last executing test programs: 10.041022356s ago: executing program 3 (id=2866): socketpair$unix(0x1, 0x3, 0x0, 0x0) epoll_create1(0x0) r0 = socket$netlink(0x10, 0x3, 0xf) r1 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r1, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20004}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x14, 0x1, 0x8, 0x101}, 0x14}}, 0x0) 9.22243324s ago: executing program 3 (id=2868): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001380)=@newtfilter={0x3c, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x1, 0x5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 9.132748741s ago: executing program 3 (id=2869): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r1, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x303, 0xfffc, 0x0, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) ioctl$int_in(r4, 0x5421, &(0x7f0000000040)=0xfffffffffffffffa) listen(r4, 0x0) accept4$tipc(r4, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f00000000c0)={0x2, 0x0, [{0x0, 0x4, 0x0, 0x0, @msi}, {0x0, 0x2, 0x0, 0x0, @adapter}]}) syz_usb_connect(0x2, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009bbd8b08e8a601020301090222000100000000090400000129fddd00090500000000000000070594ef6333ef3c17152cff3aa7327cc6c8c7d95c220c652003c75e4fff02b63e2218800cde5c9ae9fe82c5ed0c38c4404d841dc8bf85fd8001274ca31f6d8c29634df57434d8ba09c9ea325c9d7e79707c700c7810e7ba69cbffbdd36b8278d3cd3f956af0499f34d6ca3eda501a41c5645a0bea9f64a8ce14ca541ba7e6b71a20e3148324a323a131ae2b8e7ccf"], 0x0) 8.139183805s ago: executing program 0 (id=2875): mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) io_setup(0x58, 0x0) io_submit(0x0, 0x0, &(0x7f0000000080)) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) io_setup(0xffff, &(0x7f0000000100)) syz_emit_ethernet(0x4a, &(0x7f0000003240)=ANY=[@ANYRES16=r0, @ANYBLOB="0c1394abb090a6daf50ae13ede993e5aa1f2beb7af586961936b57fdd9c50ffa31c838cbdba5f78a125fdf8c07c28d91acbcf9dfe885593798a493be76f6075757a6d18beb672bacd4d29f08fada307e0952d6b71e21c4c5806e292a63d6c1d49e5a64a72ffc835486a4289cadbc8d83a4931f8f522e65f56300d0806e0cbbe3a3cb454f4b396d582014306ebf92121ef619388b738c177ae33c81068e51927fd10f35e20bf4b8f254aa9c141bf51358c9d0d82ddbab8a4724ab6a101c9a61e9899d75b70ba6fac3e1af2f83467debd4c058e63c2fa1374b38f3132a5b0f90b49c79a89ad583c1c853b5f8dcfe592efb05bcba8f7e9197d1cde0d328d82036e9428b53d808d174246222836812021a902abc83519196e02b7e2915d71f1f1f2605d129ecf52f98605eefaf380023102e86a841e97b152251c9a85a8ac39d716e4d5209c84fa79d12cacb87c4e893e6f2afb50036e43e331a969de9c1e3362c2ed1056d506215a53ac9f3e497c581061778822550bd84d1d6d2f8b370623e78078b9c7cd75b6310c61bcd13721ee82ec58a7db3d6e63a4f440df3ed9896fe53e5aff950543cb03aac50ccb58de6e0c17786d562794586ceb3b2b93c4d42c291cd93468490f58c19dc7a20badaa7d986633bc77598a0236e86d5bc6fbb3c586cf70b07dfdd3cfce66680042b4b015cc762fae21d362d417670d4cf45cff3864acca7a5a2f6d28b73c7f65d440807f4b735dc92088705e5ee46120610a81993b518a987a6d2bc1244277f265749104440394008fb243e46157c2be738b7e14e7cd956216a5e1bce45699e45d0cebc0702fc064bed2b58e909109253d425d12669f2054361b0c78b19292478dcc75a2290ce2090bc1ca9cc7739a520f1bd5dd57c38dfb14e00f5b50ee436b284ba32f0cf24c3857b645cb49aa96bae8b8968253f856c5b089e3e12e72317adfce873c67c5d3786b16f750176ba1b79f61963a7b560d1ea7d9175c9da5557db55e90ad0463660b3d6d7bf5a827d104aa128e762bd2a2f8117c0d10d7b8e9b062b2f4d4f7662114392526a5376caa2010bba9c94db997230c4292ae533cb1b71e361c407de139d80d27da15dd29872616d61a268dd40d35149132dffa8d0f541895725056875708fc3d674f35e7c1b9351b358a0f8dcb3e9a3d1a8ff0f683124c436110f49819510b0e9f0b3a01249716da9eef3f045875924f6fdcd0d6b3215bce727ecb693af8995f347a7b797523950fbe67a49959f4a7db24b422dd5285558f1e16e0302e0209aca161706d88c913c4858a45e1c77cc4dcb0bfac66574f272731c4f18ee3b6d91eddd722d7ec1006fdf1e9ff44e62a5d714841b3b3fae0011bc9b69be2de3f63a3b1646a0ad4d0b4bb82782d7d1d2dc8a313ad0209d4a23bdbf11152847a7e258fefb20518982899ec12da034265c6197cf03a400c796588ff19a5e0b626ed4a909aff999e58457bf262356d4725a2111c709bb394db82d3b143a29cc190748e9e9379b867e8c65fcc6af91fd737c506d00d25a5ade8046de520f1f03f3bfd120d0121f70e33877f3b8bd5bdcf12737068274647a966f8e7a759da529ccd790e029dbeb141f7242bdd57add05601b555b51058bcf36bdaa83603f27b48a9e9b6fbbf860be58bd610c39405d4759244a7fb6985b81a41d5d5ff84f5aa0656865f8a6b4140a58b84918449a86411e329c1e5878f69b51f69ec7c902af6d15de1fc181e0fc54e15f9fbe6e9117a19edf31f72ff0252bd75fd2c57ea8f7a69b574e40e7e5d5798c4cd6ac25e5519a94a2b0819610e24468367e711187aafe6cac0dd00dd0795e1c408c71f2984fbedd4ceb661ed2894ff1c1da41c9f76a8d342530f9d1228c384a975a562277f853fb9a1e09bbf7b22a2285b894491525f40eb70fa2d7534924fce08c007be7ebb9752384fa4bb646ea8b551cd8b8bf9c6e7971f9b5a8e047fcedf7ddef1dde7ae6fc1e21a30e2984bb0a61fc9ae3dbe25275f0de2bcf456407ebc90f5ddb0038046873416c17bb08c9f07c81971e498adfdd6ad4347069386ecb168b064dec409f28be8c5bf573c2803c6e74304031511af1a7c78f65002f8eee8b4699ae444b450c605cd10dc30dd27c37b7919fdd951a82bf7afb0d47f6fdb8689b1a1d2207141e68a5194ce1ac3aee7fbe4ac974fd3fd502339e5e083e600569a65e90b17cf86011842155280cb80d1c52490d5c577da1d386267c6573379cfc0c92694bce3c6011af6233a14229836d541a67379f3ffadef31c04dc493cacab2479c2ea494c50704edea67c5410ba546f7d9bd9f34d274acc8daa444f2c6fe31443fc0e930ec99b82c1be631994b51a33f12a46aa94ed44080bdaaaaf03486f5dc24974d856cec55ddffe2a9f428831a8616dfb042cc33993117f362beb0267703a5479267b06157157a9d5e4cfde599100a4f3150d76b89fb637e188e2f37e2c4aaa1d36b13547031995f0d0664c990ea7d9d5f8d5e3a8cf17c96d82668fdd44f1d2fd24ef3fcc3e309369c99b1a15c7946a78c36c7c83604cce61eb05f2379703e450b61c7272208c1654a48f56a3307060401e92d77fd20502527ced18acdac1db25fdf65cd2cbb617a1904a966ec18a3a61f16a93ae519748081bcf755a1a7affb8d234e1ab5f892de620b2732a1d35016ce8b6f95e405bae1fdb705147c66116ea97d09913b0eb60339341ed4925dd3a669cc834f99453e34b9c632c107055692299a62e0c4dc3028dd4d1880004a7d86f68e60dde683532484f9c221432234958b47a504834dec8c521b7411e4028f9f0e7a0ed00ca1937f0d2d1c6bb49afde1fd9112b985caddfbc9d9243ef190f258d6faca11473d35ef9f7bb305bf6eaa812d961492414e6d2d13772e31175623b5cdd02591301af9accd894b2a61c1580aa17eb2a09de56bf90e127736767d735366aa7c33a01858d46e3931b9d3ddeb4ac852bf23351e0c91024f925cf3e7a9e703f7fb5d6cdd9fd0e9e48b23289dfad427510d239c89e78f4430a4e34a4e3effdf8a8361549be926b47261b1988aee67e6549c77d7f9684bad7e88ca390d3bd6e6739a4203a2c50d46a303df9db8e2809a2fcd9e45cc8f526741fd1812ad78d096294842229529f4bca817dac7ac69122bbb9565cbc0eb1875909f19191cdfd3ca5dbc41cd6de2318f1909b55613c378dffb13c70c1897d518487ebf9ad74f689b3c75633a337578fbfe501a1b26283fde43e72fff371fdfe3b7fedd9bd63e5ac3e9d9adc36931dfebd39da544bcadb62d8e418cb6baa847e9bb6ee44a6c00996b78ea3c9bf16384773d5a69fb112f46be8a0efc65396755dad2f2c294416b4ad8169d3c14b1a4e4b77b3d769c11077c35f7e4cf4066142c7a9b95e7ac6f45771aef293338597ff63fa3541e5388934a61a6b1a56a2601337fb9dca4b89e9ee05103dc99a8382e800a8f09566646bf8bb64c30b6fd651cee01e019ffe8416ef1a7336ab2b7ba4d110f5ea7aebfb2a905f3e4440e4ab5638c0fe3dab9ae27c327ad8b41797b86a2e8df7aa51b7f3a8b8950d3fef74083712b759ded9c0329ca3d35533abd1c4a5d419b5b1985b4f1696902fe2d3a4f7a5c42c6148e605498ad2ece4f11cdb3526ba4c9a5e9420fc06bc99268ee5cebbfe593eb6fe581a7c45bbc302c6e5e2e5a29a564f627138f385dfe2a7e326ff779fd2d5dab7c4bfafd7a0641889b4629ab2906d19de8a2313ec298d0eca8de7a71eec85be5bc54dcbfd6c55c5b9924da3a12d1b5b5c5f7a8f479f6f5cd9fc718a4528e18a6e9da9bd6dbf9e4edda51cdc30a7f6ca163b072a3e95743002701a7a4c920cfacdbfd3e003dc383b1a9ad948d45f6d29d03329de3258652a466f74c9f399141b431e1ecfea288908745a8aa23ec27fe619573449c9fa97c39f32972e3c250675844ee28bb1161fceb15f29a1580b7ce896d8b54f5ba646d02e170799b9cb49398632c233dc1ff825b404fcf697f18faddef460ccdbac8ea53b4ed9eae7ae13568bf026eefa436175eaabbbaddf164ace5154ba57b4d2ba743e36a76c62f41fde3a5b1eace90f93aafe17c936ce2e92badb59762132d585a38a89a8d397b1cced07b74787f898672ba9a7c47bc51caabf99af1117a75f453add84fdf8281fc9d14aa0063b99dd57fd00a36479c28d9bb6300e4ebcb2d9a73e3da4f9b3518e5525f7407f1edeec17dd03c3bc35c8980ac0d13681e358c63bb7880ea03b8b9b0926874bfa1d35a30757bd7af50cc856934a5c2856a8039142f423cbfceab575be1db065e11e37ce0ad48c39b519163dcef60aeab24e846c7ae3da21367a7039297e87955dcc3f75197c7c5992ab6bcac033b3722decc43c5d3c6599b0532e57efcd5879d7ddfe558542bdd306431874a5bda843e3cea68f50a1645fb3f2bf977029a8128656fb8728ee1f10fb4c417ca9d07696ab35427a3e757ea20e6ffbfa90daa0e1a201f41fb977bf65becf8ee44c2a8127b44e4392bff6117863c2d403d2a917b42c56d36a610b1fc06aa0927f6e2b4283938c1b7b853a24ff1a5b5b9767527af0bd265d16f131f39f3eac43bfa733af1a546c476cfae26aeb6bda214d5765851e027e50ae8bf44ad5b24169a6f7658602da41bca400e0542f043a34a9e101e706e6c468a2df209a3fa82d92ab40d458b88f1fb3abff0c45a7b402ac23389bb6ddcbb62abda8957db46a0bdadd62fab2b1738f25a49f60ecf02286457fe50352d24218154d45d297ef3bee16ae3e09258dc2a0d796192575540142691ee9290b8acf94e4c55d02008d010bfd3c7f06015e61e1fc4158570626aab4178ab62f0239ca88543b9ff3797b98a5618aa86ecf01ae7dae82c4f5c59950a67da13bd71aa715ae91a507a9a1cd2543d91fd224fdd10ce0298edfa042c62dcc94b25da987612f7d9bae268351ee36e98aed5143abf112effbe3b97cbb9b73d65d10acafeaf7a24d05af97a38a2e6730f7cc0df0159736a9de96e8697948cdda61327742058d3e731f14a2008310b8c6c7d060120f36c3989d10e11cc494f3f9bbe7d13715d8d66e0bcb8802d002dc7c9bb6e409d237c1237c667530a31eeff5a7e303ea45accea9332cfc5ddae1fcebddd8c9422ca97b46a95742689e94daf164d4ccef6f06abfa6fe26ba65e2b6d18803714f414bed853015fa938243708714427ba079c5e2ba05716bed4b199d2157fd7be69a230268ec5b278048c29cfc7fd505801e8a6deadd333c581c8cbdd681a225fe31bfe75bc3de2466b0955c0e4da49487a3684280768527cfeb03d126e493e82d440329672f7da23a4265f5e31e41ac7f2244ef2060fb45a79e27a6a01bba93a2dd69f45e5dfc4a5a91cedf13c33c97524a541ee09143fa10729e3e8605acf5dbac599195aefa54ec7ff9e6c135e2f23db02cd5c21ae8e41d4bb034036b9631a805269451dda06adf3ee3bdcfecaf21c6a28d4b612d1085abf055560589c9f488aed20ee8b4d330d508ddf1c3195bfdab149126de3e88977dca846c16c9ca4a924a7ff265fa56eeeb14d132d1a3cb8d3cad1df750311a9f426ec8e43e24ea7216cb80fee5045f777aac5d41f189465db103ce4483bdc0a850ff3c818e5753b5a7d8eab47b643ed583ad6ca0e4686034c6b6eea935a829be547f80b61be2059504ad997662549c0a982255bf229f9ff6e850d0abbebae96cd9d20be05bfbc8c8997f4d2cca088d4aa1f123220e8a3f68155d4ec4dd68ae66e47764131cb5c05ed73f6b1221797f3e0e3ce57", @ANYRES32=0x41424344, @ANYRES64=r2], 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000100)={'vlan0\x00', 0x40}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1e0000004a10fdb875d43b183a00f0f6ff060000000700000074000000", @ANYRES32=r2, @ANYBLOB="0e00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000006000000000000000c00"/28], 0x50) keyctl$dh_compute(0x17, &(0x7f0000000180), &(0x7f00000000c0)=""/51, 0x33, &(0x7f0000000340)={&(0x7f0000000140)={'md5\x00'}}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0xe2000, 0x0) preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x1f) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'dh\x00', 0x10, 0x5, 0x11}, 0x2c) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900004001000000000000000000000000ffff0000000000000000000000000000ffff"], 0x4c}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x483, &(0x7f0000000380)={0x33, @rand_addr=0x64010102, 0xfffd, 0x4, 'lblc\x00', 0x2b, 0x4, 0x7f}, 0x2c) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r7, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}) 5.923424154s ago: executing program 3 (id=2883): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7) write$apparmor_exec(r0, &(0x7f0000000040)={'exec ', ':\x00'}, 0x7) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x10, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x4, 0x3a, &(0x7f0000000180)=""/58, 0x100, 0x41, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000200)={0x4, 0xd, 0x0, 0x9}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000240)=[{0x4, 0x1, 0xf, 0x4}], 0x10, 0x4, @void, @value}, 0x94) write(r1, &(0x7f0000000440)="92648b55184c3175f44d263886410fd8f34b4141a1d149f6dbd3b312c537375413e154b48b5b6adcaa33e4aa7fd1ebaf1f64d0bcbd7219ea7d7bef407e64ef184af5dbc33ae5b93a28126a3194003239cc39e4f8b05255f2aba304041281d58c0783c4b5b77bf104e1748ddc5b0fcb6c00b89c70d63750d0da4deef0c68d0c112a89e5f418494cd5f5533d2277ba3e0bdeb867e3", 0x94) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x2000004) mremap(&(0x7f000004c000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000891000/0x2000)=nil) 5.840818671s ago: executing program 3 (id=2884): r0 = socket(0x40000000015, 0x5, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340), 0x0, 0x2, 0x0, 0x0, r2}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000440)={0x1, r3, r2}) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f0000000340)=0xfffffffe, 0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x4000000, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x8b}}, 0x10) syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000000)={0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="d9170763"], 0x0}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100016627e9c358dc3421c85b4e0a4bb74760406eed1541ee3d8010dc5d513552120766c54b91420446354b1b16feb8770ee76c2ffa73f473"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000000000000000218106288b52b0a010200"], 0x14}, 0x1, 0x0, 0x0, 0x51}, 0x800) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x2, 0xdddd1000, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0xa, 0xcc, 0x4, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x9}}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x8000000000000, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x3c4210}) ioctl$KVM_RUN(r7, 0xae80, 0x0) socket(0x200000000000011, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x6e75, &(0x7f0000000240)={0x0, 0xd03a, 0x0, 0x1, 0xbfdffdfc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xa4c3}}) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000100)={0x62, @multicast2, 0x4e23, 0x2, 'sed\x00', 0x13, 0xe, 0x1}, 0x2c) 5.761056474s ago: executing program 2 (id=2885): r0 = socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0xfe29) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = dup(0xffffffffffffffff) ioctl$TIOCGDEV(r3, 0x80045432, &(0x7f0000000000)) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r3, 0x12, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000006c0)=@urb_type_iso={0x0, {0x6}, 0xe, 0x24, &(0x7f0000000300)="022718a27f62b2385b967bde5d94545949b86a258bdd192c6890a59137448321b9ad46a2e9b610d845397705e54cd85e098a2f5bed08a7abc876e5b18752ec355487fbeec61d595670c0129baf7044d02b47963a60db1950be5f18af8c6d7bdee86bc1eb860faaef", 0x68, 0x1ff, 0x6, 0x78, 0x6, 0xff, &(0x7f00000003c0)="c06efba7b585ae633f3dbc23c8a7c522b2aa8bd71c3f5e3b05739531cb3c047bb2bfd5fd232fc4a27e269c9216fc01f8712e70a5d4d24acdc106b33147d4ac413736d002e26c303621981ed70d843559edcc0964fa7e4a4f823a3857800d03a329b95d3c83f58d3ddffe7ebadf9b42dd33789d39e862bd64b317", [{0x8ad, 0x6, 0x6}, {0x820, 0x6, 0x2c0}, {0x8, 0x8000, 0x7f}, {0xf81a, 0x3d89, 0x1000}, {0x6, 0xc089, 0x2}, {0x7, 0x2, 0x9}, {0xfffffff8, 0xfffff001, 0x6}, {0x4, 0x3, 0x10000}, {0x5, 0xf, 0x5}, {0xf180, 0xb, 0x6}, {0x3, 0x2, 0x75fc}, {0x800, 0x100, 0x20}, {0xd9a, 0x1d, 0x139160a9}, {0xf7b1, 0xf4, 0x991}, {0xfffffff8, 0x4, 0x3}, {0x8, 0x2, 0x80000001}, {0x4, 0x3, 0x2}, {0xa, 0x3, 0x4}, {0x9, 0xc, 0x7f}, {0x7ff, 0xb, 0x8e5}, {0x401, 0xffffffff, 0x1}, {0xe97e, 0x7fffffff, 0x3}, {0x7, 0x4d, 0x5}, {0x9, 0x4, 0x9}, {0x4, 0x8, 0xc497f05}, {0x80000000, 0x9, 0x57c7b561}, {0x3, 0x2, 0x7}, {0x4, 0x401, 0x8}, {0x6, 0x10000, 0x3}, {0x6, 0x8, 0x3}, {0xb17, 0x4, 0x8}, {0xd, 0x5, 0x4}, {0x2}, {0x80000000, 0x1, 0x4}, {0x1, 0x5, 0x2}, {0x5, 0x3d, 0x80000001}, {0x9, 0xa8, 0x1}, {0x2, 0xfffffffe, 0x800}, {0xf, 0x9, 0x7}, {0x7, 0x1ff, 0x9}, {0x7, 0x8f, 0x2}, {0x0, 0x7, 0xf4}, {0x0, 0x3, 0x4}, {0x80000000, 0x2, 0x2}, {0x4, 0x9c11, 0x4d2}, {0x1, 0xffffbc74, 0x2}, {0xb1, 0x9, 0x2}, {0x4, 0x71, 0x2}, {0x81, 0x1000, 0x2}, {0x8, 0xfff, 0x6}, {0x4, 0x18000000, 0x3}, {0x80000001, 0x8, 0x14}, {0x1, 0x7, 0x7}, {0x6, 0x7, 0x40}, {0x8, 0xffff0000, 0x80}, {0x7, 0x7, 0x4}, {0x8, 0xf, 0xa}, {0xdea, 0x0, 0xb}, {0x7, 0x8, 0x91}, {0x4, 0x4}, {0x5ce8, 0x10001, 0x10}, {0x6, 0x2, 0x2e9}, {0xc, 0x7f, 0x7f}, {0x9, 0x9, 0x82bc}, {0x7, 0xfffffffe, 0x9}, {0x2, 0xf, 0x9}, {0x6, 0x92, 0x6}, {0x6, 0x1, 0x1}, {0x895, 0x30000000, 0x8}, {0x5, 0x8, 0x3}, {0x100, 0xfffffff8, 0x6e}, {0x0, 0x8, 0xd}, {0x7, 0x775c, 0x9}, {0x7, 0x7}, {0x2, 0x0, 0x46}, {0xc, 0x3}, {0x0, 0xcdf, 0x6}, {0xe4a9, 0x81, 0x5}, {0x804, 0xab8a, 0x3}, {0x6, 0x8, 0x7}, {0x1, 0x1707, 0x5}, {0x80, 0x9, 0x7}, {0x80000001, 0xff, 0xc}, {0x8, 0x1, 0xffffffff}, {0x64, 0x3, 0x200}, {0x8001, 0xc8b1, 0x4}, {0x1, 0x0, 0x9ea}, {0x1, 0x7, 0x8}, {0x6, 0x3, 0x8}, {0x0, 0x8, 0x7}, {0x953e, 0x1c00, 0x6}, {0x1, 0xff, 0x401}, {0x456, 0x0, 0x5}, {0x2, 0x39, 0x9}, {0x6, 0x5, 0x9}, {0x1, 0xfffffff7, 0x1}, {0x531b, 0x3, 0x1b53}, {0x7675d7b6, 0x3, 0x4}, {0x8000, 0x5, 0x4}, {0x19d, 0x0, 0x4}, {0x3, 0x8, 0x3}, {0x7, 0x233}, {0x2, 0xffffffff, 0xa75a}, {0x10, 0x39}, {0x3, 0x6, 0xffffffdc}, {0x4df, 0x2, 0xe1}, {0x4, 0x8, 0x8000}, {0x10, 0xf, 0x7}, {0x3, 0xfffffffe, 0x8}, {0x0, 0x6, 0x9}, {0x1, 0x9, 0xfffffffd}, {0x5, 0x7, 0x6}, {0x2, 0xfff, 0x1}, {0x68296c0, 0x0, 0xb7}, {0x9, 0x200, 0x8}, {0x4, 0x5, 0x5}, {0x8, 0x9, 0x4}, {0xffffffff, 0x5516d59d, 0x15f6}, {0x1, 0x2}, {0x3, 0xe, 0x9}]}) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[]) ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550c, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) sendfile(r5, r5, 0x0, 0x200002) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r6, 0x0, {0x0, 0xff, 0x1}}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r6}, 0x18) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)="fda6d9e382f94c4d86", 0x9}], 0x1}, 0x0) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, 0x0) openat$cgroup_ro(r3, &(0x7f0000000280)='io.stat\x00', 0x0, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newqdisc={0x124, 0x24, 0x2, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {0x5, 0xc}, {0xfff1, 0x6}, {0xfff3, 0x5}}, [@TCA_STAB={0x88, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xae, 0x7, 0x80, 0x10, 0x0, 0x80000000, 0x0, 0x7}}, {0x12, 0x2, [0xba, 0x9, 0x7, 0x0, 0xb, 0xe, 0xd89]}}, {{0x1c, 0x1, {0x2, 0x5, 0x2, 0x2, 0x2, 0x3c, 0x4, 0x2}}, {0x8, 0x2, [0x3, 0x6]}}, {{0x1c, 0x1, {0x8, 0x6, 0xfffb, 0x9, 0x0, 0x9, 0x0, 0x7}}, {0x12, 0x2, [0x2, 0xff, 0x6, 0x5, 0x2, 0x1, 0xa63]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0xb30, 0x400}}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_LIMIT={0x8}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x80000001}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x9c}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6d}, @TCA_RATE={0x6, 0x5, {0x10, 0x4}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}]}, 0x124}, 0x1, 0xf0ffffffffffff}, 0x0) 5.163555656s ago: executing program 4 (id=2889): socketpair$unix(0x1, 0x3, 0x0, 0x0) epoll_create1(0x0) r0 = socket$netlink(0x10, 0x3, 0xf) r1 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20004}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x14, 0x1, 0x8, 0x101}, 0x14}}, 0x0) 5.024067305s ago: executing program 4 (id=2891): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x38, r1, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "b5de1522d3"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac06}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000000}, 0x40) 5.0086459s ago: executing program 0 (id=2892): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000100)={0x6, 0x2, 0x0, "0ba7c1aebd6fc04a0026b674932d460000000000008efd6d0100009d1e00", 0x4c314356}) (fail_nth: 3) 4.597000565s ago: executing program 4 (id=2894): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)={{0x14, 0x10, 0x1, 0x0, 0x300, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x100}}, 0x0) 4.596562186s ago: executing program 0 (id=2895): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xa, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002502000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe5d6405000000000075040000000d00000701000000000000b70400001000e5206a0700fe0000000085000000b5000000b70000000a00000095000000000000006458c2c62fc206000000f909a63796c113a80c19aab9d60700ffffffff483be3f0d3253730e78000000062c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766aeb39439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c013700e69274f8e9c31975e551558055dc2dc29edc33b375fa325dcf3e91e20f63d7030dbe7ff7f51fe89c3d17cf45a1616ad237682057034dfdc81f5a53cd640212c88e8b687a2446049577c75b76b775c1e301caf2465ed4b2ad56b848d046c52bfc3737127120ab17d82a294d174f240a3cdc725cfe6e839a1f80f59486578e45b008d39ab618f660e3c53ed4409aa92ae4fecd913060ca74ed8a303e22de12087a217d8d7be0ae1117cc791313b1318497dd5ebeef0d7e1795a6ff20f699870ebb137cffa79465da52ab2b3430ba0ba59152496a1ea5dd1e4dee46f6d3688603b5f25a588a31da4e481884074e211dd09a8b8039d0834507656ed7d552a990c1354d7638b2c2215dd9f606b01a92fabc6eb6fa033a86f8920e2168a80d7c86da5ad1d27c8d2a180e56046a49b989128ea736894d3eef8dca16ed63520be4654ddb14bfe4268c487c5a75c044e21021c089608c50adbc4e3f4c6a4ca86c7d2df5bc7c76e413d05e8f57b1e22d4af34f9d4d2e6e4d4f57f47aebdd5f98f67834c656b2fe09df4a1b15116fceaa404a6df278c7c629f584ba8d37c1137c2263ae02ad3718a03a886eb"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c09425, &(0x7f0000000040)={"ce554cca021b1d1b5b6f023cbf044857", 0x0, 0x0, {0x86d2, 0x9}, {0x9, 0x2}, 0x95, [0x73, 0x9, 0x6, 0x0, 0xffff, 0x80000000, 0xff, 0x80000000, 0x2cbc000000, 0x9, 0x1, 0x7, 0x1, 0x1, 0x7ff, 0x1]}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000980)={{r0}, r1, 0x1a, @inherit={0x78, &(0x7f0000000200)=ANY=[@ANYBLOB="000000000000000005f6000000000000f00500000020000000000000000a00000400000000000000950b0000000000000100000000000000040000000000000007000000000000000800000000000000ff010000000000120000000000000000530900000000000004000000000000000200000000000000"]}, @devid=r2}) (async) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001c00)={r0, 0xe0, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, &(0x7f0000001980)=[0x0, 0x0], &(0x7f00000019c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbf, &(0x7f0000001a00)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000001a40), &(0x7f0000001a80), 0x8, 0xe6, 0x8, 0x8, &(0x7f0000001ac0)}}, 0x10) syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000001c40)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc539, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x10, 0x6f, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0xc, {0x9, 0x21, 0xff, 0x8, 0x1, {0x22, 0xb4}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x5, 0x5, 0xff}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x9, 0x10, 0x4}}]}}}]}}]}}, &(0x7f0000001fc0)={0xa, &(0x7f0000001c80)={0xa, 0x6, 0x250, 0xd, 0x6, 0x81, 0x20, 0x6}, 0x19, &(0x7f0000001cc0)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x82, "6ab7adb8688b8ec05367d2d82b0a6900"}]}, 0x7, [{0x32, &(0x7f0000001d00)=@string={0x32, 0x3, "27f09ce611093cfca76902fd66bb62210f21bc2b6f34eaa4fc654ca1cccbd0e1f5164ae1ba0837a64a97315f8665c8b5"}}, {0x13, &(0x7f0000001d40)=@string={0x13, 0x3, "1f6c1f3025279e458db3d4e759fba70d85"}}, {0x4, &(0x7f0000001d80)=@lang_id={0x4, 0x3, 0x448}}, {0x4, &(0x7f0000001dc0)=@lang_id={0x4, 0x3, 0x1001}}, {0x4, &(0x7f0000001e00)=@lang_id={0x4, 0x3, 0x422}}, {0x97, &(0x7f0000001e40)=@string={0x97, 0x3, "890a76a477340feb3c617353bc1564ed932a24c445cfa3725dbbe49756c638ace1c6068162a48a035aef30bc2063c2d8ebf1d62f677b74e68dbfb07844aff5b6fc5653b9a14613836b2ba2766009082632d267593dc707fb2e725495b7987d202d6e5b2a4ae829f8c9a8c797b100d4ef2f19c49336f5fc98db5c983e8095100384c0b6ac3de6db5e37d7a32fdfb93b6c4518b6c53f"}}, {0x8b, &(0x7f0000001f00)=@string={0x8b, 0x3, "047edd93dc5d9cb7fd701d3da3dad1cb02eb369a5b11ab4a92b473285dfffbdee729281ce8389f8d1f497731b76c4da549e9263c040ffed7540a27901e998edc84a2cc556bf324fe0cb7214c680153e03e033859a900129497bbc31c30b47661992cb1c2c1f4da8fa04acce82a91278d416d3cf651ad891cd9e8b7b241107d3a2e72d3f446dd6d0e4c"}}]}) socket$pppl2tp(0x18, 0x1, 0x1) 4.530906006s ago: executing program 2 (id=2896): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80001) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) waitid$P_PIDFD(0x2, r3, 0x0, 0x8, 0x0) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000cc8000/0x4000)=nil, 0x4000}}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x21}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_io_uring_complete(r1) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000040), 0xc00000, 0x4) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/kexec_crash_loaded', 0x301000, 0x4) setsockopt$packet_int(r5, 0x107, 0x7, &(0x7f00000000c0), 0x4) ioctl$FUSE_DEV_IOC_CLONE(r4, 0x8004e500, &(0x7f0000000340)) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x14, 0x3, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000) 4.530459509s ago: executing program 4 (id=2897): syz_emit_ethernet(0x166, &(0x7f00000002c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x130, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x18, 0x18, "00540200a600828dadce42ce3d02d319e0cabb0171499f7642598cf1a1d40ca51300988c260ed2c4af88bdac1fc3925f5acb8e09cece04229969a0aee0537e1cc71b3009ab18767945d27594b37cd8abb99636a90bca4c54c3ce345b74a5344d2cdda99627bb20ea64b77b50c6dd7ac0ce2c39bcfef13daaef4db59a4483f2894602231daf4f31b82654278904b95919abbb34b324bdfc5ea17efe35444c3cc8f5cb729268ea2d5032fee7123364eac506f32a93621cf58e9f47d53114fb"}, {0x5, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "005ff9297d00001392000100"}]}}}}}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x74, 0x24, 0x200, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x1, 0x8}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xd}, @TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x7, 0x5, 0x82, 0x0, 0x8, 0x4}}, {0x4}}, {{0x1c, 0x1, {0xac, 0x2, 0x7, 0x7, 0x3, 0x8001, 0xcc9, 0x2}}, {0x8, 0x2, [0xffff, 0x8]}}]}]}, 0x74}}, 0x48980) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x52) bind$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0) r2 = openat$vcsa(0xffffff9c, &(0x7f0000000040), 0x101080, 0x0) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r4 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r3, 0x0, 0xffffffffffff8000, 0x0) close(r6) r7 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r8 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) syz_usb_disconnect(r7) writev(r8, &(0x7f0000000040)=[{&(0x7f0000000100)="f57df7", 0x3}, {0x0}], 0x2) close(r4) openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendto$inet6(r2, &(0x7f0000000640)="fc8d162df0f1b5ade17bc64aba5bb90e56492e06fa688eda034e1e090bcb524829eec3e66ccc83e709630459495b49b7aeb22acc5fa345d2f18bae6f0a3fb88b69a42d7d6ed7f6f07ae520483e", 0x4d, 0x1, &(0x7f0000000700)={0xa, 0x4e20, 0x9fb, @mcast2, 0x1000}, 0x1c) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) 4.296912589s ago: executing program 2 (id=2898): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0) execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="58000000020601080000000000000000000000330500050002000000050005003feb802a1110b4ab000000000900020073797a31000000000c000780080006702c6d61726b00"/88], 0x58}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) r3 = fsopen(&(0x7f0000000000)='omfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1e000000390f0000ff7f000006000000c54629b48368f8c4c8abb524f181dc6300040000", @ANYRES32=r4, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="0200000001000000000000000c00"/28], 0x50) r6 = fsmount(r3, 0x0, 0x80) faccessat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', 0x20) socket(0x2b, 0x1, 0x1) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001400010603000000000000002b040000df9f1be0432c0da7f17351734bbf9fe38cf78f57b05a96e2ce977064ed1dea2e8dd1f9a0a74a435504c27cfc73ec0badc42e9790c5ded4ccd8704e6f8c1e215897738f04eac524da96ff98bb256c56b24319e7d29fb4818169d310828badf6de8de2842123ff626d2a8dfbed63"], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000) fchdir(r6) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r8, 0x400, 0x0) unlink(&(0x7f0000000180)='./file1\x00') 4.228133562s ago: executing program 3 (id=2900): r0 = io_uring_setup(0x312c, &(0x7f0000000140)={0x0, 0x58fb, 0x10, 0x801, 0x23f}) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) prctl$PR_GET_CHILD_SUBREAPER(0x25) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000000004000000000060000000000000004000040"]) listen(r1, 0x101) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x28, r8, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r8, 0x8, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x48054) r9 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r9, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r9, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r9, &(0x7f00000012c0)=[{{0x0, 0x0, &(0x7f0000001940)=[{&(0x7f00000017c0)="be", 0x1}], 0x1}}], 0x1, 0x20048045) close_range(r0, 0xffffffffffffffff, 0x0) 2.656990617s ago: executing program 2 (id=2903): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001380)=@newtfilter={0x3c, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x1, 0x5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 2.466251931s ago: executing program 2 (id=2905): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x40202, 0x0) openat$ttynull(0xffffff9c, &(0x7f0000000040), 0x10000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000180)) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) flistxattr(0xffffffffffffffff, &(0x7f0000000280)=""/64, 0x40) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) connect$inet(r5, &(0x7f0000000240)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800002f, 0x0) recvmmsg(r5, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r6 = gettid() r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000) read(r7, &(0x7f0000000540)=""/212, 0xd4) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r7, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x80, 0xff}, 0x0, {0x0, 0x4}}) tkill(r6, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r7, 0xc02c5341, &(0x7f00000004c0)) ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f00000000c0)=0x1) 2.30412906s ago: executing program 1 (id=2906): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x30, 0x0, 0x0, 0xee01}, {0x11, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffeff, 0x0, 0x40}}}, 0xb8}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x500, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, "0bc0f7", 0x0, "de9560"}}}}}}, 0x0) 2.234033237s ago: executing program 1 (id=2907): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4095}, 0x4800) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000080)=""/12, 0xc}, {&(0x7f0000000140)=""/20, 0x14}], 0x2}, 0x40010020) 2.061051158s ago: executing program 1 (id=2908): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181010100000000010000000000000e000a000f00000002800600121f", 0x2e}], 0x1}, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0xfffff493, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20048881, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="f419132b", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000300)="37b41d7c", 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000500)="df", 0x1}], 0x1}}], 0x3, 0x4000001) 1.737047068s ago: executing program 1 (id=2909): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000000)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) bind$can_raw(r0, &(0x7f0000000080), 0x10) 1.461987119s ago: executing program 4 (id=2910): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010024bd7000fddbaa2503000000180001801400020073797a5f74756e0000000000000000000500020004000000050005"], 0x3c}, 0x1, 0x0, 0x0, 0x20009005}, 0x2000c000) 1.459428799s ago: executing program 0 (id=2911): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x2c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 1.088898472s ago: executing program 2 (id=2912): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000040)={'bond0\x00', @ifru_names='netdevsim0\x00'}) syz_usb_connect(0x3, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="120101023253262024040899382e0102030109022d0001813c20000904f9f70388f2d801f4ff0802000206080709058102200009060709050a08000000a505"], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000000801080000000000000500070000090600024088f8000005000300010000000900010073797e30000000001c0004"], 0x78}, 0x1, 0x0, 0x0, 0x4000084}, 0x40000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000000000000700000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000006440000001e0a05010000000000000000070000000900020073797a31000000000900010073797a30000000001800038014000080100001800a000100fefe807eb37b0000140000001000010000000000000000000084000a541a57ce798f7652593457e727839d72cc91120e8b624a7c619c0e9a8807d10e000000000000000000000000004557008b7094ed847d5e7253eb3df6b185f066ce5f0f41d715405aed982201e1519ae6e6c3ab798e4ba7e99e3834eba515c2728ed644150433b2f36b985cb947f7b6988ea8c2a18642f5e5a33b8ecad22c369c230f252ae1feb28abd9e5ea75395691af11440e0fa"], 0xc8}}, 0x0) r4 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) write$binfmt_elf32(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200021"], 0x69) close(r4) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x880}, 0x11) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r9, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000140)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x84, &(0x7f0000000280)={r10, @in6={{0xa, 0x4e21, 0xfffffffb, @dev={0xfe, 0x80, '\x00', 0x16}, 0x4}}, 0x191}, 0x88) socket$nl_netfilter(0x10, 0x3, 0xc) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8482, 0x0) openat$drirender128(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) 785.525847ms ago: executing program 1 (id=2913): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) openat$vimc0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet(0x2, 0x4000000000000001, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r2, @ANYRES64=0x0, @ANYRESHEX=r2], 0x20) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x6, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306}) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) (async) openat$vimc0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$inet(0x2, 0x4000000000000001, 0x0) (async) socket$kcm(0x10, 0x2, 0x4) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) socket$l2tp6(0xa, 0x2, 0x73) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r2, @ANYRES64=0x0, @ANYRESHEX=r2], 0x20) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x6, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306}) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) 760.612021ms ago: executing program 0 (id=2914): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000100039040000", @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001380)=@newtfilter={0x3c, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x1, 0x5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 689.026379ms ago: executing program 4 (id=2915): r0 = openat$vim2m(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2d4480, 0x1c2, 0x9}, 0x18) open_tree(r1, &(0x7f0000000080)='./file0\x00', 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) timer_create(0xfffffffffffffffc, &(0x7f0000000140)={0x0, 0x7}, &(0x7f0000001400)) timer_settime(0x0, 0x1, &(0x7f0000000500)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) syz_usb_connect$uac1(0x0, 0xab, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000000000086b1d01014000010203010902990003010000000904000000010100000a240100000002010211240600000500000000000000000000000c2407000000003e8e7a70e108240400005cc3bc090401000001020000090401010101020000090501090000000000072501000000000904020000010200000904020101010200000e24020100011002e53a08000000072401000000000905820908"], 0x0) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc04c560f, &(0x7f0000000200)=@fd={0xa, 0x3, 0x4, 0x800, 0x28, {}, {0x4, 0x0, 0x3, 0x4, 0x43, 0x4, "83680685"}, 0xa, 0x4, {}, 0x200}) 500.314865ms ago: executing program 0 (id=2916): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) syz_open_procfs(0x0, 0x0) r2 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r2, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 2', 0x1b) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000540)={0x0, 0x1}, 0x8) connect$inet6(r3, &(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)}], 0x1}, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, 0x0, 0x0) recvmmsg(r4, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) memfd_create(&(0x7f00000000c0)='[\x00', 0x0) memfd_create(0x0, 0x3) r5 = memfd_secret(0x80000) fcntl$setlease(r5, 0x400, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500fd0402020002020000090582020002000000"], 0x0) r6 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, 0x0) ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f00000000c0)={0x80}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=2917): r0 = gettid() setpgid(r0, r0) request_key(&(0x7f0000000b80)='rxrpc_s\x00', &(0x7f0000000bc0)={'syz', 0x0}, &(0x7f0000000c00)=']!\'\x00', 0xfffffffffffffffe) r1 = openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x88000, 0x0) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000040)={0x9, 0xff, 0xfff7, 0xafe0, 0x12, "5fee9820714e83f1"}) syz_usb_connect$uac1(0x3, 0xb1, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9f, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2}, [@feature_unit={0xd, 0x24, 0x6, 0x5, 0xfc, 0x3, [0x8, 0x0, 0x0]}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x101, 0x6, 0x8, 0x0, 0x9e}, @input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfffe}, @feature_unit={0x9, 0x24, 0x6, 0x0, 0x1, 0x1, [0x2], 0x20}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x0, 0x0, 0x5, 0x8}, @feature_unit={0x2, 0x24, 0x6, 0x5, 0x0, 0x1, [0x0]}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x3f, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x80}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x2}}}}}}}]}}, 0x0) kernel console output (not intermixed with test programs): -1: config 1 has 1 interface, different from the descriptor's value: 2 [ 662.924438][ T1216] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 662.969197][ T1216] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 662.981119][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.005474][ T1216] usb 4-1: Product: ఀ [ 663.012812][ T1216] usb 4-1: Manufacturer: 繞瘼锗꒱ᔖ떆할⒐鲿Ẁ쩰৊灰໽杳썽㍻︇鎃ྵ붢䪱州ࡩ㏉먫䨐諗᢬ͅ㾰ᙍ䃥껎烸纺㹊ᢁ嫤觡໌杼 [ 663.025187][T14617] FAULT_INJECTION: forcing a failure. [ 663.025187][T14617] name failslab, interval 1, probability 0, space 0, times 0 [ 663.050936][ T1216] usb 4-1: SerialNumber: syz [ 663.057776][T14617] CPU: 1 UID: 0 PID: 14617 Comm: syz.0.2655 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 663.057807][T14617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 663.057821][T14617] Call Trace: [ 663.057830][T14617] [ 663.057839][T14617] dump_stack_lvl+0x241/0x360 [ 663.057877][T14617] ? __pfx_dump_stack_lvl+0x10/0x10 [ 663.057906][T14617] ? __pfx__printk+0x10/0x10 [ 663.057942][T14617] ? __pfx___might_resched+0x10/0x10 [ 663.057975][T14617] should_fail_ex+0x424/0x570 [ 663.058003][T14617] should_failslab+0xac/0x100 [ 663.058034][T14617] kmem_cache_alloc_noprof+0x78/0x390 [ 663.058055][T14617] ? ptlock_alloc+0x20/0x70 [ 663.058085][T14617] ptlock_alloc+0x20/0x70 [ 663.058118][T14617] pte_alloc_one+0x6d/0x160 [ 663.058146][T14617] handle_pte_fault+0x2ac2/0x61c0 [ 663.058187][T14617] ? __lock_acquire+0xad5/0xd80 [ 663.058208][T14617] ? __pfx_handle_pte_fault+0x10/0x10 [ 663.058232][T14617] ? page_table_check_set+0x164/0x700 [ 663.058266][T14617] ? page_table_check_set+0x164/0x700 [ 663.058292][T14617] ? page_table_check_set+0x4d2/0x700 [ 663.058317][T14617] ? page_table_check_set+0x164/0x700 [ 663.058355][T14617] ? __thp_vma_allowable_orders+0x229/0x9b0 [ 663.058376][T14617] ? mtree_range_walk+0x700/0x8e0 [ 663.058410][T14617] handle_mm_fault+0x1129/0x1bf0 [ 663.058441][T14617] ? mt_find+0x28a/0x8f0 [ 663.058495][T14617] ? __pfx_handle_mm_fault+0x10/0x10 [ 663.058535][T14617] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 663.058567][T14617] exc_page_fault+0x2bb/0x920 [ 663.058603][T14617] asm_exc_page_fault+0x26/0x30 [ 663.058623][T14617] RIP: 0010:__get_user_4+0x14/0x20 [ 663.058645][T14617] Code: 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 663.058658][T14617] RSP: 0018:ffffc9000aa1fd48 EFLAGS: 00050283 [ 663.058673][T14617] RAX: 0000000080000080 RBX: dffffc0000000000 RCX: 0000000000000000 [ 663.058684][T14617] RDX: 00007ffffffff000 RSI: ffffffff8e4fde18 RDI: ffffffff8ca1b520 [ 663.058696][T14617] RBP: ffffc9000aa1fed0 R08: 0000000000000001 R09: 0000000000000000 [ 663.058711][T14617] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92001543fc0 [ 663.058725][T14617] R13: 0000000080000080 R14: ffffc9000aa1fe00 R15: 0000000080000080 [ 663.058759][T14617] cap_validate_magic+0x2c/0x1a0 [ 663.058785][T14617] __se_sys_capset+0xe5/0x6a0 [ 663.058808][T14617] ? __pfx___se_sys_capset+0x10/0x10 [ 663.058827][T14617] ? fput+0x9b/0xd0 [ 663.058840][T14617] ? ksys_write+0x275/0x2d0 [ 663.058872][T14617] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 663.058900][T14617] ? lockdep_hardirqs_on+0x9d/0x150 [ 663.058927][T14617] __do_fast_syscall_32+0xb4/0x110 [ 663.058955][T14617] ? exc_page_fault+0x5f8/0x920 [ 663.058976][T14617] do_fast_syscall_32+0x34/0x80 [ 663.058996][T14617] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 663.059021][T14617] RIP: 0023:0xf73dd579 [ 663.059040][T14617] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 663.059058][T14617] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 00000000000000b9 [ 663.059078][T14617] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000000 [ 663.059091][T14617] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 663.059105][T14617] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 663.059114][T14617] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 663.059123][T14617] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 663.059144][T14617] [ 663.417321][ T5889] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 663.441004][ T5898] usb 2-1: USB disconnect, device number 105 [ 663.604821][ T5889] usb 3-1: config 0 has no interfaces? [ 663.646058][T14603] macsec0: entered allmulticast mode [ 663.662526][T14603] bridge0: port 2(macsec0) entered blocking state [ 663.692296][ T5889] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 663.706702][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.717878][ T5889] usb 3-1: Product: syz [ 663.722279][ T5889] usb 3-1: Manufacturer: syz [ 663.741166][T14603] bridge0: port 2(macsec0) entered disabled state [ 663.759278][ T5889] usb 3-1: SerialNumber: syz [ 663.847338][ T5889] usb 3-1: config 0 descriptor?? [ 663.932063][ C0] raw-gadget.2 gadget.4: ignoring, device is not running [ 663.940010][ C0] raw-gadget.2 gadget.4: ignoring, device is not running [ 663.948503][ T10] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 663.961735][ T10] usb 5-1: USB disconnect, device number 119 [ 664.022772][ T1216] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 664.062097][ T1216] cdc_ncm 4-1:1.0: bind() failure [ 664.115235][ T1216] usb 4-1: USB disconnect, device number 124 [ 664.388249][T14628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 664.444428][T14628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 664.482221][T14628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 664.491121][T14631] qrtr: Invalid version 137 [ 664.502033][T14628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 664.760845][T14634] usb usb8: usbfs: process 14634 (syz.1.2661) did not claim interface 0 before use [ 664.972845][T14641] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2665'. [ 665.163939][ T1216] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 665.316979][ T1216] usb 4-1: unable to get BOS descriptor or descriptor too short [ 665.326525][ T1216] usb 4-1: config 6 has an invalid interface number: 223 but max is 1 [ 665.335336][ T1216] usb 4-1: config 6 has an invalid interface number: 88 but max is 1 [ 665.343496][ T1216] usb 4-1: config 6 has no interface number 0 [ 665.350606][ T1216] usb 4-1: config 6 has no interface number 1 [ 665.357020][ T1216] usb 4-1: config 6 interface 223 altsetting 4 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 665.369323][ T1216] usb 4-1: config 6 interface 223 has no altsetting 0 [ 665.376566][ T1216] usb 4-1: config 6 interface 88 has no altsetting 0 [ 665.388978][ T1216] usb 4-1: string descriptor 0 read error: -22 [ 665.395434][ T1216] usb 4-1: New USB device found, idVendor=1554, idProduct=5010, bcdDevice=35.4b [ 665.404872][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.514038][ T5892] usb 5-1: new high-speed USB device number 120 using dummy_hcd [ 665.533937][ T10] usb 2-1: new low-speed USB device number 106 using dummy_hcd [ 665.627774][T14639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.641390][T14639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.655732][T14639] blktrace: Concurrent blktraces are not allowed on sg0 [ 665.669796][ T5892] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 665.682327][ T5892] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 665.694600][ T5892] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 665.703266][ T10] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 665.705806][ T5892] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 665.717804][ T10] usb 2-1: config 0 has no interface number 0 [ 665.722670][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.728383][ T10] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 665.747824][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 665.763779][ T10] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 665.781586][T14648] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22 [ 665.789634][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 665.806376][ T5892] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 665.811195][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 665.829030][ T10] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 665.843107][ T10] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 665.855859][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.874086][ T10] usb 2-1: config 0 descriptor?? [ 665.881004][T14650] raw-gadget.6 gadget.1: fail, usb_ep_enable returned -22 [ 665.889401][T14650] raw-gadget.6 gadget.1: fail, usb_ep_enable returned -22 [ 665.910846][ T1216] dvb-usb: found a 'Prolink Pixelview SBTVD' in cold state, will try to load a firmware [ 665.936246][ T10] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 665.972946][ T1216] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 665.986482][ T1216] dib0700: firmware download failed at 7 with -22 [ 666.001626][ T5892] usb 5-1: USB disconnect, device number 120 [ 666.029413][ T1216] dvb-usb: found a 'Prolink Pixelview SBTVD' in cold state, will try to load a firmware [ 666.041849][ T1216] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 666.051054][ T1216] dib0700: firmware download failed at 7 with -22 [ 666.082672][ T1216] usb 4-1: USB disconnect, device number 125 [ 666.259339][T14652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.291442][T14652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 666.340432][ T10] usb 3-1: USB disconnect, device number 7 [ 666.349546][ T1216] usb 2-1: USB disconnect, device number 106 [ 666.391692][ T1216] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 666.468975][T14657] qrtr: Invalid version 137 [ 666.774181][ T10] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 666.843912][T14671] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2676'. [ 666.959384][ T10] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 666.975965][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.996348][ T10] usb 4-1: config 0 descriptor?? [ 667.016089][ T10] gspca_main: spca508-2.14.0 probing 8086:0110 [ 667.406477][ T10] gspca_spca508: reg_read err -71 [ 667.469557][ T10] gspca_spca508: reg_read err -71 [ 667.481429][ T10] gspca_spca508: reg_read err -71 [ 667.495730][ T10] gspca_spca508: reg_read err -71 [ 667.517455][ T10] gspca_spca508: reg write: error -71 [ 667.522943][ T10] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 667.541683][T14684] FAULT_INJECTION: forcing a failure. [ 667.541683][T14684] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 667.560817][ T10] usb 4-1: USB disconnect, device number 126 [ 667.614742][T14684] CPU: 0 UID: 0 PID: 14684 Comm: syz.4.2680 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 667.614773][T14684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 667.614787][T14684] Call Trace: [ 667.614796][T14684] [ 667.614806][T14684] dump_stack_lvl+0x241/0x360 [ 667.614854][T14684] ? __pfx_dump_stack_lvl+0x10/0x10 [ 667.614884][T14684] ? __pfx__printk+0x10/0x10 [ 667.614929][T14684] should_fail_ex+0x424/0x570 [ 667.614957][T14684] _copy_from_user+0x2d/0xb0 [ 667.614989][T14684] input_event_from_user+0x1bf/0x510 [ 667.615019][T14684] ? __pfx_input_event_from_user+0x10/0x10 [ 667.615049][T14684] ? input_inject_event+0xd9/0x360 [ 667.615083][T14684] evdev_write+0x4c4/0x7d0 [ 667.615115][T14684] ? __pfx_evdev_write+0x10/0x10 [ 667.615140][T14684] ? bpf_lsm_file_permission+0x9/0x10 [ 667.615167][T14684] ? rw_verify_area+0x246/0x630 [ 667.615189][T14684] ? __pfx_evdev_write+0x10/0x10 [ 667.615213][T14684] vfs_write+0x2bc/0xd10 [ 667.615250][T14684] ? __pfx_vfs_write+0x10/0x10 [ 667.615276][T14684] ? __fget_files+0x2a/0x420 [ 667.615295][T14684] ? __fget_files+0x2a/0x420 [ 667.615316][T14684] ? __fget_files+0x39d/0x420 [ 667.615334][T14684] ? __fget_files+0x2a/0x420 [ 667.615363][T14684] ksys_write+0x19d/0x2d0 [ 667.615390][T14684] ? __pfx_ksys_write+0x10/0x10 [ 667.615418][T14684] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 667.615445][T14684] ? lockdep_hardirqs_on+0x9d/0x150 [ 667.615474][T14684] __do_fast_syscall_32+0xb4/0x110 [ 667.615501][T14684] ? exc_page_fault+0x5f8/0x920 [ 667.615531][T14684] do_fast_syscall_32+0x34/0x80 [ 667.615558][T14684] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 667.615584][T14684] RIP: 0023:0xf740d579 [ 667.615602][T14684] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 667.615620][T14684] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 667.615642][T14684] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 667.615657][T14684] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000 [ 667.615671][T14684] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 667.615683][T14684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 667.615696][T14684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 667.615726][T14684] [ 668.057961][T14691] qrtr: Invalid version 137 [ 668.353465][T14697] FAULT_INJECTION: forcing a failure. [ 668.353465][T14697] name failslab, interval 1, probability 0, space 0, times 0 [ 668.380351][T14697] CPU: 0 UID: 0 PID: 14697 Comm: syz.2.2686 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 668.380384][T14697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 668.380398][T14697] Call Trace: [ 668.380408][T14697] [ 668.380418][T14697] dump_stack_lvl+0x241/0x360 [ 668.380471][T14697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 668.380503][T14697] ? __pfx__printk+0x10/0x10 [ 668.380537][T14697] ? __pfx___might_resched+0x10/0x10 [ 668.380571][T14697] should_fail_ex+0x424/0x570 [ 668.380599][T14697] should_failslab+0xac/0x100 [ 668.380632][T14697] __kmalloc_cache_noprof+0x73/0x370 [ 668.380661][T14697] ? vhost_task_create+0x15d/0x320 [ 668.380697][T14697] vhost_task_create+0x15d/0x320 [ 668.380725][T14697] ? is_bpf_text_address+0x288/0x2a0 [ 668.380749][T14697] ? is_bpf_text_address+0x26/0x2a0 [ 668.380772][T14697] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 668.380796][T14697] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 668.380823][T14697] ? __pfx_vhost_task_create+0x10/0x10 [ 668.380862][T14697] ? __pfx_vhost_task_fn+0x10/0x10 [ 668.380905][T14697] ? stack_trace_save+0x11a/0x1d0 [ 668.380941][T14697] kvm_mmu_post_init_vm+0x14e/0x2c0 [ 668.380971][T14697] kvm_arch_vcpu_ioctl_run+0xed/0x1910 [ 668.381008][T14697] ? __lock_acquire+0xad5/0xd80 [ 668.381040][T14697] ? __mutex_trylock_common+0x184/0x2e0 [ 668.381073][T14697] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 668.381105][T14697] ? __pfx___mutex_trylock_common+0x10/0x10 [ 668.381139][T14697] ? rcu_is_watching+0x15/0xb0 [ 668.381166][T14697] ? look_up_lock_class+0x7b/0x170 [ 668.381195][T14697] ? register_lock_class+0x54/0x330 [ 668.381224][T14697] ? __lock_acquire+0xad5/0xd80 [ 668.381252][T14697] ? do_raw_write_lock+0x14a/0x4f0 [ 668.381304][T14697] kvm_vcpu_ioctl+0xa24/0x1030 [ 668.381340][T14697] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 668.381367][T14697] ? tomoyo_path_number_perm+0x215/0x790 [ 668.381398][T14697] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 668.381465][T14697] kvm_vcpu_compat_ioctl+0x241/0x450 [ 668.381494][T14697] ? __fget_files+0x2a/0x420 [ 668.381516][T14697] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 668.381548][T14697] ? __fget_files+0x2a/0x420 [ 668.381578][T14697] __se_compat_sys_ioctl+0x50e/0xc30 [ 668.381608][T14697] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 668.381636][T14697] ? __fget_files+0x2a/0x420 [ 668.381662][T14697] ? fput+0x9b/0xd0 [ 668.381682][T14697] ? ksys_write+0x275/0x2d0 [ 668.381734][T14697] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 668.381761][T14697] ? lockdep_hardirqs_on+0x9d/0x150 [ 668.381791][T14697] __do_fast_syscall_32+0xb4/0x110 [ 668.381819][T14697] ? exc_page_fault+0x5f8/0x920 [ 668.381851][T14697] do_fast_syscall_32+0x34/0x80 [ 668.381880][T14697] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 668.381907][T14697] RIP: 0023:0xf73cd579 [ 668.381925][T14697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 668.381945][T14697] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 668.381968][T14697] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 668.381984][T14697] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 668.381996][T14697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 668.382009][T14697] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 668.382023][T14697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 668.382063][T14697] [ 668.784005][ T1216] usb 4-1: new low-speed USB device number 127 using dummy_hcd [ 668.953971][ T1216] usb 4-1: Invalid ep0 maxpacket: 64 [ 669.264034][ T1216] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 669.294579][T14705] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2689'. [ 669.424772][ T1216] usb 4-1: Invalid ep0 maxpacket: 64 [ 669.444735][ T1216] usb usb4-port1: attempt power cycle [ 669.486000][T14709] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2690'. [ 669.674583][ T10] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 669.726043][T14720] qrtr: Invalid version 137 [ 669.773955][ T5892] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 669.804208][ T1216] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 669.825110][ T1216] usb 4-1: Invalid ep0 maxpacket: 64 [ 669.836036][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 669.847457][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 669.859727][ T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 669.869843][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 669.879060][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.891218][T14707] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 669.903175][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 669.936310][ T5892] usb 2-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice=1e.a0 [ 669.946375][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.955145][ T1216] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 669.994742][ T1216] usb 4-1: Invalid ep0 maxpacket: 64 [ 670.002198][ T5892] usb 2-1: config 0 descriptor?? [ 670.022262][ T1216] usb usb4-port1: unable to enumerate USB device [ 670.029256][ T5898] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 670.045162][ T5892] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input36 [ 670.109034][ T1216] usb 5-1: USB disconnect, device number 121 [ 670.196181][ T5898] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 670.207838][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 670.219056][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 670.232347][ T5198] bcm5974 2-1:0.0: could not read from device [ 670.243129][ T5198] bcm5974 2-1:0.0: could not read from device [ 670.256016][ T5892] usb 2-1: USB disconnect, device number 107 [ 670.267151][ T5898] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 670.280678][ T5198] bcm5974 2-1:0.0: could not read from device [ 670.287660][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.301919][ T5898] usb 3-1: Product: syz [ 670.306879][ T5898] usb 3-1: Manufacturer: syz [ 670.312385][ T5898] usb 3-1: SerialNumber: syz [ 670.329949][ T5898] usb 3-1: config 0 descriptor?? [ 671.024037][ T5898] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 671.174054][ T5898] usb 2-1: Using ep0 maxpacket: 8 [ 671.183435][ T5898] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 671.195800][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.207537][ T5898] usb 2-1: Product: syz [ 671.211773][ T5898] usb 2-1: Manufacturer: syz [ 671.218678][ T5898] usb 2-1: SerialNumber: syz [ 671.225960][ T5898] usb 2-1: config 0 descriptor?? [ 671.239806][ T5898] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 671.263536][ T5898] usb 2-1: setting power ON [ 671.269005][ T5898] dvb-usb: bulk message failed: -22 (2/0) [ 671.282341][ T5898] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 671.292527][ T5898] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 671.307358][ T5898] usb 2-1: media controller created [ 671.336399][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 671.358128][ T5898] usb 2-1: selecting invalid altsetting 6 [ 671.364393][ T5898] usb 2-1: digital interface selection failed (-22) [ 671.373190][ T5898] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 671.384769][ T5898] usb 2-1: setting power OFF [ 671.389797][ T5898] dvb-usb: bulk message failed: -22 (2/0) [ 671.396987][ T5898] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 671.406376][ T5898] (NULL device *): no alternate interface [ 671.434318][ T5898] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 671.460552][ T5898] usb 2-1: USB disconnect, device number 108 [ 671.674195][ T1216] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 671.844046][ T1216] usb 4-1: Using ep0 maxpacket: 32 [ 671.851114][ T1216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 671.865206][ T1216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 671.875704][ T1216] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 671.885319][ T1216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.896265][ T1216] usb 4-1: config 0 descriptor?? [ 672.003126][T14731] FAULT_INJECTION: forcing a failure. [ 672.003126][T14731] name failslab, interval 1, probability 0, space 0, times 0 [ 672.017031][T14731] CPU: 1 UID: 0 PID: 14731 Comm: syz.1.2698 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 672.017052][T14731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 672.017062][T14731] Call Trace: [ 672.017069][T14731] [ 672.017075][T14731] dump_stack_lvl+0x241/0x360 [ 672.017107][T14731] ? __pfx_dump_stack_lvl+0x10/0x10 [ 672.017128][T14731] ? __pfx__printk+0x10/0x10 [ 672.017152][T14731] ? __pfx___might_resched+0x10/0x10 [ 672.017174][T14731] should_fail_ex+0x424/0x570 [ 672.017194][T14731] should_failslab+0xac/0x100 [ 672.017215][T14731] __kmalloc_noprof+0xdf/0x4d0 [ 672.017236][T14731] ? mpi_powm+0x13f4/0x24d0 [ 672.017254][T14731] mpi_powm+0x13f4/0x24d0 [ 672.017285][T14731] ? __pfx_mpi_powm+0x10/0x10 [ 672.017303][T14731] ? __kasan_kmalloc+0x9d/0xb0 [ 672.017322][T14731] ? __kmalloc_cache_noprof+0x236/0x370 [ 672.017344][T14731] ? __asan_memset+0x23/0x50 [ 672.017363][T14731] dh_compute_value+0x215/0x410 [ 672.017389][T14731] ? __pfx_dh_compute_value+0x10/0x10 [ 672.017407][T14731] ? rcu_is_watching+0x15/0xb0 [ 672.017427][T14731] ? trace_kmalloc+0x1f/0xd0 [ 672.017445][T14731] ? __keyctl_dh_compute+0x7f9/0xf80 [ 672.017463][T14731] __keyctl_dh_compute+0x96c/0xf80 [ 672.017486][T14731] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 672.017523][T14731] ? __lock_acquire+0xad5/0xd80 [ 672.017557][T14731] ? compat_keyctl_dh_compute+0x223/0x340 [ 672.017593][T14731] compat_keyctl_dh_compute+0x238/0x340 [ 672.017619][T14731] ? __pfx_compat_keyctl_dh_compute+0x10/0x10 [ 672.017647][T14731] ? fput+0x9b/0xd0 [ 672.017660][T14731] ? ksys_write+0x275/0x2d0 [ 672.017688][T14731] __do_fast_syscall_32+0xb4/0x110 [ 672.017709][T14731] ? exc_page_fault+0x5f8/0x920 [ 672.017730][T14731] do_fast_syscall_32+0x34/0x80 [ 672.017750][T14731] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 672.017768][T14731] RIP: 0023:0xf7f21579 [ 672.017782][T14731] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 672.017795][T14731] RSP: 002b:00000000f504655c EFLAGS: 00000206 ORIG_RAX: 0000000000000120 [ 672.017819][T14731] RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 0000000080000100 [ 672.017834][T14731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080000180 [ 672.017848][T14731] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 672.017861][T14731] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 672.017874][T14731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 672.017905][T14731] [ 672.360177][ T1216] usbhid 4-1:0.0: can't add hid device: -71 [ 672.372762][ T1216] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 672.402174][ T1216] usb 4-1: USB disconnect, device number 5 [ 672.434967][T14739] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2700'. [ 672.711141][T14752] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2702'. [ 672.894379][ T10] usb 3-1: USB disconnect, device number 8 [ 673.289892][ T1216] usb 5-1: new high-speed USB device number 122 using dummy_hcd [ 673.423981][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 673.454319][T14770] FAULT_INJECTION: forcing a failure. [ 673.454319][T14770] name failslab, interval 1, probability 0, space 0, times 0 [ 673.473722][T14770] CPU: 1 UID: 0 PID: 14770 Comm: syz.3.2710 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 673.473754][T14770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 673.473769][T14770] Call Trace: [ 673.473778][T14770] [ 673.473793][T14770] dump_stack_lvl+0x241/0x360 [ 673.473832][T14770] ? __pfx_dump_stack_lvl+0x10/0x10 [ 673.473861][T14770] ? __pfx__printk+0x10/0x10 [ 673.473895][T14770] ? __pfx___might_resched+0x10/0x10 [ 673.473927][T14770] should_fail_ex+0x424/0x570 [ 673.473955][T14770] should_failslab+0xac/0x100 [ 673.473987][T14770] __kmalloc_noprof+0xdf/0x4d0 [ 673.474016][T14770] ? tomoyo_encode+0x26f/0x540 [ 673.474053][T14770] tomoyo_encode+0x26f/0x540 [ 673.474092][T14770] tomoyo_realpath_from_path+0x59e/0x5e0 [ 673.474137][T14770] tomoyo_path_number_perm+0x245/0x790 [ 673.474164][T14770] ? __lock_acquire+0xad5/0xd80 [ 673.474188][T14770] ? tomoyo_path_number_perm+0x215/0x790 [ 673.474218][T14770] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 673.474286][T14770] ? __fget_files+0x2a/0x420 [ 673.474306][T14770] ? __fget_files+0x2a/0x420 [ 673.474328][T14770] ? __fget_files+0x2a/0x420 [ 673.474353][T14770] security_file_ioctl_compat+0xc6/0x2a0 [ 673.474383][T14770] __se_compat_sys_ioctl+0xd8/0xc30 [ 673.474408][T14770] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 673.474438][T14770] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 673.474465][T14770] ? __fget_files+0x2a/0x420 [ 673.474491][T14770] ? fput+0x9b/0xd0 [ 673.474511][T14770] ? ksys_write+0x275/0x2d0 [ 673.474544][T14770] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 673.474570][T14770] ? lockdep_hardirqs_on+0x9d/0x150 [ 673.474598][T14770] __do_fast_syscall_32+0xb4/0x110 [ 673.474632][T14770] ? exc_page_fault+0x5f8/0x920 [ 673.474664][T14770] do_fast_syscall_32+0x34/0x80 [ 673.474692][T14770] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 673.474718][T14770] RIP: 0023:0xf747d579 [ 673.474737][T14770] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 673.474756][T14770] RSP: 002b:00000000f50e555c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 673.474779][T14770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000054a0 [ 673.474794][T14770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 673.474807][T14770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 673.474819][T14770] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 673.474831][T14770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 673.474861][T14770] [ 674.001691][T14770] ERROR: Out of memory at tomoyo_realpath_from_path. [ 674.010002][ T1216] usb 5-1: config index 0 descriptor too short (expected 47903, got 77) [ 674.018468][ T1216] usb 5-1: config 9 has too many interfaces: 48, using maximum allowed: 32 [ 674.036644][ T1216] usb 5-1: config 9 has an invalid descriptor of length 242, skipping remainder of the config [ 674.057133][ T1216] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 48 [ 674.094059][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 674.104815][ T1216] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 674.108356][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 674.114405][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.134611][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.148131][ T10] usb 3-1: Product: syz [ 674.155042][ T1216] usb 5-1: Product: syz [ 674.162040][ T1216] usb 5-1: Manufacturer: syz [ 674.162055][ T10] usb 3-1: Manufacturer: syz [ 674.177515][ T10] usb 3-1: SerialNumber: syz [ 674.191862][ T1216] usb 5-1: SerialNumber: syz [ 674.206443][ T10] usb 3-1: config 0 descriptor?? [ 674.299695][T10035] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 674.365946][T14776] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2712'. [ 674.440115][ T10] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 674.476775][T14777] warn_alloc: 2 callbacks suppressed [ 674.476793][T14777] syz.3.2711: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 674.528482][T10035] usb 2-1: config index 0 descriptor too short (expected 65535, got 77) [ 674.537732][T14777] CPU: 0 UID: 0 PID: 14777 Comm: syz.3.2711 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 674.537769][T14777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 674.537784][T14777] Call Trace: [ 674.537793][T14777] [ 674.537802][T14777] dump_stack_lvl+0x241/0x360 [ 674.537845][T14777] ? __pfx_dump_stack_lvl+0x10/0x10 [ 674.537877][T14777] ? __pfx__printk+0x10/0x10 [ 674.537905][T14777] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 674.537942][T14777] ? __rcu_read_unlock+0xa1/0x110 [ 674.537961][T14777] warn_alloc+0x27c/0x410 [ 674.537975][T14777] ? is_mmconf_reserved+0x3a1/0x3f0 [ 674.537993][T14777] ? __vmalloc_node_range_noprof+0x108/0x1390 [ 674.538016][T14777] ? __pfx_warn_alloc+0x10/0x10 [ 674.538040][T14777] ? kasan_save_track+0x3f/0x80 [ 674.538061][T14777] ? __kasan_kmalloc+0x9d/0xb0 [ 674.538086][T14777] ? xsk_setsockopt+0x449/0x840 [ 674.538104][T14777] ? do_sock_setsockopt+0x3b1/0x710 [ 674.538119][T14777] ? __ia32_sys_setsockopt+0x1f2/0x280 [ 674.538133][T14777] ? __do_fast_syscall_32+0xb4/0x110 [ 674.538153][T14777] ? do_fast_syscall_32+0x34/0x80 [ 674.538183][T14777] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 674.538219][T14777] __vmalloc_node_range_noprof+0x128/0x1390 [ 674.538264][T14777] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 674.538283][T14777] ? __kasan_kmalloc+0x9d/0xb0 [ 674.538305][T14777] vmalloc_user_noprof+0x74/0x80 [ 674.538328][T14777] ? xskq_create+0xb6/0x170 [ 674.538350][T14777] xskq_create+0xb6/0x170 [ 674.538375][T14777] xsk_init_queue+0xa1/0x100 [ 674.538401][T14777] xsk_setsockopt+0x449/0x840 [ 674.538419][T14777] ? __pfx_xsk_setsockopt+0x10/0x10 [ 674.538432][T14777] ? __lock_acquire+0xad5/0xd80 [ 674.538448][T14777] ? __pfx_aa_sk_perm+0x10/0x10 [ 674.538475][T14777] ? __lock_acquire+0xad5/0xd80 [ 674.538499][T14777] ? aa_sock_opt_perm+0x79/0x120 [ 674.538533][T14777] ? __pfx_xsk_setsockopt+0x10/0x10 [ 674.538554][T14777] do_sock_setsockopt+0x3b1/0x710 [ 674.538574][T14777] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 674.538590][T14777] ? __fget_files+0x2a/0x420 [ 674.538604][T14777] ? __fget_files+0x39d/0x420 [ 674.538652][T14777] ? __fget_files+0x2a/0x420 [ 674.538682][T14777] __ia32_sys_setsockopt+0x1f2/0x280 [ 674.538711][T14777] __do_fast_syscall_32+0xb4/0x110 [ 674.538736][T14777] ? ret_from_fork_asm+0x1a/0x30 [ 674.538750][T14777] ? lockdep_hardirqs_on+0x9d/0x150 [ 674.538773][T14777] do_fast_syscall_32+0x34/0x80 [ 674.538801][T14777] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 674.538828][T14777] RIP: 0023:0xf747d579 [ 674.538846][T14777] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 674.538864][T14777] RSP: 002b:00000000f510655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 674.538886][T14777] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000011b [ 674.538896][T14777] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000052 [ 674.538906][T14777] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 674.538915][T14777] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 674.538925][T14777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 674.538956][T14777] [ 674.539009][T14777] Mem-Info: [ 674.867626][T10035] usb 2-1: config 49 has too many interfaces: 48, using maximum allowed: 32 [ 674.876465][T10035] usb 2-1: config 49 has an invalid descriptor of length 0, skipping remainder of the config [ 674.915368][T10035] usb 2-1: config 49 has 0 interfaces, different from the descriptor's value: 48 [ 674.937167][T14777] active_anon:6608 inactive_anon:2 isolated_anon:0 [ 674.937167][T14777] active_file:13195 inactive_file:3222 isolated_file:0 [ 674.937167][T14777] unevictable:768 dirty:205 writeback:0 [ 674.937167][T14777] slab_reclaimable:10634 slab_unreclaimable:103252 [ 674.937167][T14777] mapped:31765 shmem:1396 pagetables:1103 [ 674.937167][T14777] sec_pagetables:0 bounce:0 [ 674.937167][T14777] kernel_misc_reclaimable:0 [ 674.937167][T14777] free:1346598 free_pcp:364 free_cma:0 [ 674.990146][T14777] Node 0 active_anon:26720kB inactive_anon:8kB active_file:52744kB inactive_file:12884kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127008kB dirty:820kB writeback:0kB shmem:4056kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11728kB pagetables:4436kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 675.028377][T10035] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 675.037934][T10035] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 675.046564][T10035] usb 2-1: Product: syz [ 675.051135][T10035] usb 2-1: Manufacturer: syz [ 675.054156][ T5898] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 675.057345][T14777] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 675.098821][T10035] usb 2-1: SerialNumber: syz [ 675.106117][T14777] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 675.135017][T14777] lowmem_reserve[]: 0 2487 2487 2487 2487 [ 675.141084][T14777] Node 0 DMA32 free:1465952kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:26812kB inactive_anon:8kB active_file:52744kB inactive_file:12792kB unevictable:1536kB writepending:820kB present:3129332kB managed:2547232kB mlocked:0kB bounce:0kB free_pcp:1388kB local_pcp:868kB free_cma:0kB [ 675.179161][T14777] lowmem_reserve[]: 0 0 0 0 0 [ 675.184525][T14777] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB [ 675.212212][T14777] lowmem_reserve[]: 0 0 0 0 0 [ 675.217437][T14777] Node 1 Normal free:3904788kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 675.247499][T14777] lowmem_reserve[]: 0 0 0 0 0 [ 675.252460][T14777] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 675.266155][T14777] Node 0 DMA32: 666*4kB (UME) 943*8kB (UME) 824*16kB (UME) 505*32kB (UME) 245*64kB (UME) 166*128kB (UME) 101*256kB (UME) 51*512kB (UME) 42*1024kB (UME) 16*2048kB (UM) 308*4096kB (UM) = 1465792kB [ 675.287167][T14777] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 675.287937][ T5898] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 675.300869][T14777] Node 1 [ 675.318093][ T5898] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 675.318112][T14777] Normal: 263*4kB [ 675.321308][ T5898] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 675.350995][ T5898] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 675.351003][T14777] (UM) [ 675.351030][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.370676][T14777] 81*8kB (UME) 51*16kB (UE) 244*32kB (UE) 99*64kB (UME) 32*128kB (UME) 16*256kB (UME) 6*512kB (UM) 6*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3904788kB [ 675.403655][T14777] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 675.414738][T14777] Node 0 hugepages_total=6 hugepages_free=2 hugepages_surp=4 hugepages_size=2048kB [ 675.428170][T14777] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 675.429407][ T30] kauditd_printk_skb: 80 callbacks suppressed [ 675.429421][ T30] audit: type=1800 audit(1744635706.432:706): pid=14769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2708" name="file0" dev="tmpfs" ino=2826 res=0 errno=0 [ 675.440243][T14777] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 675.487670][ T30] audit: type=1800 audit(1744635706.492:707): pid=14769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2708" name="file0" dev="tmpfs" ino=2826 res=0 errno=0 [ 675.495120][T14780] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 675.517261][T14760] openvswitch: netlink: IP tunnel dst address not specified [ 675.531390][T14769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 675.532448][T14777] 17817 total pagecache pages [ 675.551057][T14769] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 675.552689][T14777] 2 pages in swap cache [ 675.566449][ T5898] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 675.569286][T14777] Free swap = 124988kB [ 675.595149][T14777] Total swap = 124996kB [ 675.599607][T14777] 2097051 pages RAM [ 675.605964][T14777] 0 pages HighMem/MovableOnly [ 675.611167][T14777] 428585 pages reserved [ 675.611536][T14760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 675.616439][T14777] 0 pages cma reserved [ 675.635749][T14760] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 675.787621][ T10] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 675.804903][ T10] usb 3-1: USB disconnect, device number 9 [ 675.873708][ T5898] usb 4-1: USB disconnect, device number 6 [ 675.990690][ T1216] usb 5-1: USB disconnect, device number 122 [ 676.076937][T14785] netlink: 'syz.4.2714': attribute type 2 has an invalid length. [ 676.191197][T14788] netlink: 536 bytes leftover after parsing attributes in process `syz.4.2715'. [ 676.447167][T14798] FAULT_INJECTION: forcing a failure. [ 676.447167][T14798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 676.460872][T14798] CPU: 0 UID: 0 PID: 14798 Comm: syz.2.2718 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 676.460900][T14798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 676.460912][T14798] Call Trace: [ 676.460921][T14798] [ 676.460929][T14798] dump_stack_lvl+0x241/0x360 [ 676.460979][T14798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.461007][T14798] ? __pfx__printk+0x10/0x10 [ 676.461045][T14798] should_fail_ex+0x424/0x570 [ 676.461071][T14798] _copy_to_user+0x31/0xb0 [ 676.461101][T14798] simple_read_from_buffer+0xc4/0x170 [ 676.461133][T14798] proc_fail_nth_read+0x1ef/0x260 [ 676.461157][T14798] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 676.461180][T14798] ? rw_verify_area+0x246/0x630 [ 676.461219][T14798] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 676.461243][T14798] vfs_read+0x21f/0xb90 [ 676.461270][T14798] ? __pfx___mutex_lock+0x10/0x10 [ 676.461298][T14798] ? __pfx_vfs_read+0x10/0x10 [ 676.461323][T14798] ? __fget_files+0x2a/0x420 [ 676.461344][T14798] ? __fget_files+0x39d/0x420 [ 676.461360][T14798] ? __fget_files+0x2a/0x420 [ 676.461389][T14798] ksys_read+0x19d/0x2d0 [ 676.461415][T14798] ? __pfx_ksys_read+0x10/0x10 [ 676.461449][T14798] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 676.461474][T14798] ? lockdep_hardirqs_on+0x9d/0x150 [ 676.461502][T14798] __do_fast_syscall_32+0xb4/0x110 [ 676.461528][T14798] ? exc_page_fault+0x5f8/0x920 [ 676.461557][T14798] do_fast_syscall_32+0x34/0x80 [ 676.461576][T14798] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 676.461594][T14798] RIP: 0023:0xf73cd579 [ 676.461607][T14798] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 676.461619][T14798] RSP: 002b:00000000f5056590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 676.461634][T14798] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5056620 [ 676.461645][T14798] RDX: 000000000000000f RSI: 00000000f73bdff4 RDI: 0000000000000000 [ 676.461654][T14798] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 676.461662][T14798] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 676.461671][T14798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 676.461691][T14798] [ 676.783780][T10035] usb 2-1: USB disconnect, device number 109 [ 676.883240][T14802] kvm: kvm [14801]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x40000004) = 0x0 [ 677.088852][T14810] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2723'. [ 677.273936][ T10] usb 2-1: new full-speed USB device number 110 using dummy_hcd [ 677.368370][T14818] tipc: Enabling of bearer rejected, failed to enable media [ 677.452340][ T10] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 677.470854][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.486691][ T10] usb 2-1: config 0 descriptor?? [ 677.702052][T14833] FAULT_INJECTION: forcing a failure. [ 677.702052][T14833] name failslab, interval 1, probability 0, space 0, times 0 [ 677.721065][T14833] CPU: 0 UID: 0 PID: 14833 Comm: syz.4.2730 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 677.721095][T14833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 677.721108][T14833] Call Trace: [ 677.721120][T14833] [ 677.721129][T14833] dump_stack_lvl+0x241/0x360 [ 677.721167][T14833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 677.721197][T14833] ? __pfx__printk+0x10/0x10 [ 677.721231][T14833] ? __pfx___might_resched+0x10/0x10 [ 677.721261][T14833] should_fail_ex+0x424/0x570 [ 677.721288][T14833] should_failslab+0xac/0x100 [ 677.721319][T14833] __kmalloc_noprof+0xdf/0x4d0 [ 677.721346][T14833] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 677.721378][T14833] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 677.721421][T14833] tomoyo_realpath_from_path+0xcf/0x5e0 [ 677.721466][T14833] tomoyo_path_number_perm+0x245/0x790 [ 677.721492][T14833] ? __lock_acquire+0xad5/0xd80 [ 677.721516][T14833] ? tomoyo_path_number_perm+0x215/0x790 [ 677.721545][T14833] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 677.721611][T14833] ? __fget_files+0x2a/0x420 [ 677.721630][T14833] ? __fget_files+0x2a/0x420 [ 677.721652][T14833] ? __fget_files+0x2a/0x420 [ 677.721676][T14833] security_file_ioctl_compat+0xc6/0x2a0 [ 677.721704][T14833] __se_compat_sys_ioctl+0xd8/0xc30 [ 677.721729][T14833] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 677.721757][T14833] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 677.721784][T14833] ? __fget_files+0x2a/0x420 [ 677.721809][T14833] ? fput+0x9b/0xd0 [ 677.721828][T14833] ? ksys_write+0x275/0x2d0 [ 677.721861][T14833] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 677.721886][T14833] ? lockdep_hardirqs_on+0x9d/0x150 [ 677.721914][T14833] __do_fast_syscall_32+0xb4/0x110 [ 677.721940][T14833] ? exc_page_fault+0x5f8/0x920 [ 677.721969][T14833] do_fast_syscall_32+0x34/0x80 [ 677.721996][T14833] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 677.722020][T14833] RIP: 0023:0xf740d579 [ 677.722038][T14833] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 677.722056][T14833] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 677.722078][T14833] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 000000000000ae80 [ 677.722092][T14833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 677.722104][T14833] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 677.722116][T14833] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 677.722129][T14833] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 677.722159][T14833] [ 677.722780][T14833] ERROR: Out of memory at tomoyo_realpath_from_path. [ 678.161297][ T30] audit: type=1326 audit(1744635709.162:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14838 comm="syz.0.2732" exe="/root/syz-executor" sig=31 arch=40000003 syscall=354 compat=1 ip=0xf73dd579 code=0x12950000 [ 678.233625][T14844] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2734'. [ 678.290296][T14842] kvm: kvm [14841]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x40000004) = 0x0 [ 678.577838][T14856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 678.604879][T14856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 678.744636][T10035] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 678.753969][ T5898] usb 5-1: new full-speed USB device number 123 using dummy_hcd [ 678.804347][ T1216] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 678.907331][ T5898] usb 5-1: not running at top speed; connect to a high speed hub [ 678.916843][T10035] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 678.925358][ T5898] usb 5-1: config 2 has an invalid interface number: 80 but max is 3 [ 678.932157][T10035] usb 3-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 678.943874][ T5898] usb 5-1: config 2 has an invalid interface number: 217 but max is 3 [ 678.943902][ T5898] usb 5-1: config 2 has an invalid interface descriptor of length 7, skipping [ 678.943934][ T5898] usb 5-1: config 2 has an invalid interface number: 92 but max is 3 [ 678.943954][ T5898] usb 5-1: config 2 has an invalid interface number: 193 but max is 3 [ 678.943979][ T5898] usb 5-1: config 2 has an invalid interface number: 6 but max is 3 [ 678.943999][ T5898] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 678.944017][ T5898] usb 5-1: config 2 has 6 interfaces, different from the descriptor's value: 4 [ 678.944038][ T5898] usb 5-1: config 2 has no interface number 0 [ 678.944054][ T5898] usb 5-1: config 2 has no interface number 2 [ 678.944070][ T5898] usb 5-1: config 2 has no interface number 3 [ 678.944086][ T5898] usb 5-1: config 2 has no interface number 4 [ 678.944102][ T5898] usb 5-1: config 2 has no interface number 5 [ 678.951525][T10035] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.954373][ T5898] usb 5-1: config 2 interface 217 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 678.973647][T10035] usb 3-1: config 0 descriptor?? [ 679.070957][ T5898] usb 5-1: too many endpoints for config 2 interface 1 altsetting 7: 93, using maximum allowed: 30 [ 679.082101][ T1216] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 679.093397][ T1216] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 679.108029][ T1216] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 679.118438][ T1216] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 679.131503][ T5898] usb 5-1: config 2 interface 1 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 93 [ 679.148463][ T1216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.160442][ T5898] usb 5-1: config 2 interface 193 altsetting 242 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 679.180723][ T5898] usb 5-1: config 2 interface 6 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 679.200786][T14855] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 679.212240][ T1216] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 679.230651][ T5898] usb 5-1: config 2 interface 80 has no altsetting 0 [ 679.243975][ T5898] usb 5-1: config 2 interface 217 has no altsetting 0 [ 679.253066][ T5898] usb 5-1: config 2 interface 1 has no altsetting 0 [ 679.274975][ T5898] usb 5-1: config 2 interface 92 has no altsetting 0 [ 679.291186][ T5898] usb 5-1: config 2 interface 193 has no altsetting 0 [ 679.308258][ T5898] usb 5-1: config 2 interface 6 has no altsetting 0 [ 679.319203][ T5898] usb 5-1: New USB device found, idVendor=19d2, idProduct=1104, bcdDevice=f2.58 [ 679.348926][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.361267][T14854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 679.370314][ T10] pegasus 2-1:0.0: probe with driver pegasus failed with error -110 [ 679.379162][T14854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 679.426127][ T5898] usb 5-1: Product: 犥⨣濨惠㔑鋴ࡡ䃗給ꟳ혷镥轐္ꦂ뼤隳幨酡飥뫶扖婜誆ꪽ닾攩⫶혍♴ɗ⃚ᅗ䤧໏鞂⼨櫠ᭅফ嬁퓍翯佀奁鸾䁢咐閻䳮灤ऺⲵ摠蹀삨䞇鄿Ⲃ斮㱋$䎥瀞蒣䑯⹳퓬v隚򇯫鬍【ལᬩ軦➬栏쬧਼굲싎챆樸歄指嘺 [ 679.478668][ T5898] usb 5-1: Manufacturer: ည [ 679.486828][ T5898] usb 5-1: SerialNumber: 槷錹痎ዧ⩏暻씩ຟ㫛婣쀰醝⁑쌭뙓Ἔ急ู䳚暣ᒘ [ 679.510501][ T10] usb 4-1: USB disconnect, device number 7 [ 679.561971][T10035] usbhid 3-1:0.0: can't add hid device: -71 [ 679.568349][T10035] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 679.647915][T10035] usb 3-1: USB disconnect, device number 10 [ 679.949461][ T5898] option 5-1:2.80: GSM modem (1-port) converter detected [ 679.988341][ T5898] option 5-1:2.217: GSM modem (1-port) converter detected [ 680.028175][T10035] usb 2-1: USB disconnect, device number 110 [ 680.094132][ T5898] usb 5-1: USB disconnect, device number 123 [ 680.111495][ T5898] option 5-1:2.80: device disconnected [ 680.131006][ T5898] option 5-1:2.217: device disconnected [ 680.560060][T14879] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2747'. [ 681.018824][ T10] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 681.171397][T14894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 681.176689][ T10] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 681.196208][ T10] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 681.210582][ T10] usb 2-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 681.221091][T14894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 681.222370][ T10] usb 2-1: config 220 has no interface number 1 [ 681.240183][ T10] usb 2-1: config 220 interface 0 has no altsetting 0 [ 681.259328][ T10] usb 2-1: config 220 interface 76 has no altsetting 0 [ 681.271790][ T10] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 681.290365][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.301979][ T10] usb 2-1: Product: syz [ 681.310549][ T10] usb 2-1: Manufacturer: syz [ 681.317294][ T10] usb 2-1: SerialNumber: syz [ 681.404024][T10035] usb 5-1: new low-speed USB device number 124 using dummy_hcd [ 681.455285][T14899] IPv6: NLM_F_REPLACE set, but no existing node found! [ 681.516323][ T30] audit: type=1326 audit(1744635712.522:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.551567][ T30] audit: type=1326 audit(1744635712.522:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.579874][ T10] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 681.590280][ T10] usb 2-1: No valid video chain found. [ 681.596319][T10035] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 32200, setting to 8 [ 681.611878][T10035] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 681.623558][ T10] usb 2-1: USB disconnect, device number 111 [ 681.632565][ T30] audit: type=1326 audit(1744635712.522:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=246 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.661546][T10035] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 681.676361][T10035] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 152, changing to 4 [ 681.688909][ T30] audit: type=1326 audit(1744635712.522:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.712054][T10035] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58 [ 681.722404][T10035] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.730534][ T30] audit: type=1326 audit(1744635712.522:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.775920][T10035] usb 5-1: config 0 descriptor?? [ 681.781588][ T30] audit: type=1326 audit(1744635712.522:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.781715][T14895] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 681.845670][ T30] audit: type=1326 audit(1744635712.522:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.870170][ T30] audit: type=1326 audit(1744635712.522:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.902772][ T30] audit: type=1326 audit(1744635712.552:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 681.940368][ T30] audit: type=1326 audit(1744635712.552:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14900 comm="syz.3.2755" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 682.158825][ T1216] usb 5-1: USB disconnect, device number 124 [ 682.593935][ T10] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 682.743890][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 682.751221][ T10] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 682.764446][ T10] usb 2-1: config 0 has no interface number 0 [ 682.770610][ T10] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 682.794530][ T10] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 49152, setting to 1024 [ 682.854632][ T10] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 682.873889][ T10] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 682.892263][ T10] usb 2-1: Product: syz [ 682.902419][ T10] usb 2-1: SerialNumber: syz [ 682.913624][ T10] usb 2-1: config 0 descriptor?? [ 682.930538][ T10] cm109 2-1:0.8: invalid payload size 1024, expected 4 [ 682.940551][ T10] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input37 [ 683.039504][T14911] fuse: blksize only supported for fuseblk [ 683.138543][ C0] cm109 2-1:0.8: cm109_urb_irq_callback: urb status -71 [ 683.287229][T14918] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2760'. [ 683.369713][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 683.371162][ T1216] usb 2-1: USB disconnect, device number 112 [ 683.376710][ C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 683.435232][T14906] ALSA: mixer_oss: invalid OSS volume '' [ 683.455491][T14920] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2761'. [ 683.458384][ T1216] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 684.048722][ T5892] usb 5-1: new high-speed USB device number 125 using dummy_hcd [ 684.064233][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 684.204283][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 684.209548][ T1216] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 684.214328][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 684.218498][ T5892] usb 5-1: no configurations [ 684.227824][ T5892] usb 5-1: can't read configurations, error -22 [ 684.230078][ T10] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 684.243694][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.256211][ T10] usb 4-1: config 0 descriptor?? [ 684.265036][ T10] gspca_main: sunplus-2.14.0 probing 041e:400b [ 684.363940][ T5892] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 684.377819][ T1216] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 684.389070][ T5898] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 684.397068][ T1216] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 684.407865][ T1216] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 684.418578][ T1216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.432689][T14930] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 684.455866][ T1216] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 684.540056][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 684.553405][ T5892] usb 5-1: no configurations [ 684.559000][ T5892] usb 5-1: can't read configurations, error -22 [ 684.565637][ T5898] usb 2-1: Using ep0 maxpacket: 8 [ 684.577028][ T5898] usb 2-1: config 1 has an invalid interface number: 101 but max is 0 [ 684.588230][ T5892] usb usb5-port1: attempt power cycle [ 684.596157][ T5898] usb 2-1: config 1 has no interface number 0 [ 684.602407][ T5898] usb 2-1: config 1 interface 101 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 684.619035][ T5898] usb 2-1: config 1 interface 101 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 684.630573][ T5898] usb 2-1: config 1 interface 101 altsetting 0 has an endpoint descriptor with address 0x6E, changing to 0xE [ 684.647557][ T5898] usb 2-1: config 1 interface 101 altsetting 0 endpoint 0xE has an invalid bInterval 252, changing to 7 [ 684.671590][ T5898] usb 2-1: config 1 interface 101 altsetting 0 endpoint 0xE has invalid maxpacket 33869, setting to 1024 [ 684.686603][T10035] usb 3-1: USB disconnect, device number 11 [ 684.699159][ T5898] usb 2-1: config 1 interface 101 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 684.732867][ T5898] usb 2-1: config 1 interface 101 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 684.763764][ T5898] usb 2-1: config 1 interface 101 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5 [ 684.801693][ T5898] usb 2-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice=c5.71 [ 684.812757][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.827782][ T5898] usb 2-1: Product: syz [ 684.831998][ T5898] usb 2-1: Manufacturer: syz [ 684.838833][ T5898] usb 2-1: SerialNumber: syz [ 684.973974][ T5892] usb 5-1: new high-speed USB device number 127 using dummy_hcd [ 685.004907][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 685.010738][ T5892] usb 5-1: no configurations [ 685.017305][ T5892] usb 5-1: can't read configurations, error -22 [ 685.067892][ T5898] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.101/input/input38 [ 685.097003][ T5198] bcm5974 2-1:1.101: could not read from device [ 685.111166][ T5198] bcm5974 2-1:1.101: could not read from device [ 685.120235][ T5898] usb 2-1: USB disconnect, device number 113 [ 685.129296][ T5198] bcm5974 2-1:1.101: could not read from device [ 685.164856][ T5892] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 685.194671][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 685.201462][T14946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2772'. [ 685.206592][ T5892] usb 5-1: no configurations [ 685.220561][ T5892] usb 5-1: can't read configurations, error -22 [ 685.229046][ T5892] usb usb5-port1: unable to enumerate USB device [ 685.426073][T14952] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2775'. [ 685.507808][T14926] netlink: zone id is out of range [ 685.512981][T14926] netlink: zone id is out of range [ 685.519691][T14926] netlink: zone id is out of range [ 685.525475][T14926] netlink: zone id is out of range [ 685.531109][T14926] netlink: zone id is out of range [ 685.536835][T14926] netlink: zone id is out of range [ 685.553386][T14926] netlink: zone id is out of range [ 685.560993][T14926] netlink: zone id is out of range [ 685.566688][T14926] netlink: zone id is out of range [ 685.571837][T14926] netlink: zone id is out of range [ 685.642462][ T10] gspca_sunplus: reg_w_riv err -71 [ 685.655155][ T10] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 685.674554][ T10] usb 4-1: USB disconnect, device number 8 [ 685.848781][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.855577][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.962080][T14968] delete_channel: no stack [ 686.055924][T14973] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2783'. [ 686.281176][T14981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2786'. [ 686.300399][T14981] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 686.704652][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 686.834033][ T5892] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 686.882885][ T10] usb 4-1: New USB device found, idVendor=04f2, idProduct=1123, bcdDevice= 0.00 [ 686.909042][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.937616][ T10] usb 4-1: config 0 descriptor?? [ 687.154606][ T5892] usb 2-1: Using ep0 maxpacket: 8 [ 687.167893][ T5892] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 687.240254][ T5892] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 687.293837][ T5892] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 687.313900][ T5892] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 687.343905][ T5892] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 687.353009][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.354329][T10035] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 687.374874][T14994] netlink: 'syz.4.2792': attribute type 10 has an invalid length. [ 687.417603][T14994] netdevsim netdevsim4 : entered promiscuous mode [ 687.425584][T14994] netdevsim netdevsim4 : entered allmulticast mode [ 687.439840][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 687.459035][T14994] bond0: (slave ): Enslaving as an active interface with an up link [ 687.467699][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 687.492329][ T10] usb 4-1: USB disconnect, device number 9 [ 687.537260][T10035] usb 3-1: config 0 has an invalid interface number: 9 but max is 0 [ 687.562372][T10035] usb 3-1: config 0 has no interface number 0 [ 687.586750][T10035] usb 3-1: config 0 interface 9 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 687.619087][T10035] usb 3-1: config 0 interface 9 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 687.639480][T10035] usb 3-1: config 0 interface 9 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 687.673123][T10035] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 687.696911][T10035] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.728659][T10035] usb 3-1: config 0 descriptor?? [ 687.833576][ T5892] usb 2-1: GET_CAPABILITIES returned 0 [ 687.843876][ T5892] usbtmc 2-1:16.0: can't read capabilities [ 687.878492][ T5892] usb 2-1: USB disconnect, device number 114 [ 688.165837][T10035] uclogic 0003:5543:0522.0022: unknown main item tag 0x0 [ 688.190918][T10035] uclogic 0003:5543:0522.0022: unknown main item tag 0x0 [ 688.213247][T10035] uclogic 0003:5543:0522.0022: unknown main item tag 0x0 [ 688.228879][T10035] uclogic 0003:5543:0522.0022: unknown main item tag 0x0 [ 688.238979][T10035] uclogic 0003:5543:0522.0022: unknown main item tag 0x0 [ 688.252122][T10035] uclogic 0003:5543:0522.0022: No inputs registered, leaving [ 688.274717][T10035] uclogic 0003:5543:0522.0022: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.2-1/input9 [ 688.328609][T15004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2795'. [ 688.364171][ T5898] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 688.458170][T10035] usb 3-1: USB disconnect, device number 12 [ 688.568039][ T5898] usb 5-1: Using ep0 maxpacket: 16 [ 688.690216][T15007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2796'. [ 688.701753][T15007] netlink: 'syz.1.2796': attribute type 18 has an invalid length. [ 688.758508][T15007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2796'. [ 689.620313][T15023] IPv6: NLM_F_REPLACE set, but no existing node found! [ 689.931851][T15026] warn_alloc: 2 callbacks suppressed [ 689.931871][T15026] syz.3.2801: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 690.005738][T15026] CPU: 0 UID: 0 PID: 15026 Comm: syz.3.2801 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 690.005772][T15026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 690.005787][T15026] Call Trace: [ 690.005797][T15026] [ 690.005807][T15026] dump_stack_lvl+0x241/0x360 [ 690.005847][T15026] ? __pfx_dump_stack_lvl+0x10/0x10 [ 690.005880][T15026] ? __pfx__printk+0x10/0x10 [ 690.005908][T15026] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 690.005945][T15026] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 690.005977][T15026] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 690.006013][T15026] warn_alloc+0x27c/0x410 [ 690.006035][T15026] ? is_mmconf_reserved+0x3a1/0x3f0 [ 690.006060][T15026] ? __vmalloc_node_range_noprof+0x108/0x1390 [ 690.006085][T15026] ? __pfx_warn_alloc+0x10/0x10 [ 690.006109][T15026] ? kasan_save_track+0x3f/0x80 [ 690.006134][T15026] ? __kasan_kmalloc+0x9d/0xb0 [ 690.006160][T15026] ? xsk_setsockopt+0x449/0x840 [ 690.006180][T15026] ? do_sock_setsockopt+0x3b1/0x710 [ 690.006202][T15026] ? __ia32_sys_setsockopt+0x1f2/0x280 [ 690.006224][T15026] ? __do_fast_syscall_32+0xb4/0x110 [ 690.006252][T15026] ? do_fast_syscall_32+0x34/0x80 [ 690.006280][T15026] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 690.006318][T15026] __vmalloc_node_range_noprof+0x128/0x1390 [ 690.006372][T15026] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 690.006401][T15026] ? __kasan_kmalloc+0x9d/0xb0 [ 690.006445][T15026] vmalloc_user_noprof+0x74/0x80 [ 690.006466][T15026] ? xskq_create+0xb6/0x170 [ 690.006489][T15026] xskq_create+0xb6/0x170 [ 690.006517][T15026] xsk_init_queue+0xa1/0x100 [ 690.006545][T15026] xsk_setsockopt+0x449/0x840 [ 690.006570][T15026] ? __pfx_xsk_setsockopt+0x10/0x10 [ 690.006591][T15026] ? __lock_acquire+0xad5/0xd80 [ 690.006613][T15026] ? __pfx_aa_sk_perm+0x10/0x10 [ 690.006643][T15026] ? __lock_acquire+0xad5/0xd80 [ 690.006666][T15026] ? aa_sock_opt_perm+0x79/0x120 [ 690.006704][T15026] ? __pfx_xsk_setsockopt+0x10/0x10 [ 690.006726][T15026] do_sock_setsockopt+0x3b1/0x710 [ 690.006769][T15026] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 690.006791][T15026] ? __fget_files+0x2a/0x420 [ 690.006814][T15026] ? __fget_files+0x39d/0x420 [ 690.006832][T15026] ? __fget_files+0x2a/0x420 [ 690.006860][T15026] __ia32_sys_setsockopt+0x1f2/0x280 [ 690.006892][T15026] __do_fast_syscall_32+0xb4/0x110 [ 690.006919][T15026] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 690.006940][T15026] ? lockdep_hardirqs_on+0x9d/0x150 [ 690.006971][T15026] do_fast_syscall_32+0x34/0x80 [ 690.006999][T15026] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 690.007025][T15026] RIP: 0023:0xf747d579 [ 690.007044][T15026] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 690.007062][T15026] RSP: 002b:00000000f510655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 690.007086][T15026] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000011b [ 690.007101][T15026] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000052 [ 690.007115][T15026] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 690.007128][T15026] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 690.007142][T15026] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 690.007171][T15026] [ 690.010025][T15026] Mem-Info: [ 690.377868][T15026] active_anon:6897 inactive_anon:2 isolated_anon:0 [ 690.377868][T15026] active_file:14265 inactive_file:3228 isolated_file:0 [ 690.377868][T15026] unevictable:769 dirty:40 writeback:0 [ 690.377868][T15026] slab_reclaimable:10415 slab_unreclaimable:104896 [ 690.377868][T15026] mapped:32780 shmem:1410 pagetables:1104 [ 690.377868][T15026] sec_pagetables:0 bounce:0 [ 690.377868][T15026] kernel_misc_reclaimable:0 [ 690.377868][T15026] free:1300366 free_pcp:419 free_cma:0 [ 690.477609][T15026] Node 0 active_anon:24308kB inactive_anon:8kB active_file:57024kB inactive_file:12908kB unevictable:1540kB isolated(anon):0kB isolated(file):0kB mapped:131088kB dirty:160kB writeback:0kB shmem:4112kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11652kB pagetables:4432kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 690.575867][T15034] netlink: 'syz.0.2803': attribute type 10 has an invalid length. [ 690.589793][T15034] veth0_vlan: entered allmulticast mode [ 690.596735][T15026] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 690.686228][T15035] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2803'. [ 690.702158][T15034] input: syz1 as /devices/virtual/input/input39 [ 690.724534][T10035] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 690.735012][T15034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2803'. [ 690.756099][T15026] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 690.854050][T15035] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2803'. [ 690.868781][T15026] lowmem_reserve[]: 0 2487 2487 2487 2487 [ 690.919807][T15026] Node 0 DMA32 free:1458264kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:24464kB inactive_anon:8kB active_file:57024kB inactive_file:12816kB unevictable:1540kB writepending:160kB present:3129332kB managed:2547232kB mlocked:4kB bounce:0kB free_pcp:2160kB local_pcp:344kB free_cma:0kB [ 690.962926][T15035] vlan2: entered allmulticast mode [ 690.984106][T15035] bridge_slave_0: entered allmulticast mode [ 691.014037][T15026] lowmem_reserve[]: 0 0 0 0 0 [ 691.024266][T15026] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB [ 691.103994][ C1] net_ratelimit: 21 callbacks suppressed [ 691.104016][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 691.139337][T10035] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 691.157463][T10035] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 691.169907][T15026] lowmem_reserve[]: 0 0 0 0 0 [ 691.180081][T15026] Node 1 Normal free:3904788kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 691.243015][ T5898] usb 5-1: unable to get BOS descriptor or descriptor too short [ 691.255726][T10035] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 691.265202][ T5898] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 691.265244][ T5898] usb 5-1: can't read configurations, error -71 [ 691.290675][T15026] lowmem_reserve[]: 0 0 0 0 0 [ 691.303934][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 691.343356][T10035] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.370117][T15026] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 691.402857][T15028] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 691.416598][T15045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2807'. [ 691.426415][T15026] Node 0 DMA32: 517*4kB (ME) 694*8kB (ME) 690*16kB (ME) 602*32kB (UME) 266*64kB (UME) 113*128kB (UME) 90*256kB (UM) 51*512kB (UME) 41*1024kB (UME) 17*2048kB (UM) 308*4096kB (UM) = 1456932kB [ 691.450677][T10035] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 691.505943][T15026] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 691.558519][T15026] Node 1 Normal: 263*4kB (UM) 81*8kB (UME) 51*16kB (UE) 244*32kB (UE) 99*64kB (UME) 32*128kB (UME) 16*256kB (UME) 6*512kB (UM) 6*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3904788kB [ 691.685097][ T63] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 691.705947][T15053] FAULT_INJECTION: forcing a failure. [ 691.705947][T15053] name failslab, interval 1, probability 0, space 0, times 0 [ 691.745934][T15026] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 691.746390][T15050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2809'. [ 691.765971][T15026] Node 0 hugepages_total=6 hugepages_free=2 hugepages_surp=4 hugepages_size=2048kB [ 691.792404][T15026] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 691.792760][T15053] CPU: 1 UID: 0 PID: 15053 Comm: syz.0.2810 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 691.792791][T15053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 691.792806][T15053] Call Trace: [ 691.792816][T15053] [ 691.792827][T15053] dump_stack_lvl+0x241/0x360 [ 691.792870][T15053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 691.792904][T15053] ? __pfx__printk+0x10/0x10 [ 691.792941][T15053] ? __pfx___might_resched+0x10/0x10 [ 691.792978][T15053] should_fail_ex+0x424/0x570 [ 691.793010][T15053] should_failslab+0xac/0x100 [ 691.793044][T15053] __kmalloc_noprof+0xdf/0x4d0 [ 691.793076][T15053] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 691.793110][T15053] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 691.793146][T15053] genl_rcv_msg+0x819/0xf00 [ 691.793182][T15053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 691.793205][T15053] ? __dev_queue_xmit+0x1780/0x3f60 [ 691.793231][T15053] ? kasan_save_track+0x3f/0x80 [ 691.793254][T15053] ? __kasan_slab_alloc+0x66/0x80 [ 691.793289][T15053] ? __do_fast_syscall_32+0xb4/0x110 [ 691.793340][T15053] ? __lock_acquire+0xad5/0xd80 [ 691.793380][T15053] ? __pfx_ctrl_getfamily+0x10/0x10 [ 691.793423][T15053] netlink_rcv_skb+0x208/0x480 [ 691.793458][T15053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 691.793485][T15053] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 691.793543][T15053] ? netlink_deliver_tap+0x2e/0x1b0 [ 691.793585][T15053] genl_rcv+0x28/0x40 [ 691.793608][T15053] netlink_unicast+0x7f8/0x9a0 [ 691.793648][T15053] ? __pfx_netlink_unicast+0x10/0x10 [ 691.793682][T15053] ? skb_put+0x114/0x1f0 [ 691.793710][T15053] netlink_sendmsg+0x8c3/0xcd0 [ 691.793760][T15053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 691.793805][T15053] ? aa_sock_msg_perm+0x91/0x160 [ 691.793844][T15053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 691.793874][T15053] __sock_sendmsg+0x221/0x270 [ 691.793911][T15053] __sys_sendto+0x365/0x4c0 [ 691.793942][T15053] ? __pfx___sys_sendto+0x10/0x10 [ 691.794012][T15053] __se_compat_sys_socketcall+0xad6/0x1420 [ 691.794040][T15053] ? lock_vma_under_rcu+0x1f0/0x9a0 [ 691.794073][T15053] ? __pfx___se_compat_sys_socketcall+0x10/0x10 [ 691.794103][T15053] ? ksys_write+0x266/0x2d0 [ 691.794141][T15053] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 691.794168][T15053] ? lockdep_hardirqs_on+0x9d/0x150 [ 691.794200][T15053] __do_fast_syscall_32+0xb4/0x110 [ 691.794229][T15053] ? exc_page_fault+0x5f8/0x920 [ 691.794262][T15053] do_fast_syscall_32+0x34/0x80 [ 691.794291][T15053] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 691.794319][T15053] RIP: 0023:0xf73dd579 [ 691.794338][T15053] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 691.794364][T15053] RSP: 002b:00000000f5065430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 691.794389][T15053] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f5065444 [ 691.794405][T15053] RDX: 0000000000000000 RSI: 00000000f5065560 RDI: 00000000f73cdff4 [ 691.794420][T15053] RBP: 00000000f5065560 R08: 0000000000000000 R09: 0000000000000000 [ 691.794435][T15053] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 691.794449][T15053] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 691.794483][T15053] [ 691.870854][ T5892] usb 4-1: USB disconnect, device number 10 [ 692.036658][T15056] fuse: Bad value for 'group_id' [ 692.077033][T15026] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 692.077063][T15026] 18914 total pagecache pages [ 692.077075][T15026] 2 pages in swap cache [ 692.077084][T15026] Free swap = 124988kB [ 692.077096][T15026] Total swap = 124996kB [ 692.077107][T15026] 2097051 pages RAM [ 692.077117][T15026] 0 pages HighMem/MovableOnly [ 692.077127][T15026] 428585 pages reserved [ 692.077136][T15026] 0 pages cma reserved [ 692.291229][T15056] fuse: Bad value for 'group_id' [ 692.653007][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 692.653029][ T30] audit: type=1326 audit(1744635723.652:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15065 comm="syz.4.2815" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 692.820926][T15073] FAULT_INJECTION: forcing a failure. [ 692.820926][T15073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 692.844069][T15073] CPU: 1 UID: 0 PID: 15073 Comm: syz.3.2817 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 692.844101][T15073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 692.844115][T15073] Call Trace: [ 692.844124][T15073] [ 692.844133][T15073] dump_stack_lvl+0x241/0x360 [ 692.844173][T15073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 692.844204][T15073] ? __pfx__printk+0x10/0x10 [ 692.844253][T15073] should_fail_ex+0x424/0x570 [ 692.844282][T15073] _copy_to_user+0x31/0xb0 [ 692.844315][T15073] simple_read_from_buffer+0xc4/0x170 [ 692.844352][T15073] proc_fail_nth_read+0x1ef/0x260 [ 692.844377][T15073] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 692.844403][T15073] ? rw_verify_area+0x246/0x630 [ 692.844425][T15073] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 692.844448][T15073] vfs_read+0x21f/0xb90 [ 692.844478][T15073] ? __pfx___mutex_lock+0x10/0x10 [ 692.844506][T15073] ? __pfx_vfs_read+0x10/0x10 [ 692.844534][T15073] ? __fget_files+0x2a/0x420 [ 692.844555][T15073] ? __fget_files+0x39d/0x420 [ 692.844573][T15073] ? __fget_files+0x2a/0x420 [ 692.844602][T15073] ksys_read+0x19d/0x2d0 [ 692.844629][T15073] ? __pfx_ksys_read+0x10/0x10 [ 692.844656][T15073] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 692.844682][T15073] ? lockdep_hardirqs_on+0x9d/0x150 [ 692.844711][T15073] __do_fast_syscall_32+0xb4/0x110 [ 692.844737][T15073] ? exc_page_fault+0x5f8/0x920 [ 692.844767][T15073] do_fast_syscall_32+0x34/0x80 [ 692.844794][T15073] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 692.844818][T15073] RIP: 0023:0xf747d579 [ 692.844836][T15073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 692.844853][T15073] RSP: 002b:00000000f5106590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 692.844875][T15073] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5106620 [ 692.844889][T15073] RDX: 000000000000000f RSI: 00000000f746dff4 RDI: 0000000000000000 [ 692.844902][T15073] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 692.844914][T15073] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 692.844927][T15073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 692.844957][T15073] [ 692.874087][ T9] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 693.118828][T15078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2819'. [ 693.255945][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 693.278290][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 693.290343][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 693.300967][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.309942][ T9] usb 3-1: Product: syz [ 693.333989][ T9] usb 3-1: Manufacturer: syz [ 693.345988][ T9] usb 3-1: SerialNumber: syz [ 693.510686][T15092] input: syz0 as /devices/virtual/input/input40 [ 693.601541][ T9] usb 3-1: 0:2 : does not exist [ 693.637205][ T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 693.712063][ T9] usb 3-1: USB disconnect, device number 13 [ 693.935596][ T9340] udevd[9340]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 694.007698][T15108] FAULT_INJECTION: forcing a failure. [ 694.007698][T15108] name failslab, interval 1, probability 0, space 0, times 0 [ 694.023011][T15108] CPU: 1 UID: 0 PID: 15108 Comm: syz.3.2829 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 694.023033][T15108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 694.023042][T15108] Call Trace: [ 694.023050][T15108] [ 694.023057][T15108] dump_stack_lvl+0x241/0x360 [ 694.023086][T15108] ? __pfx_dump_stack_lvl+0x10/0x10 [ 694.023108][T15108] ? __pfx__printk+0x10/0x10 [ 694.023133][T15108] ? __pfx___might_resched+0x10/0x10 [ 694.023156][T15108] should_fail_ex+0x424/0x570 [ 694.023176][T15108] should_failslab+0xac/0x100 [ 694.023199][T15108] __kmalloc_cache_noprof+0x73/0x370 [ 694.023220][T15108] ? rtnl_newlink+0x144/0x1fe0 [ 694.023246][T15108] rtnl_newlink+0x144/0x1fe0 [ 694.023266][T15108] ? stack_depot_save_flags+0x44/0x940 [ 694.023288][T15108] ? kasan_save_track+0x51/0x80 [ 694.023304][T15108] ? kasan_save_track+0x3f/0x80 [ 694.023319][T15108] ? kasan_save_free_info+0x40/0x50 [ 694.023332][T15108] ? __kasan_slab_free+0x59/0x70 [ 694.023350][T15108] ? __pfx_rtnl_newlink+0x10/0x10 [ 694.023369][T15108] ? __netlink_deliver_tap+0x561/0x7f0 [ 694.023391][T15108] ? netlink_deliver_tap+0x19d/0x1b0 [ 694.023411][T15108] ? netlink_unicast+0x7c6/0x9a0 [ 694.023428][T15108] ? netlink_sendmsg+0x8c3/0xcd0 [ 694.023448][T15108] ? __sock_sendmsg+0x221/0x270 [ 694.023467][T15108] ? ____sys_sendmsg+0x523/0x860 [ 694.023481][T15108] ? __sys_sendmsg+0x271/0x360 [ 694.023495][T15108] ? __do_fast_syscall_32+0xb4/0x110 [ 694.023514][T15108] ? do_fast_syscall_32+0x34/0x80 [ 694.023532][T15108] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 694.023576][T15108] ? kasan_quarantine_put+0xdc/0x230 [ 694.023591][T15108] ? lockdep_hardirqs_on+0x9d/0x150 [ 694.023612][T15108] ? nlmon_xmit+0xaf/0x100 [ 694.023640][T15108] ? __local_bh_enable_ip+0x168/0x200 [ 694.023654][T15108] ? lockdep_hardirqs_on+0x9d/0x150 [ 694.023678][T15108] ? aa_get_newest_label+0x101/0x6f0 [ 694.023704][T15108] ? __lock_acquire+0xad5/0xd80 [ 694.023735][T15108] ? __pfx_rtnl_newlink+0x10/0x10 [ 694.023758][T15108] rtnetlink_rcv_msg+0x80f/0xd70 [ 694.023786][T15108] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 694.023821][T15108] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 694.023857][T15108] ? ref_tracker_free+0x63e/0x7e0 [ 694.023887][T15108] netlink_rcv_skb+0x208/0x480 [ 694.023929][T15108] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 694.023961][T15108] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 694.024008][T15108] ? netlink_deliver_tap+0x2e/0x1b0 [ 694.024041][T15108] ? netlink_deliver_tap+0x2e/0x1b0 [ 694.024075][T15108] netlink_unicast+0x7f8/0x9a0 [ 694.024112][T15108] ? __pfx_netlink_unicast+0x10/0x10 [ 694.024142][T15108] ? skb_put+0x114/0x1f0 [ 694.024169][T15108] netlink_sendmsg+0x8c3/0xcd0 [ 694.024214][T15108] ? __pfx_netlink_sendmsg+0x10/0x10 [ 694.024249][T15108] ? __import_iovec+0x585/0x830 [ 694.024277][T15108] ? aa_sock_msg_perm+0x91/0x160 [ 694.024312][T15108] ? __pfx_netlink_sendmsg+0x10/0x10 [ 694.024341][T15108] __sock_sendmsg+0x221/0x270 [ 694.024373][T15108] ____sys_sendmsg+0x523/0x860 [ 694.024406][T15108] ? __pfx_____sys_sendmsg+0x10/0x10 [ 694.024446][T15108] __sys_sendmsg+0x271/0x360 [ 694.024476][T15108] ? __pfx___sys_sendmsg+0x10/0x10 [ 694.024554][T15108] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 694.024581][T15108] ? lockdep_hardirqs_on+0x9d/0x150 [ 694.024609][T15108] __do_fast_syscall_32+0xb4/0x110 [ 694.024636][T15108] ? exc_page_fault+0x5f8/0x920 [ 694.024666][T15108] do_fast_syscall_32+0x34/0x80 [ 694.024694][T15108] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 694.024719][T15108] RIP: 0023:0xf747d579 [ 694.024738][T15108] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 694.024756][T15108] RSP: 002b:00000000f510655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 694.024779][T15108] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000280 [ 694.024793][T15108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 694.024806][T15108] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 694.024818][T15108] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 694.024831][T15108] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 694.024861][T15108] [ 694.524134][ T5898] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 694.669470][T15113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2831'. [ 694.680860][ T5898] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 694.694236][ T5898] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 694.705631][ T5898] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 694.714822][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.727256][T15102] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 694.736408][ T9] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 694.748013][ T5898] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 694.850709][T15117] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2832'. [ 694.909418][ T9] usb 2-1: config 0 has no interfaces? [ 694.920878][ T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 694.930430][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 694.953178][ T5889] usb 5-1: USB disconnect, device number 5 [ 694.971051][ T9] usb 2-1: Product: syz [ 694.998679][ T9] usb 2-1: Manufacturer: syz [ 695.003355][ T9] usb 2-1: SerialNumber: syz [ 695.043979][T10035] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 695.059811][ T9] usb 2-1: config 0 descriptor?? [ 695.196840][T10035] usb 3-1: config 0 interface 0 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 695.208865][T10035] usb 3-1: config 0 interface 0 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 695.220432][T10035] usb 3-1: config 0 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 695.233988][T10035] usb 3-1: config 0 interface 0 has no altsetting 0 [ 695.240837][T10035] usb 3-1: New USB device found, idVendor=0457, idProduct=0a00, bcdDevice= 0.00 [ 695.254584][T10035] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 695.271346][T10035] usb 3-1: config 0 descriptor?? [ 695.284917][T15106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 695.293942][T15106] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 695.505000][ T5889] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 695.657870][ T5889] usb 4-1: device descriptor read/64, error -71 [ 695.684648][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 695.723600][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.732128][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.739993][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.748663][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.756673][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.764702][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.772456][T10035] hid-multitouch 0003:0457:0A00.0023: unknown main item tag 0x0 [ 695.785719][T10035] hid-multitouch 0003:0457:0A00.0023: hidraw0: USB HID v0.00 Device [HID 0457:0a00] on usb-dummy_hcd.2-1/input0 [ 695.904552][ T5889] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 695.934996][T15115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 695.948968][T15115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 695.960274][ T5898] usb 3-1: USB disconnect, device number 14 [ 696.034009][ T5889] usb 4-1: device descriptor read/64, error -71 [ 696.145627][ T5889] usb usb4-port1: attempt power cycle [ 696.504319][ T5889] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 696.545363][ T5889] usb 4-1: device descriptor read/8, error -71 [ 696.703282][T15133] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2839'. [ 696.793974][ T5889] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 696.814926][T10035] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 696.836200][ T5889] usb 4-1: device descriptor read/8, error -71 [ 696.863073][ T9] usb 2-1: USB disconnect, device number 115 [ 696.954265][ T5889] usb usb4-port1: unable to enumerate USB device [ 696.973244][T10035] usb 3-1: Using ep0 maxpacket: 32 [ 696.985179][T10035] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 696.998507][T10035] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.014539][T10035] usb 3-1: config 0 descriptor?? [ 697.027655][T10035] gspca_main: sunplus-2.14.0 probing 041e:400b [ 697.197211][T15143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2844'. [ 697.467598][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 697.644835][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 697.652099][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 697.663332][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 697.673170][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 697.687236][ T9] usb 5-1: New USB device found, idVendor=18d1, idProduct=503c, bcdDevice= 0.00 [ 697.696432][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 697.708164][ T9] usb 5-1: config 0 descriptor?? [ 698.151128][ T9] hid-generic 0003:18D1:503C.0024: unbalanced collection at end of report description [ 698.170784][ T9] hid-generic 0003:18D1:503C.0024: probe with driver hid-generic failed with error -22 [ 698.242579][T15131] netlink: zone id is out of range [ 698.256308][T15131] netlink: zone id is out of range [ 698.275824][T15131] netlink: zone id is out of range [ 698.298430][T15131] netlink: zone id is out of range [ 698.303728][T15131] netlink: zone id is out of range [ 698.322950][T15131] netlink: zone id is out of range [ 698.342557][T15131] netlink: zone id is out of range [ 698.368044][T15131] netlink: zone id is out of range [ 698.373220][T15131] netlink: zone id is out of range [ 698.399710][T15131] netlink: zone id is out of range [ 698.492984][T10035] gspca_sunplus: reg_w_riv err -71 [ 698.501442][T10035] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 698.530527][T10035] usb 3-1: USB disconnect, device number 15 [ 698.704046][ T9] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 698.744834][T15163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 698.753753][T15163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 698.876659][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 698.890616][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 698.902167][ T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 698.913228][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 698.922439][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.934640][T15161] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 698.950578][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 699.161919][ T5888] usb 2-1: USB disconnect, device number 116 [ 699.374171][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 699.493960][ T5898] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 699.526691][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 699.538397][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 699.550651][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 699.561339][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 699.574667][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 699.583724][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.595556][ T9] usb 4-1: config 0 descriptor?? [ 699.649202][ T5898] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 699.657578][ T5898] usb 3-1: config 0 has no interface number 0 [ 699.664148][ T5898] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 699.679129][ T5898] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 699.696110][ T5898] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 699.705383][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.717045][ T5898] usb 3-1: config 0 descriptor?? [ 700.008175][ T9] plantronics 0003:047F:FFFF.0025: ignoring exceeding usage max [ 700.019413][ T9] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving [ 700.034280][ T9] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 700.128613][ T5898] hid (null): global environment stack underflow [ 700.138211][ T5898] uclogic 0003:5543:0522.0026: global environment stack underflow [ 700.146236][ T5898] uclogic 0003:5543:0522.0026: item 0 1 1 11 parsing failed [ 700.154200][ T5898] uclogic 0003:5543:0522.0026: parse failed [ 700.160241][ T5898] uclogic 0003:5543:0522.0026: probe with driver uclogic failed with error -22 [ 700.210004][ T9] usb 5-1: USB disconnect, device number 6 [ 700.328989][ T5898] usb 3-1: USB disconnect, device number 16 [ 701.131546][T15184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2858'. [ 701.146280][T15184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2858'. [ 701.226106][T15188] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2859'. [ 701.604964][T15200] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2861'. [ 701.831661][ T5898] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 702.048173][ T5898] usb 2-1: Using ep0 maxpacket: 32 [ 702.063491][ T5898] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 702.075177][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 702.108071][ T5898] usb 2-1: config 0 descriptor?? [ 702.130279][ T5898] gspca_main: sunplus-2.14.0 probing 041e:400b [ 702.175393][T10035] usb 4-1: USB disconnect, device number 15 [ 702.237250][T15212] FAULT_INJECTION: forcing a failure. [ 702.237250][T15212] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 702.312484][T15212] CPU: 0 UID: 0 PID: 15212 Comm: syz.4.2867 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 702.312517][T15212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 702.312541][T15212] Call Trace: [ 702.312550][T15212] [ 702.312560][T15212] dump_stack_lvl+0x241/0x360 [ 702.312601][T15212] ? __pfx_dump_stack_lvl+0x10/0x10 [ 702.312634][T15212] ? __pfx__printk+0x10/0x10 [ 702.312677][T15212] should_fail_ex+0x424/0x570 [ 702.312707][T15212] _copy_to_user+0x31/0xb0 [ 702.312742][T15212] simple_read_from_buffer+0xc4/0x170 [ 702.312780][T15212] proc_fail_nth_read+0x1ef/0x260 [ 702.312806][T15212] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 702.312834][T15212] ? rw_verify_area+0x246/0x630 [ 702.312858][T15212] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 702.312883][T15212] vfs_read+0x21f/0xb90 [ 702.312915][T15212] ? __pfx___mutex_lock+0x10/0x10 [ 702.312945][T15212] ? __pfx_vfs_read+0x10/0x10 [ 702.312974][T15212] ? __fget_files+0x2a/0x420 [ 702.312997][T15212] ? __fget_files+0x39d/0x420 [ 702.313014][T15212] ? __fget_files+0x2a/0x420 [ 702.313044][T15212] ksys_read+0x19d/0x2d0 [ 702.313071][T15212] ? __pfx_ksys_read+0x10/0x10 [ 702.313100][T15212] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 702.313128][T15212] ? lockdep_hardirqs_on+0x9d/0x150 [ 702.313159][T15212] __do_fast_syscall_32+0xb4/0x110 [ 702.313187][T15212] ? exc_page_fault+0x5f8/0x920 [ 702.313218][T15212] do_fast_syscall_32+0x34/0x80 [ 702.313248][T15212] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 702.313274][T15212] RIP: 0023:0xf740d579 [ 702.313293][T15212] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 702.313312][T15212] RSP: 002b:00000000f5075590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 702.313335][T15212] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5075620 [ 702.313350][T15212] RDX: 000000000000000f RSI: 00000000f73fdff4 RDI: 0000000000000000 [ 702.313363][T15212] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 702.313376][T15212] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 702.313389][T15212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 702.313422][T15212] [ 703.239110][T15225] warn_alloc: 2 callbacks suppressed [ 703.239134][T15225] syz.4.2872: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 703.263494][T15225] CPU: 0 UID: 0 PID: 15225 Comm: syz.4.2872 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 703.263526][T15225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 703.263540][T15225] Call Trace: [ 703.263549][T15225] [ 703.263559][T15225] dump_stack_lvl+0x241/0x360 [ 703.263600][T15225] ? __pfx_dump_stack_lvl+0x10/0x10 [ 703.263633][T15225] ? __pfx__printk+0x10/0x10 [ 703.263673][T15225] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 703.263708][T15225] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 703.263739][T15225] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 703.263793][T15225] warn_alloc+0x27c/0x410 [ 703.263814][T15225] ? is_mmconf_reserved+0x3a1/0x3f0 [ 703.263844][T15225] ? __vmalloc_node_range_noprof+0x108/0x1390 [ 703.263867][T15225] ? __pfx_warn_alloc+0x10/0x10 [ 703.263891][T15225] ? kasan_save_track+0x3f/0x80 [ 703.263913][T15225] ? __kasan_kmalloc+0x9d/0xb0 [ 703.263940][T15225] ? xsk_setsockopt+0x449/0x840 [ 703.263960][T15225] ? do_sock_setsockopt+0x3b1/0x710 [ 703.263982][T15225] ? __ia32_sys_setsockopt+0x1f2/0x280 [ 703.264003][T15225] ? __do_fast_syscall_32+0xb4/0x110 [ 703.264031][T15225] ? do_fast_syscall_32+0x34/0x80 [ 703.264058][T15225] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 703.264097][T15225] __vmalloc_node_range_noprof+0x128/0x1390 [ 703.264153][T15225] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 703.264180][T15225] ? __kasan_kmalloc+0x9d/0xb0 [ 703.264212][T15225] vmalloc_user_noprof+0x74/0x80 [ 703.264252][T15225] ? xskq_create+0xb6/0x170 [ 703.264276][T15225] xskq_create+0xb6/0x170 [ 703.264303][T15225] xsk_init_queue+0xa1/0x100 [ 703.264329][T15225] xsk_setsockopt+0x449/0x840 [ 703.264356][T15225] ? __pfx_xsk_setsockopt+0x10/0x10 [ 703.264377][T15225] ? __lock_acquire+0xad5/0xd80 [ 703.264401][T15225] ? __pfx_aa_sk_perm+0x10/0x10 [ 703.264430][T15225] ? __lock_acquire+0xad5/0xd80 [ 703.264452][T15225] ? aa_sock_opt_perm+0x79/0x120 [ 703.264488][T15225] ? __pfx_xsk_setsockopt+0x10/0x10 [ 703.264510][T15225] do_sock_setsockopt+0x3b1/0x710 [ 703.264540][T15225] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 703.264562][T15225] ? __fget_files+0x2a/0x420 [ 703.264583][T15225] ? __fget_files+0x39d/0x420 [ 703.264601][T15225] ? __fget_files+0x2a/0x420 [ 703.264630][T15225] __ia32_sys_setsockopt+0x1f2/0x280 [ 703.264661][T15225] __do_fast_syscall_32+0xb4/0x110 [ 703.264688][T15225] ? ret_from_fork_asm+0x1a/0x30 [ 703.264708][T15225] ? lockdep_hardirqs_on+0x9d/0x150 [ 703.264739][T15225] do_fast_syscall_32+0x34/0x80 [ 703.264768][T15225] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 703.264795][T15225] RIP: 0023:0xf740d579 [ 703.264814][T15225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 703.264833][T15225] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 703.264856][T15225] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000011b [ 703.264870][T15225] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000052 [ 703.264884][T15225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 703.264896][T15225] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 703.264910][T15225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 703.264941][T15225] [ 703.343940][T15195] net_ratelimit: 21 callbacks suppressed [ 703.343964][T15195] netlink: zone id is out of range [ 703.357576][T15225] Mem-Info: [ 703.454977][T15195] netlink: zone id is out of range [ 703.457721][T10035] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 703.524024][T15225] active_anon:5673 inactive_anon:2 isolated_anon:0 [ 703.524024][T15225] active_file:14265 inactive_file:3232 isolated_file:0 [ 703.524024][T15225] unevictable:768 dirty:117 writeback:0 [ 703.524024][T15225] slab_reclaimable:10325 slab_unreclaimable:104561 [ 703.524024][T15225] mapped:31399 shmem:1453 pagetables:1123 [ 703.524024][T15225] sec_pagetables:0 bounce:0 [ 703.524024][T15225] kernel_misc_reclaimable:0 [ 703.524024][T15225] free:1342787 free_pcp:3022 free_cma:0 [ 703.532644][T15195] netlink: zone id is out of range [ 703.564366][T15225] Node 0 active_anon:22692kB inactive_anon:8kB active_file:57024kB inactive_file:12924kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:125572kB dirty:468kB writeback:0kB shmem:4276kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11544kB pagetables:4492kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 703.585493][T15195] netlink: zone id is out of range [ 703.644088][ T5898] gspca_sunplus: reg_w_riv err -110 [ 703.673768][T15225] Node 1 active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 703.717945][ T5898] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 703.753591][T15195] netlink: zone id is out of range [ 703.753610][T15195] netlink: zone id is out of range [ 703.753621][T15195] netlink: zone id is out of range [ 703.753631][T15195] netlink: zone id is out of range [ 703.753641][T15195] netlink: zone id is out of range [ 703.753651][T15195] netlink: zone id is out of range [ 703.785331][T15225] Node 0 [ 703.840072][T10035] usb 4-1: no configurations [ 703.840099][T10035] usb 4-1: can't read configurations, error -22 [ 703.852496][T15235] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 703.881498][T15225] DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 703.881556][T15225] lowmem_reserve[]: 0 2487 2487 2487 2487 [ 703.881606][T15225] Node 0 DMA32 free:1452136kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:22784kB inactive_anon:8kB active_file:57024kB inactive_file:12832kB unevictable:1536kB writepending:468kB present:3129332kB managed:2547232kB mlocked:0kB bounce:0kB free_pcp:11788kB local_pcp:536kB free_cma:0kB [ 703.881679][T15225] lowmem_reserve[]: 0 0 0 0 0 [ 703.881729][T15225] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB [ 703.881787][T15225] lowmem_reserve[]: 0 0 0 0 0 [ 703.881838][T15225] Node 1 Normal free:3904788kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:36kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 703.881900][T15225] lowmem_reserve[]: 0 0 0 0 0 [ 703.882556][T15225] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 703.882684][T15225] Node 0 DMA32: 1353*4kB (UM) 360*8kB (UME) 783*16kB (UME) 551*32kB (UME) 253*64kB (ME) 85*128kB (UME) 90*256kB (UM) 51*512kB (UME) 40*1024kB (UME) 17*2048kB (UM) 308*4096kB (UM) = 1452020kB [ 703.882853][T15225] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 703.882955][T15225] Node 1 Normal: 263*4kB (UM) 81*8kB (UME) 51*16kB (UE) 244*32kB (UE) 99*64kB (UME) 32*128kB (UME) 16*256kB (UME) 6*512kB (UM) 6*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3904788kB [ 703.883123][T15225] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 703.883139][T15225] Node 0 hugepages_total=6 hugepages_free=2 hugepages_surp=4 hugepages_size=2048kB [ 703.883155][T15225] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 703.883173][T15225] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 703.883191][T15225] 18952 total pagecache pages [ 703.883201][T15225] 2 pages in swap cache [ 703.883210][T15225] Free swap = 124988kB [ 703.883221][T15225] Total swap = 124996kB [ 703.883231][T15225] 2097051 pages RAM [ 703.883240][T15225] 0 pages HighMem/MovableOnly [ 703.883250][T15225] 428585 pages reserved [ 703.883259][T15225] 0 pages cma reserved [ 703.985990][T10035] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 704.065922][ T5889] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 704.225433][T10035] usb 4-1: no configurations [ 704.230083][T10035] usb 4-1: can't read configurations, error -22 [ 704.246993][ T9] usb 2-1: USB disconnect, device number 117 [ 704.283866][T10035] usb usb4-port1: attempt power cycle [ 704.376741][ T5889] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 704.393840][ T5889] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 704.423838][ T5889] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 704.434700][ T5889] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 704.443755][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.456878][T15232] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 704.468264][ T5889] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 704.624750][T10035] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 704.666319][T10035] usb 4-1: no configurations [ 704.671047][T10035] usb 4-1: can't read configurations, error -22 [ 704.730402][ T5889] usb 5-1: USB disconnect, device number 7 [ 704.815149][T10035] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 704.846034][T10035] usb 4-1: no configurations [ 704.850725][T10035] usb 4-1: can't read configurations, error -22 [ 704.864688][T10035] usb usb4-port1: unable to enumerate USB device [ 706.660592][T15272] kvm: kvm [15271]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x40000004) = 0x0 [ 707.120348][T15283] FAULT_INJECTION: forcing a failure. [ 707.120348][T15283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 707.149762][T15283] CPU: 1 UID: 0 PID: 15283 Comm: syz.0.2892 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 707.149795][T15283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 707.149809][T15283] Call Trace: [ 707.149818][T15283] [ 707.149828][T15283] dump_stack_lvl+0x241/0x360 [ 707.149868][T15283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 707.149899][T15283] ? __pfx__printk+0x10/0x10 [ 707.149944][T15283] should_fail_ex+0x424/0x570 [ 707.149973][T15283] _copy_from_user+0x2d/0xb0 [ 707.150013][T15283] video_usercopy+0x3bf/0x1330 [ 707.150045][T15283] ? __pfx___video_do_ioctl+0x10/0x10 [ 707.150067][T15283] ? __pfx_video_usercopy+0x10/0x10 [ 707.150107][T15283] ? __fget_files+0x2a/0x420 [ 707.150132][T15283] v4l2_ioctl+0x189/0x1e0 [ 707.150169][T15283] v4l2_compat_ioctl32+0x1d7/0x260 [ 707.150206][T15283] __se_compat_sys_ioctl+0x50e/0xc30 [ 707.150237][T15283] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 707.150265][T15283] ? __fget_files+0x2a/0x420 [ 707.150291][T15283] ? fput+0x9b/0xd0 [ 707.150309][T15283] ? ksys_write+0x275/0x2d0 [ 707.150343][T15283] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 707.150369][T15283] ? lockdep_hardirqs_on+0x9d/0x150 [ 707.150398][T15283] __do_fast_syscall_32+0xb4/0x110 [ 707.150425][T15283] ? exc_page_fault+0x5f8/0x920 [ 707.150456][T15283] do_fast_syscall_32+0x34/0x80 [ 707.150484][T15283] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 707.150509][T15283] RIP: 0023:0xf73dd579 [ 707.150528][T15283] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 707.150546][T15283] RSP: 002b:00000000f506655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 707.150568][T15283] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0405602 [ 707.150583][T15283] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 707.150596][T15283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 707.150607][T15283] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 707.150620][T15283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 707.150649][T15283] [ 707.365025][ C1] vkms_vblank_simulate: vblank timer overrun [ 707.916048][T15308] kvm: kvm [15307]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x40000004) = 0x0 [ 707.934333][ T5888] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 708.094522][T10035] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 708.135968][ T5888] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 708.158303][ T5888] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 60463, setting to 1024 [ 708.253679][ T5888] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 708.259990][T15312] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2898'. [ 708.281878][ T5888] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 708.294056][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.303990][T10035] usb 2-1: Using ep0 maxpacket: 32 [ 708.309668][T15300] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 708.328894][ T5888] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 708.347552][T10035] usb 2-1: unable to get BOS descriptor or descriptor too short [ 708.363118][T10035] usb 2-1: config 7 has an invalid interface number: 187 but max is 0 [ 708.388079][T10035] usb 2-1: config 7 has no interface number 0 [ 708.428684][T10035] usb 2-1: config 7 interface 187 altsetting 6 bulk endpoint 0x4 has invalid maxpacket 947 [ 708.451128][T10035] usb 2-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16 [ 708.483660][T10035] usb 2-1: config 7 interface 187 has no altsetting 0 [ 708.507903][T10035] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 708.519827][T10035] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.536307][T10035] usb 2-1: Product: syz [ 708.547621][T10035] usb 2-1: Manufacturer: syz [ 708.558546][ T5889] usb 5-1: USB disconnect, device number 8 [ 708.581800][T10035] usb 2-1: SerialNumber: syz [ 708.677632][T15304] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 708.693660][T15304] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 708.974655][T10035] usb 2-1: Limiting number of CPorts to U8_MAX [ 709.015908][T10035] usb 2-1: Unknown endpoint type found, address 0x07 [ 709.062550][T10035] usb 2-1: Unused bulk OUT endpoint found: 0x03 [ 709.091541][T10035] usb 2-1: Not enough endpoints found in device, aborting! [ 709.250588][ T5898] usb 2-1: USB disconnect, device number 118 [ 709.378612][ T5852] syz-executor (5852) used greatest stack depth: 18872 bytes left [ 709.470100][T14318] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.488601][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 709.499125][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 709.510509][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 709.522040][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 709.531856][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 709.635582][T15322] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2904'. [ 709.637626][T14318] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.723236][T14318] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.755476][T15326] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2906'. [ 709.828162][T14318] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.054988][T15334] netlink: 'syz.1.2908': attribute type 10 has an invalid length. [ 710.073471][T15334] lo: entered promiscuous mode [ 710.082574][T15334] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 710.362386][T14318] bridge0: port 1(batadv0) entered disabled state [ 711.185011][T14318] bond0 (unregistering): Released all slaves [ 711.229443][T15345] bond0: (slave netdevsim0): Error: Device is in use and cannot be enslaved [ 711.264201][ T5888] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 711.383058][T14318] tipc: Disabling bearer [ 711.384727][T15349] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2914'. [ 711.411265][T14318] tipc: Left network mode [ 711.454124][ T5888] usb 3-1: Using ep0 maxpacket: 32 [ 711.461796][T15320] chnl_net:caif_netlink_parms(): no params data found [ 711.500257][ T5888] usb 3-1: unable to get BOS descriptor or descriptor too short [ 711.531334][ T5888] usb 3-1: config 129 has an invalid interface number: 249 but max is 0 [ 711.552088][ T5888] usb 3-1: config 129 has an invalid descriptor of length 244, skipping remainder of the config [ 711.563437][ T5888] usb 3-1: config 129 has no interface number 0 [ 711.570253][ T5888] usb 3-1: config 129 interface 249 altsetting 247 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 711.587406][ T5888] usb 3-1: config 129 interface 249 has no altsetting 0 [ 711.600110][T14318] IPVS: stopping master sync thread 8843 ... [ 711.604312][ T5846] Bluetooth: hci2: command tx timeout [ 711.648422][ T5888] usb 3-1: New USB device found, idVendor=0424, idProduct=9908, bcdDevice=2e.38 [ 711.667951][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 711.685302][ T5888] usb 3-1: Product: syz [ 711.690898][ T5888] usb 3-1: Manufacturer: syz [ 711.698112][ T5888] usb 3-1: SerialNumber: syz [ 711.919339][T15345] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2912'. [ 711.974190][T15345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2912'. [ 712.257817][T15320] bridge0: port 1(bridge_slave_0) entered blocking state [ 712.283213][T15320] bridge0: port 1(bridge_slave_0) entered disabled state [ 712.317072][T15320] bridge_slave_0: entered allmulticast mode [ 712.344141][T15320] bridge_slave_0: entered promiscuous mode [ 712.374007][ T5889] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 712.447181][T15320] bridge0: port 2(bridge_slave_1) entered blocking state [ 712.483101][T15320] bridge0: port 2(bridge_slave_1) entered disabled state [ 712.500907][T15320] bridge_slave_1: entered allmulticast mode [ 712.521136][T15320] bridge_slave_1: entered promiscuous mode [ 712.543971][ T5889] usb 2-1: Using ep0 maxpacket: 16 [ 712.593025][ T5889] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 712.632725][ T5889] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 712.689903][ T5889] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 712.713925][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 712.770487][ T5889] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 712.839156][ T5889] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 712.857536][T15320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.887685][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.905820][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 712.929668][ T5889] usb 2-1: Product: syz [ 712.937190][ T5889] usb 2-1: Manufacturer: syz [ 712.941971][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 712.946144][T15320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.962586][ T5889] usb 2-1: SerialNumber: syz [ 712.968392][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 712.981359][ T9] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 712.991785][ T9] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 713.024319][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 713.060627][T14318] hsr_slave_0: left promiscuous mode [ 713.066962][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.089137][T14318] hsr_slave_1: left promiscuous mode [ 713.094920][ T9] usb 5-1: Product: syz [ 713.105089][ T9] usb 5-1: Manufacturer: syz [ 713.144784][ T9] usb 5-1: SerialNumber: syz [ 713.189786][T14318] [ 713.192175][T14318] ============================================ [ 713.198334][T14318] WARNING: possible recursive locking detected [ 713.204505][T14318] 6.15.0-rc2-syzkaller #0 Not tainted [ 713.209902][T14318] -------------------------------------------- [ 713.216066][T14318] kworker/u8:0/14318 is trying to acquire lock: [ 713.222312][T14318] ffff88807f85cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_allmulti+0x11c/0x270 [ 713.232448][T14318] [ 713.232448][T14318] but task is already holding lock: [ 713.239837][T14318] ffff88807f85cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 713.251453][T14318] and the lock comparison function returns 0: [ 713.257533][T14318] [ 713.257533][T14318] other info that might help us debug this: [ 713.265614][T14318] Possible unsafe locking scenario: [ 713.265614][T14318] [ 713.273111][T14318] CPU0 [ 713.276402][T14318] ---- [ 713.279690][T14318] lock(&dev_instance_lock_key#3); [ 713.284932][T14318] lock(&dev_instance_lock_key#3); [ 713.290163][T14318] [ 713.290163][T14318] *** DEADLOCK *** [ 713.290163][T14318] [ 713.298307][T14318] May be due to missing lock nesting notation [ 713.298307][T14318] [ 713.306629][T14318] 5 locks held by kworker/u8:0/14318: [ 713.311998][T14318] #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 713.322900][T14318] #1: ffffc9001ad9fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 713.333440][T14318] #2: ffffffff900f0910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 [ 713.342860][T14318] #3: ffffffff900fd448 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880 [ 713.352894][T14318] #4: ffff88807f85cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 713.364942][T14318] [ 713.364942][T14318] stack backtrace: [ 713.370837][T14318] CPU: 0 UID: 0 PID: 14318 Comm: kworker/u8:0 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 713.370857][T14318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 713.370871][T14318] Workqueue: netns cleanup_net [ 713.370902][T14318] Call Trace: [ 713.370909][T14318] [ 713.370916][T14318] dump_stack_lvl+0x241/0x360 [ 713.370944][T14318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 713.370968][T14318] ? __pfx__printk+0x10/0x10 [ 713.370991][T14318] ? print_lock+0x171/0x1a0 [ 713.371013][T14318] print_deadlock_bug+0x2be/0x2d0 [ 713.371036][T14318] validate_chain+0x928/0x24e0 [ 713.371060][T14318] ? do_raw_spin_lock+0x151/0x370 [ 713.371090][T14318] __lock_acquire+0xad5/0xd80 [ 713.371111][T14318] lock_acquire+0x116/0x2f0 [ 713.371128][T14318] ? dev_set_allmulti+0x11c/0x270 [ 713.371148][T14318] __mutex_lock+0x1a5/0x10c0 [ 713.371169][T14318] ? dev_set_allmulti+0x11c/0x270 [ 713.371189][T14318] ? dev_set_allmulti+0x11c/0x270 [ 713.371204][T14318] ? __pfx___mutex_lock+0x10/0x10 [ 713.371228][T14318] ? lockdep_hardirqs_on+0x9d/0x150 [ 713.371249][T14318] ? __local_bh_enable_ip+0x168/0x200 [ 713.371267][T14318] ? macvlan_stop+0x129/0x420 [ 713.371288][T14318] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 713.371307][T14318] dev_set_allmulti+0x11c/0x270 [ 713.371324][T14318] macvlan_stop+0x20f/0x420 [ 713.371344][T14318] ? __pfx_macvlan_stop+0x10/0x10 [ 713.371364][T14318] __dev_close_many+0x3d7/0x760 [ 713.371390][T14318] ? __pfx___dev_close_many+0x10/0x10 [ 713.371418][T14318] dev_close_many+0x250/0x4c0 [ 713.371444][T14318] ? __pfx_dev_close_many+0x10/0x10 [ 713.371470][T14318] unregister_netdevice_many_notify+0x628/0x2510 [ 713.371496][T14318] ? lockdep_hardirqs_on+0x9d/0x150 [ 713.371516][T14318] ? __local_bh_enable_ip+0x168/0x200 [ 713.371533][T14318] ? batadv_tt_local_remove+0x119/0x230 [ 713.371551][T14318] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 713.371573][T14318] ? batadv_tt_local_remove+0x119/0x230 [ 713.371590][T14318] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 713.371617][T14318] ? unregister_netdevice_queue+0x2c4/0x400 [ 713.371639][T14318] ? batadv_meshif_destroy_netlink+0x1e6/0x270 [ 713.371665][T14318] default_device_exit_batch+0x7ff/0x880 [ 713.371692][T14318] ? irqentry_exit+0x63/0x90 [ 713.371711][T14318] ? lockdep_hardirqs_on+0x9d/0x150 [ 713.371732][T14318] ? __pfx_default_device_exit_batch+0x10/0x10 [ 713.371759][T14318] ? __pfx_default_device_exit_batch+0x10/0x10 [ 713.371784][T14318] ? __pfx_default_device_exit_batch+0x10/0x10 [ 713.371810][T14318] ? cleanup_net+0x8a4/0xd60 [ 713.371837][T14318] ? __pfx_default_device_exit_batch+0x10/0x10 [ 713.371864][T14318] cleanup_net+0x8af/0xd60 [ 713.371891][T14318] ? __pfx_cleanup_net+0x10/0x10 [ 713.371921][T14318] ? process_scheduled_works+0x9cb/0x18e0 [ 713.371940][T14318] process_scheduled_works+0xac3/0x18e0 [ 713.371970][T14318] ? __pfx_process_scheduled_works+0x10/0x10 [ 713.371992][T14318] ? assign_work+0x367/0x3d0 [ 713.372012][T14318] worker_thread+0x870/0xd50 [ 713.372037][T14318] ? __kthread_parkme+0x1a8/0x200 [ 713.372060][T14318] ? __pfx_worker_thread+0x10/0x10 [ 713.372079][T14318] kthread+0x7b7/0x940 [ 713.372103][T14318] ? __pfx_worker_thread+0x10/0x10 [ 713.372123][T14318] ? __pfx_kthread+0x10/0x10 [ 713.372145][T14318] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 713.372167][T14318] ? __pfx_kthread+0x10/0x10 [ 713.372190][T14318] ? __pfx_kthread+0x10/0x10 [ 713.372213][T14318] ? _raw_spin_unlock_irq+0x23/0x50 [ 713.372230][T14318] ? lockdep_hardirqs_on+0x9d/0x150 [ 713.372249][T14318] ? __pfx_kthread+0x10/0x10 [ 713.372273][T14318] ret_from_fork+0x4b/0x80 [ 713.372291][T14318] ? __pfx_kthread+0x10/0x10 [ 713.372314][T14318] ret_from_fork_asm+0x1a/0x30 [ 713.372336][T14318] [ 713.734296][ T5846] Bluetooth: hci2: command tx timeout [ 713.774311][ T5889] usb 2-1: 0:2 : does not exist [ 713.779355][ T5889] usb 2-1: unit 5 not found! [ 713.795096][ T5889] usb 2-1: USB disconnect, device number 119 [ 714.016425][ T5888] smsc95xx v2.0.0 [ 714.020135][ T5888] smsc95xx 3-1:129.249 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 714.084057][ T5888] smsc95xx 3-1:129.249: probe with driver smsc95xx failed with error -22 [ 714.123087][ T5888] usb 3-1: USB disconnect, device number 17 [ 715.773953][ T5846] Bluetooth: hci2: command tx timeout [ 717.843939][ T5846] Bluetooth: hci2: command tx timeout [ 718.808152][ T9] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 718.816094][ T9] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 718.823466][ T9] usb 5-1: 2:1 : sample bitwidth 16 in over sample bytes 1 [ 718.831356][ T9] usb 5-1: 2:1 : invalid channels 0 [ 719.026028][ T9343] udevd[9343]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 720.404040][ C1] net_ratelimit: 22 callbacks suppressed [ 720.404063][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog