.153017][ T6074] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 106.153053][ T6074] sctp_connect_new_asoc+0x2e0/0x690 [ 106.153078][ T6074] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 106.153101][ T6074] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 106.153122][ T6074] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 106.153140][ T6074] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 106.153162][ T6074] ? sctp_endpoint_lookup_assoc+0x22f/0x260 [ 106.153186][ T6074] __sctp_connect+0x5ba/0xd50 [ 106.153220][ T6074] ? __pfx___sctp_connect+0x10/0x10 [ 106.153252][ T6074] sctp_inet_connect+0x12e/0x1e0 [ 106.153286][ T6074] __sys_connect+0x313/0x440 [ 106.153315][ T6074] ? __fget_files+0x3a0/0x420 [ 106.153335][ T6074] ? __pfx___sys_connect+0x10/0x10 [ 106.153378][ T6074] ? __pfx_ksys_write+0x10/0x10 [ 106.153403][ T6074] ? rcu_is_watching+0x15/0xb0 [ 106.153439][ T6074] __x64_sys_connect+0x7a/0x90 [ 106.153469][ T6074] do_syscall_64+0xfa/0x3b0 [ 106.153494][ T6074] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.153517][ T6074] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.153536][ T6074] ? clear_bhb_loop+0x60/0xb0 [ 106.153561][ T6074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.153580][ T6074] RIP: 0033:0x7f6f6e78e969 [ 106.153597][ T6074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.153614][ T6074] RSP: 002b:00007f6f6f630038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 106.153635][ T6074] RAX: ffffffffffffffda RBX: 00007f6f6e9b5fa0 RCX: 00007f6f6e78e969 [ 106.153649][ T6074] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005 [ 106.153661][ T6074] RBP: 00007f6f6f630090 R08: 0000000000000000 R09: 0000000000000000 [ 106.153673][ T6074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.153684][ T6074] R13: 0000000000000000 R14: 00007f6f6e9b5fa0 R15: 00007f6f6eadfa28 [ 106.153716][ T6074] [ 106.452652][ T5907] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 106.588523][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 106.622851][ T5907] usb 3-1: Using ep0 maxpacket: 16 [ 106.679297][ T5907] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 106.688630][ T5907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.719749][ T5907] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.754432][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 106.767034][ T5907] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 106.776558][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.799668][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.818540][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.822683][ T5882] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 106.828180][ T9] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 106.858476][ T5907] usb 3-1: config 0 descriptor?? [ 106.865103][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.910925][ T9] usb 2-1: config 0 descriptor?? [ 107.007456][ T5882] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.014867][ T6090] loop6: detected capacity change from 0 to 7 [ 107.022621][ T5882] usb 4-1: config 0 has no interfaces? [ 107.037225][ T5882] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 107.048521][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.070077][ T6090] Dev loop6: unable to read RDB block 7 [ 107.085343][ T6090] loop6: AHDI p1 p2 [ 107.089575][ T6090] loop6: partition table partially beyond EOD, truncated [ 107.100130][ T5882] usb 4-1: config 0 descriptor?? [ 107.105305][ T6090] loop6: p1 start 926365495 is beyond EOD, truncated [ 107.163592][ T9] playstation 0003:054C:05C4.0002: invalid report_count 1553694380 [ 107.201943][ T6093] batadv_slave_1: entered promiscuous mode [ 107.204832][ T9] playstation 0003:054C:05C4.0002: item 0 4 1 9 parsing failed [ 107.221895][ T6091] batadv_slave_1: left promiscuous mode [ 107.226340][ T9] playstation 0003:054C:05C4.0002: Parse failed [ 107.239176][ T9] playstation 0003:054C:05C4.0002: probe with driver playstation failed with error -22 [ 107.309799][ T5907] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 107.319318][ T5907] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 107.345655][ T5907] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 107.364601][ T5907] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 107.375026][ T24] usb 2-1: USB disconnect, device number 3 [ 107.380437][ T5907] savu 0003:1E7D:2D5A.0003: unknown main item tag 0x0 [ 107.403614][ T1209] usb 4-1: USB disconnect, device number 3 [ 107.427003][ T5907] savu 0003:1E7D:2D5A.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 108.072563][ T1209] usb 3-1: USB disconnect, device number 6 [ 108.380459][ T6111] netlink: 20 bytes leftover after parsing attributes in process `syz.2.76'. [ 108.435718][ T6118] netlink: 20 bytes leftover after parsing attributes in process `syz.2.76'. [ 108.749773][ T5907] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 108.775117][ T6125] random: crng reseeded on system resumption [ 108.952738][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 109.009679][ T5907] usb 1-1: config 0 has no interfaces? [ 109.045950][ T5907] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 109.182526][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.212248][ T5907] usb 1-1: Product: syz [ 109.222075][ T5907] usb 1-1: Manufacturer: syz [ 109.232141][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 109.239642][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 109.247322][ T5907] usb 1-1: SerialNumber: syz [ 109.263134][ T10] usb 3-1: New USB device found, idVendor=17cc, idProduct=041c, bcdDevice= 0.9c [ 109.284097][ T5907] usb 1-1: config 0 descriptor?? [ 109.295957][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.332144][ T10] usb 3-1: Product: syz [ 109.352103][ T10] usb 3-1: Manufacturer: syz [ 109.368023][ T10] usb 3-1: SerialNumber: syz [ 109.397996][ T10] usb 3-1: config 0 descriptor?? [ 109.436429][ T10] usb 3-1: selecting invalid altsetting 1 [ 109.452291][ T10] snd-usb-caiaq 3-1:0.0: can't set alt interface. [ 109.478353][ T10] usb 3-1: unable to init card! (ret=-5) [ 109.495722][ T10] snd-usb-caiaq 3-1:0.0: probe with driver snd-usb-caiaq failed with error -5 [ 109.592483][ T6132] bond0: option arp_validate: invalid value (18446744073441116161) [ 109.688890][ T5907] usb 3-1: USB disconnect, device number 7 [ 109.779414][ T6119] pimreg: entered allmulticast mode [ 109.793183][ T6119] pimreg: left allmulticast mode [ 109.948246][ T6125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.81'. [ 110.152341][ T1209] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 110.325753][ T1209] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 110.394240][ T1209] usb 5-1: config 0 interface 0 has no altsetting 0 [ 110.416891][ T1209] usb 5-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 110.471896][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.530270][ T1209] usb 5-1: config 0 descriptor?? [ 110.587243][ T6135] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 110.634041][ T1209] usbhid 5-1:0.0: can't add hid device: -22 [ 110.662208][ T1209] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 112.379201][ T1209] usb 1-1: USB disconnect, device number 3 [ 112.602925][ T6157] FAULT_INJECTION: forcing a failure. [ 112.602925][ T6157] name failslab, interval 1, probability 0, space 0, times 0 [ 112.615850][ T6157] CPU: 0 UID: 0 PID: 6157 Comm: syz.2.91 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 112.615878][ T6157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.615890][ T6157] Call Trace: [ 112.615898][ T6157] [ 112.615907][ T6157] dump_stack_lvl+0x189/0x250 [ 112.615942][ T6157] ? __pfx____ratelimit+0x10/0x10 [ 112.615968][ T6157] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.615999][ T6157] ? __pfx__printk+0x10/0x10 [ 112.616028][ T6157] ? ipv6_get_ifaddr+0x69c/0x790 [ 112.616059][ T6157] should_fail_ex+0x414/0x560 [ 112.616092][ T6157] should_failslab+0xa8/0x100 [ 112.616124][ T6157] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 112.616154][ T6157] ? __alloc_skb+0x112/0x2d0 [ 112.616187][ T6157] __alloc_skb+0x112/0x2d0 [ 112.616231][ T6157] tcp_make_synack+0xd3/0x1c40 [ 112.616255][ T6157] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 112.616281][ T6157] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 112.616328][ T6157] ? __pfx_tcp_make_synack+0x10/0x10 [ 112.616350][ T6157] ? xfrm_lookup_route+0x103/0x1c0 [ 112.616372][ T6157] ? inet6_csk_route_req+0x4fb/0x700 [ 112.616401][ T6157] ? __pfx_inet6_csk_route_req+0x10/0x10 [ 112.616428][ T6157] ? get_random_u32+0x4df/0x940 [ 112.616450][ T6157] ? NF_HOOK+0x309/0x3a0 [ 112.616470][ T6157] ? __netif_receive_skb+0xd3/0x380 [ 112.616501][ T6157] tcp_v6_send_synack+0xee/0xe80 [ 112.616535][ T6157] ? __pfx_tcp_v6_send_synack+0x10/0x10 [ 112.616580][ T6157] tcp_rtx_synack+0x176/0x5c0 [ 112.616609][ T6157] ? __pfx_tcp_rtx_synack+0x10/0x10 [ 112.616658][ T6157] inet_rtx_syn_ack+0x67/0xd0 [ 112.616684][ T6157] tcp_check_req+0x4dd/0x1800 [ 112.616723][ T6157] ? __pfx_tcp_check_req+0x10/0x10 [ 112.616745][ T6157] ? sk_filter_trim_cap+0x199/0xa70 [ 112.616769][ T6157] ? tcp_v6_fill_cb+0x3d/0x4c0 [ 112.616796][ T6157] ? __asan_memmove+0x30/0x70 [ 112.616821][ T6157] ? tcp_v6_fill_cb+0x260/0x4c0 [ 112.616853][ T6157] tcp_v6_rcv+0x167e/0x2bf0 [ 112.616923][ T6157] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 112.616948][ T6157] ? nf_nat_ipv6_fn+0xe7/0x2d0 [ 112.616988][ T6157] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 112.617014][ T6157] ip6_protocol_deliver_rcu+0xcb0/0x15c0 [ 112.617065][ T6157] ip6_input_finish+0xde/0x190 [ 112.617094][ T6157] NF_HOOK+0x309/0x3a0 [ 112.617118][ T6157] ? __pfx_ip6_input_finish+0x10/0x10 [ 112.617140][ T6157] ? NF_HOOK+0x9a/0x3a0 [ 112.617160][ T6157] ? __pfx_NF_HOOK+0x10/0x10 [ 112.617185][ T6157] ? __pfx_ip6_input_finish+0x10/0x10 [ 112.617228][ T6157] ip6_input+0x16a/0x270 [ 112.617249][ T6157] ? ip6_input+0x23/0x270 [ 112.617274][ T6157] NF_HOOK+0x309/0x3a0 [ 112.617294][ T6157] ? skb_orphan+0x4f/0xd0 [ 112.617318][ T6157] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 112.617339][ T6157] ? NF_HOOK+0x9a/0x3a0 [ 112.617360][ T6157] ? __pfx_NF_HOOK+0x10/0x10 [ 112.617385][ T6157] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 112.617419][ T6157] __netif_receive_skb+0xd3/0x380 [ 112.617452][ T6157] ? netif_receive_skb+0x115/0x790 [ 112.617477][ T6157] netif_receive_skb+0x1cb/0x790 [ 112.617502][ T6157] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 112.617529][ T6157] ? __pfx_netif_receive_skb+0x10/0x10 [ 112.617560][ T6157] ? tun_rx_batched+0x160/0x730 [ 112.617593][ T6157] tun_rx_batched+0x1b9/0x730 [ 112.617623][ T6157] ? __lock_acquire+0xab9/0xd20 [ 112.617651][ T6157] ? __pfx_tun_rx_batched+0x10/0x10 [ 112.617685][ T6157] ? tun_get_user+0x2549/0x3ce0 [ 112.617731][ T6157] tun_get_user+0x298e/0x3ce0 [ 112.617763][ T6157] ? tun_get_user+0x693/0x3ce0 [ 112.617791][ T6157] ? tun_get_user+0x2549/0x3ce0 [ 112.617834][ T6157] ? aa_file_perm+0x11f/0xed0 [ 112.617863][ T6157] ? __pfx_tun_get_user+0x10/0x10 [ 112.617893][ T6157] ? aa_file_perm+0x3e7/0xed0 [ 112.617936][ T6157] ? ref_tracker_alloc+0x318/0x460 [ 112.617961][ T6157] ? __lock_acquire+0xab9/0xd20 [ 112.617986][ T6157] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 112.618021][ T6157] ? tun_get+0x1c/0x2f0 [ 112.618057][ T6157] ? tun_get+0x1c/0x2f0 [ 112.618086][ T6157] ? tun_get+0x1c/0x2f0 [ 112.618121][ T6157] tun_chr_write_iter+0x113/0x200 [ 112.618155][ T6157] vfs_write+0x54b/0xa90 [ 112.618188][ T6157] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 112.618225][ T6157] ? __pfx_vfs_write+0x10/0x10 [ 112.618257][ T6157] ? do_sys_openat2+0x154/0x1c0 [ 112.618277][ T6157] ? kmem_cache_free+0x18f/0x400 [ 112.618323][ T6157] ksys_write+0x145/0x250 [ 112.618353][ T6157] ? __pfx_ksys_write+0x10/0x10 [ 112.618378][ T6157] ? rcu_is_watching+0x15/0xb0 [ 112.618410][ T6157] ? do_syscall_64+0xbe/0x3b0 [ 112.618441][ T6157] do_syscall_64+0xfa/0x3b0 [ 112.618465][ T6157] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.618489][ T6157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.618509][ T6157] ? clear_bhb_loop+0x60/0xb0 [ 112.618534][ T6157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.618553][ T6157] RIP: 0033:0x7fc16fd8d41f [ 112.618571][ T6157] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 112.618588][ T6157] RSP: 002b:00007fc170cb1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 112.618608][ T6157] RAX: ffffffffffffffda RBX: 00007fc16ffb5fa0 RCX: 00007fc16fd8d41f [ 112.618623][ T6157] RDX: 0000000000000052 RSI: 0000200000000080 RDI: 00000000000000c8 [ 112.618635][ T6157] RBP: 00007fc170cb1090 R08: 0000000000000000 R09: 0000000000000000 [ 112.618647][ T6157] R10: 0000000000000052 R11: 0000000000000293 R12: 0000000000000001 [ 112.618658][ T6157] R13: 0000000000000000 R14: 00007fc16ffb5fa0 R15: 00007fc1700dfa28 [ 112.618690][ T6157] [ 113.430621][ T1209] usb 5-1: USB disconnect, device number 3 [ 113.502618][ T6168] netlink: 44 bytes leftover after parsing attributes in process `syz.2.93'. [ 113.752181][ T5882] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 113.911482][ T5882] usb 2-1: Using ep0 maxpacket: 16 [ 113.923094][ T5882] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 113.937411][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.947806][ T5882] usb 2-1: Product: syz [ 113.952872][ T5882] usb 2-1: Manufacturer: syz [ 113.957760][ T5882] usb 2-1: SerialNumber: syz [ 113.981871][ T5882] usb 2-1: config 0 descriptor?? [ 114.008513][ T5882] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 114.204065][ T5882] usb 2-1: clie_3_5_startup: get interface number failed: -32 [ 114.226586][ T5882] visor 2-1:0.0: probe with driver visor failed with error -32 [ 114.312579][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 114.383011][ T1209] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 114.456238][ T6188] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.498716][ T10] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.510648][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 114.525131][ T10] usb 3-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00 [ 114.534745][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.549168][ T10] usb 3-1: config 0 descriptor?? [ 114.555471][ T1209] usb 4-1: Using ep0 maxpacket: 8 [ 114.590322][ T1209] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 114.608337][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.626059][ T1209] usb 4-1: Product: syz [ 114.630298][ T1209] usb 4-1: Manufacturer: syz [ 114.635959][ T1209] usb 4-1: SerialNumber: syz [ 114.641587][ T6164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.95'. [ 114.656265][ T1209] usb 4-1: config 0 descriptor?? [ 114.772991][ T5882] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 114.882382][ T1209] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 114.932179][ T5882] usb 1-1: device descriptor read/64, error -71 [ 114.986642][ T5907] usb 2-1: USB disconnect, device number 4 [ 115.001014][ T10] logitech 0003:046D:C623.0004: unknown main item tag 0x0 [ 115.055877][ T10] logitech 0003:046D:C623.0004: unknown main item tag 0x0 [ 115.076590][ T10] logitech 0003:046D:C623.0004: unknown main item tag 0x0 [ 115.117118][ T10] logitech 0003:046D:C623.0004: unknown main item tag 0x0 [ 115.151627][ T10] logitech 0003:046D:C623.0004: unknown main item tag 0x0 [ 115.241795][ T10] logitech 0003:046D:C623.0004: hidraw0: USB HID v0.00 Device [HID 046d:c623] on usb-dummy_hcd.2-1/input0 [ 115.362550][ T5882] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 115.509052][ T6208] syzkaller0: create flow: hash 2100791290 index 1 [ 115.540184][ T5882] usb 1-1: device descriptor read/64, error -71 [ 115.577304][ T1209] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 115.597988][ T1209] usb 4-1: USB disconnect, device number 4 [ 115.647584][ T6210] netlink: 68 bytes leftover after parsing attributes in process `syz.4.109'. [ 115.660172][ T5882] usb usb1-port1: attempt power cycle [ 115.702280][ T6206] syzkaller0: delete flow: hash 2100791290 index 1 [ 116.032435][ T5882] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 116.063971][ T5882] usb 1-1: device descriptor read/8, error -71 [ 116.110571][ T1209] usb 3-1: USB disconnect, device number 8 [ 116.177028][ T10] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 116.314808][ T5882] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 116.347609][ T5882] usb 1-1: device descriptor read/8, error -71 [ 116.373736][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.387005][ T10] usb 5-1: config 0 has no interfaces? [ 116.394107][ T10] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 116.406840][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.419011][ T10] usb 5-1: config 0 descriptor?? [ 116.466465][ T5882] usb usb1-port1: unable to enumerate USB device [ 117.253353][ T6218] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 117.269944][ T6216] team_slave_0: entered promiscuous mode [ 117.275915][ T6216] team_slave_1: entered promiscuous mode [ 117.294088][ T6216] vlan2: entered promiscuous mode [ 117.299442][ T6216] team0: entered promiscuous mode [ 117.510347][ T10] usb 5-1: USB disconnect, device number 4 [ 117.606881][ T6230] netlink: 52 bytes leftover after parsing attributes in process `syz.2.118'. [ 117.963595][ T6244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.122'. [ 118.275104][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 118.432107][ T10] usb 3-1: device descriptor read/64, error -71 [ 118.612198][ T5882] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 118.695715][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 118.782395][ T5882] usb 4-1: Using ep0 maxpacket: 32 [ 118.805351][ T5882] usb 4-1: config 0 interface 0 has no altsetting 0 [ 118.814485][ T5882] usb 4-1: New USB device found, idVendor=1e71, idProduct=2011, bcdDevice= 0.00 [ 118.837532][ T6260] netlink: 20 bytes leftover after parsing attributes in process `syz.4.129'. [ 118.838376][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.850650][ T6261] FAULT_INJECTION: forcing a failure. [ 118.850650][ T6261] name failslab, interval 1, probability 0, space 0, times 0 [ 118.868387][ T10] usb 3-1: device descriptor read/64, error -71 [ 118.885516][ T6262] netlink: 20 bytes leftover after parsing attributes in process `syz.4.129'. [ 118.902426][ T6261] CPU: 0 UID: 0 PID: 6261 Comm: syz.1.128 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 118.902457][ T6261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.902469][ T6261] Call Trace: [ 118.902477][ T6261] [ 118.902486][ T6261] dump_stack_lvl+0x189/0x250 [ 118.902522][ T6261] ? __pfx____ratelimit+0x10/0x10 [ 118.902548][ T6261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.902578][ T6261] ? __pfx__printk+0x10/0x10 [ 118.902616][ T6261] should_fail_ex+0x414/0x560 [ 118.902648][ T6261] should_failslab+0xa8/0x100 [ 118.902681][ T6261] __kmalloc_cache_noprof+0x70/0x3d0 [ 118.902710][ T6261] ? sctp_add_bind_addr+0x8c/0x370 [ 118.902742][ T6261] sctp_add_bind_addr+0x8c/0x370 [ 118.902774][ T6261] sctp_copy_local_addr_list+0x30b/0x4e0 [ 118.902806][ T6261] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 118.902834][ T6261] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 118.902864][ T6261] ? sctp_v6_is_any+0x64/0x80 [ 118.902903][ T6261] ? sctp_copy_one_addr+0x93/0x360 [ 118.902935][ T6261] sctp_bind_addr_copy+0xb3/0x3c0 [ 118.902963][ T6261] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 118.902992][ T6261] sctp_connect_new_asoc+0x2e0/0x690 [ 118.903016][ T6261] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 118.903038][ T6261] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 118.903059][ T6261] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 118.903077][ T6261] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 118.903099][ T6261] ? sctp_endpoint_lookup_assoc+0x22f/0x260 [ 118.903123][ T6261] __sctp_connect+0x5ba/0xd50 [ 118.903157][ T6261] ? __pfx___sctp_connect+0x10/0x10 [ 118.903189][ T6261] sctp_inet_connect+0x12e/0x1e0 [ 118.903222][ T6261] __sys_connect+0x313/0x440 [ 118.903251][ T6261] ? __fget_files+0x3a0/0x420 [ 118.903271][ T6261] ? __pfx___sys_connect+0x10/0x10 [ 118.903314][ T6261] ? __pfx_ksys_write+0x10/0x10 [ 118.903339][ T6261] ? rcu_is_watching+0x15/0xb0 [ 118.903374][ T6261] __x64_sys_connect+0x7a/0x90 [ 118.903405][ T6261] do_syscall_64+0xfa/0x3b0 [ 118.903429][ T6261] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.903453][ T6261] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.903472][ T6261] ? clear_bhb_loop+0x60/0xb0 [ 118.903497][ T6261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.903517][ T6261] RIP: 0033:0x7fc6c098e969 [ 118.903534][ T6261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.903555][ T6261] RSP: 002b:00007fc6c1881038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 118.903576][ T6261] RAX: ffffffffffffffda RBX: 00007fc6c0bb5fa0 RCX: 00007fc6c098e969 [ 118.903590][ T6261] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005 [ 118.903602][ T6261] RBP: 00007fc6c1881090 R08: 0000000000000000 R09: 0000000000000000 [ 118.903614][ T6261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 118.903626][ T6261] R13: 0000000000000000 R14: 00007fc6c0bb5fa0 R15: 00007fc6c0cdfa28 [ 118.903658][ T6261] [ 118.916801][ T5882] usb 4-1: config 0 descriptor?? [ 119.003985][ T10] usb usb3-port1: attempt power cycle [ 119.517738][ T5882] nzxt-smart2 0003:1E71:2011.0005: collection stack underflow [ 119.531870][ T5882] nzxt-smart2 0003:1E71:2011.0005: item 0 0 0 12 parsing failed [ 119.555555][ T5882] nzxt-smart2 0003:1E71:2011.0005: probe with driver nzxt-smart2 failed with error -22 [ 119.766571][ T6270] loop6: detected capacity change from 0 to 63 [ 119.786209][ T5937] buffer_io_error: 25 callbacks suppressed [ 119.786227][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.802230][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.813928][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.822435][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.830626][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.839342][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.847773][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.855859][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.863990][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 119.872041][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 119.880438][ T6270] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.392811][ T10] usb 3-1: device descriptor read/8, error -71 [ 120.952569][ T5882] usb 4-1: USB disconnect, device number 5 [ 120.972252][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 121.192104][ T10] usb 3-1: device not accepting address 12, error -71 [ 121.214915][ T6277] loop2: detected capacity change from 0 to 7 [ 121.228589][ T10] usb usb3-port1: unable to enumerate USB device [ 121.265626][ T6277] Dev loop2: unable to read RDB block 7 [ 121.304232][ T6282] loop6: detected capacity change from 0 to 63 [ 121.346694][ T6277] loop2: unable to read partition table [ 121.369471][ T6277] loop2: partition table beyond EOD, truncated [ 121.403728][ T6277] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 121.586531][ T6285] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 122.909586][ T6303] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 122.933048][ T6306] veth1_to_bond: entered allmulticast mode [ 122.949188][ T6306] veth1_to_bond: entered promiscuous mode [ 123.080646][ T6308] netlink: 48 bytes leftover after parsing attributes in process `syz.1.144'. [ 123.124361][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 123.265187][ T6311] loop6: detected capacity change from 0 to 7 [ 123.290092][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 123.307106][ T10] usb 1-1: no configurations [ 123.326045][ T10] usb 1-1: can't read configurations, error -22 [ 123.333369][ T5937] Dev loop6: unable to read RDB block 7 [ 123.339679][ T5937] loop6: AHDI p1 p2 [ 123.344929][ T5937] loop6: partition table partially beyond EOD, truncated [ 123.364004][ T5937] loop6: p1 start 926365495 is beyond EOD, truncated [ 123.382533][ T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 123.403131][ T6311] Dev loop6: unable to read RDB block 7 [ 123.417081][ T6311] loop6: AHDI p1 p2 [ 123.427974][ T6311] loop6: partition table partially beyond EOD, truncated [ 123.443452][ T6311] loop6: p1 start 926365495 is beyond EOD, truncated [ 123.472402][ T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 123.601078][ T24] usb 5-1: config 0 has no interfaces? [ 123.612031][ T24] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 123.622647][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.633659][ T24] usb 5-1: Product: syz [ 123.641941][ T24] usb 5-1: Manufacturer: syz [ 123.652139][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 123.662321][ T24] usb 5-1: SerialNumber: syz [ 123.684777][ T24] usb 5-1: config 0 descriptor?? [ 123.699945][ T10] usb 1-1: no configurations [ 123.719119][ T10] usb 1-1: can't read configurations, error -22 [ 123.760671][ T10] usb usb1-port1: attempt power cycle [ 123.798815][ T6319] loop8: detected capacity change from 0 to 7 [ 123.808455][ T5937] Dev loop8: unable to read RDB block 7 [ 123.825843][ T5937] loop8: unable to read partition table [ 123.844314][ T5937] loop8: partition table beyond EOD, truncated [ 123.861616][ T6319] Dev loop8: unable to read RDB block 7 [ 123.887883][ T6319] loop8: unable to read partition table [ 123.902360][ T6319] loop8: partition table beyond EOD, truncated [ 123.923475][ T6319] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 124.122329][ T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 124.173114][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 124.184139][ T10] usb 1-1: no configurations [ 124.191231][ T10] usb 1-1: can't read configurations, error -22 [ 124.206882][ T6327] netlink: 68 bytes leftover after parsing attributes in process `syz.3.149'. [ 124.425301][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 124.496277][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 124.514032][ T10] usb 1-1: no configurations [ 124.520993][ T10] usb 1-1: can't read configurations, error -22 [ 124.537099][ T10] usb usb1-port1: unable to enumerate USB device [ 124.778712][ T6340] netlink: 60 bytes leftover after parsing attributes in process `syz.2.152'. [ 124.788497][ T6340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.152'. [ 124.797886][ T6340] netlink: 60 bytes leftover after parsing attributes in process `syz.2.152'. [ 124.862324][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 125.026589][ T10] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 125.035805][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.052261][ T10] usb 4-1: Product: syz [ 125.061884][ T10] usb 4-1: Manufacturer: syz [ 125.066623][ T10] usb 4-1: SerialNumber: syz [ 125.075754][ T10] usb 4-1: config 0 descriptor?? [ 125.287011][ T10] usb 4-1: USB disconnect, device number 6 [ 125.541286][ T6343] loop6: detected capacity change from 0 to 63 [ 125.559674][ T5937] buffer_io_error: 6212 callbacks suppressed [ 125.559780][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.577391][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.613049][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.621957][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.633178][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.641371][ T6343] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.652327][ T6343] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.673671][ T6343] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.686506][ T6343] Buffer I/O error on dev loop6, logical block 0, async page read [ 125.709289][ T6343] Buffer I/O error on dev loop6, logical block 0, async page read [ 126.191315][ T24] usb 5-1: USB disconnect, device number 5 [ 126.206063][ T6309] veth1_to_bond: left promiscuous mode [ 126.226869][ T6309] veth1_to_bond: left allmulticast mode [ 126.352413][ T5882] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 126.526932][ T5882] usb 1-1: Using ep0 maxpacket: 8 [ 126.543835][ T5882] usb 1-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 126.564353][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.574288][ T6351] netlink: 'syz.2.156': attribute type 5 has an invalid length. [ 126.642468][ T6351] netlink: 'syz.2.156': attribute type 3 has an invalid length. [ 126.652954][ T5882] usb 1-1: config 0 descriptor?? [ 126.658061][ T6351] netlink: 152988 bytes leftover after parsing attributes in process `syz.2.156'. [ 126.681812][ T5882] usb 1-1: bad CDC descriptors [ 126.759024][ T6351] netlink: 16 bytes leftover after parsing attributes in process `syz.2.156'. [ 127.572421][ T43] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 127.715497][ T10] usb 1-1: USB disconnect, device number 12 [ 127.732082][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 127.781207][ T43] usb 3-1: unable to get BOS descriptor or descriptor too short [ 127.919647][ T43] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 127.996826][ T43] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 128.014612][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.061922][ T43] usb 3-1: Product: syz [ 128.068740][ T43] usb 3-1: Manufacturer: syz [ 128.080307][ T43] usb 3-1: SerialNumber: syz [ 128.352554][ T43] usb 3-1: Limiting number of CPorts to U8_MAX [ 128.353032][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 128.375119][ T43] usb 3-1: Not enough endpoints found in device, aborting! [ 128.545506][ T6369] fuse: Unknown parameter 'rooñäe' [ 128.562551][ T43] usb 3-1: USB disconnect, device number 13 [ 128.578579][ T10] usb 5-1: config index 0 descriptor too short (expected 4114, got 18) [ 128.601642][ T10] usb 5-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 128.630248][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.630352][ T6369] syz.0.162 (6369) used greatest stack depth: 19064 bytes left [ 128.648303][ T6365] random: crng reseeded on system resumption [ 128.689972][ T10] usb 5-1: Product: syz [ 128.712061][ T10] usb 5-1: Manufacturer: syz [ 128.716735][ T10] usb 5-1: SerialNumber: syz [ 128.757656][ T10] usb 5-1: config 0 descriptor?? [ 128.939364][ T5907] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 129.069439][ T6378] netlink: 'syz.3.163': attribute type 21 has an invalid length. [ 129.079056][ T6378] netlink: 128 bytes leftover after parsing attributes in process `syz.3.163'. [ 129.161738][ T5907] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 129.178309][ T6378] netlink: 'syz.3.163': attribute type 4 has an invalid length. [ 129.188419][ T6378] netlink: 3 bytes leftover after parsing attributes in process `syz.3.163'. [ 129.199214][ T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 129.219395][ T5907] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 129.262644][ T10] asix 5-1:0.0: probe with driver asix failed with error -61 [ 129.280548][ T5907] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 129.340313][ T5907] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 129.410939][ T5907] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 129.433264][ T5882] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 129.480547][ T5907] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 129.520467][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 129.555457][ T5907] usb 2-1: Product: syz [ 129.572107][ T5882] usb 3-1: device descriptor read/64, error -71 [ 129.579275][ T5907] usb 2-1: Manufacturer: syz [ 129.597238][ T5907] cdc_wdm 2-1:1.0: skipping garbage [ 129.602832][ T5907] cdc_wdm 2-1:1.0: skipping garbage [ 129.683873][ T5907] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 129.689865][ T5907] cdc_wdm 2-1:1.0: Unknown control protocol [ 129.806473][ T9] usb 2-1: USB disconnect, device number 5 [ 129.812098][ T5882] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 129.892911][ T6388] loop6: detected capacity change from 0 to 63 [ 129.952159][ T5882] usb 3-1: device descriptor read/64, error -71 [ 130.095743][ T5882] usb usb3-port1: attempt power cycle [ 130.442782][ T5882] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 130.555872][ T5882] usb 3-1: device descriptor read/8, error -71 [ 130.562550][ T6388] buffer_io_error: 11809 callbacks suppressed [ 130.563976][ T6388] Buffer I/O error on dev loop6, logical block 1, async page read [ 130.580321][ T6397] netlink: 20 bytes leftover after parsing attributes in process `syz.1.172'. [ 130.612638][ T6388] Buffer I/O error on dev loop6, logical block 2, async page read [ 130.675688][ T6388] Buffer I/O error on dev loop6, logical block 3, async page read [ 130.691365][ T6388] Buffer I/O error on dev loop6, logical block 0, async page read [ 130.700723][ T6388] Buffer I/O error on dev loop6, logical block 1, async page read [ 130.712306][ T6388] Buffer I/O error on dev loop6, logical block 2, async page read [ 130.720381][ T6388] Buffer I/O error on dev loop6, logical block 3, async page read [ 130.737124][ T6388] Buffer I/O error on dev loop6, logical block 0, async page read [ 130.747044][ T6388] Buffer I/O error on dev loop6, logical block 1, async page read [ 130.802289][ T6388] Buffer I/O error on dev loop6, logical block 2, async page read [ 130.822226][ T5882] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 130.940990][ T9] usb 5-1: USB disconnect, device number 6 [ 130.949469][ T5882] usb 3-1: device descriptor read/8, error -71 [ 131.182970][ T5882] usb usb3-port1: unable to enumerate USB device [ 131.265700][ T6401] FAULT_INJECTION: forcing a failure. [ 131.265700][ T6401] name failslab, interval 1, probability 0, space 0, times 0 [ 131.379817][ T6403] fuse: Unknown parameter 'rooñäe' [ 131.385467][ T6401] CPU: 1 UID: 0 PID: 6401 Comm: syz.1.174 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 131.385494][ T6401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.385507][ T6401] Call Trace: [ 131.385514][ T6401] [ 131.385523][ T6401] dump_stack_lvl+0x189/0x250 [ 131.385559][ T6401] ? __pfx____ratelimit+0x10/0x10 [ 131.385585][ T6401] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.385616][ T6401] ? __pfx__printk+0x10/0x10 [ 131.385644][ T6401] ? __pfx___might_resched+0x10/0x10 [ 131.385676][ T6401] should_fail_ex+0x414/0x560 [ 131.385708][ T6401] should_failslab+0xa8/0x100 [ 131.385741][ T6401] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 131.385775][ T6401] ? __alloc_skb+0x112/0x2d0 [ 131.385810][ T6401] __alloc_skb+0x112/0x2d0 [ 131.385844][ T6401] pfkey_sendmsg+0xca5/0x1090 [ 131.385891][ T6401] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 131.385947][ T6401] ? aa_sock_msg_perm+0x94/0x160 [ 131.385975][ T6401] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 131.385997][ T6401] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 131.386026][ T6401] __sock_sendmsg+0x219/0x270 [ 131.386056][ T6401] ____sys_sendmsg+0x505/0x830 [ 131.386082][ T6401] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.386113][ T6401] ? import_iovec+0x74/0xa0 [ 131.386138][ T6401] ___sys_sendmsg+0x21f/0x2a0 [ 131.386161][ T6401] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.386220][ T6401] ? __fget_files+0x2a/0x420 [ 131.386238][ T6401] ? __fget_files+0x3a0/0x420 [ 131.386268][ T6401] __x64_sys_sendmsg+0x19b/0x260 [ 131.386292][ T6401] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 131.386323][ T6401] ? __pfx_ksys_write+0x10/0x10 [ 131.386348][ T6401] ? rcu_is_watching+0x15/0xb0 [ 131.386380][ T6401] ? do_syscall_64+0xbe/0x3b0 [ 131.386410][ T6401] do_syscall_64+0xfa/0x3b0 [ 131.386434][ T6401] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.386458][ T6401] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.386477][ T6401] ? clear_bhb_loop+0x60/0xb0 [ 131.386502][ T6401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.386521][ T6401] RIP: 0033:0x7fc6c098e969 [ 131.386540][ T6401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.386556][ T6401] RSP: 002b:00007fc6c1881038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.386577][ T6401] RAX: ffffffffffffffda RBX: 00007fc6c0bb5fa0 RCX: 00007fc6c098e969 [ 131.386591][ T6401] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 131.386603][ T6401] RBP: 00007fc6c1881090 R08: 0000000000000000 R09: 0000000000000000 [ 131.386615][ T6401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.386627][ T6401] R13: 0000000000000000 R14: 00007fc6c0bb5fa0 R15: 00007fc6c0cdfa28 [ 131.386658][ T6401] [ 132.070758][ T6410] FAULT_INJECTION: forcing a failure. [ 132.070758][ T6410] name failslab, interval 1, probability 0, space 0, times 0 [ 132.089878][ T6410] CPU: 0 UID: 0 PID: 6410 Comm: syz.1.178 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 132.089909][ T6410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.089921][ T6410] Call Trace: [ 132.089929][ T6410] [ 132.089939][ T6410] dump_stack_lvl+0x189/0x250 [ 132.089976][ T6410] ? __pfx____ratelimit+0x10/0x10 [ 132.090002][ T6410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.090033][ T6410] ? __pfx__printk+0x10/0x10 [ 132.090071][ T6410] should_fail_ex+0x414/0x560 [ 132.090104][ T6410] should_failslab+0xa8/0x100 [ 132.090137][ T6410] __kmalloc_cache_noprof+0x70/0x3d0 [ 132.090166][ T6410] ? sctp_add_bind_addr+0x8c/0x370 [ 132.090199][ T6410] sctp_add_bind_addr+0x8c/0x370 [ 132.090233][ T6410] sctp_copy_local_addr_list+0x30b/0x4e0 [ 132.090265][ T6410] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 132.090291][ T6410] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 132.090322][ T6410] ? sctp_v6_is_any+0x64/0x80 [ 132.090354][ T6410] ? sctp_copy_one_addr+0x93/0x360 [ 132.090385][ T6410] sctp_bind_addr_copy+0xb3/0x3c0 [ 132.090414][ T6410] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 132.090449][ T6410] sctp_connect_new_asoc+0x2e0/0x690 [ 132.090475][ T6410] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 132.090497][ T6410] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 132.090518][ T6410] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 132.090537][ T6410] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 132.090559][ T6410] ? sctp_endpoint_lookup_assoc+0x22f/0x260 [ 132.090583][ T6410] __sctp_connect+0x5ba/0xd50 [ 132.090617][ T6410] ? __pfx___sctp_connect+0x10/0x10 [ 132.090649][ T6410] sctp_inet_connect+0x12e/0x1e0 [ 132.090683][ T6410] __sys_connect+0x313/0x440 [ 132.090713][ T6410] ? __fget_files+0x3a0/0x420 [ 132.090733][ T6410] ? __pfx___sys_connect+0x10/0x10 [ 132.090777][ T6410] ? __pfx_ksys_write+0x10/0x10 [ 132.090802][ T6410] ? rcu_is_watching+0x15/0xb0 [ 132.090837][ T6410] __x64_sys_connect+0x7a/0x90 [ 132.090869][ T6410] do_syscall_64+0xfa/0x3b0 [ 132.090893][ T6410] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.090918][ T6410] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.090938][ T6410] ? clear_bhb_loop+0x60/0xb0 [ 132.090962][ T6410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.090982][ T6410] RIP: 0033:0x7fc6c098e969 [ 132.091000][ T6410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.091017][ T6410] RSP: 002b:00007fc6c1881038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 132.091038][ T6410] RAX: ffffffffffffffda RBX: 00007fc6c0bb5fa0 RCX: 00007fc6c098e969 [ 132.091053][ T6410] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005 [ 132.091065][ T6410] RBP: 00007fc6c1881090 R08: 0000000000000000 R09: 0000000000000000 [ 132.091077][ T6410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 132.091089][ T6410] R13: 0000000000000000 R14: 00007fc6c0bb5fa0 R15: 00007fc6c0cdfa28 [ 132.091119][ T6410] [ 132.411830][ T6407] netlink: 'syz.3.177': attribute type 7 has an invalid length. [ 132.419638][ T6407] netlink: 32 bytes leftover after parsing attributes in process `syz.3.177'. [ 132.495601][ T6416] netlink: 48 bytes leftover after parsing attributes in process `syz.1.181'. [ 132.672673][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 132.730735][ T6425] input: syz1 as /devices/virtual/input/input6 [ 132.839278][ T9] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 132.862492][ T9] usb 4-1: config 0 has no interface number 0 [ 132.886262][ T9] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 132.903380][ T6430] netlink: 44 bytes leftover after parsing attributes in process `syz.0.186'. [ 132.940733][ T9] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 132.976955][ T9] usb 4-1: config 0 interface 255 has no altsetting 0 [ 132.984333][ T9] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 132.998127][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.000922][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.007214][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.017259][ T9] usb 4-1: config 0 descriptor?? [ 133.103666][ T9] ums-realtek 4-1:0.255: USB Mass Storage device detected [ 133.132193][ T6435] io-wq is not configured for unbound workers [ 133.390176][ T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 133.392644][ T5882] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 133.430852][ T6450] process 'syz.0.190' launched './file1' with NULL argv: empty string added [ 133.922072][ T5882] usb 2-1: Using ep0 maxpacket: 16 [ 133.929392][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 133.954491][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 133.972799][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 133.975114][ T5882] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 133.992102][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.002511][ T10] usb 3-1: config 0 has an invalid interface number: 231 but max is 1 [ 134.013077][ T10] usb 3-1: config 0 has no interface number 1 [ 134.020579][ T5882] usb 2-1: Product: syz [ 134.021591][ T10] usb 3-1: too many endpoints for config 0 interface 231 altsetting 15: 203, using maximum allowed: 30 [ 134.026135][ T5882] usb 2-1: Manufacturer: syz [ 134.062344][ T10] usb 3-1: config 0 interface 231 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 203 [ 134.088640][ T10] usb 3-1: config 0 interface 231 has no altsetting 0 [ 134.096341][ T5882] usb 2-1: SerialNumber: syz [ 134.128541][ T10] usb 3-1: New USB device found, idVendor=413c, idProduct=81d2, bcdDevice=25.e8 [ 134.137748][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.142263][ T43] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 134.160537][ T10] usb 3-1: Product: syz [ 134.170851][ T10] usb 3-1: Manufacturer: syz [ 134.184118][ T5882] usb 2-1: config 0 descriptor?? [ 134.200786][ T10] usb 3-1: SerialNumber: syz [ 134.208900][ T5907] usb 4-1: USB disconnect, device number 7 [ 134.211317][ T5882] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 134.254470][ T10] usb 3-1: config 0 descriptor?? [ 134.263670][ T5882] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 134.313581][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 134.332679][ T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 134.439399][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 134.463386][ T6455] netlink: 36 bytes leftover after parsing attributes in process `syz.3.192'. [ 134.527523][ T43] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 134.576561][ T43] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 134.633593][ T9] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 134.653657][ T6432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.662850][ T6432] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.737629][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.769509][ T43] usb 5-1: config 0 descriptor?? [ 134.813445][ T10] usb 3-1: Could not set interface, error -71 [ 134.854483][ T9] usb 1-1: config 1 interface 0 has no altsetting 0 [ 134.867331][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 134.877292][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.908644][ T10] usb 3-1: USB disconnect, device number 18 [ 134.919080][ T9] usb 1-1: Product: syz [ 134.932959][ T9] usb 1-1: Manufacturer: syz [ 134.938758][ T5882] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 134.962280][ T9] usb 1-1: SerialNumber: syz [ 134.972988][ T5882] em28xx 2-1:0.0: Config register raw data: 0x41 [ 135.050252][ T43] hdpvr 5-1:0.0: unexpected answer of status request, len 0 [ 135.058181][ T43] hdpvr 5-1:0.0: device init failed [ 135.140214][ T43] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12 [ 135.368148][ T5886] usb 2-1: USB disconnect, device number 6 [ 135.375908][ T5886] em28xx 2-1:0.0: Disconnecting em28xx [ 135.392945][ T5886] em28xx 2-1:0.0: Freeing device [ 135.514800][ T5885] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 135.556805][ T6465] loop6: detected capacity change from 0 to 7 [ 135.576619][ T6465] Dev loop6: unable to read RDB block 7 [ 135.582901][ T6465] loop6: AHDI p1 p2 [ 135.587005][ T6465] loop6: partition table partially beyond EOD, truncated [ 135.683079][ T6465] loop6: p1 start 926365495 is beyond EOD, truncated [ 135.929200][ T5885] usb 4-1: config 0 has no interfaces? [ 135.943472][ T5885] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 135.988574][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.216345][ T5885] usb 4-1: Product: syz [ 136.255792][ T5885] usb 4-1: Manufacturer: syz [ 136.270250][ T5885] usb 4-1: SerialNumber: syz [ 136.331449][ T5885] usb 4-1: config 0 descriptor?? [ 136.546790][ T6480] netlink: 16 bytes leftover after parsing attributes in process `syz.2.199'. [ 137.143877][ T5882] usb 5-1: USB disconnect, device number 7 [ 137.730470][ T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 137.925618][ T9] usb 1-1: USB disconnect, device number 13 [ 137.998190][ T9] usblp0: removed [ 138.792750][ T6502] netlink: 44 bytes leftover after parsing attributes in process `syz.0.205'. [ 139.580625][ T43] usb 4-1: USB disconnect, device number 8 [ 139.726162][ T6509] loop6: detected capacity change from 0 to 63 [ 139.735008][ T6509] buffer_io_error: 1805 callbacks suppressed [ 139.735022][ T6509] Buffer I/O error on dev loop6, logical block 0, async page read [ 139.892105][ T6509] Buffer I/O error on dev loop6, logical block 1, async page read [ 140.116396][ T6509] Buffer I/O error on dev loop6, logical block 2, async page read [ 140.144841][ T6509] Buffer I/O error on dev loop6, logical block 3, async page read [ 140.165337][ T5883] Buffer I/O error on dev loop6, logical block 0, async page read [ 140.186621][ T5883] Buffer I/O error on dev loop6, logical block 1, async page read [ 140.227903][ T5883] Buffer I/O error on dev loop6, logical block 2, async page read [ 140.290910][ T5883] Buffer I/O error on dev loop6, logical block 3, async page read [ 140.358654][ T5883] Buffer I/O error on dev loop6, logical block 0, async page read [ 140.401703][ T5883] Buffer I/O error on dev loop6, logical block 1, async page read [ 140.918187][ T6522] netlink: 692 bytes leftover after parsing attributes in process `syz.1.210'. [ 140.939763][ T6523] netlink: 324 bytes leftover after parsing attributes in process `syz.3.213'. [ 141.163322][ T43] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 141.171220][ T6531] netlink: 16 bytes leftover after parsing attributes in process `syz.1.215'. [ 141.210169][ T6531] erspan1: entered allmulticast mode [ 141.294589][ T5889] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 141.342921][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 141.355124][ T43] usb 3-1: config 0 has no interfaces? [ 141.380870][ T43] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 141.391380][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.399028][ T6541] netlink: 36 bytes leftover after parsing attributes in process `syz.1.219'. [ 141.401380][ T43] usb 3-1: Product: syz [ 141.414492][ T43] usb 3-1: Manufacturer: syz [ 141.419167][ T43] usb 3-1: SerialNumber: syz [ 141.433103][ T43] usb 3-1: config 0 descriptor?? [ 141.474089][ T5889] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 141.484370][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.494276][ T5889] usb 1-1: Product: syz [ 141.498571][ T5889] usb 1-1: Manufacturer: syz [ 141.503487][ T5889] usb 1-1: SerialNumber: syz [ 141.518466][ T5889] usb 1-1: config 0 descriptor?? [ 141.523639][ T1209] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 141.617494][ T6544] loop6: detected capacity change from 0 to 63 [ 141.682383][ T1209] usb 4-1: Using ep0 maxpacket: 16 [ 141.709192][ T1209] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 141.799064][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.840331][ T1209] usb 4-1: Product: syz [ 141.863128][ T1209] usb 4-1: Manufacturer: syz [ 141.877268][ T1209] usb 4-1: SerialNumber: syz [ 141.905355][ T1209] r8152-cfgselector 4-1: Unknown version 0x0000 [ 141.920109][ T1209] r8152-cfgselector 4-1: config 0 descriptor?? [ 142.389826][ T43] r8152-cfgselector 4-1: USB disconnect, device number 9 [ 142.749169][ T6554] FAULT_INJECTION: forcing a failure. [ 142.749169][ T6554] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.763181][ T6554] CPU: 1 UID: 0 PID: 6554 Comm: syz.4.223 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 142.763209][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.763221][ T6554] Call Trace: [ 142.763229][ T6554] [ 142.763238][ T6554] dump_stack_lvl+0x189/0x250 [ 142.763274][ T6554] ? __pfx____ratelimit+0x10/0x10 [ 142.763300][ T6554] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.763330][ T6554] ? __pfx__printk+0x10/0x10 [ 142.763376][ T6554] should_fail_ex+0x414/0x560 [ 142.763408][ T6554] _copy_to_user+0x31/0xb0 [ 142.763433][ T6554] simple_read_from_buffer+0xe1/0x170 [ 142.763468][ T6554] proc_fail_nth_read+0x1df/0x250 [ 142.763493][ T6554] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.763519][ T6554] ? rw_verify_area+0x258/0x650 [ 142.763545][ T6554] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.763569][ T6554] vfs_read+0x200/0x980 [ 142.763601][ T6554] ? __pfx___mutex_lock+0x10/0x10 [ 142.763628][ T6554] ? __pfx_vfs_read+0x10/0x10 [ 142.763656][ T6554] ? __fget_files+0x2a/0x420 [ 142.763680][ T6554] ? __fget_files+0x3a0/0x420 [ 142.763697][ T6554] ? __fget_files+0x2a/0x420 [ 142.763725][ T6554] ksys_read+0x145/0x250 [ 142.763755][ T6554] ? __pfx_ksys_read+0x10/0x10 [ 142.763780][ T6554] ? rcu_is_watching+0x15/0xb0 [ 142.763811][ T6554] ? do_syscall_64+0xbe/0x3b0 [ 142.763842][ T6554] do_syscall_64+0xfa/0x3b0 [ 142.763867][ T6554] ? lockdep_hardirqs_on+0x9c/0x150 [ 142.763890][ T6554] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.763910][ T6554] ? clear_bhb_loop+0x60/0xb0 [ 142.763935][ T6554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.763954][ T6554] RIP: 0033:0x7f2ba158d37c [ 142.763972][ T6554] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 142.763989][ T6554] RSP: 002b:00007f2b9f3f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 142.764009][ T6554] RAX: ffffffffffffffda RBX: 00007f2ba17b5fa0 RCX: 00007f2ba158d37c [ 142.764023][ T6554] RDX: 000000000000000f RSI: 00007f2b9f3f60a0 RDI: 0000000000000004 [ 142.764035][ T6554] RBP: 00007f2b9f3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 142.764047][ T6554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.764059][ T6554] R13: 0000000000000000 R14: 00007f2ba17b5fa0 R15: 00007f2ba18dfa28 [ 142.764090][ T6554] [ 143.345511][ T6563] netlink: 'syz.1.227': attribute type 13 has an invalid length. [ 143.607226][ T6563] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.615592][ T6563] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.631179][ T6572] loop6: detected capacity change from 0 to 63 [ 143.643558][ T6571] netlink: 132 bytes leftover after parsing attributes in process `syz.4.230'. [ 143.662337][ T9] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 144.246824][ T43] usb 1-1: USB disconnect, device number 14 [ 144.533396][ T1209] usb 3-1: USB disconnect, device number 19 [ 144.624453][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 144.698334][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 144.741118][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 144.775706][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 144.810595][ T9] usb 2-1: SerialNumber: syz [ 144.860164][ T9] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 144.883986][ T9] usb-storage 2-1:1.0: USB Mass Storage device detected [ 144.900863][ T6563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.913692][ T9] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 144.932209][ T9] scsi host1: usb-storage 2-1:1.0 [ 144.959888][ T6563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.129813][ T6563] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.140587][ T6563] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.150607][ T6563] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.160566][ T6563] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.388612][ T6593] netlink: 20 bytes leftover after parsing attributes in process `syz.4.237'. [ 145.645213][ T6602] loop6: detected capacity change from 0 to 63 [ 145.670671][ T6602] FAULT_INJECTION: forcing a failure. [ 145.670671][ T6602] name failslab, interval 1, probability 0, space 0, times 0 [ 145.690587][ T6602] CPU: 1 UID: 0 PID: 6602 Comm: syz.3.239 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 145.690616][ T6602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 145.690627][ T6602] Call Trace: [ 145.690642][ T6602] [ 145.690650][ T6602] dump_stack_lvl+0x189/0x250 [ 145.690680][ T6602] ? __pfx____ratelimit+0x10/0x10 [ 145.690699][ T6602] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.690722][ T6602] ? __pfx__printk+0x10/0x10 [ 145.690742][ T6602] ? __pfx___might_resched+0x10/0x10 [ 145.690761][ T6602] ? fs_reclaim_acquire+0x7d/0x100 [ 145.690779][ T6602] should_fail_ex+0x414/0x560 [ 145.690802][ T6602] should_failslab+0xa8/0x100 [ 145.690826][ T6602] kmem_cache_alloc_noprof+0x73/0x3c0 [ 145.690846][ T6602] ? vm_area_dup+0x2b/0x680 [ 145.690863][ T6602] vm_area_dup+0x2b/0x680 [ 145.690879][ T6602] __split_vma+0x1a0/0x9b0 [ 145.690906][ T6602] ? __pfx___split_vma+0x10/0x10 [ 145.690928][ T6602] ? can_vma_merge_left+0x195/0x6b0 [ 145.690951][ T6602] vma_modify+0x9db/0x1970 [ 145.690981][ T6602] vma_modify_flags+0x1e8/0x230 [ 145.691001][ T6602] ? __pfx_vma_modify_flags+0x10/0x10 [ 145.691036][ T6602] mlock_fixup+0x22a/0x360 [ 145.691059][ T6602] apply_vma_lock_flags+0x2aa/0x3c0 [ 145.691076][ T6602] ? vfs_write+0x8d8/0xa90 [ 145.691101][ T6602] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 145.691123][ T6602] ? __pfx_down_write_killable+0x10/0x10 [ 145.691146][ T6602] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 145.691165][ T6602] ? __pfx_vfs_write+0x10/0x10 [ 145.691187][ T6602] do_mlock+0x528/0x740 [ 145.691211][ T6602] ? __pfx_do_mlock+0x10/0x10 [ 145.691227][ T6602] ? fput+0xa0/0xd0 [ 145.691243][ T6602] ? ksys_write+0x22a/0x250 [ 145.691266][ T6602] ? __pfx_ksys_write+0x10/0x10 [ 145.691284][ T6602] ? rcu_is_watching+0x15/0xb0 [ 145.691310][ T6602] __x64_sys_mlock+0x60/0x70 [ 145.691326][ T6602] do_syscall_64+0xfa/0x3b0 [ 145.691350][ T6602] ? lockdep_hardirqs_on+0x9c/0x150 [ 145.691367][ T6602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.691382][ T6602] ? clear_bhb_loop+0x60/0xb0 [ 145.691400][ T6602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.691414][ T6602] RIP: 0033:0x7fa220f8e969 [ 145.691426][ T6602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.691437][ T6602] RSP: 002b:00007fa221e79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 145.691453][ T6602] RAX: ffffffffffffffda RBX: 00007fa2211b6080 RCX: 00007fa220f8e969 [ 145.691463][ T6602] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 145.691472][ T6602] RBP: 00007fa221e79090 R08: 0000000000000000 R09: 0000000000000000 [ 145.691481][ T6602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.691489][ T6602] R13: 0000000000000000 R14: 00007fa2211b6080 R15: 00007fa2212dfa28 [ 145.691511][ T6602] [ 146.018742][ T5937] buffer_io_error: 7286 callbacks suppressed [ 146.018762][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.070351][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.128040][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.230934][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.279450][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.296093][ T6616] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.318530][ T6616] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.327099][ T6616] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.337890][ T6616] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.347128][ T6616] Buffer I/O error on dev loop6, logical block 0, async page read [ 146.884069][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 147.130659][ T6620] netlink: 132 bytes leftover after parsing attributes in process `syz.2.247'. [ 147.142245][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 147.175473][ T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 147.210920][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.285737][ T9] pvrusb2: Hardware description: Terratec Grabster AV400 [ 147.307060][ T9] pvrusb2: ********** [ 147.311121][ T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 147.335612][ T10] usb 2-1: USB disconnect, device number 7 [ 147.386571][ T9] pvrusb2: Important functionality might not be entirely working. [ 147.412359][ T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 147.423864][ T9] pvrusb2: ********** [ 147.536922][ T6626] loop2: detected capacity change from 0 to 7 [ 147.567651][ T6626] Dev loop2: unable to read RDB block 7 [ 147.609315][ T6626] loop2: unable to read partition table [ 147.632593][ T6626] loop2: partition table beyond EOD, truncated [ 147.678248][ T6626] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 148.179967][ T6642] netlink: 36 bytes leftover after parsing attributes in process `syz.1.255'. [ 148.281395][ T6639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.292381][ T5889] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 148.293438][ T6639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.717787][ T6652] loop6: detected capacity change from 0 to 63 [ 149.784097][ T9] usb 5-1: USB disconnect, device number 8 [ 149.791898][ T9] pvrusb2: Device being rendered inoperable [ 150.004431][ T6658] netlink: 132 bytes leftover after parsing attributes in process `syz.4.260'. [ 150.659631][ T6667] netlink: 60 bytes leftover after parsing attributes in process `syz.2.263'. [ 150.692240][ T6667] netlink: 12 bytes leftover after parsing attributes in process `syz.2.263'. [ 150.740516][ T6667] netlink: 60 bytes leftover after parsing attributes in process `syz.2.263'. [ 151.102274][ T6671] buffer_io_error: 8686 callbacks suppressed [ 151.102291][ T6671] Buffer I/O error on dev loop6, logical block 0, async page read [ 151.122263][ T6671] Buffer I/O error on dev loop6, logical block 1, async page read [ 151.140444][ T6671] Buffer I/O error on dev loop6, logical block 2, async page read [ 151.171387][ T6671] Buffer I/O error on dev loop6, logical block 3, async page read [ 151.197924][ T6671] Buffer I/O error on dev loop6, logical block 0, async page read [ 151.278981][ T6671] Buffer I/O error on dev loop6, logical block 1, async page read [ 151.323824][ T6673] syz.1.265 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 151.339488][ T6671] Buffer I/O error on dev loop6, logical block 2, async page read [ 151.421672][ T6671] Buffer I/O error on dev loop6, logical block 3, async page read [ 151.452806][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 151.460782][ T5937] Buffer I/O error on dev loop6, logical block 1, async page read [ 151.654569][ T6678] sctp: [Deprecated]: syz.1.266 (pid 6678) Use of struct sctp_assoc_value in delayed_ack socket option. [ 151.654569][ T6678] Use struct sctp_sack_info instead [ 151.842751][ T6680] netlink: 44 bytes leftover after parsing attributes in process `syz.3.267'. [ 152.439965][ T6686] netlink: 36 bytes leftover after parsing attributes in process `syz.1.270'. [ 152.695045][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 152.695064][ T30] audit: type=1326 audit(1748819707.989:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 152.744048][ T30] audit: type=1326 audit(1748819707.989:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 152.779502][ T6694] netlink: 132 bytes leftover after parsing attributes in process `syz.1.272'. [ 152.797106][ T30] audit: type=1326 audit(1748819708.019:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 152.831879][ T6698] netlink: 180 bytes leftover after parsing attributes in process `syz.4.275'. [ 152.912348][ T30] audit: type=1326 audit(1748819708.019:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 153.002155][ T30] audit: type=1326 audit(1748819708.019:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 153.082186][ T30] audit: type=1326 audit(1748819708.019:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 153.112985][ T6703] loop2: detected capacity change from 0 to 7 [ 153.135515][ T5937] Dev loop2: unable to read RDB block 7 [ 153.173441][ T5937] loop2: unable to read partition table [ 153.185711][ T5937] loop2: partition table beyond EOD, truncated [ 153.198987][ T30] audit: type=1326 audit(1748819708.019:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 153.247144][ T6703] Dev loop2: unable to read RDB block 7 [ 153.259966][ T6706] loop6: detected capacity change from 0 to 63 [ 153.268558][ T6703] loop2: unable to read partition table [ 153.275047][ T30] audit: type=1326 audit(1748819708.019:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 153.302747][ T6706] FAULT_INJECTION: forcing a failure. [ 153.302747][ T6706] name failslab, interval 1, probability 0, space 0, times 0 [ 153.325749][ T6703] loop2: partition table beyond EOD, truncated [ 153.354564][ T6706] CPU: 1 UID: 0 PID: 6706 Comm: syz.4.278 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 153.354593][ T6706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 153.354604][ T6706] Call Trace: [ 153.354611][ T6706] [ 153.354618][ T6706] dump_stack_lvl+0x189/0x250 [ 153.354644][ T6706] ? __pfx____ratelimit+0x10/0x10 [ 153.354663][ T6706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.354686][ T6706] ? __pfx__printk+0x10/0x10 [ 153.354706][ T6706] ? __pfx___might_resched+0x10/0x10 [ 153.354725][ T6706] ? fs_reclaim_acquire+0x7d/0x100 [ 153.354744][ T6706] should_fail_ex+0x414/0x560 [ 153.354768][ T6706] should_failslab+0xa8/0x100 [ 153.354791][ T6706] kmem_cache_alloc_bulk_noprof+0x77/0x790 [ 153.354816][ T6706] ? rcu_is_watching+0x15/0xb0 [ 153.354836][ T6706] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 153.354854][ T6706] ? kmem_cache_alloc_noprof+0x21a/0x3c0 [ 153.354873][ T6706] ? mas_alloc_nodes+0x2e9/0x8e0 [ 153.354894][ T6706] mas_alloc_nodes+0x447/0x8e0 [ 153.354921][ T6706] mas_preallocate+0x39e/0x6b0 [ 153.354950][ T6706] ? __pfx_mas_preallocate+0x10/0x10 [ 153.354986][ T6706] ? __mas_set_range+0x12f/0x3c0 [ 153.355018][ T6706] __split_vma+0x315/0x9b0 [ 153.355055][ T6706] ? __pfx___split_vma+0x10/0x10 [ 153.355087][ T6706] ? can_vma_merge_left+0x195/0x6b0 [ 153.355119][ T6706] vma_modify+0x9db/0x1970 [ 153.355163][ T6706] vma_modify_flags+0x1e8/0x230 [ 153.355189][ T6706] ? __pfx_vma_modify_flags+0x10/0x10 [ 153.355237][ T6706] mlock_fixup+0x22a/0x360 [ 153.355270][ T6706] apply_vma_lock_flags+0x2aa/0x3c0 [ 153.355294][ T6706] ? vfs_write+0x8d8/0xa90 [ 153.355325][ T6706] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 153.355358][ T6706] ? __pfx_down_write_killable+0x10/0x10 [ 153.355389][ T6706] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 153.355416][ T6706] ? __pfx_vfs_write+0x10/0x10 [ 153.355446][ T6706] do_mlock+0x528/0x740 [ 153.355480][ T6706] ? __pfx_do_mlock+0x10/0x10 [ 153.355512][ T6706] ? fput+0xa0/0xd0 [ 153.355533][ T6706] ? ksys_write+0x22a/0x250 [ 153.355563][ T6706] ? __pfx_ksys_write+0x10/0x10 [ 153.355600][ T6706] __x64_sys_mlock+0x60/0x70 [ 153.355622][ T6706] do_syscall_64+0xfa/0x3b0 [ 153.355647][ T6706] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.355671][ T6706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.355691][ T6706] ? clear_bhb_loop+0x60/0xb0 [ 153.355715][ T6706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.355734][ T6706] RIP: 0033:0x7f2ba158e969 [ 153.355751][ T6706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.355768][ T6706] RSP: 002b:00007f2b9f3d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 153.355789][ T6706] RAX: ffffffffffffffda RBX: 00007f2ba17b6080 RCX: 00007f2ba158e969 [ 153.355803][ T6706] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 153.355815][ T6706] RBP: 00007f2b9f3d5090 R08: 0000000000000000 R09: 0000000000000000 [ 153.355827][ T6706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.355839][ T6706] R13: 0000000000000000 R14: 00007f2ba17b6080 R15: 00007f2ba18dfa28 [ 153.355870][ T6706] [ 153.356388][ T6703] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 153.575280][ T30] audit: type=1326 audit(1748819708.019:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 153.878686][ T30] audit: type=1326 audit(1748819708.019:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6687 comm="syz.2.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16fd8e969 code=0x7ffc0000 [ 154.314419][ T6731] loop6: detected capacity change from 0 to 63 [ 155.412165][ T5889] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 155.542115][ T1209] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 155.567072][ T5889] usb 5-1: config index 0 descriptor too short (expected 32786, got 18) [ 155.588765][ T5889] usb 5-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 155.619841][ T5889] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=0 [ 155.645744][ T6737] netlink: 132 bytes leftover after parsing attributes in process `syz.2.287'. [ 155.665490][ T5889] usb 5-1: Manufacturer: syz [ 155.695047][ T5889] usb 5-1: config 0 descriptor?? [ 155.716796][ T1209] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.730422][ T5889] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 155.742445][ T1209] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 155.751370][ T1209] usb 2-1: config 1 has no interface number 0 [ 155.764264][ T5889] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 155.804893][ T1209] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.839640][ T1209] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 155.909600][ T1209] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 155.913840][ T6743] netlink: 20 bytes leftover after parsing attributes in process `syz.3.289'. [ 155.925388][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.936544][ T1209] usb 2-1: Product: syz [ 155.941638][ T1209] usb 2-1: Manufacturer: syz [ 155.947452][ T1209] usb 2-1: SerialNumber: syz [ 156.499982][ T43] usb 5-1: USB disconnect, device number 9 [ 156.528464][ T43] ftdi_sio 5-1:0.0: device disconnected [ 156.846781][ T1209] cdc_ncm 2-1:1.1: bind() failure [ 157.069935][ T9] usb 2-1: USB disconnect, device number 8 [ 157.205756][ T6760] netlink: 36 bytes leftover after parsing attributes in process `syz.3.295'. [ 157.632185][ T6771] loop6: detected capacity change from 0 to 63 [ 157.651888][ T6771] buffer_io_error: 5484 callbacks suppressed [ 157.651903][ T6771] Buffer I/O error on dev loop6, logical block 0, async page read [ 157.706331][ T6771] Buffer I/O error on dev loop6, logical block 1, async page read [ 157.746335][ T6771] Buffer I/O error on dev loop6, logical block 2, async page read [ 157.777229][ T6771] Buffer I/O error on dev loop6, logical block 3, async page read [ 157.787636][ T6772] Buffer I/O error on dev loop6, logical block 0, async page read [ 157.916327][ T6772] Buffer I/O error on dev loop6, logical block 1, async page read [ 157.941016][ T6772] Buffer I/O error on dev loop6, logical block 2, async page read [ 157.960271][ T6772] Buffer I/O error on dev loop6, logical block 3, async page read [ 157.971634][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 157.990962][ T5937] Buffer I/O error on dev loop6, logical block 1, async page read [ 158.122294][ T1209] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 158.342657][ T1209] usb 2-1: config 0 has no interfaces? [ 158.354418][ T1209] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 158.363853][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.388692][ T1209] usb 2-1: Product: syz [ 158.421860][ T1209] usb 2-1: Manufacturer: syz [ 158.442234][ T1209] usb 2-1: SerialNumber: syz [ 158.503696][ T1209] usb 2-1: config 0 descriptor?? [ 158.570216][ T6785] netlink: 68 bytes leftover after parsing attributes in process `syz.4.304'. [ 158.621404][ T6786] loop8: detected capacity change from 0 to 7 [ 158.706119][ T6786] Dev loop8: unable to read RDB block 7 [ 158.820093][ T6786] loop8: unable to read partition table [ 158.862538][ T6786] loop8: partition table beyond EOD, truncated [ 158.927983][ T6786] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 159.338976][ T6803] misc userio: The device must be registered before sending interrupts [ 159.340609][ T6800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.310'. [ 159.651647][ T6804] netlink: 8 bytes leftover after parsing attributes in process `syz.2.310'. [ 161.314862][ T6812] netlink: 60 bytes leftover after parsing attributes in process `syz.3.314'. [ 161.334079][ T6812] netlink: 12 bytes leftover after parsing attributes in process `syz.3.314'. [ 161.359651][ T6812] netlink: 60 bytes leftover after parsing attributes in process `syz.3.314'. [ 161.647032][ T43] usb 2-1: USB disconnect, device number 9 [ 161.653162][ T1209] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 161.838268][ T1209] usb 3-1: device descriptor read/64, error -71 [ 161.844954][ T5889] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 161.876255][ T6830] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 162.029854][ T6835] netlink: 12 bytes leftover after parsing attributes in process `syz.1.319'. [ 162.040678][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 162.054603][ T5889] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 162.064485][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 162.072816][ T5889] usb 1-1: Product: syz [ 162.077073][ T5889] usb 1-1: Manufacturer: syz [ 162.081676][ T5889] usb 1-1: SerialNumber: syz [ 162.086490][ T10] usb 4-1: new low-speed USB device number 10 using dummy_hcd [ 162.117275][ T5889] usb 1-1: config 0 descriptor?? [ 162.122447][ T1209] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 162.146399][ T6824] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 162.173873][ T5889] hub 1-1:0.0: bad descriptor, ignoring hub [ 162.240798][ T5889] hub 1-1:0.0: probe with driver hub failed with error -5 [ 162.307688][ T1209] usb 3-1: device descriptor read/64, error -71 [ 162.332349][ T10] usb 4-1: Invalid ep0 maxpacket: 32 [ 162.348640][ T6835] bridge_slave_1: left allmulticast mode [ 162.357367][ T6835] bridge_slave_1: left promiscuous mode [ 162.415596][ T6824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.431787][ T6824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.445856][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.493501][ T10] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 162.516437][ T1209] usb usb3-port1: attempt power cycle [ 162.601560][ T6835] bridge_slave_0: left allmulticast mode [ 162.618887][ T6835] bridge_slave_0: left promiscuous mode [ 162.626529][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.652111][ T10] usb 4-1: Invalid ep0 maxpacket: 32 [ 162.681269][ T10] usb usb4-port1: attempt power cycle [ 162.752465][ T5886] usb 1-1: USB disconnect, device number 16 [ 162.956589][ T1209] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 163.082506][ T10] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 163.084405][ T1209] usb 3-1: device descriptor read/8, error -71 [ 163.126075][ T10] usb 4-1: Invalid ep0 maxpacket: 32 [ 163.262098][ T10] usb 4-1: new low-speed USB device number 13 using dummy_hcd [ 163.302904][ T10] usb 4-1: Invalid ep0 maxpacket: 32 [ 163.310315][ T10] usb usb4-port1: unable to enumerate USB device [ 163.342207][ T1209] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 163.382649][ T1209] usb 3-1: device descriptor read/8, error -71 [ 163.420554][ T6845] netlink: 132 bytes leftover after parsing attributes in process `syz.0.325'. [ 163.508495][ T1209] usb usb3-port1: unable to enumerate USB device [ 164.074091][ T1209] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 164.262197][ T1209] usb 1-1: Using ep0 maxpacket: 32 [ 164.268072][ T1209] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 164.282016][ T1209] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 164.289837][ T1209] usb 1-1: can't read configurations, error -61 [ 164.442240][ T1209] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 164.604799][ T1209] usb 1-1: Using ep0 maxpacket: 32 [ 164.611429][ T1209] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 164.625433][ T1209] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 164.634761][ T1209] usb 1-1: can't read configurations, error -61 [ 164.641678][ T1209] usb usb1-port1: attempt power cycle [ 164.984420][ T1209] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 165.057666][ T1209] usb 1-1: Using ep0 maxpacket: 32 [ 165.084909][ T1209] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 165.130431][ T1209] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 165.151462][ T1209] usb 1-1: can't read configurations, error -61 [ 165.312096][ T1209] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 165.362246][ T1209] usb 1-1: Using ep0 maxpacket: 32 [ 165.423238][ T1209] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 165.451539][ T1209] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 165.471175][ T1209] usb 1-1: can't read configurations, error -61 [ 165.478387][ T1209] usb usb1-port1: unable to enumerate USB device [ 165.949764][ T6880] loop6: detected capacity change from 0 to 7 [ 165.959485][ T6880] Dev loop6: unable to read RDB block 7 [ 165.988612][ T6880] loop6: unable to read partition table [ 166.014769][ T6880] loop6: partition table beyond EOD, truncated [ 166.041388][ T6880] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 166.547381][ T6885] netlink: 52 bytes leftover after parsing attributes in process `syz.2.339'. [ 166.772922][ T5886] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 166.811505][ T6892] netlink: 48 bytes leftover after parsing attributes in process `syz.0.343'. [ 166.899126][ T6896] FAULT_INJECTION: forcing a failure. [ 166.899126][ T6896] name failslab, interval 1, probability 0, space 0, times 0 [ 166.930079][ T6896] CPU: 1 UID: 0 PID: 6896 Comm: syz.1.345 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 166.930109][ T6896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.930122][ T6896] Call Trace: [ 166.930130][ T6896] [ 166.930139][ T6896] dump_stack_lvl+0x189/0x250 [ 166.930175][ T6896] ? __pfx____ratelimit+0x10/0x10 [ 166.930201][ T6896] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.930233][ T6896] ? __pfx__printk+0x10/0x10 [ 166.930269][ T6896] should_fail_ex+0x414/0x560 [ 166.930303][ T6896] should_failslab+0xa8/0x100 [ 166.930337][ T6896] __kmalloc_cache_noprof+0x70/0x3d0 [ 166.930366][ T6896] ? sctp_add_bind_addr+0x8c/0x370 [ 166.930400][ T6896] sctp_add_bind_addr+0x8c/0x370 [ 166.930433][ T6896] sctp_copy_local_addr_list+0x30b/0x4e0 [ 166.930466][ T6896] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 166.930494][ T6896] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 166.930532][ T6896] ? sctp_v6_is_any+0x64/0x80 [ 166.930564][ T6896] ? sctp_copy_one_addr+0x93/0x360 [ 166.930595][ T6896] sctp_bind_addr_copy+0xb3/0x3c0 [ 166.930625][ T6896] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 166.930654][ T6896] sctp_connect_new_asoc+0x2e0/0x690 [ 166.930679][ T6896] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 166.930702][ T6896] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 166.930724][ T6896] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 166.930743][ T6896] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 166.930766][ T6896] ? sctp_endpoint_lookup_assoc+0x22f/0x260 [ 166.930790][ T6896] __sctp_connect+0x5ba/0xd50 [ 166.930826][ T6896] ? __pfx___sctp_connect+0x10/0x10 [ 166.930859][ T6896] sctp_inet_connect+0x12e/0x1e0 [ 166.930893][ T6896] __sys_connect+0x313/0x440 [ 166.930923][ T6896] ? __fget_files+0x3a0/0x420 [ 166.930944][ T6896] ? __pfx___sys_connect+0x10/0x10 [ 166.930988][ T6896] ? __pfx_ksys_write+0x10/0x10 [ 166.931014][ T6896] ? rcu_is_watching+0x15/0xb0 [ 166.931050][ T6896] __x64_sys_connect+0x7a/0x90 [ 166.931081][ T6896] do_syscall_64+0xfa/0x3b0 [ 166.931106][ T6896] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.931131][ T6896] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.931151][ T6896] ? clear_bhb_loop+0x60/0xb0 [ 166.931176][ T6896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.931196][ T6896] RIP: 0033:0x7fc6c098e969 [ 166.931215][ T6896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.931232][ T6896] RSP: 002b:00007fc6c1881038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 166.931254][ T6896] RAX: ffffffffffffffda RBX: 00007fc6c0bb5fa0 RCX: 00007fc6c098e969 [ 166.931269][ T6896] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005 [ 166.931283][ T6896] RBP: 00007fc6c1881090 R08: 0000000000000000 R09: 0000000000000000 [ 166.931295][ T6896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 166.931307][ T6896] R13: 0000000000000000 R14: 00007fc6c0bb5fa0 R15: 00007fc6c0cdfa28 [ 166.931339][ T6896] [ 167.005462][ T5886] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 167.289628][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.298219][ T5886] usb 4-1: Product: syz [ 167.308839][ T5886] usb 4-1: Manufacturer: syz [ 167.315129][ T5886] usb 4-1: SerialNumber: syz [ 167.326544][ T5886] usb 4-1: config 0 descriptor?? [ 167.386529][ T5886] ch341 4-1:0.0: ch341-uart converter detected [ 167.542178][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 167.692539][ T9] usb 1-1: device descriptor read/64, error -71 [ 167.745758][ T5886] usb 4-1: failed to send control message: -71 [ 167.752422][ T5886] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 167.782246][ T5886] usb 4-1: USB disconnect, device number 14 [ 167.811639][ T5886] ch341 4-1:0.0: device disconnected [ 167.953446][ T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 168.066389][ T6931] netlink: 'syz.1.360': attribute type 1 has an invalid length. [ 168.112476][ T9] usb 1-1: device descriptor read/64, error -71 [ 168.132441][ T10] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 168.234618][ T9] usb usb1-port1: attempt power cycle [ 168.308170][ T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 168.324072][ T10] usb 5-1: config 0 has no interfaces? [ 168.329792][ T10] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 168.339494][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.367949][ T10] usb 5-1: config 0 descriptor?? [ 168.469434][ T6943] netlink: 48 bytes leftover after parsing attributes in process `syz.2.363'. [ 168.607931][ T6925] vlan2: entered promiscuous mode [ 168.613180][ T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 168.679485][ T9] usb 1-1: device descriptor read/8, error -71 [ 168.769292][ T10] usb 5-1: USB disconnect, device number 10 [ 168.925489][ T6953] loop6: detected capacity change from 0 to 7 [ 168.933974][ T6953] Dev loop6: unable to read RDB block 7 [ 168.940190][ T6953] loop6: unable to read partition table [ 168.947649][ T6953] loop6: partition table beyond EOD, truncated [ 168.954017][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 168.974796][ T9] usb 1-1: device descriptor read/8, error -71 [ 168.978212][ T6953] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 169.128163][ T9] usb usb1-port1: unable to enumerate USB device [ 169.277477][ T6964] loop6: detected capacity change from 0 to 63 [ 169.301363][ T5937] buffer_io_error: 854 callbacks suppressed [ 169.301381][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.319473][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.328474][ T6964] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.336580][ T6964] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.347448][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.358915][ T6964] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.367946][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.394070][ T6964] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.415760][ T6964] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.441072][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 169.538941][ T6966] loop8: detected capacity change from 0 to 7 [ 169.586865][ T6966] Dev loop8: unable to read RDB block 7 [ 169.616713][ T6966] loop8: unable to read partition table [ 169.634469][ T6966] loop8: partition table beyond EOD, truncated [ 169.640819][ T6966] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 169.982487][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 170.505247][ T6994] futex_wake_op: syz.0.382 tries to shift op by 32; fix this program [ 170.525541][ T6990] netlink: 16 bytes leftover after parsing attributes in process `syz.4.381'. [ 170.628447][ T6990] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 171.093232][ T7011] netlink: 68 bytes leftover after parsing attributes in process `syz.1.386'. [ 171.161361][ T5882] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 171.492298][ T5882] usb 1-1: Using ep0 maxpacket: 32 [ 171.505933][ T5882] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 171.515417][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.523577][ T5882] usb 1-1: Product: syz [ 171.530528][ T5882] usb 1-1: Manufacturer: syz [ 171.539658][ T5882] usb 1-1: SerialNumber: syz [ 171.667913][ T5882] usb 1-1: config 0 descriptor?? [ 171.867848][ T7026] loop6: detected capacity change from 0 to 63 [ 171.963629][ T5882] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 025 [ 172.113705][ T7031] netlink: 36 bytes leftover after parsing attributes in process `syz.1.391'. [ 172.126471][ T7000] netlink: 'syz.0.382': attribute type 2 has an invalid length. [ 172.162373][ T7000] ave_0: entered promiscuous mode [ 173.742088][ T43] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 173.854015][ T7055] netlink: 60 bytes leftover after parsing attributes in process `syz.2.400'. [ 173.924923][ T7055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.400'. [ 173.938899][ T7055] netlink: 60 bytes leftover after parsing attributes in process `syz.2.400'. [ 173.948600][ T43] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 86, changing to 10 [ 173.965466][ T43] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.990823][ T43] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 174.021519][ T43] usb 5-1: config 0 interface 0 has no altsetting 0 [ 174.028742][ T43] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 174.040150][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.052191][ T43] usb 5-1: config 0 descriptor?? [ 174.235038][ T5907] usb 1-1: USB disconnect, device number 25 [ 174.506476][ T43] pyra 0003:1E7D:2C24.0006: reserved main item tag 0xd [ 174.519707][ T43] pyra 0003:1E7D:2C24.0006: hidraw0: USB HID v0.01 Device [HID 1e7d:2c24] on usb-dummy_hcd.4-1/input0 [ 174.660694][ T7066] netlink: 68 bytes leftover after parsing attributes in process `syz.3.403'. [ 174.689833][ T5907] usb 5-1: USB disconnect, device number 12 [ 175.117728][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.406'. [ 175.331867][ T7080] netlink: 16 bytes leftover after parsing attributes in process `syz.4.408'. [ 175.467362][ T7080] erspan1: entered promiscuous mode [ 176.092208][ T43] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 176.640309][ T7094] netlink: 68 bytes leftover after parsing attributes in process `syz.3.412'. [ 176.753889][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.818469][ T43] usb 3-1: config 0 has no interfaces? [ 176.935497][ T43] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 176.980632][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.993843][ T7094] 8021q: adding VLAN 0 to HW filter on device bond1 [ 177.020434][ T43] usb 3-1: config 0 descriptor?? [ 177.031174][ T7094] bond0: (slave bond1): Enslaving as an active interface with an up link [ 177.032104][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 177.298359][ T7086] team_slave_0: entered promiscuous mode [ 177.304125][ T7086] team_slave_1: entered promiscuous mode [ 177.316524][ T7094] netlink: 72 bytes leftover after parsing attributes in process `syz.3.412'. [ 177.327207][ T7086] vlan2: entered promiscuous mode [ 177.333478][ T7086] team0: entered promiscuous mode [ 177.360338][ T10] usb 2-1: config 0 has no interfaces? [ 177.434541][ T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 177.504650][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.526890][ T43] usb 3-1: USB disconnect, device number 24 [ 177.566243][ T7106] netlink: 44 bytes leftover after parsing attributes in process `syz.4.415'. [ 177.575659][ T10] usb 2-1: Product: syz [ 177.575684][ T10] usb 2-1: Manufacturer: syz [ 177.575701][ T10] usb 2-1: SerialNumber: syz [ 177.604735][ T10] usb 2-1: config 0 descriptor?? [ 178.062088][ T43] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 178.245308][ T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 178.262154][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 178.642678][ T43] usb 5-1: config 0 has an invalid interface number: 247 but max is 0 [ 178.650940][ T43] usb 5-1: config 0 has no interface number 0 [ 178.835827][ T43] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 178.845609][ T43] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 178.903861][ T43] usb 5-1: Product: syz [ 178.918559][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.937301][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.956927][ T43] usb 5-1: Manufacturer: syz [ 178.967300][ T10] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 178.985902][ T7125] FAULT_INJECTION: forcing a failure. [ 178.985902][ T7125] name failslab, interval 1, probability 0, space 0, times 0 [ 179.002159][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.023687][ T43] usb 5-1: config 0 descriptor?? [ 179.068248][ T7125] CPU: 1 UID: 0 PID: 7125 Comm: syz.0.422 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 179.068278][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.068291][ T7125] Call Trace: [ 179.068299][ T7125] [ 179.068307][ T7125] dump_stack_lvl+0x189/0x250 [ 179.068355][ T7125] ? __pfx____ratelimit+0x10/0x10 [ 179.068382][ T7125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.068419][ T7125] ? __pfx__printk+0x10/0x10 [ 179.068456][ T7125] should_fail_ex+0x414/0x560 [ 179.068490][ T7125] should_failslab+0xa8/0x100 [ 179.068523][ T7125] __kmalloc_cache_noprof+0x70/0x3d0 [ 179.068552][ T7125] ? sctp_add_bind_addr+0x8c/0x370 [ 179.068586][ T7125] sctp_add_bind_addr+0x8c/0x370 [ 179.068619][ T7125] sctp_copy_local_addr_list+0x30b/0x4e0 [ 179.068650][ T7125] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 179.068678][ T7125] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 179.068709][ T7125] ? sctp_v6_is_any+0x64/0x80 [ 179.068740][ T7125] ? sctp_copy_one_addr+0x93/0x360 [ 179.068772][ T7125] sctp_bind_addr_copy+0xb3/0x3c0 [ 179.068801][ T7125] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 179.068830][ T7125] sctp_connect_new_asoc+0x2e0/0x690 [ 179.068854][ T7125] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 179.068877][ T7125] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 179.068897][ T7125] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 179.068916][ T7125] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 179.068939][ T7125] ? sctp_endpoint_lookup_assoc+0x22f/0x260 [ 179.068963][ T7125] __sctp_connect+0x5ba/0xd50 [ 179.068997][ T7125] ? __pfx___sctp_connect+0x10/0x10 [ 179.069029][ T7125] sctp_inet_connect+0x12e/0x1e0 [ 179.069064][ T7125] __sys_connect+0x313/0x440 [ 179.069091][ T7125] ? __fget_files+0x3a0/0x420 [ 179.069110][ T7125] ? __pfx___sys_connect+0x10/0x10 [ 179.069154][ T7125] ? __pfx_ksys_write+0x10/0x10 [ 179.069180][ T7125] ? rcu_is_watching+0x15/0xb0 [ 179.069216][ T7125] __x64_sys_connect+0x7a/0x90 [ 179.069247][ T7125] do_syscall_64+0xfa/0x3b0 [ 179.069272][ T7125] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.069297][ T7125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.069317][ T7125] ? clear_bhb_loop+0x60/0xb0 [ 179.069342][ T7125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.069362][ T7125] RIP: 0033:0x7f6f6e78e969 [ 179.069392][ T7125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.069415][ T7125] RSP: 002b:00007f6f6f630038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 179.069440][ T7125] RAX: ffffffffffffffda RBX: 00007f6f6e9b5fa0 RCX: 00007f6f6e78e969 [ 179.069454][ T7125] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005 [ 179.069466][ T7125] RBP: 00007f6f6f630090 R08: 0000000000000000 R09: 0000000000000000 [ 179.069478][ T7125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 179.069490][ T7125] R13: 0000000000000000 R14: 00007f6f6e9b5fa0 R15: 00007f6f6eadfa28 [ 179.069521][ T7125] [ 179.519157][ T10] usb 4-1: config 0 descriptor?? [ 179.762132][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 179.925297][ T9] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 179.936428][ T9] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 179.950033][ T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 179.959594][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.977044][ T7119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.988945][ T7119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.995365][ T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 180.188322][ T9] gspca_sn9c2028: read1 error -71 [ 180.201545][ T9] gspca_sn9c2028: read1 error -71 [ 180.207398][ T7119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.207414][ T9] gspca_sn9c2028: read1 error -71 [ 180.207495][ T9] sn9c2028 3-1:220.0: probe with driver sn9c2028 failed with error -71 [ 180.238457][ T7119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.256695][ T9] usb 3-1: USB disconnect, device number 25 [ 180.269305][ T10] steelseries 0003:1038:12B6.0007: item fetching failed at offset 5/7 [ 180.289790][ T10] steelseries 0003:1038:12B6.0007: probe with driver steelseries failed with error -22 [ 180.476481][ T43] usb 4-1: USB disconnect, device number 15 [ 180.702923][ T10] usb 2-1: USB disconnect, device number 10 [ 180.832990][ T7138] loop6: detected capacity change from 0 to 7 [ 180.871823][ T5937] Dev loop6: unable to read RDB block 7 [ 180.877750][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 180.886926][ T5937] loop6: unable to read partition table [ 180.898704][ T5937] loop6: partition table beyond EOD, truncated [ 180.909943][ T10] usb 5-1: USB disconnect, device number 13 [ 180.929120][ T7138] Dev loop6: unable to read RDB block 7 [ 180.945815][ T7138] loop6: unable to read partition table [ 180.955201][ T7138] loop6: partition table beyond EOD, truncated [ 180.963918][ T7138] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 181.065404][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 181.172401][ T9] usb 1-1: config 0 has an invalid interface number: 71 but max is 1 [ 181.194370][ T9] usb 1-1: config 0 has an invalid interface number: 4 but max is 1 [ 181.232063][ T9] usb 1-1: config 0 has no interface number 0 [ 181.258623][ T9] usb 1-1: config 0 has no interface number 1 [ 181.278923][ T9] usb 1-1: config 0 interface 71 altsetting 11 endpoint 0x5 has invalid wMaxPacketSize 0 [ 181.353362][ T9] usb 1-1: config 0 interface 71 altsetting 11 has a duplicate endpoint with address 0x5, skipping [ 181.378505][ T7144] netlink: 20 bytes leftover after parsing attributes in process `syz.3.429'. [ 181.389096][ T9] usb 1-1: config 0 interface 71 altsetting 11 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 181.400275][ T9] usb 1-1: config 0 interface 71 altsetting 11 has a duplicate endpoint with address 0xE, skipping [ 181.415509][ T9] usb 1-1: config 0 interface 71 altsetting 11 has a duplicate endpoint with address 0xF, skipping [ 181.509872][ T9] usb 1-1: config 0 interface 71 altsetting 11 has a duplicate endpoint with address 0x9, skipping [ 181.543479][ T9] usb 1-1: config 0 interface 4 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 181.759328][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 181.772352][ T7149] netlink: 132 bytes leftover after parsing attributes in process `syz.3.431'. [ 181.791438][ T9] usb 1-1: config 0 interface 4 altsetting 9 endpoint 0xC has invalid maxpacket 2047, setting to 1024 [ 181.840978][ T9] usb 1-1: config 0 interface 4 altsetting 9 bulk endpoint 0xC has invalid maxpacket 1024 [ 181.886421][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 181.947692][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 181.998029][ T9] usb 1-1: config 0 interface 4 altsetting 9 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 182.052451][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 182.074640][ T9] usb 1-1: config 0 interface 4 altsetting 9 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 182.102017][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 182.132022][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 182.174383][ T9] usb 1-1: config 0 interface 4 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 182.204951][ T9] usb 1-1: config 0 interface 4 altsetting 9 bulk endpoint 0x81 has invalid maxpacket 64 [ 182.232173][ T9] usb 1-1: config 0 interface 4 altsetting 9 has a duplicate endpoint with address 0x2, skipping [ 182.275997][ T9] usb 1-1: config 0 interface 71 has no altsetting 0 [ 182.296344][ T9] usb 1-1: config 0 interface 4 has no altsetting 0 [ 182.339237][ T9] usb 1-1: New USB device found, idVendor=1199, idProduct=9010, bcdDevice=9d.ed [ 182.377624][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.429026][ T9] usb 1-1: Product: syz [ 182.449370][ T9] usb 1-1: Manufacturer: syz [ 182.480484][ T9] usb 1-1: SerialNumber: syz [ 182.514948][ T7158] loop6: detected capacity change from 0 to 63 [ 182.546784][ T9] usb 1-1: config 0 descriptor?? [ 182.619206][ T5937] buffer_io_error: 3465 callbacks suppressed [ 182.619225][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 182.659632][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 182.694501][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 182.765251][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 182.803044][ T5937] Buffer I/O error on dev loop6, logical block 0, async page read [ 182.884207][ T7170] netlink: 28 bytes leftover after parsing attributes in process `syz.2.436'. [ 182.915624][ T9] usb 1-1: USB disconnect, device number 26 [ 183.142132][ T5882] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 183.233344][ T7174] loop8: detected capacity change from 0 to 7 [ 183.272046][ C0] blk_print_req_error: 25 callbacks suppressed [ 183.272065][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.287494][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 183.303035][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.312390][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 183.325638][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.334878][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 183.344130][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.353365][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 183.515571][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.524796][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 183.540212][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.556666][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.566131][ T7174] ldm_validate_partition_table(): Disk read failed. [ 183.576103][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.585825][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.619931][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 183.677102][ T7174] Dev loop8: unable to read RDB block 0 [ 183.716888][ T7174] loop8: unable to read partition table [ 183.738771][ T7174] loop8: partition table beyond EOD, truncated [ 183.810023][ T5882] usb 2-1: config 0 has no interfaces? [ 183.811045][ T7177] netlink: 60 bytes leftover after parsing attributes in process `syz.0.440'. [ 183.825837][ T7177] netlink: 12 bytes leftover after parsing attributes in process `syz.0.440'. [ 183.863103][ T7174] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 183.887111][ T5882] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 183.924585][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.959038][ T5882] usb 2-1: Product: syz [ 183.971767][ T5882] usb 2-1: Manufacturer: syz [ 183.981660][ T5882] usb 2-1: SerialNumber: syz [ 184.039720][ T5882] usb 2-1: config 0 descriptor?? [ 184.052507][ T7177] netlink: 60 bytes leftover after parsing attributes in process `syz.0.440'. [ 184.584642][ T7171] pimreg: entered allmulticast mode [ 184.607406][ T7171] pimreg: left allmulticast mode [ 185.064110][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 185.064131][ T30] audit: type=1800 audit(1748819740.349:30): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.441" name="bus" dev="ramfs" ino=13706 res=0 errno=0 [ 185.402338][ T7192] netlink: 132 bytes leftover after parsing attributes in process `syz.4.443'. [ 186.846449][ T5885] usb 2-1: USB disconnect, device number 11 [ 186.979697][ T7217] netlink: 48 bytes leftover after parsing attributes in process `syz.3.454'. [ 187.052202][ T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 187.242191][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 187.278902][ T9] usb 1-1: config index 0 descriptor too short (expected 38, got 36) [ 187.315217][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.364872][ T7223] netlink: 132 bytes leftover after parsing attributes in process `syz.3.456'. [ 187.374190][ T9] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 187.399351][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.446434][ T9] usb 1-1: config 0 descriptor?? [ 187.883795][ T5882] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 187.912962][ T9] mcp2221 0003:04D8:00DD.0008: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 188.036587][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 188.278044][ T5882] usb 3-1: config 1 has an invalid descriptor of length 10, skipping remainder of the config [ 189.911395][ T5882] usb 3-1: config 1 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 190.062458][ T10] usb 2-1: device descriptor read/64, error -71 [ 190.483327][ T5882] usb 3-1: config 1 interface 0 has no altsetting 0 [ 190.822591][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 191.389779][ T5882] usb 3-1: string descriptor 0 read error: -71 [ 191.617640][ T9] usb 1-1: USB disconnect, device number 27 [ 191.635398][ T5882] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 191.662366][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.090065][ T5882] usb 3-1: can't set config #1, error -71 [ 192.149901][ T5882] usb 3-1: USB disconnect, device number 26 [ 193.116941][ T7254] FAULT_INJECTION: forcing a failure. [ 193.116941][ T7254] name failslab, interval 1, probability 0, space 0, times 0 [ 193.135635][ T7254] CPU: 0 UID: 0 PID: 7254 Comm: syz.4.465 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 193.135667][ T7254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.135680][ T7254] Call Trace: [ 193.135688][ T7254] [ 193.135697][ T7254] dump_stack_lvl+0x189/0x250 [ 193.135735][ T7254] ? __pfx____ratelimit+0x10/0x10 [ 193.135761][ T7254] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.135793][ T7254] ? __pfx__printk+0x10/0x10 [ 193.135842][ T7254] should_fail_ex+0x414/0x560 [ 193.135876][ T7254] should_failslab+0xa8/0x100 [ 193.135909][ T7254] __kmalloc_cache_noprof+0x70/0x3d0 [ 193.135939][ T7254] ? sctp_add_bind_addr+0x8c/0x370 [ 193.135972][ T7254] sctp_add_bind_addr+0x8c/0x370 [ 193.136006][ T7254] sctp_copy_local_addr_list+0x30b/0x4e0 [ 193.136039][ T7254] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 193.136067][ T7254] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 193.136098][ T7254] ? sctp_v6_is_any+0x64/0x80 [ 193.136130][ T7254] ? sctp_copy_one_addr+0x93/0x360 [ 193.136162][ T7254] sctp_bind_addr_copy+0xb3/0x3c0 [ 193.136191][ T7254] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 193.136220][ T7254] sctp_connect_new_asoc+0x2e0/0x690 [ 193.136246][ T7254] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 193.136269][ T7254] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 193.136290][ T7254] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 193.136309][ T7254] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 193.136332][ T7254] ? sctp_endpoint_lookup_assoc+0x22f/0x260 [ 193.136357][ T7254] __sctp_connect+0x5ba/0xd50 [ 193.136391][ T7254] ? __pfx___sctp_connect+0x10/0x10 [ 193.136424][ T7254] sctp_inet_connect+0x12e/0x1e0 [ 193.136458][ T7254] __sys_connect+0x313/0x440 [ 193.136485][ T7254] ? __fget_files+0x3a0/0x420 [ 193.136505][ T7254] ? __pfx___sys_connect+0x10/0x10 [ 193.136546][ T7254] ? __pfx_ksys_write+0x10/0x10 [ 193.136571][ T7254] ? rcu_is_watching+0x15/0xb0 [ 193.136606][ T7254] __x64_sys_connect+0x7a/0x90 [ 193.136640][ T7254] do_syscall_64+0xfa/0x3b0 [ 193.136665][ T7254] ? lockdep_hardirqs_on+0x9c/0x150 [ 193.136688][ T7254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.136709][ T7254] ? clear_bhb_loop+0x60/0xb0 [ 193.136734][ T7254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.136753][ T7254] RIP: 0033:0x7f2ba158e969 [ 193.136772][ T7254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.136790][ T7254] RSP: 002b:00007f2b9f3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 193.136819][ T7254] RAX: ffffffffffffffda RBX: 00007f2ba17b5fa0 RCX: 00007f2ba158e969 [ 193.136835][ T7254] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000005 [ 193.136848][ T7254] RBP: 00007f2b9f3f6090 R08: 0000000000000000 R09: 0000000000000000 [ 193.136860][ T7254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 193.136873][ T7254] R13: 0000000000000000 R14: 00007f2ba17b5fa0 R15: 00007f2ba18dfa28 [ 193.136905][ T7254] [ 193.444116][ T7249] ip6tnl1: entered promiscuous mode [ 193.693845][ T7266] netlink: 68 bytes leftover after parsing attributes in process `syz.3.471'. [ 194.490369][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.496900][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.222300][ T5885] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 195.351107][ T7283] loop6: detected capacity change from 0 to 7 [ 195.378282][ T7286] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 195.437250][ T7284] use of bytesused == 0 is deprecated and will be removed in the future, [ 195.560433][ T7289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.571831][ T7289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.594675][ T5885] usb 4-1: config 0 has no interfaces? [ 195.623522][ T7283] Dev loop6: unable to read RDB block 7 [ 195.630150][ T7283] loop6: unable to read partition table [ 195.637640][ T7284] use the actual size instead. [ 195.670666][ T7283] loop6: partition table beyond EOD, truncated [ 195.706486][ T7283] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 195.726597][ T5885] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 195.802144][ T10] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 196.029360][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.122373][ T5885] usb 4-1: Product: syz [ 196.126601][ T5885] usb 4-1: Manufacturer: syz [ 196.135197][ T10] usb 3-1: device descriptor read/64, error -71 [ 196.517142][ T5885] usb 4-1: SerialNumber: syz [ 196.615419][ T5885] usb 4-1: config 0 descriptor?? [ 196.662231][ T10] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 196.843526][ T10] usb 3-1: device descriptor read/64, error -71 [ 197.001818][ T7277] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 197.042296][ T10] usb usb3-port1: attempt power cycle [ 197.060843][ T7278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.078727][ T7278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.225279][ T7302] netlink: 20 bytes leftover after parsing attributes in process `syz.1.481'. [ 197.463315][ T7302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.481'. [ 197.524053][ T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 197.725507][ T10] usb 3-1: device descriptor read/8, error -71 [ 197.992379][ T5885] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 198.102097][ T10] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 198.191316][ T10] usb 3-1: device descriptor read/8, error -71 [ 198.577568][ T5885] usb 1-1: config 0 has no interfaces? [ 198.665915][ T10] usb usb3-port1: unable to enumerate USB device [ 198.957351][ T5885] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 199.176249][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.682107][ T5885] usb 1-1: Product: syz [ 201.686434][ T5885] usb 1-1: Manufacturer: syz [ 201.691062][ T5885] usb 1-1: SerialNumber: syz [ 201.983088][ T5885] usb 1-1: config 0 descriptor?? [ 207.741968][ C1] sched: DL replenish lagged too much [ 211.209657][ T5885] usb 1-1: can't set config #0, error -110 [ 213.964522][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 213.970624][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 213.986933][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 214.002525][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 214.008614][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 259.002650][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 259.017296][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 363.911929][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 363.918959][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5847/1:b..l [ 363.927394][ C1] rcu: (detected by 1, t=10502 jiffies, g=23165, q=360 ncpus=2) [ 363.935155][ C1] task:syz-executor state:R running task stack:21960 pid:5847 tgid:5847 ppid:1 task_flags:0x40054c flags:0x00004004 [ 363.949624][ C1] Call Trace: [ 363.952938][ C1] [ 363.955917][ C1] __schedule+0x16f5/0x4d00 [ 363.960480][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 363.965810][ C1] ? __pfx___schedule+0x10/0x10 [ 363.970706][ C1] ? __lock_acquire+0xab9/0xd20 [ 363.975599][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 363.980923][ C1] preempt_schedule_irq+0xb5/0x150 [ 363.986068][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 363.991920][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 363.997773][ C1] irqentry_exit+0x6f/0x90 [ 364.002224][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 364.008262][ C1] RIP: 0010:lock_acquire+0x7/0x360 [ 364.013433][ C1] Code: ff ff 00 0f 95 c0 e9 48 49 c9 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 57 <41> 56 41 55 41 54 53 48 83 ec 60 4d 89 ce 45 89 c7 41 89 cc 89 54 [ 364.033091][ C1] RSP: 0018:ffffc900044e7338 EFLAGS: 00000246 [ 364.039197][ C1] RAX: 0000000000000001 RBX: ffffffff81831eb8 RCX: 0000000000000002 [ 364.047202][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e13d080 [ 364.055209][ C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 364.063217][ C1] R10: ffffc900044e7478 R11: ffffffff81acd580 R12: 1ffff9200089ce85 [ 364.071304][ C1] R13: ffffc900044e7460 R14: ffffc900044e7428 R15: ffffffff81727e15 [ 364.079321][ C1] ? unwind_next_frame+0xa5/0x2390 [ 364.084482][ C1] ? __mmput+0x118/0x420 [ 364.088758][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 364.094966][ C1] ? unwind_next_frame+0xa5/0x2390 [ 364.100114][ C1] unwind_next_frame+0xc2/0x2390 [ 364.105088][ C1] ? unwind_next_frame+0xa5/0x2390 [ 364.110241][ C1] ? unwind_next_frame+0xa5/0x2390 [ 364.115385][ C1] ? exit_mmap+0x53f/0xb50 [ 364.119849][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 364.126041][ C1] arch_stack_walk+0x11c/0x150 [ 364.130847][ C1] ? __mmput+0x118/0x420 [ 364.135144][ C1] stack_trace_save+0x9c/0xe0 [ 364.139882][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 364.145305][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 364.150112][ C1] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 364.155694][ C1] ? kmem_cache_free+0x166/0x400 [ 364.160668][ C1] ? exit_mmap+0x53f/0xb50 [ 364.165125][ C1] ? __mmput+0x118/0x420 [ 364.169400][ C1] ? exit_mm+0x1da/0x2c0 [ 364.173677][ C1] ? do_exit+0x640/0x22e0 [ 364.178030][ C1] ? do_group_exit+0x21c/0x2d0 [ 364.182827][ C1] kasan_save_stack+0x3e/0x60 [ 364.187540][ C1] ? kasan_save_stack+0x3e/0x60 [ 364.192422][ C1] ? kasan_record_aux_stack+0xbd/0xd0 [ 364.197834][ C1] ? kmem_cache_free+0x2f6/0x400 [ 364.202826][ C1] ? exit_mmap+0x53f/0xb50 [ 364.207287][ C1] ? __mmput+0x118/0x420 [ 364.211627][ C1] ? exit_mmap+0x53f/0xb50 [ 364.216081][ C1] kasan_record_aux_stack+0xbd/0xd0 [ 364.221327][ C1] kmem_cache_free+0x2f6/0x400 [ 364.226158][ C1] exit_mmap+0x53f/0xb50 [ 364.230458][ C1] ? uprobe_clear_state+0x20f/0x290 [ 364.235708][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 364.240511][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 364.246195][ C1] ? __pfx_exit_aio+0x10/0x10 [ 364.250922][ C1] ? uprobe_clear_state+0x274/0x290 [ 364.256165][ C1] __mmput+0x118/0x420 [ 364.260286][ C1] exit_mm+0x1da/0x2c0 [ 364.264494][ C1] ? __pfx_exit_mm+0x10/0x10 [ 364.269129][ C1] ? hrtimer_try_to_cancel+0x3d9/0x420 [ 364.274641][ C1] ? rcu_is_watching+0x15/0xb0 [ 364.279461][ C1] do_exit+0x640/0x22e0 [ 364.283670][ C1] ? do_raw_spin_lock+0x121/0x290 [ 364.288743][ C1] ? __pfx_do_exit+0x10/0x10 [ 364.293378][ C1] do_group_exit+0x21c/0x2d0 [ 364.298013][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 364.303269][ C1] get_signal+0x1286/0x1340 [ 364.307853][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 364.313437][ C1] ? __pfx___x64_sys_wait4+0x10/0x10 [ 364.318756][ C1] ? fput_close_sync+0x119/0x200 [ 364.323733][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 364.329950][ C1] ? exit_to_user_mode_loop+0x40/0x110 [ 364.335461][ C1] exit_to_user_mode_loop+0x75/0x110 [ 364.340791][ C1] do_syscall_64+0x2bd/0x3b0 [ 364.345689][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 364.350957][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.357053][ C1] ? clear_bhb_loop+0x60/0xb0 [ 364.361766][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.367691][ C1] RIP: 0033:0x7f6f6e784bd7 [ 364.372130][ C1] RSP: 002b:00007f6f6eadfd80 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 364.380586][ C1] RAX: fffffffffffffe00 RBX: 00000000000000d7 RCX: 00007f6f6e784bd7 [ 364.388593][ C1] RDX: 0000000040000000 RSI: 00007f6f6eadfdec RDI: 00000000ffffffff [ 364.396599][ C1] RBP: 00007f6f6eadfdec R08: 0000000000000000 R09: 0000000000000000 [ 364.404690][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000004f [ 364.412687][ C1] R13: 000055555a322590 R14: 00000000000303d6 R15: 00007f6f6eadfe40 [ 364.420710][ C1] [ 364.423755][ C1] rcu: rcu_preempt kthread starved for 3170 jiffies! g23165 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 364.435410][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 364.445406][ C1] rcu: RCU grace-period kthread stack dump: [ 364.451313][ C1] task:rcu_preempt state:R running task stack:26664 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 364.464848][ C1] Call Trace: [ 364.468156][ C1] [ 364.471126][ C1] __schedule+0x16f5/0x4d00 [ 364.475769][ C1] ? schedule+0x165/0x360 [ 364.480142][ C1] ? __pfx___schedule+0x10/0x10 [ 364.485047][ C1] ? schedule+0x91/0x360 [ 364.489329][ C1] schedule+0x165/0x360 [ 364.493519][ C1] schedule_timeout+0x12b/0x270 [ 364.498405][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 364.503802][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 364.509729][ C1] ? __pfx_process_timeout+0x10/0x10 [ 364.515060][ C1] ? prepare_to_swait_event+0x341/0x380 [ 364.520655][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 364.525560][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 364.531748][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 364.537061][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 364.542296][ C1] ? finish_swait+0xcd/0x1f0 [ 364.546930][ C1] rcu_gp_kthread+0x99/0x390 [ 364.551560][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 364.556791][ C1] ? __kthread_parkme+0x7b/0x200 [ 364.561765][ C1] ? __kthread_parkme+0x1a1/0x200 [ 364.566835][ C1] kthread+0x711/0x8a0 [ 364.570936][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 364.576170][ C1] ? __pfx_kthread+0x10/0x10 [ 364.580795][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 364.586023][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 364.591255][ C1] ? __pfx_kthread+0x10/0x10 [ 364.595874][ C1] ret_from_fork+0x3fc/0x770 [ 364.600499][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 364.605655][ C1] ? __switch_to_asm+0x39/0x70 [ 364.610446][ C1] ? __switch_to_asm+0x33/0x70 [ 364.615235][ C1] ? __pfx_kthread+0x10/0x10 [ 364.619854][ C1] ret_from_fork_asm+0x1a/0x30 [ 364.624664][ C1] [ 364.627708][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 364.634066][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-syzkaller-10769-g7d4e49a77d99 #0 PREEMPT(full) [ 364.645385][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 364.655468][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 364.661227][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 a0 23 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 364.680870][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2 [ 364.686976][ C1] RAX: 528765868ecc5100 RBX: ffffffff81973de8 RCX: 528765868ecc5100 [ 364.694983][ C1] RDX: 0000000000000001 RSI: ffffffff8d9705da RDI: ffffffff8be26f40 [ 364.702986][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 364.710985][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0bcf0 [ 364.719000][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003adab40 [ 364.727032][ C1] FS: 0000000000000000(0000) GS:ffff888125d5f000(0000) knlGS:0000000000000000 [ 364.736080][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.742697][ C1] CR2: 00002000002ed030 CR3: 000000002404c000 CR4: 00000000003526f0 [ 364.750705][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 364.758697][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 364.766709][ C1] Call Trace: [ 364.770019][ C1] [ 364.772977][ C1] default_idle+0x13/0x20 [ 364.777360][ C1] default_idle_call+0x74/0xb0 [ 364.782203][ C1] do_idle+0x1e8/0x510 [ 364.786436][ C1] ? __pfx_do_idle+0x10/0x10 [ 364.791080][ C1] cpu_startup_entry+0x44/0x60 [ 364.795881][ C1] start_secondary+0x101/0x110 [ 364.800677][ C1] common_startup_64+0x13e/0x147 [ 364.805681][ C1]