last executing test programs: 23.00483527s ago: executing program 0 (id=763): socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2b, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa08004500001d000000000002000001117c9078e00000"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xfffffffffffffde8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0}) socket(0xa, 0x801, 0x0) 21.627449425s ago: executing program 0 (id=767): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) listen(r0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0], 0x14}}, 0x4084) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="96470b5ca071230d056538b38e11453b492b66da1fb1", @ANYRESOCT, @ANYRESDEC, @ANYRES64, @ANYRES8=r0, @ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0xf, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x10, 0x7, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) r4 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000280)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "8cae5c2ba870cf8332c44080390ccfab55a54fcdb1e936e9f7cb93da03274b08aa62ae5494c2171c241f22fe0a4229b07a204683ae863556b3b5a0e2f3515ee2"}, 0x48, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0x0) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r3, 0x2f) close_range(r3, 0xffffffffffffffff, 0x0) 13.163627914s ago: executing program 2 (id=785): prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x2) prctl$PR_SET_UNALIGN(0x6, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x3) prctl$PR_SET_UNALIGN(0x6, 0x2) prctl$PR_SET_UNALIGN(0x6, 0x2) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x2) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x3) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x2) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x3) prctl$PR_SET_UNALIGN(0x6, 0x2) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x1) prctl$PR_SET_UNALIGN(0x6, 0x3) prctl$PR_SET_UNALIGN(0x6, 0x1) 12.9455194s ago: executing program 0 (id=786): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001300)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000006000000000084e27fa40000000f000000c5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_GET_REQUEST_TABLE(r3, 0x2284, &(0x7f0000000040)) 12.892711247s ago: executing program 2 (id=787): r0 = io_uring_setup(0x360, &(0x7f0000000440)) socket(0x1d, 0x2, 0x6) syz_genetlink_get_family_id$smc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40f02, 0x0) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2000c045}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000400)={0x0, 0xfffffff0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000000", @ANYRES32=0x0, @ANYBLOB="04000d80080005"], 0x24}, 0x1, 0x5502000000000000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000740)={&(0x7f0000001000)}, 0x1) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_opts(r7, 0x0, 0x14, &(0x7f00000004c0)=""/3, &(0x7f0000000500)=0x3) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) 10.85152537s ago: executing program 0 (id=791): r0 = socket(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYBLOB="2e04000000000000c2040000000205020fffc20400000007c910fe800000000000000008000000000033050200030000112e26c739ed1a4305102f93fc0efdb1d3c60cd7b8381b19af61d6e2e0ea6444a34fcdc60a8d243630bd9d6fa7d62c9d6d9be46deda9a7856d14bb1446937b2e62d9b4ad06ee8becfe57"], 0x30) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000000)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r2, 0x351a, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) socket(0x1e, 0x2, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x87}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000200)=ANY=[@ANYBLOB="2e04000000000000c2040000000205020fffc20400000007c910fe800000000000000008000000000033050200030000112e26c739ed1a4305102f93fc0efdb1d3c60cd7b8381b19af61d6e2e0ea6444a34fcdc60a8d243630bd9d6fa7d62c9d6d9be46deda9a7856d14bb1446937b2e62d9b4ad06ee8becfe57"], 0x30) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) (async) syz_io_uring_setup(0x10d, &(0x7f0000000000)={0x0, 0x5885}, &(0x7f0000000340), &(0x7f0000000280)) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) (async) io_uring_enter(r2, 0x351a, 0x0, 0x0, 0x0, 0x0) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) (async) 10.365487794s ago: executing program 2 (id=793): r0 = syz_io_uring_setup(0xd0, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000780)={0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r4, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4f, 0x66}, [@call={0x16}]}, &(0x7f0000000140)='GPL\x00', 0x8, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff4e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_setup(0x6, &(0x7f0000000080)=0x0) r6 = socket$caif_stream(0x25, 0x1, 0x0) io_submit(r5, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0xf0, 0x300, 0x0, 0x5, 0x0, r6, 0x0}]) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 9.906167516s ago: executing program 1 (id=794): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000080)=0x8) getpid() r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x4cf02f8a2017de8d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10) setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000005c0)=0x80000001, 0x4) sendto$inet(r5, 0x0, 0x0, 0x20020080, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r5, &(0x7f0000000580)="8f", 0x20000581, 0x400c040, 0x0, 0x12eed8485ad) 8.998008068s ago: executing program 0 (id=796): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) listen(r0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0], 0x14}}, 0x4084) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="96470b5ca071230d056538b38e11453b492b66da1fb1", @ANYRESOCT, @ANYRESDEC, @ANYRES64, @ANYRES8=r0, @ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0xf, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x10, 0x7, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff}, 0x80) r5 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000280)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "8cae5c2ba870cf8332c44080390ccfab55a54fcdb1e936e9f7cb93da03274b08aa62ae5494c2171c241f22fe0a4229b07a204683ae863556b3b5a0e2f3515ee2"}, 0x48, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0x2f) close_range(r4, 0xffffffffffffffff, 0x0) 8.043449346s ago: executing program 1 (id=797): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x2, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0x5}, {0x0, 0x6}, {0xe, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_ECN={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRESOCT=r1, @ANYBLOB="67a9fde500000000380012800a4700000000000000e8878bae01c6a0462884cc83a996dbd5ea5a5cdd95a116765b7fd27b978c2cfe92c9d49435dc87286c5a7ad03ac0ae7b"], 0x3}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 7.944168973s ago: executing program 4 (id=798): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x2c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r1, r3, 0x25, 0x0, @val=@perf_event}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@multicast, @empty, @val={@val={0x88a8, 0x1, 0x0, 0x2}, {0x8100, 0x1, 0x1, 0x1}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x2, @local, @local}}}}}}, 0x0) 7.746944643s ago: executing program 4 (id=800): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) pwritev(0xffffffffffffffff, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]}) ioctl$LOOP_CLR_FD(r2, 0x4c01) 7.428143378s ago: executing program 3 (id=801): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x80a02, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000280), 0x20480) r4 = socket(0x2a, 0x2, 0x0) sendto(r4, 0x0, 0x0, 0x0, &(0x7f0000000040)=@qipcrtr, 0x80) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r5, 0x29, 0x4c, &(0x7f0000000000)=0x84, 0x4) sendto$inet6(r5, 0x0, 0x0, 0x200c8004, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) sendto$inet6(r5, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffffffffffffffe4, 0xc001, 0x0, 0xffffffffffffff0c) setsockopt$inet6_int(r5, 0x29, 0x19, &(0x7f0000000340), 0x4) dup2(r3, r4) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/xfrm_stat\x00') read$FUSE(r6, &(0x7f0000002140)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) fcntl$lock(r6, 0x25, &(0x7f0000000040)={0x0, 0x1, 0x7fffffffffffffff, 0x2, r7}) socket(0x10, 0x3, 0x0) 7.079439107s ago: executing program 4 (id=802): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) close(r1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r2, r3, 0x5, 0x0, 0x0, @void, @value}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) mkdir(0x0, 0x3b) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffb000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r2}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20) set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9) pread64(0xffffffffffffffff, &(0x7f0000002180)=""/4105, 0x137, 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r7, &(0x7f0000000100)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x1401, 0x7fc32be5eb343aa7}, 0x5c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xa2, &(0x7f0000000140)=""/162, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2}) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) 6.756999597s ago: executing program 2 (id=803): accept(0xffffffffffffffff, &(0x7f0000000000)=@hci, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x200, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$netlink(0x10, 0x3, 0x0) memfd_secret(0x80000) socket$inet(0x2, 0x4000000000000001, 0x0) mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1901) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001a00010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="0000000008000200000000001400", @ANYRES64], 0x38}}, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00'}, 0x10) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) syz_usb_control_io(r0, 0x0, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r4, 0x5b23, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='iso9660\x00', 0x0, 0x0) 6.688176767s ago: executing program 1 (id=804): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000080)=0x8) getpid() r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x4cf02f8a2017de8d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10) setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000005c0)=0x80000001, 0x4) sendto$inet(r5, 0x0, 0x0, 0x20020080, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r5, &(0x7f0000000580)="8f", 0x20000581, 0x400c040, 0x0, 0x12eed8485ad) 5.555280368s ago: executing program 1 (id=805): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) geteuid() mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000000c0)={[{@dyn}, {}]}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400", 0xffffffffffffffff}) r5 = epoll_create1(0x0) ppoll(&(0x7f0000000080)=[{r4, 0x94a0}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)) 5.542050243s ago: executing program 3 (id=806): unshare(0x400) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48}) 5.315377215s ago: executing program 4 (id=807): ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000040)={{0x0, 0x1, 0x1, 0x0, 'syz0\x00', 0x8f2f}, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffc29b, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0xa13a]}) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000580)="b2435a6e190530b9f5892b901ec10bdc455a8c550800000000000000f27350aac61ac32f313b67574c311e35347915064ff4b1b9b00600f21f14551256d9b442", 0x40, 0xfffffffffffffffd) add_key$user(0x0, &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000080)="ee", 0x1, 0xfffffffffffffffd) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0xc5) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) mount$cgroup(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000000c0)={[{@subsystem='cpu'}, {@none}]}) ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000600)=0xa66e) mount$pvfs2(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x2200000, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002200)=@newtaction={0x894, 0x30, 0xffff, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x1ff, 0xe, 0x100, 0x2, 0x5, 0x4, 0x0, 0x9, 0x1, 0xb2, 0x8, 0x0, 0x85de, 0xfffff000, 0x3, 0xfffff7d3, 0x4, 0x9, 0xa0, 0x7, 0x4, 0x7, 0x400, 0x6, 0x9, 0x3, 0x8, 0x8, 0x6, 0x8e9, 0x7fffffff, 0x3, 0x400, 0x0, 0xb, 0x7, 0x7, 0x0, 0x101, 0x7, 0xd, 0x3ff, 0xaf, 0xe, 0x0, 0x9, 0x8, 0x0, 0x489, 0x9, 0x3, 0xce, 0x3, 0x8, 0x7f7c, 0x80000000, 0x63b, 0x6, 0x10400, 0x3, 0x1, 0x4, 0x5aa, 0x3, 0x52b, 0x7, 0xfffffffa, 0x5, 0x8, 0x8, 0xf796, 0x0, 0x5, 0x3ff, 0x29, 0x3c, 0x771c, 0x4, 0x9, 0x9, 0xaffc, 0x6, 0x101, 0x3, 0xea00, 0x100, 0x8, 0x9, 0x4, 0xfffffff3, 0x32, 0xe, 0x7ff, 0x7, 0x80000001, 0x0, 0x9, 0x5, 0x9, 0x6, 0x81, 0xfff, 0x6, 0xffff0001, 0x4, 0x9, 0x0, 0x8, 0x200, 0xa, 0xbde, 0xe, 0x78500, 0x3, 0x443f4d4f, 0x8, 0x1, 0x800, 0x5, 0x8, 0x8, 0xfe, 0x54b, 0xfffffffe, 0x800d91e, 0x10001000, 0x6, 0x5, 0xac, 0xf, 0x7, 0x8091, 0xd78, 0x9, 0x9, 0x3, 0x2003, 0x26, 0x364b, 0x80, 0x200099, 0x1ff, 0x800, 0xc, 0xfaaf, 0x3, 0x7, 0x98ef, 0xa6be, 0x1, 0x5, 0x8, 0xa0000, 0x80000000, 0x1ff, 0xdac, 0x8, 0x6, 0x5, 0x2, 0x2f8c, 0x10000, 0x0, 0x8, 0x8, 0x9a9, 0xffffffff, 0x3, 0x644, 0x1, 0x6, 0x1, 0xb, 0x8, 0x5, 0x8, 0x3, 0x0, 0x3, 0x8000, 0xb8b, 0x9, 0x6, 0xffff0001, 0x10001, 0x8, 0x17b, 0xcb, 0x10001, 0xc9, 0x199, 0x9, 0xf7ee, 0x5, 0x9, 0x9, 0x0, 0x5, 0x5, 0x5, 0x1, 0x4, 0x6, 0xc, 0x0, 0xb, 0xff, 0x0, 0x9, 0x8, 0x8, 0x7, 0x0, 0xba, 0x3, 0x2, 0x7fffffff, 0x68b459d7, 0xfd0a, 0x4183, 0x10000, 0x4, 0x0, 0x40, 0x6, 0xfff, 0x5, 0xf, 0x9, 0x40, 0xffffffff, 0x5, 0x4, 0x9, 0x9, 0x80000000, 0x7, 0x1, 0x7f, 0x8, 0xffffc166, 0x2, 0x2, 0x10, 0x1000, 0xc, 0x2726, 0x7fffffff, 0x7, 0x2, 0xffffffff, 0x7fff, 0x8, 0x1, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfff, 0x10000000, 0x1, 0xdfaa, 0x3, {0x7, 0x0, 0x5, 0x3, 0x6, 0xfff}, {0x5, 0x2, 0x7b, 0x7, 0x8, 0x1}, 0x6, 0xd, 0x10001}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x7, 0x9, 0xeb2, 0x5, 0x2, 0x1, 0xc, 0x5, 0x7, 0x2, 0x5, 0x0, 0x9, 0x0, 0xfffffff8, 0x8, 0x7ff, 0x8, 0x1b8e, 0xfe, 0x9, 0x7, 0xfffffff2, 0x5, 0x0, 0x1, 0x0, 0x1, 0x5, 0x5, 0x1, 0x5, 0x5, 0x8cf, 0x2f, 0x1829, 0x3, 0x0, 0x6, 0x64c, 0x9, 0x7, 0x2, 0x8, 0x8, 0x7ff, 0x0, 0x1, 0x4, 0x6, 0x542, 0x1, 0x45a, 0x9bb5, 0x8000, 0xde8, 0x9, 0x4, 0x2, 0x0, 0x6, 0x5, 0x2, 0x7, 0x7fffffff, 0x1, 0x6, 0x2, 0xbb1f, 0x40, 0x1, 0x8, 0x2, 0xfffffffe, 0x0, 0x9, 0x6, 0x4, 0x79, 0xffffffff, 0x3a, 0x80, 0x5, 0x8, 0x8, 0x6, 0xfffffffd, 0x2, 0x28662100, 0x1, 0xd3fe, 0x8, 0x9, 0x2, 0x9, 0x2, 0x5, 0x5, 0x8, 0x3, 0x564, 0x7fff, 0xc3b6, 0x200, 0x5de6, 0x8, 0x6, 0x800000, 0x1, 0x81, 0x8, 0x6, 0xd, 0x5, 0x7, 0xfffffff9, 0x7, 0x6, 0xfffffffb, 0x2, 0x100, 0x4ba, 0x7b40, 0xfffffff8, 0xc, 0x22, 0x7, 0x5, 0xfff, 0x4, 0xfffffff2, 0x5, 0xffff, 0x5, 0x6, 0x0, 0x0, 0x200, 0x40, 0x9, 0x13e, 0xff, 0x7, 0x7, 0x3, 0x720, 0xffffffff, 0xd, 0x1, 0x4c6a, 0x1, 0xc, 0x6, 0x107f, 0xa3, 0x79, 0x10000, 0x1, 0xc, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0x1, 0x9, 0x9, 0x8, 0x3, 0x5, 0xffff, 0x1, 0xffffff75, 0x8, 0x1, 0x0, 0x400, 0x40, 0x6, 0x6, 0x4, 0x3, 0xfe95, 0x6, 0x1, 0x2, 0x0, 0x4, 0xcf, 0xe92, 0xfffffffe, 0x6, 0x8b, 0x4, 0x802000, 0x7, 0x2, 0x80, 0xc7, 0x2, 0xca, 0x9, 0x207, 0xd, 0x1, 0x2, 0x3, 0x3e6d, 0x2, 0x2, 0x6, 0x1000, 0x6, 0x5, 0x3, 0x4, 0x0, 0x1ff, 0x40003, 0xfffff97b, 0x0, 0xffff0001, 0x401, 0x80000001, 0x3, 0xfffffc00, 0xfdcb, 0x6, 0x0, 0x5, 0xfff, 0x46f, 0x1, 0x4, 0x8, 0x6, 0x7, 0xb, 0x59, 0xe, 0xb6, 0x1, 0x5, 0x3, 0xe444, 0x7, 0x9, 0xd1, 0xa1, 0xf3, 0xff, 0x1000, 0xffffff7f, 0x72a, 0x6]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x894}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 5.209274178s ago: executing program 3 (id=808): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000001c0)={0x2, @raw_data="c70558d99e9d2aa45659555917d8bde98d3a99c39b84ec16bfa511d83d3ee06c3ca979c5ba0b8fd358644bbe0d4477f886d2411d5d9593a68bdec41f9defcea65665b74d80e3987b7ce318687113719d6efb782162cbbab630254ed9b2920475cf23ebe504a4ee9d0e47004d69ae3ae3b40f04098ff8ca1889abd10cbecf3d058827e11cc8ea1888809f4b334d26ac20a945e5c9c8e4291a53e4eb82e583c6467cbf768de462f1612f2d882bc4ffe22a732ea6644ab89a069980f82305c64de24ce29f1f14a4a715"}) bind$alg(r1, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000680)="93378efcd17301726272853a9fa88608996042ab60ae09f9a90efedde424", 0x1e) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=""/106, 0x6a}], 0x1}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/16, 0x10}], 0x1}}], 0x2, 0x40002023, 0x0) preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/100, 0x64}], 0x1, 0xc002a0, 0x1000) (fail_nth: 1) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) 4.662053921s ago: executing program 3 (id=809): syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_access\x00', 0x0, 0x9, 0x1) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000001140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r7, @ANYBLOB="08002600851600000a00180000000000000000001c005a80180001"], 0x4c}}, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x20008804) ptrace(0x10, r4) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)={0x10c, 0x0, 0x1, 0x102, 0x0, 0x0, {0x1, 0x0, 0x7}}, 0x10c}, 0x1, 0x0, 0x0, 0x20000400}, 0x4000) fallocate(r8, 0x21, 0x7, 0xbff) ptrace$setregs(0xd, r4, 0x0, &(0x7f00000003c0)) ptrace$cont(0x9, r4, 0x10000, 0x0) mount(0x0, &(0x7f0000003c40)='./file0\x00', &(0x7f0000000040)='hugetlbfs\x00', 0x0, &(0x7f0000003cc0)='gid=1\x00nk]e') ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000001c0)={0x2, @raw_data="c70558d99e9d2aa45659555917d8bde98d3a99c39b84ec16bfa511d83d3ee06c3ca979c5ba0b8fd358644bbe0d4477f886d2411d5d9593a68bdec41f9defcea65665b74d80e3987b7ce318687113719d6efb782162cbbab630254ed9b2920475cf23ebe504a4ee9d0e47004d69ae3ae3b40f04098ff8ca1889abd10cbecf3d058827e11cc8ea1888809f4b334d26ac20a945e5c9c8e4291a53e4eb82e583c6467cbf768de462f1612f2d882bc4ffe22a732ea6644ab89a069980f82305c64de24ce29f1f14a4a715"}) 3.706669251s ago: executing program 1 (id=810): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)=@ipv4_newrule={0x6c, 0x20, 0x2, 0x70bd28, 0x25dfdbfe, {0x2, 0x20, 0x0, 0x81, 0x2, 0x0, 0x0, 0x6, 0x10006}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x1}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x40}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x8000}, @FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e21, 0x828}}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x1ff}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x6}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) fgetxattr(r3, &(0x7f0000000380)=@random={'security.', ']%%+])%-&.{\x00'}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x0, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x5}, &(0x7f0000000240)=0x0, &(0x7f00000002c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_MSG_GETGEN(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x10, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x2}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2401c041}, 0x40) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xf, 0x17, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/11, @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000011000000bf0900000000000055090100000000009500000000000000180100002020702500000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b5020000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r10 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r12, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x9, 0x4, 0x5, 0x5, 0x7, 0x7, 0x3, 0x4, 0x3}}}}]}, 0x58}}, 0x44080) ioctl$sock_proto_private(r5, 0x89e5, &(0x7f0000000580)="6f24734e59b944ae3fe4643e8e6426e52947519312f13c0f60c70216b91d91b8586ebad1a479e34e5ece3a90f9b87d5522923891f413b4d3818002050d5791bbff7b8919f878073f0f1243ebce16ed58c7eebddd91ff38a3ffc306e9bd9c828b766157387cb1d53afb0a6eaa2bb08a62ff8146bbdd94566730f60d3a67da5454e09a2d674bcdadaa20d3ffd630799cd639e793d3ec24e79a351fdd5b73a7341a0176d52d58e3f25511a04d687382040f90ce") sendmsg$nl_route_sched(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r12, {}, {0xffe0, 0xa}, {0x2, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000) 3.326894383s ago: executing program 4 (id=811): r0 = syz_io_uring_setup(0x832, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0xfffffffc}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) r3 = socket$rds(0x15, 0x5, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r3, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0, 0x2, 0x1}) io_uring_enter(r0, 0x27e2, 0x0, 0x4000000000000, 0x0, 0x0) 3.27602417s ago: executing program 3 (id=812): r0 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x4, 0x802) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000140)={0x0, 0x0, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="020300090a0000000000000000000200030006000000000002000000ac1414bb00000000000000000200010000000000fd000504feffff4b030005000000000002"], 0x50}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) socket$alg(0x26, 0x5, 0x0) r4 = dup(r3) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x7fff}]}, 0x10) splice(r3, &(0x7f0000000300)=0x1, r5, &(0x7f0000000340)=0xfffffffffffffffc, 0x3, 0x1) r6 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_OUTPUT(r6, 0xc004562f, &(0x7f00000000c0)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x574, 0x0, 0x1, 0xd59f7f, 0x8, 0x5, 0xb, 0x8, 0x9, 0x722, 0xe72, 0x7, 0x8, 0x1, 0x10, {0xffff945a, 0x1}, 0x3, 0xed}}) ioctl$KVM_SET_MSRS(r4, 0x4140aecd, &(0x7f0000000180)=ANY=[@ANYBLOB="11128b1a78b2da83f95193fa7b64e7616200f1cef37078e935800e560d87d1bcb05084a063cd4a31433f5d267f80f742c136dba5e240f97ce819347d80b142c9574173d4448a240d1572cabcecbc6e6ceba9f2f69baa587df6aae7f389d6ec05d274179e4aea076ef7823b85a71e7501af3a2657185ef1959e6c2dd581fdd5033f90c5c89fe9b50a44c4dbac45443571a19210e71c55b3edb7f0977d5ae88fd7128c156ea7429a5d47cbcc6ce4ada433534013b38f77c166c4a32f4398c041bb5f1758706476f4240a1b09c77444bbee696c0b30ebb568e1d0f64f8ad7f88b42dc910bcd861b84efab9c0069ed2c34fda9db7c7c4aeaf97d", @ANYRESOCT=r3, @ANYRES8=r3, @ANYRESDEC=r3, @ANYRES64=r6, @ANYRESOCT=0x0]) sendto$inet6(r4, &(0x7f0000000580)="257090d78be4c837c86a5edb74ed12163c0c42ce4f94fb9f3d2efffa74648d23da4b01ccd86358047c977fbcd90fe140fa064bf8abf2183b8720de58a8f54d3674051ade20ac71966124d8e3b8b3484262fa7750aab2f5ede68c707e2e4383353b9e083cf7fa11dc5ec4de0c9fd8c9f0241233d80ec4489ff774e6294c5bc8785230cdd7a9f90b05f507dc68ac34f3957ed689e8160b7a3ffece760ee4c9979d6956dc3c63e2c68edd0bea9bc7ec787ef523913c88b8c5199283f172908c0f37281eef73878153c7e0be9256ee63c51727807e4c5fe530c401c6b2cce6f5b226731f62bbd041f6", 0xe7, 0x4, &(0x7f0000000440)={0xa, 0x4e20, 0x8bf, @loopback, 0xff}, 0x1c) fcntl$dupfd(r0, 0x0, r4) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000100)=0x40) 3.07718609s ago: executing program 4 (id=813): mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x400c031, 0xffffffffffffffff, 0x100000000) r0 = socket$inet(0x2, 0x3, 0x4) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_blackhole={0xe}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x7, 0x2, 0x3, 0x1, 0xffffffff, 0xbff}}, {0x4}}]}, @TCA_RATE={0x6}]}, 0x60}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0xb4, 0x0, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1}]}, @MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x80}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4004}, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid_for_children\x00') setns(r4, 0x0) r5 = socket(0x10, 0x3, 0x0) write(r5, &(0x7f0000000140)="fc0000001a000708ab092500090007000aab0700a90100001d60369321000100ff800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0xfc) getsockopt$rose(r3, 0x104, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6_vti0\x00', r8, 0x4, 0xa8, 0xb, 0x7ff, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x7800, 0x7, 0x6, 0x9}}) r9 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r9, 0x84, 0x15, 0x0, &(0x7f0000000100)) syz_io_uring_setup(0x5bbd, &(0x7f0000000240)={0x0, 0x0, 0x2}, 0x0, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') preadv(r10, &(0x7f0000000000)=[{&(0x7f0000000640)=""/147, 0x93}], 0x1, 0xfffe, 0xfff) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xff, 0x64, 0xe1, 0x8, 0x2304, 0x20f, 0xf008, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x4c, 0xf1, 0x0, 0x37, 0x65, 0xac, 0x41}}]}}]}}, 0x0) 2.885327647s ago: executing program 3 (id=814): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000a50000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket(0x10, 0x80002, 0x0) r1 = socket(0x200000000000011, 0x2, 0x400) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x8) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000300)={0x1d, r5, 0x1, {0x0, 0xff}, 0x2}, 0x18) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d00)={r6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) write(r7, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0) 1.740074498s ago: executing program 1 (id=815): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) close(r1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r2, r3, 0x5, 0x0, 0x0, @void, @value}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) mkdir(0x0, 0x3b) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffb000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r2}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20) set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9) pread64(0xffffffffffffffff, &(0x7f0000002180)=""/4105, 0x137, 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r7, &(0x7f0000000100)={0x0, 0xf00, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x1401, 0x7fc32be5eb343aa7}, 0x5c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xa2, &(0x7f0000000140)=""/162, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2}) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) 1.09046961s ago: executing program 0 (id=816): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000080)=0x8) getpid() r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x4cf02f8a2017de8d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa1000000000000070100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10) setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000005c0)=0x80000001, 0x4) sendto$inet(r5, 0x0, 0x0, 0x20020080, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r5, &(0x7f0000000580)="8f", 0x20000581, 0x400c040, 0x0, 0x12eed8485ad) 998.247995ms ago: executing program 2 (id=817): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES8=r0], 0xdc}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x220042, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x1b}, @NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'p'}]}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}]}], {0x14}}, 0x84}}, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)=0x3) r4 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0) close(r4) r5 = syz_open_dev$vcsu(&(0x7f0000000080), 0x400, 0x22840) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) 0s ago: executing program 2 (id=818): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x1f3, 0x7, 0x8}) fsetxattr$security_ima(r0, &(0x7f0000000040), &(0x7f0000000080)=@sha1={0x1, "ff81c8b20744ed9f1e7330aec5d2f89d0bd1d007"}, 0x15, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) setrlimit(0xf, &(0x7f00000000c0)={0x0, 0x3}) timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000) getpid() sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fedbdf250c00000008000300", @ANYRES32=r2, @ANYBLOB="100050800500020040"], 0x2c}, 0x1, 0x0, 0x0, 0x4480}, 0x20000000) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x7ff, 0x100}}) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x25dfdbfc, {0xa, 0x0, 0x3}, [@NHA_RES_GROUP={0x4}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}, @NHA_FDB={0x4}]}, 0x28}}, 0x4) kernel console output (not intermixed with test programs): : Falling back to sysfs fallback for: regulatory.db [ 155.584728][ T6599] binder: 6598:6599 ioctl 4018620d 0 returned -22 [ 155.654776][ T6600] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 155.942643][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 156.192718][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 156.224921][ T8] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 156.305079][ T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 156.966188][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 156.981764][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 156.992407][ T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 157.031914][ T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 157.052878][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.082882][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 157.082901][ T29] audit: type=1326 audit(1737955864.817:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 157.120734][ T29] audit: type=1326 audit(1737955864.827:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 157.154008][ T29] audit: type=1326 audit(1737955864.857:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 157.198150][ T29] audit: type=1326 audit(1737955864.857:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 157.257048][ T29] audit: type=1326 audit(1737955864.857:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 157.332514][ T8] usb 2-1: usb_control_msg returned -32 [ 157.348707][ T8] usbtmc 2-1:16.0: can't read capabilities [ 157.477438][ T29] audit: type=1326 audit(1737955864.857:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 157.655344][ T6620] netlink: 16 bytes leftover after parsing attributes in process `syz.0.162'. [ 158.339708][ T29] audit: type=1326 audit(1737955864.857:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 158.361347][ T29] audit: type=1326 audit(1737955864.857:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 158.383048][ T29] audit: type=1326 audit(1737955864.857:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 158.408296][ T6621] ISOFS: Unable to identify CD-ROM format. [ 158.483878][ T29] audit: type=1326 audit(1737955864.867:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6608 comm="syz.4.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 160.115172][ T5876] usb 2-1: USB disconnect, device number 4 [ 160.406765][ T6629] netlink: 16 bytes leftover after parsing attributes in process `syz.1.167'. [ 161.784704][ T6640] Cannot find set identified by id 0 to match [ 163.242825][ T6654] block nbd1: NBD_DISCONNECT [ 163.249089][ T6654] block nbd1: Send disconnect failed -22 [ 163.261298][ T6627] netlink: 44 bytes leftover after parsing attributes in process `syz.4.166'. [ 163.293876][ T6627] netlink: 43 bytes leftover after parsing attributes in process `syz.4.166'. [ 163.324921][ T6627] netlink: 'syz.4.166': attribute type 6 has an invalid length. [ 163.334882][ T6647] block nbd1: Disconnected due to user request. [ 163.341362][ T6647] block nbd1: shutting down sockets [ 163.357195][ T6627] netlink: 'syz.4.166': attribute type 5 has an invalid length. [ 164.322744][ T6627] netlink: 43 bytes leftover after parsing attributes in process `syz.4.166'. [ 164.444651][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 164.444682][ T29] audit: type=1326 audit(1737955872.177:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.524765][ T6646] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 164.560932][ T6646] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 164.569543][ T29] audit: type=1326 audit(1737955872.177:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.611202][ T29] audit: type=1326 audit(1737955872.237:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.634153][ T29] audit: type=1326 audit(1737955872.237:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.656262][ T29] audit: type=1326 audit(1737955872.237:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.678317][ T29] audit: type=1326 audit(1737955872.237:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.700569][ T29] audit: type=1326 audit(1737955872.237:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.876485][ T29] audit: type=1326 audit(1737955872.237:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.909835][ T29] audit: type=1326 audit(1737955872.237:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 164.932165][ T29] audit: type=1326 audit(1737955872.237:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6663 comm="syz.0.176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 165.823122][ T5882] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 165.957537][ T6674] netlink: 16 bytes leftover after parsing attributes in process `syz.2.180'. [ 165.982676][ T5882] usb 2-1: Using ep0 maxpacket: 8 [ 165.994958][ T5882] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 166.018386][ T5882] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 166.067654][ T5882] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 166.160213][ T5882] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 166.160251][ T5882] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 166.160297][ T5882] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 166.160324][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.374843][ T5882] usb 2-1: usb_control_msg returned -32 [ 166.374899][ T5882] usbtmc 2-1:16.0: can't read capabilities [ 166.656502][ T6686] Cannot find set identified by id 0 to match [ 167.142248][ T6688] ISOFS: Unable to identify CD-ROM format. [ 167.481368][ T6696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.188'. [ 168.042228][ T6702] netlink: 16 bytes leftover after parsing attributes in process `syz.3.189'. [ 168.502770][ T5882] usb 2-1: USB disconnect, device number 5 [ 169.258059][ T6712] netlink: 16 bytes leftover after parsing attributes in process `syz.2.192'. [ 170.412908][ T5875] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 170.766297][ T6725] binder: 6724:6725 ioctl 4018620d 0 returned -22 [ 170.830923][ T6727] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 170.840716][ T6727] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 170.905098][ T5875] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 170.917821][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 170.928487][ T5875] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 170.938825][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.952265][ T5875] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 170.983156][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.028115][ T6707] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 171.028748][ T5875] usb 1-1: config 0 descriptor?? [ 171.065739][ T6707] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 171.066233][ T5875] hdpvr 1-1:0.0: Could not find bulk-in endpoint [ 171.101352][ T5875] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12 [ 172.948816][ T6742] netlink: 'syz.1.197': attribute type 3 has an invalid length. [ 172.956916][ T6742] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.197'. [ 173.070911][ T5941] usb 1-1: USB disconnect, device number 5 [ 173.555563][ T6749] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 173.565274][ T6749] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 174.852827][ T5874] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 175.013000][ T5874] usb 1-1: Using ep0 maxpacket: 8 [ 175.039578][ T5874] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 175.098826][ T5874] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.132982][ T5874] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 175.165217][ T5874] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 175.207416][ T5874] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.027103][ T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 176.052650][ T5874] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.061758][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.114995][ T6767] binder: 6766:6767 ioctl 4018620d 0 returned -22 [ 176.160863][ T6763] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 176.171806][ T6763] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 176.244753][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 176.294717][ T8] usb 5-1: config 0 has an invalid interface number: 78 but max is 0 [ 176.310883][ T5874] usb 1-1: usb_control_msg returned -32 [ 176.325923][ T8] usb 5-1: config 0 has no interface number 0 [ 176.333385][ T5874] usbtmc 1-1:16.0: can't read capabilities [ 176.342606][ C0] hrtimer: interrupt took 117201 ns [ 176.351240][ T8] usb 5-1: config 0 interface 78 has no altsetting 0 [ 176.383496][ T8] usb 5-1: New USB device found, idVendor=0e41, idProduct=4250, bcdDevice=60.11 [ 176.442924][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.467870][ T8] usb 5-1: Product: syz [ 176.474123][ T8] usb 5-1: Manufacturer: syz [ 176.478903][ T8] usb 5-1: SerialNumber: syz [ 176.495778][ T8] usb 5-1: config 0 descriptor?? [ 176.516277][ T8] snd_usb_pod 5-1:0.78: Line 6 BassPODxt found [ 176.719912][ T8] snd_usb_pod 5-1:0.78: endpoint not available, using fallback values [ 176.753910][ T8] snd_usb_pod 5-1:0.78: invalid control EP [ 176.764059][ T6773] ISOFS: Unable to identify CD-ROM format. [ 176.778620][ T8] snd_usb_pod 5-1:0.78: cannot start listening: -22 [ 176.796747][ T8] snd_usb_pod 5-1:0.78: Line 6 BassPODxt now disconnected [ 176.813235][ T8] snd_usb_pod 5-1:0.78: probe with driver snd_usb_pod failed with error -22 [ 178.854952][ T5941] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 178.970917][ T5877] usb 1-1: USB disconnect, device number 6 [ 179.076697][ T5941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.158977][ T8] usb 5-1: USB disconnect, device number 11 [ 179.190262][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 179.250463][ T5941] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 179.317860][ T5941] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 179.538901][ T5941] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 179.548553][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.675439][ T6801] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 180.422738][ T5941] usb 2-1: config 0 descriptor?? [ 180.537812][ T5941] usb 2-1: can't set config #0, error -71 [ 180.643115][ T5941] usb 2-1: USB disconnect, device number 6 [ 180.767798][ T6806] netlink: 16 bytes leftover after parsing attributes in process `syz.1.217'. [ 181.508476][ T6809] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 181.518132][ T6809] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 183.432484][ T6820] binder: 6819:6820 ioctl 4018620d 0 returned -22 [ 183.680978][ T6829] FAULT_INJECTION: forcing a failure. [ 183.680978][ T6829] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 183.709677][ T6829] CPU: 1 UID: 0 PID: 6829 Comm: syz.2.223 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 183.709706][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 183.709718][ T6829] Call Trace: [ 183.709725][ T6829] [ 183.709734][ T6829] dump_stack_lvl+0x241/0x360 [ 183.709774][ T6829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.709806][ T6829] ? __pfx__printk+0x10/0x10 [ 183.709836][ T6829] ? tomoyo_path_number_perm+0x6f9/0x860 [ 183.709866][ T6829] ? __pfx_lock_release+0x10/0x10 [ 183.709893][ T6829] ? tomoyo_path_number_perm+0x206/0x860 [ 183.709922][ T6829] should_fail_ex+0x3b0/0x4e0 [ 183.709948][ T6829] _copy_from_user+0x2d/0xb0 [ 183.709968][ T6829] video_usercopy+0x378/0x1180 [ 183.710009][ T6829] ? __pfx___video_do_ioctl+0x10/0x10 [ 183.710029][ T6829] ? __pfx_video_usercopy+0x10/0x10 [ 183.710058][ T6829] ? smack_file_ioctl+0x2f7/0x3a0 [ 183.710093][ T6829] ? __fget_files+0x2a/0x410 [ 183.710137][ T6829] ? __fget_files+0x2a/0x410 [ 183.710165][ T6829] v4l2_ioctl+0x189/0x1e0 [ 183.710203][ T6829] ? __pfx_v4l2_ioctl+0x10/0x10 [ 183.710240][ T6829] __se_sys_ioctl+0xf5/0x170 [ 183.710274][ T6829] do_syscall_64+0xf3/0x230 [ 183.710300][ T6829] ? clear_bhb_loop+0x35/0x90 [ 183.710337][ T6829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.710364][ T6829] RIP: 0033:0x7fdf58d8cd29 [ 183.710382][ T6829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.710405][ T6829] RSP: 002b:00007fdf59b79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 183.710438][ T6829] RAX: ffffffffffffffda RBX: 00007fdf58fa6080 RCX: 00007fdf58d8cd29 [ 183.710453][ T6829] RDX: 0000000020000100 RSI: 00000000c0205649 RDI: 0000000000000003 [ 183.710466][ T6829] RBP: 00007fdf59b79090 R08: 0000000000000000 R09: 0000000000000000 [ 183.710478][ T6829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.710490][ T6829] R13: 0000000000000001 R14: 00007fdf58fa6080 R15: 00007fff40550a68 [ 183.710519][ T6829] [ 184.053300][ T5941] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 184.922620][ T5941] usb 2-1: Using ep0 maxpacket: 8 [ 184.929622][ T5941] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 185.456691][ T5941] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 185.476467][ T5941] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 185.486724][ T5941] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 185.497093][ T5941] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 185.528623][ T5941] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 185.842682][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.860358][ T6844] capability: warning: `syz.2.228' uses deprecated v2 capabilities in a way that may be insecure [ 186.832106][ T6850] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 186.845840][ T6850] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 187.411435][ T5941] usb 2-1: can't set config #16, error -71 [ 187.535344][ T5941] usb 2-1: USB disconnect, device number 7 [ 187.847826][ T6858] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 187.857527][ T6858] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 189.083435][ T6863] FAULT_INJECTION: forcing a failure. [ 189.083435][ T6863] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 189.102715][ T5875] IPVS: starting estimator thread 0... [ 189.116950][ T6862] netlink: 16 bytes leftover after parsing attributes in process `syz.2.230'. [ 189.191060][ T6863] CPU: 1 UID: 0 PID: 6863 Comm: syz.4.232 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 189.191087][ T6863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 189.191098][ T6863] Call Trace: [ 189.191105][ T6863] [ 189.191113][ T6863] dump_stack_lvl+0x241/0x360 [ 189.191149][ T6863] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.191179][ T6863] ? __pfx__printk+0x10/0x10 [ 189.191214][ T6863] ? snprintf+0xda/0x120 [ 189.191235][ T6863] should_fail_ex+0x3b0/0x4e0 [ 189.191260][ T6863] _copy_to_user+0x31/0xb0 [ 189.191281][ T6863] simple_read_from_buffer+0xca/0x150 [ 189.191306][ T6863] proc_fail_nth_read+0x1e9/0x250 [ 189.191331][ T6863] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 189.191356][ T6863] ? rw_verify_area+0x243/0x630 [ 189.191382][ T6863] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 189.191406][ T6863] vfs_read+0x1f8/0xb40 [ 189.191435][ T6863] ? fdget_pos+0x254/0x320 [ 189.191460][ T6863] ? __pfx___mutex_lock+0x10/0x10 [ 189.191484][ T6863] ? __pfx_vfs_read+0x10/0x10 [ 189.191515][ T6863] ? __fget_files+0x2a/0x410 [ 189.191558][ T6863] ? __fget_files+0x395/0x410 [ 189.191581][ T6863] ? __fget_files+0x2a/0x410 [ 189.191616][ T6863] ksys_read+0x18f/0x2b0 [ 189.191648][ T6863] ? __pfx_ksys_read+0x10/0x10 [ 189.191680][ T6863] ? do_syscall_64+0x100/0x230 [ 189.191708][ T6863] ? do_syscall_64+0xb6/0x230 [ 189.191736][ T6863] do_syscall_64+0xf3/0x230 [ 189.191769][ T6863] ? clear_bhb_loop+0x35/0x90 [ 189.191800][ T6863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.191828][ T6863] RIP: 0033:0x7f6452b8b73c [ 189.191846][ T6863] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 189.191862][ T6863] RSP: 002b:00007f6453ab0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 189.191882][ T6863] RAX: ffffffffffffffda RBX: 00007f6452da5fa0 RCX: 00007f6452b8b73c [ 189.191897][ T6863] RDX: 000000000000000f RSI: 00007f6453ab00a0 RDI: 0000000000000006 [ 189.191907][ T6863] RBP: 00007f6453ab0090 R08: 0000000000000000 R09: 0000000000000000 [ 189.191916][ T6863] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.191924][ T6863] R13: 0000000000000000 R14: 00007f6452da5fa0 R15: 00007ffc159e24d8 [ 189.191944][ T6863] [ 189.465943][ T6865] IPVS: using max 29 ests per chain, 69600 per kthread [ 190.345651][ T6877] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 190.355362][ T6877] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 190.384395][ T6879] binder: 6875:6879 ioctl 4018620d 0 returned -22 [ 190.469159][ T6873] netlink: 16 bytes leftover after parsing attributes in process `syz.3.236'. [ 191.403065][ T5874] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 191.892650][ T5874] usb 4-1: Using ep0 maxpacket: 8 [ 191.901339][ T5874] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 191.916118][ T5874] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 191.932042][ T5874] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 191.964313][ T5874] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 191.978451][ T5874] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.000818][ T5874] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 192.294760][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.842776][ T5874] usb 4-1: usb_control_msg returned -32 [ 192.866639][ T5874] usbtmc 4-1:16.0: can't read capabilities [ 193.251630][ T6903] ISOFS: Unable to identify CD-ROM format. [ 193.360352][ T6905] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 193.370186][ T6905] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 194.513194][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.519559][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.558048][ T8] usb 4-1: USB disconnect, device number 9 [ 196.542001][ T6920] netlink: 32 bytes leftover after parsing attributes in process `syz.1.249'. [ 196.593848][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 196.593882][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 196.599944][ T5838] Bluetooth: hci4: command 0x0406 tx timeout [ 196.606133][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 196.937879][ T6922] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 196.947440][ T6922] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 197.367798][ T6929] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 197.507714][ T6929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.543524][ T6929] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.254'. [ 197.582914][ T6929] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 197.693072][ T6929] netlink: 104 bytes leftover after parsing attributes in process `syz.0.254'. [ 198.822636][ T5875] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 199.007534][ T5875] usb 1-1: Using ep0 maxpacket: 8 [ 199.017527][ T5875] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 199.032590][ T5875] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 199.054203][ T5875] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 199.072035][ T5941] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 199.092789][ T5875] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 199.109605][ T5875] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 199.975986][ T5875] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 199.989857][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.022754][ T5877] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 200.042697][ T5941] usb 5-1: Using ep0 maxpacket: 32 [ 200.051373][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.088419][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.142756][ T5941] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 200.152393][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.157087][ T6982] netlink: 'syz.2.264': attribute type 3 has an invalid length. [ 200.169097][ T6982] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.264'. [ 200.209975][ T5941] usb 5-1: config 0 descriptor?? [ 200.251735][ T5877] usb 4-1: unable to get BOS descriptor or descriptor too short [ 200.302681][ T5875] usb 1-1: usb_control_msg returned -32 [ 200.308576][ T5875] usbtmc 1-1:16.0: can't read capabilities [ 200.333606][ T5941] hub 5-1:0.0: USB hub found [ 200.357662][ T5877] usb 4-1: config 6 has an invalid interface number: 96 but max is 0 [ 200.445188][ T5877] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 200.499401][ T5877] usb 4-1: config 6 has no interface number 0 [ 200.512250][ T5941] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 200.520867][ T5877] usb 4-1: config 6 interface 96 has no altsetting 0 [ 200.639444][ T5877] usb 4-1: string descriptor 0 read error: -22 [ 200.688488][ T5877] usb 4-1: New USB device found, idVendor=10b8, idProduct=1e6e, bcdDevice=4f.2b [ 200.765905][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.903104][ T5941] hid-generic 0003:046D:C31C.0004: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0 [ 200.918253][ T6985] ISOFS: Unable to identify CD-ROM format. [ 201.515722][ T5877] dvb-usb: found a 'DiBcom TFE7790P reference design' in cold state, will try to load a firmware [ 201.894420][ T5877] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 202.278470][ T5941] usb 1-1: USB disconnect, device number 7 [ 202.288819][ T7000] Cannot find set identified by id 0 to match [ 202.918936][ T5877] dib0700: firmware download failed at 28 with -71 [ 202.952858][ T5877] usb 4-1: USB disconnect, device number 10 [ 203.253081][ T7009] netlink: 16 bytes leftover after parsing attributes in process `syz.0.267'. [ 203.423787][ T5877] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 203.643657][ T5876] usb 5-1: USB disconnect, device number 12 [ 204.005442][ T5877] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 204.032615][ T5877] usb 3-1: config 0 interface 0 has no altsetting 0 [ 204.039391][ T5877] usb 3-1: New USB device found, idVendor=0458, idProduct=500f, bcdDevice= 0.00 [ 204.068328][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.074579][ T5877] usb 3-1: config 0 descriptor?? [ 205.211532][ T7027] binder: 7024:7027 ioctl 4018620d 0 returned -22 [ 205.274122][ T7029] netlink: 48 bytes leftover after parsing attributes in process `syz.0.274'. [ 205.354402][ T7034] netlink: 12 bytes leftover after parsing attributes in process `syz.4.275'. [ 205.566731][ T5877] input: HID 0458:500f as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:500F.0005/input/input6 [ 205.656656][ T5877] input: HID 0458:500f as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:500F.0005/input/input7 [ 205.729823][ T5877] kye 0003:0458:500F.0005: input,hiddev0,hidraw0: USB HID v80.00 Device [HID 0458:500f] on usb-dummy_hcd.2-1/input0 [ 205.887779][ T7048] netlink: 'syz.4.276': attribute type 3 has an invalid length. [ 205.895922][ T7048] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.276'. [ 205.998096][ T7007] ebt_among: dst integrity fail: 200 [ 206.424989][ T5882] usb 3-1: USB disconnect, device number 7 [ 206.914663][ T7056] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 206.914739][ T7056] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 208.082655][ T7062] Cannot find set identified by id 0 to match [ 208.224809][ T5941] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 208.478973][ T5941] usb 5-1: Using ep0 maxpacket: 32 [ 209.794290][ T5941] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 209.806457][ T7076] netlink: 16 bytes leftover after parsing attributes in process `syz.3.283'. [ 210.402900][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.461888][ T5941] usb 5-1: Product: syz [ 210.487586][ T5941] usb 5-1: Manufacturer: syz [ 210.526575][ T5941] usb 5-1: SerialNumber: syz [ 210.595616][ T5941] usb 5-1: config 0 descriptor?? [ 210.624353][ T5941] usb 5-1: can't set config #0, error -71 [ 210.659190][ T5941] usb 5-1: USB disconnect, device number 13 [ 211.380075][ T7089] binder: 7088:7089 ioctl 4018620d 0 returned -22 [ 213.208338][ T7101] netlink: 'syz.0.289': attribute type 3 has an invalid length. [ 213.216524][ T7101] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.289'. [ 213.394978][ T975] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 213.773982][ T975] usb 4-1: device descriptor read/64, error -71 [ 214.052722][ T975] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 214.398194][ T7105] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 214.407769][ T7105] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 214.491725][ T7110] Cannot find set identified by id 0 to match [ 215.002653][ T975] usb 4-1: device descriptor read/64, error -71 [ 215.114506][ T975] usb usb4-port1: attempt power cycle [ 215.605206][ T7120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.297'. [ 217.606434][ T7140] binder: 7139:7140 ioctl 4018620d 0 returned -22 [ 217.681155][ T7141] netlink: 'syz.3.303': attribute type 3 has an invalid length. [ 217.689184][ T7141] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.303'. [ 218.225040][ T7145] Cannot find set identified by id 0 to match [ 218.232764][ T975] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 218.734764][ T975] usb 5-1: config index 0 descriptor too short (expected 797, got 739) [ 218.758334][ T975] usb 5-1: config 0 has an invalid interface number: 16 but max is 0 [ 218.821899][ T975] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.992273][ T975] usb 5-1: config 0 has no interface number 0 [ 218.999591][ T975] usb 5-1: config 0 interface 16 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 219.019726][ T975] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice= 2.10 [ 219.029991][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.119087][ T7152] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 219.128827][ T7152] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 220.026587][ T975] usb 5-1: config 0 descriptor?? [ 220.072707][ T975] usb 5-1: can't set config #0, error -71 [ 220.863057][ T5874] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 220.896226][ T975] usb 5-1: USB disconnect, device number 14 [ 221.803329][ T5874] usb 4-1: device descriptor read/64, error -71 [ 222.146606][ T975] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 222.298799][ T975] usb 5-1: device descriptor read/64, error -71 [ 222.419439][ T7184] netlink: 'syz.1.313': attribute type 11 has an invalid length. [ 222.930319][ T975] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 223.362773][ T975] usb 5-1: device descriptor read/64, error -71 [ 223.472940][ T975] usb usb5-port1: attempt power cycle [ 223.536049][ T7191] netlink: 'syz.1.316': attribute type 3 has an invalid length. [ 223.544213][ T7191] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.316'. [ 224.024093][ T7190] Cannot find set identified by id 0 to match [ 224.263260][ T975] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 224.587985][ T975] usb 5-1: device descriptor read/8, error -71 [ 224.689932][ T7196] binder: 7195:7196 ioctl 4018620d 0 returned -22 [ 224.950694][ T5874] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 225.085548][ T7204] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 225.095273][ T7204] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 225.964586][ T5874] usb 3-1: Using ep0 maxpacket: 8 [ 225.976224][ T5874] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 225.992697][ T5874] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 226.142723][ T5874] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 226.465739][ T5874] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 226.522853][ T5874] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 226.592994][ T5874] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 226.833732][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.144734][ T5874] usb 3-1: can't set config #16, error -71 [ 228.193021][ T5874] usb 3-1: USB disconnect, device number 8 [ 229.889445][ T7235] Cannot find set identified by id 0 to match [ 230.533422][ T7241] binder: 7240:7241 ioctl 4018620d 0 returned -22 [ 230.612701][ T5877] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 230.654325][ T7245] netlink: 'syz.1.330': attribute type 3 has an invalid length. [ 230.662464][ T7245] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.330'. [ 231.026444][ T5877] usb 1-1: config 127 has an invalid interface number: 246 but max is 0 [ 231.150533][ T5877] usb 1-1: config 127 has no interface number 0 [ 231.188707][ T5877] usb 1-1: config 127 interface 246 altsetting 2 bulk endpoint 0xF has invalid maxpacket 32 [ 231.189022][ T5877] usb 1-1: config 127 interface 246 altsetting 2 bulk endpoint 0x3 has invalid maxpacket 4 [ 231.196780][ T5877] usb 1-1: config 127 interface 246 has no altsetting 0 [ 231.200346][ T5877] usb 1-1: New USB device found, idVendor=0f11, idProduct=20a0, bcdDevice=c6.2c [ 231.200378][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.200400][ T5877] usb 1-1: Product: syz [ 231.200416][ T5877] usb 1-1: Manufacturer: syz [ 231.200432][ T5877] usb 1-1: SerialNumber: syz [ 231.253340][ T7237] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 231.253509][ T7237] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 231.476811][ T5877] ldusb 1-1:127.246: Interrupt in endpoint not found [ 231.489075][ T5877] usb 1-1: USB disconnect, device number 8 [ 232.713771][ T7262] netlink: 16 bytes leftover after parsing attributes in process `syz.1.335'. [ 233.636373][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 233.636417][ T29] audit: type=1107 audit(1737955941.367:128): pid=7266 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='P' [ 234.283942][ T7269] Can't find ip_set type `ash:ip,port,ip [ 238.279441][ T7300] 9pnet_virtio: no channels available for device syz [ 241.723947][ T7310] netlink: 16 bytes leftover after parsing attributes in process `syz.0.352'. [ 241.829747][ T29] audit: type=1326 audit(1737955949.577:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 241.962909][ T29] audit: type=1326 audit(1737955949.577:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 242.142830][ T29] audit: type=1326 audit(1737955949.637:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 242.190611][ T7313] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[7313] [ 242.268043][ T29] audit: type=1326 audit(1737955949.637:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 242.371817][ T29] audit: type=1326 audit(1737955949.637:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 242.527884][ T29] audit: type=1326 audit(1737955949.637:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 242.732988][ T29] audit: type=1326 audit(1737955949.637:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 242.860456][ T29] audit: type=1326 audit(1737955949.697:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 243.028368][ T7337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.356'. [ 243.144785][ T29] audit: type=1326 audit(1737955949.697:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 243.586091][ T29] audit: type=1326 audit(1737955949.697:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7322 comm="syz.1.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 243.673795][ T7340] misc userio: Begin command sent, but we're already running [ 244.702951][ T7352] nbd0: detected capacity change from 0 to 22 [ 244.728564][ T7356] block nbd0: shutting down sockets [ 244.759818][ C0] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 244.769144][ C0] Buffer I/O error on dev nbd0, logical block 0, async page read [ 244.797406][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 244.849360][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 244.899350][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 244.938896][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 244.963967][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 244.989749][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.004987][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.034355][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.044734][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.073226][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.082966][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.132638][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.152887][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.162729][ T975] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 245.172280][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.180250][ T7172] ldm_validate_partition_table(): Disk read failed. [ 245.187990][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.200889][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.219702][ T7172] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.229419][ T7172] Buffer I/O error on dev nbd0, logical block 0, async page read [ 245.243006][ T7172] Dev nbd0: unable to read RDB block 0 [ 245.249096][ T7172] nbd0: unable to read partition table [ 245.265483][ T7172] nbd0: partition table beyond EOD, truncated [ 245.307982][ T7172] ldm_validate_partition_table(): Disk read failed. [ 245.363248][ T7172] Dev nbd0: unable to read RDB block 0 [ 245.369255][ T7172] nbd0: unable to read partition table [ 245.380778][ T7172] nbd0: partition table beyond EOD, truncated [ 245.390084][ T975] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.449072][ T975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 245.490331][ T975] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 245.511799][ T975] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 245.732901][ T975] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 245.742148][ T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.784091][ T7368] netlink: 16 bytes leftover after parsing attributes in process `syz.0.365'. [ 245.845743][ T975] usb 3-1: config 0 descriptor?? [ 246.055824][ T975] hdpvr 3-1:0.0: Could not find bulk-in endpoint [ 246.136923][ T975] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 246.540815][ T7373] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 248.114861][ T58] usb 3-1: USB disconnect, device number 9 [ 248.397536][ T7380] mmap: syz.2.368 (7380) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 248.552636][ T7380] hsr_slave_0: left promiscuous mode [ 248.638510][ T7380] hsr_slave_1: left promiscuous mode [ 248.713404][ T7389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.368'. [ 248.771179][ T7392] 9pnet_fd: Insufficient options for proto=fd [ 249.199514][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 249.199571][ T29] audit: type=1326 audit(1737955956.917:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 249.703008][ T29] audit: type=1326 audit(1737955956.917:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 249.860952][ T29] audit: type=1326 audit(1737955956.997:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 249.959824][ T29] audit: type=1326 audit(1737955956.997:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 250.490243][ T7406] netlink: 16 bytes leftover after parsing attributes in process `syz.2.376'. [ 250.591186][ T29] audit: type=1326 audit(1737955957.007:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 251.392921][ T29] audit: type=1326 audit(1737955957.007:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 251.483566][ T29] audit: type=1326 audit(1737955957.007:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 251.505471][ T29] audit: type=1326 audit(1737955957.007:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 251.527950][ T29] audit: type=1326 audit(1737955957.017:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 251.549804][ T29] audit: type=1326 audit(1737955957.017:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7396 comm="syz.0.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3943b8cd29 code=0x7ffc0000 [ 253.123250][ T7415] syz.2.380: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 253.214994][ T7415] CPU: 0 UID: 0 PID: 7415 Comm: syz.2.380 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 253.215027][ T7415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 253.215040][ T7415] Call Trace: [ 253.215047][ T7415] [ 253.215055][ T7415] dump_stack_lvl+0x241/0x360 [ 253.215098][ T7415] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.215132][ T7415] ? __pfx__printk+0x10/0x10 [ 253.215168][ T7415] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 253.215205][ T7415] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 253.215246][ T7415] warn_alloc+0x278/0x410 [ 253.215288][ T7415] ? __pfx_warn_alloc+0x10/0x10 [ 253.215329][ T7415] ? translate_table+0x174/0x2330 [ 253.215364][ T7415] ? __get_vm_area_node+0x1c8/0x2d0 [ 253.215395][ T7415] ? __get_vm_area_node+0x25c/0x2d0 [ 253.215435][ T7415] __vmalloc_node_range_noprof+0x62f/0x1380 [ 253.215470][ T7415] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 253.215516][ T7415] ? rcu_is_watching+0x15/0xb0 [ 253.215551][ T7415] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 253.215586][ T7415] ? rcu_is_watching+0x15/0xb0 [ 253.215621][ T7415] ? trace_kmalloc+0x1f/0xd0 [ 253.215647][ T7415] ? __kmalloc_node_noprof+0x2ad/0x4d0 [ 253.215675][ T7415] ? __kvmalloc_node_noprof+0x72/0x190 [ 253.215711][ T7415] __kvmalloc_node_noprof+0x142/0x190 [ 253.215745][ T7415] ? translate_table+0x174/0x2330 [ 253.215780][ T7415] translate_table+0x174/0x2330 [ 253.215852][ T7415] ? __pfx_translate_table+0x10/0x10 [ 253.215887][ T7415] ? __might_fault+0xaa/0x120 [ 253.215921][ T7415] ? __pfx_lock_release+0x10/0x10 [ 253.215956][ T7415] ? __virt_addr_valid+0x183/0x530 [ 253.215990][ T7415] ? __might_fault+0xaa/0x120 [ 253.216023][ T7415] ? __might_fault+0xc6/0x120 [ 253.216061][ T7415] ? copy_from_sockptr_offset+0x6b/0xb0 [ 253.216101][ T7415] do_ip6t_set_ctl+0xe4c/0x1270 [ 253.216142][ T7415] ? nf_setsockopt+0x240/0x2c0 [ 253.216176][ T7415] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 253.216213][ T7415] ? rcu_is_watching+0x15/0xb0 [ 253.216248][ T7415] ? trace_contention_end+0x3c/0x120 [ 253.216292][ T7415] ? __mutex_unlock_slowpath+0x227/0x800 [ 253.216331][ T7415] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 253.216375][ T7415] nf_setsockopt+0x295/0x2c0 [ 253.216414][ T7415] rawv6_setsockopt+0x327/0x740 [ 253.216443][ T7415] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 253.216469][ T7415] ? __pfx_lock_acquire+0x10/0x10 [ 253.216498][ T7415] ? sock_common_setsockopt+0x37/0xc0 [ 253.216528][ T7415] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 253.216554][ T7415] do_sock_setsockopt+0x3af/0x720 [ 253.216592][ T7415] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 253.216629][ T7415] ? __fget_files+0x395/0x410 [ 253.216673][ T7415] ? __fget_files+0x2a/0x410 [ 253.216710][ T7415] __x64_sys_setsockopt+0x1ee/0x280 [ 253.216750][ T7415] do_syscall_64+0xf3/0x230 [ 253.216780][ T7415] ? clear_bhb_loop+0x35/0x90 [ 253.216820][ T7415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.216849][ T7415] RIP: 0033:0x7fdf58d8cd29 [ 253.216869][ T7415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.216888][ T7415] RSP: 002b:00007fdf59b9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 253.216912][ T7415] RAX: ffffffffffffffda RBX: 00007fdf58fa5fa0 RCX: 00007fdf58d8cd29 [ 253.216928][ T7415] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 253.216941][ T7415] RBP: 00007fdf58e0e2a0 R08: 0000000000000558 R09: 0000000000000000 [ 253.216954][ T7415] R10: 0000000020002400 R11: 0000000000000246 R12: 0000000000000000 [ 253.216966][ T7415] R13: 0000000000000000 R14: 00007fdf58fa5fa0 R15: 00007fff40550a68 [ 253.216996][ T7415] [ 253.642677][ T7415] Mem-Info: [ 253.645995][ T7415] active_anon:316 inactive_anon:21129 isolated_anon:0 [ 253.645995][ T7415] active_file:15056 inactive_file:41873 isolated_file:0 [ 253.645995][ T7415] unevictable:768 dirty:195 writeback:0 [ 253.645995][ T7415] slab_reclaimable:10031 slab_unreclaimable:99391 [ 253.645995][ T7415] mapped:32437 shmem:16852 pagetables:917 [ 253.645995][ T7415] sec_pagetables:0 bounce:0 [ 253.645995][ T7415] kernel_misc_reclaimable:0 [ 253.645995][ T7415] free:1288472 free_pcp:968 free_cma:0 [ 253.722306][ T7415] Node 0 active_anon:1264kB inactive_anon:86216kB active_file:60152kB inactive_file:167492kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130748kB dirty:780kB writeback:0kB shmem:66772kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11188kB pagetables:3668kB sec_pagetables:0kB all_unreclaimable? no [ 253.781591][ T7415] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 253.922084][ T7415] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 253.950591][ T7415] lowmem_reserve[]: 0 2493 2494 0 0 [ 253.982959][ T7415] Node 0 DMA32 free:1240488kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1260kB inactive_anon:80180kB active_file:59364kB inactive_file:167440kB unevictable:1536kB writepending:780kB present:3129332kB managed:2553712kB mlocked:0kB bounce:0kB free_pcp:2736kB local_pcp:316kB free_cma:0kB [ 254.053502][ T7415] lowmem_reserve[]: 0 0 0 0 0 [ 254.058959][ T7415] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:788kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 254.153425][ T7432] Bluetooth: MGMT ver 1.23 [ 254.212889][ T7415] lowmem_reserve[]: 0 0 0 0 0 [ 254.218284][ T7415] Node 1 Normal free:3903940kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 255.082736][ T7415] lowmem_reserve[]: 0 0 0 0 0 [ 255.087584][ T7415] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 255.157610][ T7415] Node 0 DMA32: 133*4kB (UME) 829*8kB (UME) 932*16kB (UME) 656*32kB (UME) 465*64kB (UME) 196*128kB (UME) 97*256kB (UM) 42*512kB (UM) 12*1024kB (UM) 9*2048kB (UM) 270*4096kB (UM) = 1280892kB [ 255.225630][ T7415] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 255.262086][ T7415] Node 1 Normal: 225*4kB (UME) 66*8kB (UME) 49*16kB (UME) 225*32kB (UME) 94*64kB (UME) 41*128kB (UME) 15*256kB (UME) 11*512kB (UM) 3*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3903940kB [ 255.288611][ T7415] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 255.310224][ T7415] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 255.321430][ T7415] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 255.352954][ T7415] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 255.386036][ T7415] 61456 total pagecache pages [ 255.390894][ T7415] 0 pages in swap cache [ 255.403020][ T7415] Free swap = 124996kB [ 255.407334][ T7415] Total swap = 124996kB [ 255.418423][ T7415] 2097051 pages RAM [ 255.426621][ T7415] 0 pages HighMem/MovableOnly [ 255.431493][ T7415] 426771 pages reserved [ 255.438615][ T7415] 0 pages cma reserved [ 255.452881][ T7438] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 255.652949][ T5941] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 255.951287][ T5941] usb 5-1: device descriptor read/64, error -71 [ 255.958583][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.965094][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.258439][ T5941] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 256.459147][ T7447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.389'. [ 256.561810][ T5941] usb 5-1: device descriptor read/64, error -71 [ 256.670161][ T7451] FAULT_INJECTION: forcing a failure. [ 256.670161][ T7451] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 256.682922][ T5941] usb usb5-port1: attempt power cycle [ 256.708756][ T7451] CPU: 0 UID: 0 PID: 7451 Comm: syz.3.390 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 256.708791][ T7451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 256.708804][ T7451] Call Trace: [ 256.708811][ T7451] [ 256.708820][ T7451] dump_stack_lvl+0x241/0x360 [ 256.708860][ T7451] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.708894][ T7451] ? __pfx__printk+0x10/0x10 [ 256.708938][ T7451] ? __pfx_lock_release+0x10/0x10 [ 256.708965][ T7451] ? rcu_is_watching+0x15/0xb0 [ 256.709000][ T7451] should_fail_ex+0x3b0/0x4e0 [ 256.709027][ T7451] _copy_from_iter+0x1e9/0x1c20 [ 256.709067][ T7451] ? alloc_pages_mpol_noprof+0x58e/0x780 [ 256.709092][ T7451] ? __pfx__copy_from_iter+0x10/0x10 [ 256.709124][ T7451] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 256.709154][ T7451] ? alloc_pages_noprof+0xef/0x170 [ 256.709176][ T7451] ? page_copy_sane+0x46/0x260 [ 256.709206][ T7451] copy_page_from_iter+0x7a/0x100 [ 256.709238][ T7451] tun_get_user+0x2035/0x48a0 [ 256.709269][ T7451] ? tun_get_user+0x875/0x48a0 [ 256.709333][ T7451] ? __pfx_tun_get_user+0x10/0x10 [ 256.709392][ T7451] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 256.709416][ T7451] ? tun_get+0x1e/0x2f0 [ 256.709443][ T7451] ? __pfx_lock_release+0x10/0x10 [ 256.709482][ T7451] ? tun_get+0x1e/0x2f0 [ 256.709507][ T7451] ? tun_get+0x27d/0x2f0 [ 256.709536][ T7451] tun_chr_write_iter+0x10d/0x1f0 [ 256.709568][ T7451] vfs_write+0xacf/0xd10 [ 256.709602][ T7451] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 256.709631][ T7451] ? __pfx_vfs_write+0x10/0x10 [ 256.709658][ T7451] ? do_sys_openat2+0x17a/0x1d0 [ 256.709686][ T7451] ? __fget_files+0x2a/0x410 [ 256.709714][ T7451] ? __fget_files+0x2a/0x410 [ 256.709747][ T7451] ksys_write+0x18f/0x2b0 [ 256.709794][ T7451] ? __pfx_ksys_write+0x10/0x10 [ 256.709825][ T7451] ? do_syscall_64+0x100/0x230 [ 256.709854][ T7451] ? do_syscall_64+0xb6/0x230 [ 256.709881][ T7451] do_syscall_64+0xf3/0x230 [ 256.709905][ T7451] ? clear_bhb_loop+0x35/0x90 [ 256.709936][ T7451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.709963][ T7451] RIP: 0033:0x7fe9d598b7df [ 256.709981][ T7451] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 256.709996][ T7451] RSP: 002b:00007fe9d682a000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 256.710017][ T7451] RAX: ffffffffffffffda RBX: 00007fe9d5ba5fa0 RCX: 00007fe9d598b7df [ 256.710032][ T7451] RDX: 000000000000004e RSI: 00000000200003c0 RDI: 00000000000000c8 [ 256.710044][ T7451] RBP: 00007fe9d682a090 R08: 0000000000000000 R09: 0000000000000000 [ 256.710056][ T7451] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 256.710067][ T7451] R13: 0000000000000000 R14: 00007fe9d5ba5fa0 R15: 00007ffc4995abd8 [ 256.710095][ T7451] [ 257.322686][ T5941] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 257.371193][ T5941] usb 5-1: device descriptor read/8, error -71 [ 257.455265][ T7458] netlink: 'syz.3.392': attribute type 7 has an invalid length. [ 257.622732][ T5941] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 257.653479][ T5941] usb 5-1: device descriptor read/8, error -71 [ 258.860086][ T7469] netlink: 16 bytes leftover after parsing attributes in process `syz.3.395'. [ 259.043059][ T5941] usb usb5-port1: unable to enumerate USB device [ 261.778789][ T7487] orangefs_mount: mount request failed with -4 [ 262.523771][ T975] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 262.568371][ T7502] netlink: 132 bytes leftover after parsing attributes in process `syz.2.402'. [ 262.582395][ T7502] netlink: 'syz.2.402': attribute type 10 has an invalid length. [ 262.609297][ T7502] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 262.955878][ T975] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 263.102595][ T975] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 263.152878][ T975] usb 5-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 263.190963][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.272139][ T7497] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 263.305754][ T975] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 263.696488][ T58] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 263.922748][ T58] usb 3-1: device descriptor read/64, error -71 [ 265.485059][ T58] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 265.559804][ T5875] usb 5-1: USB disconnect, device number 23 [ 265.642603][ T58] usb 3-1: device descriptor read/64, error -71 [ 265.758084][ T58] usb usb3-port1: attempt power cycle [ 266.242462][ T58] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 266.373308][ T58] usb 3-1: device descriptor read/8, error -71 [ 270.513295][ T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 270.760389][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 270.771923][ T7581] FAULT_INJECTION: forcing a failure. [ 270.771923][ T7581] name failslab, interval 1, probability 0, space 0, times 0 [ 270.782778][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 270.785035][ T7581] CPU: 1 UID: 0 PID: 7581 Comm: syz.3.430 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 270.785062][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 270.785075][ T7581] Call Trace: [ 270.785082][ T7581] [ 270.785091][ T7581] dump_stack_lvl+0x241/0x360 [ 270.785133][ T7581] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.785166][ T7581] ? __pfx__printk+0x10/0x10 [ 270.785211][ T7581] should_fail_ex+0x3b0/0x4e0 [ 270.785239][ T7581] should_failslab+0xac/0x100 [ 270.785266][ T7581] kmem_cache_alloc_node_noprof+0x77/0x380 [ 270.785293][ T7581] ? __alloc_skb+0x1c3/0x440 [ 270.785325][ T7581] __alloc_skb+0x1c3/0x440 [ 270.785349][ T7581] ? __local_bh_enable_ip+0x168/0x200 [ 270.785369][ T7581] ? lockdep_hardirqs_on+0x99/0x150 [ 270.785398][ T7581] ? __pfx___alloc_skb+0x10/0x10 [ 270.785423][ T7581] ? tipc_named_publish+0x28f/0x870 [ 270.785452][ T7581] ? _local_bh_enable+0x30/0xb0 [ 270.785479][ T7581] tipc_buf_acquire+0x2b/0xe0 [ 270.785506][ T7581] tipc_named_publish+0x29e/0x870 [ 270.785539][ T7581] tipc_nametbl_publish+0xfb/0x1e0 [ 270.785578][ T7581] tipc_sk_publish+0x205/0x480 [ 270.785606][ T7581] ? __pfx_tipc_sk_publish+0x10/0x10 [ 270.785638][ T7581] tipc_sk_bind+0x25e/0x800 [ 270.785679][ T7581] ? __pfx_current_check_access_socket+0x10/0x10 [ 270.785705][ T7581] ? __pfx_tipc_sk_bind+0x10/0x10 [ 270.785742][ T7581] ? __might_fault+0xc6/0x120 [ 270.785778][ T7581] ? tipc_bind+0x19b/0x250 [ 270.785804][ T7581] __sys_bind+0x1e4/0x290 [ 270.785832][ T7581] ? __pfx___sys_bind+0x10/0x10 [ 270.785870][ T7581] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 270.785918][ T7581] ? do_syscall_64+0x100/0x230 [ 270.785950][ T7581] __x64_sys_bind+0x7a/0x90 [ 270.785977][ T7581] do_syscall_64+0xf3/0x230 [ 270.786004][ T7581] ? clear_bhb_loop+0x35/0x90 [ 270.786037][ T7581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.786065][ T7581] RIP: 0033:0x7fe9d598cd29 [ 270.786084][ T7581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.786103][ T7581] RSP: 002b:00007fe9d6809038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 270.786126][ T7581] RAX: ffffffffffffffda RBX: 00007fe9d5ba6080 RCX: 00007fe9d598cd29 [ 270.786142][ T7581] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000008 [ 270.786156][ T7581] RBP: 00007fe9d6809090 R08: 0000000000000000 R09: 0000000000000000 [ 270.786169][ T7581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.786182][ T7581] R13: 0000000000000000 R14: 00007fe9d5ba6080 R15: 00007ffc4995abd8 [ 270.786215][ T7581] [ 270.786226][ T7581] tipc: Publication distribution failure [ 270.801366][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 272.229649][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 272.243137][ T9] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 272.252391][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.311018][ T9] usb 3-1: config 0 descriptor?? [ 272.466515][ T9] hdpvr 3-1:0.0: Could not find bulk-in endpoint [ 272.491459][ T9] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 273.782050][ T58] usb 3-1: USB disconnect, device number 14 [ 274.136968][ T7603] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 274.146624][ T7603] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 275.912774][ T5882] usb 1-1: new low-speed USB device number 9 using dummy_hcd [ 276.317271][ T7618] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 276.327035][ T7618] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 277.082564][ T5882] usb 1-1: Invalid ep0 maxpacket: 64 [ 278.285618][ T5882] usb 1-1: new low-speed USB device number 10 using dummy_hcd [ 278.728096][ T5882] usb 1-1: Invalid ep0 maxpacket: 64 [ 278.743530][ T5882] usb usb1-port1: attempt power cycle [ 280.253853][ T7634] FAULT_INJECTION: forcing a failure. [ 280.253853][ T7634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.292616][ T7634] CPU: 1 UID: 0 PID: 7634 Comm: syz.0.446 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 280.292646][ T7634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 280.292659][ T7634] Call Trace: [ 280.292666][ T7634] [ 280.292675][ T7634] dump_stack_lvl+0x241/0x360 [ 280.292712][ T7634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.292743][ T7634] ? __pfx__printk+0x10/0x10 [ 280.292773][ T7634] ? __pfx_lock_release+0x10/0x10 [ 280.292798][ T7634] ? __lock_acquire+0x1397/0x2100 [ 280.292831][ T7634] should_fail_ex+0x3b0/0x4e0 [ 280.292858][ T7634] _copy_from_user+0x2d/0xb0 [ 280.292878][ T7634] kstrtouint_from_user+0xc6/0x190 [ 280.292908][ T7634] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 280.292939][ T7634] ? __pfx_lock_acquire+0x10/0x10 [ 280.292973][ T7634] proc_fail_nth_write+0xaa/0x2d0 [ 280.293004][ T7634] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 280.293025][ T7634] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 280.293053][ T7634] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 280.293077][ T7634] vfs_write+0x29f/0xd10 [ 280.293109][ T7634] ? fdget_pos+0x254/0x320 [ 280.293133][ T7634] ? __mutex_unlock_slowpath+0x227/0x800 [ 280.293163][ T7634] ? __pfx_vfs_write+0x10/0x10 [ 280.293196][ T7634] ? __fget_files+0x2a/0x410 [ 280.293222][ T7634] ? __fget_files+0x395/0x410 [ 280.293247][ T7634] ? __fget_files+0x2a/0x410 [ 280.293281][ T7634] ksys_write+0x18f/0x2b0 [ 280.293314][ T7634] ? __pfx_ksys_write+0x10/0x10 [ 280.293343][ T7634] ? do_syscall_64+0x100/0x230 [ 280.293370][ T7634] ? do_syscall_64+0xb6/0x230 [ 280.293397][ T7634] do_syscall_64+0xf3/0x230 [ 280.293421][ T7634] ? clear_bhb_loop+0x35/0x90 [ 280.293450][ T7634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.293476][ T7634] RIP: 0033:0x7f3943b8b7df [ 280.293493][ T7634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 280.293509][ T7634] RSP: 002b:00007f3944a39030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 280.293530][ T7634] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3943b8b7df [ 280.293543][ T7634] RDX: 0000000000000001 RSI: 00007f3944a390a0 RDI: 0000000000000004 [ 280.293555][ T7634] RBP: 00007f3944a39090 R08: 0000000000000000 R09: 0000000000000000 [ 280.293567][ T7634] R10: 000000000000006f R11: 0000000000000293 R12: 0000000000000001 [ 280.293578][ T7634] R13: 0000000000000000 R14: 00007f3943da5fa0 R15: 00007ffce7f9b888 [ 280.293608][ T7634] [ 282.810875][ T7663] binder: 7662:7663 ioctl 4018620d 0 returned -22 [ 283.964260][ T7677] FAULT_INJECTION: forcing a failure. [ 283.964260][ T7677] name failslab, interval 1, probability 0, space 0, times 0 [ 284.092897][ T7677] CPU: 1 UID: 0 PID: 7677 Comm: syz.3.459 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 284.092930][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 284.092943][ T7677] Call Trace: [ 284.092952][ T7677] [ 284.092961][ T7677] dump_stack_lvl+0x241/0x360 [ 284.093002][ T7677] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.093036][ T7677] ? __pfx__printk+0x10/0x10 [ 284.093070][ T7677] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 284.093100][ T7677] ? __pfx___might_resched+0x10/0x10 [ 284.093129][ T7677] should_fail_ex+0x3b0/0x4e0 [ 284.093157][ T7677] should_failslab+0xac/0x100 [ 284.093185][ T7677] kmem_cache_alloc_node_noprof+0x77/0x380 [ 284.093211][ T7677] ? __alloc_skb+0x1c3/0x440 [ 284.093243][ T7677] __alloc_skb+0x1c3/0x440 [ 284.093274][ T7677] ? __pfx___alloc_skb+0x10/0x10 [ 284.093304][ T7677] ? netlink_autobind+0xd6/0x2f0 [ 284.093335][ T7677] ? netlink_autobind+0x2b0/0x2f0 [ 284.093371][ T7677] netlink_sendmsg+0x638/0xcb0 [ 284.093414][ T7677] ? __pfx_netlink_sendmsg+0x10/0x10 [ 284.093457][ T7677] ? __pfx_netlink_sendmsg+0x10/0x10 [ 284.093487][ T7677] __sock_sendmsg+0x221/0x270 [ 284.093513][ T7677] ____sys_sendmsg+0x52a/0x7e0 [ 284.093553][ T7677] ? __pfx_____sys_sendmsg+0x10/0x10 [ 284.093581][ T7677] ? __fget_files+0x2a/0x410 [ 284.093612][ T7677] ? __fget_files+0x2a/0x410 [ 284.093647][ T7677] __sys_sendmsg+0x269/0x350 [ 284.093693][ T7677] ? __pfx___sys_sendmsg+0x10/0x10 [ 284.093737][ T7677] ? do_sys_openat2+0x17a/0x1d0 [ 284.093791][ T7677] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 284.093821][ T7677] ? do_syscall_64+0x100/0x230 [ 284.093850][ T7677] ? do_syscall_64+0xb6/0x230 [ 284.093879][ T7677] do_syscall_64+0xf3/0x230 [ 284.093906][ T7677] ? clear_bhb_loop+0x35/0x90 [ 284.093939][ T7677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.093968][ T7677] RIP: 0033:0x7fe9d598cd29 [ 284.093986][ T7677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.094005][ T7677] RSP: 002b:00007fe9d682a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 284.094028][ T7677] RAX: ffffffffffffffda RBX: 00007fe9d5ba5fa0 RCX: 00007fe9d598cd29 [ 284.094043][ T7677] RDX: 0000000000044094 RSI: 0000000020000180 RDI: 0000000000000003 [ 284.094057][ T7677] RBP: 00007fe9d682a090 R08: 0000000000000000 R09: 0000000000000000 [ 284.094070][ T7677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.094082][ T7677] R13: 0000000000000000 R14: 00007fe9d5ba5fa0 R15: 00007ffc4995abd8 [ 284.094111][ T7677] [ 284.439509][ T7683] fuse: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x000000000000000a' [ 286.149837][ T7699] orangefs_mount: mount request failed with -4 [ 286.743773][ T7697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.468'. [ 286.823322][ T7707] netlink: 16 bytes leftover after parsing attributes in process `syz.1.469'. [ 287.872901][ T7712] binder: 7710:7712 ioctl 4018620d 0 returned -22 [ 288.482806][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 289.305991][ T7737] bond0: entered promiscuous mode [ 289.311103][ T7737] bond_slave_0: entered promiscuous mode [ 289.318066][ T7737] bond_slave_1: entered promiscuous mode [ 290.232642][ T7737] dummy0: entered promiscuous mode [ 291.163574][ T7736] bond0: left promiscuous mode [ 291.168696][ T7736] bond_slave_0: left promiscuous mode [ 291.618932][ T7736] bond_slave_1: left promiscuous mode [ 292.072839][ T7736] dummy0: left promiscuous mode [ 292.672923][ T7760] netlink: 16 bytes leftover after parsing attributes in process `syz.3.483'. [ 296.779317][ T7766] input: syz1 as /devices/virtual/input/input9 [ 299.425205][ T7798] netlink: 24 bytes leftover after parsing attributes in process `syz.0.495'. [ 299.434290][ T7798] netlink: 24 bytes leftover after parsing attributes in process `syz.0.495'. [ 301.103266][ T7808] netpci0: tun_chr_ioctl cmd 1074025677 [ 301.109091][ T7808] netpci0: linktype set to 773 [ 303.537084][ T7839] Cannot find set identified by id 0 to match [ 303.562683][ T58] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 303.829928][ T58] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 304.216393][ T58] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 304.246294][ T58] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 304.268964][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 304.298774][ T58] usb 1-1: SerialNumber: syz [ 304.771477][ T58] usb 1-1: 0:2 : does not exist [ 304.821811][ T58] usb 1-1: USB disconnect, device number 12 [ 305.905474][ T7858] binder: BINDER_SET_CONTEXT_MGR already set [ 305.911822][ T7858] binder: 7857:7858 ioctl 4018620d 200002c0 returned -16 [ 305.929742][ T7172] udevd[7172]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 308.031681][ T7873] vivid-000: disconnect [ 309.364565][ T7871] vivid-000: reconnect [ 309.412753][ T7889] netlink: 16 bytes leftover after parsing attributes in process `syz.1.524'. [ 309.684809][ T7893] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 309.694419][ T7893] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 310.016623][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.528'. [ 311.605388][ T5941] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 311.932769][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 311.932790][ T29] audit: type=1326 audit(1737956019.677:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7913 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9d598cd29 code=0x7ffc0000 [ 311.942803][ T5941] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 311.960295][ C0] vkms_vblank_simulate: vblank timer overrun [ 312.107529][ T29] audit: type=1326 audit(1737956019.677:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7913 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9d598cd29 code=0x7ffc0000 [ 312.244787][ T5941] usb 5-1: config 0 has no interface number 0 [ 312.432563][ T29] audit: type=1326 audit(1737956019.677:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7913 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fe9d598cd29 code=0x7ffc0000 [ 312.546449][ T7917] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 312.556129][ T7917] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 312.606628][ T5941] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 312.733932][ T29] audit: type=1326 audit(1737956019.677:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7913 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9d598cd29 code=0x7ffc0000 [ 312.737684][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.229462][ T29] audit: type=1326 audit(1737956019.677:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7913 comm="syz.3.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9d598cd29 code=0x7ffc0000 [ 313.426215][ T5941] usb 5-1: Product: syz [ 313.430455][ T5941] usb 5-1: Manufacturer: syz [ 313.435210][ T5941] usb 5-1: SerialNumber: syz [ 313.452406][ T7926] netlink: 16 bytes leftover after parsing attributes in process `syz.3.536'. [ 313.483617][ T5941] usb 5-1: config 0 descriptor?? [ 313.521608][ T5941] usb 5-1: can't set config #0, error -71 [ 313.548328][ T5941] usb 5-1: USB disconnect, device number 24 [ 314.093496][ T7944] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 315.915668][ T5941] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 316.702580][ T5941] usb 4-1: Using ep0 maxpacket: 32 [ 316.709411][ T5941] usb 4-1: config 0 has an invalid interface number: 78 but max is 0 [ 316.722770][ T5941] usb 4-1: config 0 has no interface number 0 [ 316.728935][ T5941] usb 4-1: config 0 interface 78 has no altsetting 0 [ 316.744983][ T5941] usb 4-1: New USB device found, idVendor=0e41, idProduct=4250, bcdDevice=60.11 [ 316.754371][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.762396][ T5941] usb 4-1: Product: syz [ 316.768189][ T5941] usb 4-1: Manufacturer: syz [ 316.772923][ T5941] usb 4-1: SerialNumber: syz [ 316.779779][ T5941] usb 4-1: config 0 descriptor?? [ 316.793916][ T5941] snd_usb_pod 4-1:0.78: Line 6 BassPODxt found [ 316.894822][ T7962] futex_wake_op: syz.1.546 tries to shift op by 35; fix this program [ 317.094487][ T7959] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 317.104187][ T7959] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 317.246948][ T7964] bond1: entered promiscuous mode [ 317.252827][ T7964] 8021q: adding VLAN 0 to HW filter on device bond1 [ 317.374781][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.381488][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.600044][ T5941] snd_usb_pod 4-1:0.78: set_interface failed [ 317.619202][ T5941] snd_usb_pod 4-1:0.78: Line 6 BassPODxt now disconnected [ 317.639433][ T5941] snd_usb_pod 4-1:0.78: probe with driver snd_usb_pod failed with error -71 [ 317.676604][ T5941] usb 4-1: USB disconnect, device number 16 [ 321.790064][ T8012] orangefs_mount: mount request failed with -4 [ 322.544223][ T8019] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 323.018778][ T8025] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 323.028340][ T8025] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 323.283630][ T8034] loop4: detected capacity change from 0 to 7 [ 323.308249][ T8034] Dev loop4: unable to read RDB block 7 [ 323.316718][ T8034] loop4: unable to read partition table [ 323.333200][ T5875] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 323.404655][ T8034] loop4: partition table beyond EOD, truncated [ 323.416896][ T8035] netlink: 16 bytes leftover after parsing attributes in process `syz.3.567'. [ 323.623141][ T8034] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 323.692695][ T5875] usb 2-1: Using ep0 maxpacket: 32 [ 323.777324][ T5875] usb 2-1: config 0 has an invalid interface number: 78 but max is 0 [ 323.839624][ T5875] usb 2-1: config 0 has no interface number 0 [ 323.862262][ T5875] usb 2-1: config 0 interface 78 has no altsetting 0 [ 323.899535][ T5875] usb 2-1: New USB device found, idVendor=0e41, idProduct=4250, bcdDevice=60.11 [ 323.930908][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.948615][ T5198] Dev loop4: unable to read RDB block 7 [ 324.021558][ T5875] usb 2-1: Product: syz [ 324.052979][ T5198] loop4: unable to read partition table [ 324.058702][ T5875] usb 2-1: Manufacturer: syz [ 324.058728][ T5875] usb 2-1: SerialNumber: syz [ 324.070650][ T5875] usb 2-1: config 0 descriptor?? [ 324.083029][ T5198] loop4: partition table beyond EOD, truncated [ 324.088775][ T5875] snd_usb_pod 2-1:0.78: Line 6 BassPODxt found [ 324.342992][ T8041] netlink: 'syz.2.569': attribute type 3 has an invalid length. [ 324.350868][ T8041] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.569'. [ 324.846075][ T5941] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 324.873148][ T5875] snd_usb_pod 2-1:0.78: endpoint not available, using fallback values [ 324.886667][ T5875] snd_usb_pod 2-1:0.78: invalid control EP [ 324.934299][ T5875] snd_usb_pod 2-1:0.78: cannot start listening: -22 [ 324.947138][ T5875] snd_usb_pod 2-1:0.78: Line 6 BassPODxt now disconnected [ 324.984884][ T8046] netlink: 'syz.0.570': attribute type 3 has an invalid length. [ 324.993162][ T8046] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.570'. [ 325.095985][ T5875] snd_usb_pod 2-1:0.78: probe with driver snd_usb_pod failed with error -22 [ 325.112745][ T5941] usb 5-1: Using ep0 maxpacket: 8 [ 325.539981][ T5941] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 325.563834][ T5941] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 325.609873][ T5941] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 325.626687][ T5941] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 325.640235][ T5941] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 325.657602][ T5941] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 325.668423][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.915430][ T5941] usb 5-1: usb_control_msg returned -32 [ 325.945612][ T5941] usbtmc 5-1:16.0: can't read capabilities [ 326.138630][ T5941] usb 2-1: USB disconnect, device number 8 [ 326.423259][ T8053] ISOFS: Unable to identify CD-ROM format. [ 326.872705][ T5941] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 327.008401][ T8066] netlink: 16 bytes leftover after parsing attributes in process `syz.1.575'. [ 327.842681][ T5840] Bluetooth: hci5: command 0x1003 tx timeout [ 327.850273][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 327.983302][ T5941] usb 1-1: Using ep0 maxpacket: 16 [ 327.989075][ T5876] usb 5-1: USB disconnect, device number 25 [ 328.005810][ T5941] usb 1-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 328.024195][ T5941] usb 1-1: config 0 interface 0 has no altsetting 0 [ 328.031119][ T5941] usb 1-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 328.040290][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.050864][ T5941] usb 1-1: config 0 descriptor?? [ 328.275078][ T8050] binder: 8049:8050 unknown command 0 [ 328.280564][ T8050] binder: 8049:8050 ioctl c0306201 20000540 returned -22 [ 329.271676][ T5941] zydacron 0003:13EC:0006.0006: item fetching failed at offset 2/3 [ 329.280709][ T5941] zydacron 0003:13EC:0006.0006: parse failed [ 329.287687][ T5941] zydacron 0003:13EC:0006.0006: probe with driver zydacron failed with error -22 [ 329.300214][ T5941] usb 1-1: USB disconnect, device number 13 [ 329.370864][ T7175] udevd[7175]: setting mode of /dev/bus/usb/001/013 to 020664 failed: No such file or directory [ 329.389069][ T7175] udevd[7175]: setting owner of /dev/bus/usb/001/013 to uid=0, gid=0 failed: No such file or directory [ 329.422695][ T58] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 329.604701][ T58] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 329.618001][ T58] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 329.635657][ T58] usb 5-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 329.670948][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.705624][ T8070] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 329.716588][ T58] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 330.026279][ T8081] orangefs_mount: mount request failed with -4 [ 330.721594][ T8086] orangefs_mount: mount request failed with -4 [ 332.084217][ T8092] loop4: detected capacity change from 0 to 7 [ 332.156105][ T8092] Dev loop4: unable to read RDB block 7 [ 332.161867][ T8092] loop4: unable to read partition table [ 332.298342][ T8092] loop4: partition table beyond EOD, truncated [ 332.349207][ T8092] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 333.017782][ T58] usb 5-1: USB disconnect, device number 26 [ 334.006881][ T8109] netlink: 8 bytes leftover after parsing attributes in process `syz.4.586'. [ 335.214747][ T8122] Cannot find del_set index 29 as target [ 337.022824][ T5882] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 338.097648][ T5882] usb 4-1: device descriptor read/64, error -71 [ 338.413712][ T8152] process 'syz.4.597' launched './file2' with NULL argv: empty string added [ 338.642659][ T46] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 338.884080][ T5882] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 338.994318][ T8161] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 339.004113][ T8161] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 339.228542][ T5882] usb 4-1: device descriptor read/64, error -71 [ 339.384076][ T5882] usb usb4-port1: attempt power cycle [ 339.720255][ T46] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 339.897937][ T46] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 339.923610][ T46] usb 2-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 339.953586][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.085923][ T8150] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 340.310549][ T46] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 340.604057][ T8170] Cannot find set identified by id 0 to match [ 341.422716][ T29] audit: type=1326 audit(1737956049.157:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8169 comm="syz.2.603" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf58d8cd29 code=0x0 [ 343.002390][ T5874] usb 2-1: USB disconnect, device number 9 [ 343.447544][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 344.446597][ T8206] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 344.458880][ T8205] IPVS: stopping master sync thread 8206 ... [ 344.622560][ T5882] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 344.660813][ T5941] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 344.664871][ T8208] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 344.675187][ T8208] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 344.683932][ T8208] vhci_hcd vhci_hcd.0: Device attached [ 344.803230][ T5882] usb 1-1: config 0 has an invalid interface number: 65 but max is 0 [ 344.821650][ T5882] usb 1-1: config 0 has no interface number 0 [ 344.841039][ T5882] usb 1-1: New USB device found, idVendor=06cd, idProduct=0119, bcdDevice=de.0f [ 344.860645][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.882398][ T5882] usb 1-1: config 0 descriptor?? [ 344.884863][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.901129][ T5882] keyspan 1-1:0.65: Keyspan 1 port adapter converter detected [ 344.923041][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 87 [ 344.938683][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.943008][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 7 [ 344.961001][ T5941] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 344.969986][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 81 [ 344.974854][ T5941] usb 2-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 344.987910][ T9] usb 38-1: SetAddress Request (2) to port 0 [ 344.990934][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.106332][ T5941] usb 2-1: config 0 descriptor?? [ 345.265232][ T8209] vhci_hcd: connection closed [ 345.276205][ T1032] vhci_hcd: stop threads [ 345.337620][ T1032] vhci_hcd: release socket [ 345.373975][ T8203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.398338][ T1032] vhci_hcd: disconnect device [ 345.420882][ T8203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.515025][ T9] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 345.523025][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 1 [ 345.530786][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 2 [ 345.539217][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 85 [ 345.547364][ T5882] keyspan 1-1:0.65: found no endpoint descriptor for endpoint 5 [ 345.559537][ T9] usb 38-1: enqueue for inactive port 0 [ 345.569926][ T5882] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 345.581673][ T5882] usb 1-1: USB disconnect, device number 14 [ 345.591513][ T5882] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 345.612839][ T5882] keyspan 1-1:0.65: device disconnected [ 345.672070][ T5941] betop 0003:11C0:5506.0007: unbalanced delimiter at end of report description [ 345.699306][ T5941] betop 0003:11C0:5506.0007: parse failed [ 345.708477][ T5941] betop 0003:11C0:5506.0007: probe with driver betop failed with error -22 [ 346.935804][ T9] usb usb38-port1: attempt power cycle [ 348.072594][ T5874] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 348.855220][ T5941] usb 2-1: USB disconnect, device number 10 [ 348.892777][ T5874] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 348.912517][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 348.951994][ T5874] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 349.004735][ T5874] usb 3-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 349.016058][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.026932][ T5874] usb 3-1: Product: syz [ 349.031300][ T5874] usb 3-1: Manufacturer: syz [ 349.036127][ T5874] usb 3-1: SerialNumber: syz [ 349.047289][ T5874] usb 3-1: config 0 descriptor?? [ 349.054912][ T9] usb usb38-port1: unable to enumerate USB device [ 349.194308][ T8247] netlink: 8 bytes leftover after parsing attributes in process `syz.3.619'. [ 349.403586][ T8248] netlink: 60 bytes leftover after parsing attributes in process `syz.1.621'. [ 349.881169][ T5941] usb 3-1: USB disconnect, device number 15 [ 350.253146][ T8257] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 350.262846][ T8257] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 350.477015][ T8256] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 350.730063][ T8264] 9pnet_virtio: no channels available for device syz [ 352.012652][ T8] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 352.202649][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 352.245754][ T8] usb 4-1: config 0 has an invalid interface number: 237 but max is 0 [ 352.263366][ T8] usb 4-1: config 0 has no interface number 0 [ 352.274992][ T8] usb 4-1: New USB device found, idVendor=093a, idProduct=2460, bcdDevice=2a.87 [ 352.292600][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.310985][ T8] usb 4-1: Product: syz [ 352.315305][ T8] usb 4-1: Manufacturer: syz [ 352.320114][ T8] usb 4-1: SerialNumber: syz [ 352.336239][ T8] usb 4-1: config 0 descriptor?? [ 352.351430][ T8288] netlink: 'syz.2.632': attribute type 20 has an invalid length. [ 352.397526][ T8289] netlink: 168 bytes leftover after parsing attributes in process `syz.2.632'. [ 352.548445][ T8276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.574125][ T8276] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.254486][ T8307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.636'. [ 353.310998][ T8311] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 354.237580][ T8318] ======================================================= [ 354.237580][ T8318] WARNING: The mand mount option has been deprecated and [ 354.237580][ T8318] and is ignored by this kernel. Remove the mand [ 354.237580][ T8318] option from the mount to silence this warning. [ 354.237580][ T8318] ======================================================= [ 354.272724][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.520392][ T8322] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 354.530223][ T8322] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 354.587524][ T8] gspca_main: pac207-2.14.0 probing 093a:2460 [ 354.618294][ T8] gspca_pac207: Failed to read a register (index 0x0000, error -71) [ 354.660606][ T8] usb 4-1: USB disconnect, device number 20 [ 355.092341][ T8332] kvm: pic: non byte write [ 355.604098][ T8343] 9pnet_virtio: no channels available for device syz [ 356.566950][ T8351] binder: BINDER_SET_CONTEXT_MGR already set [ 356.573091][ T8351] binder: 8344:8351 ioctl 4018620d 20000040 returned -16 [ 358.530300][ T8364] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 359.102881][ T8] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 359.117083][ T8379] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 359.126707][ T8379] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 359.302671][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 359.316024][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 359.341489][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.360035][ T8] usb 1-1: Product: syz [ 359.381460][ T8] usb 1-1: Manufacturer: syz [ 359.399308][ T8] usb 1-1: SerialNumber: syz [ 359.423976][ T8] usb 1-1: config 0 descriptor?? [ 359.597372][ T8383] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 359.804479][ T8] usb read operation failed. (-32) [ 360.296852][ T8] usb write operation failed. (-71) [ 360.512971][ T8] usb write operation failed. (-71) [ 360.543356][ T8] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in cold state [ 360.551952][ T8] usb 1-1: Direct firmware load for dvb-usb-terratec-h7-az6007.fw failed with error -2 [ 360.606664][ T8] usb 1-1: Falling back to sysfs fallback for: dvb-usb-terratec-h7-az6007.fw [ 360.917965][ T8394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.662'. [ 360.930498][ T8398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.661'. [ 361.001651][ T8394] netlink: 8 bytes leftover after parsing attributes in process `syz.3.662'. [ 361.334019][ T8403] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 362.199637][ T8405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.665'. [ 363.092840][ T5941] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 363.262756][ T5941] usb 4-1: Using ep0 maxpacket: 8 [ 363.344982][ T5941] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 363.348758][ T29] audit: type=1326 audit(1737956071.037:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 363.379649][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.404449][ T29] audit: type=1326 audit(1737956071.037:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 363.412540][ T5941] usb 4-1: Product: syz [ 363.482053][ T5941] usb 4-1: Manufacturer: syz [ 363.505467][ T5941] usb 4-1: SerialNumber: syz [ 363.580297][ T5941] usb 4-1: config 0 descriptor?? [ 363.580365][ T29] audit: type=1326 audit(1737956071.057:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 363.606678][ T5941] gspca_main: sq930x-2.14.0 probing 2770:930c [ 363.710943][ T29] audit: type=1326 audit(1737956071.057:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 363.736431][ T29] audit: type=1326 audit(1737956071.077:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 363.865421][ T29] audit: type=1326 audit(1737956071.087:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6452b8cd63 code=0x7ffc0000 [ 363.888796][ T29] audit: type=1326 audit(1737956071.187:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6452b8cd63 code=0x7ffc0000 [ 363.910939][ T29] audit: type=1326 audit(1737956071.227:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 363.952667][ T29] audit: type=1326 audit(1737956071.227:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 364.005380][ T29] audit: type=1326 audit(1737956071.397:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8420 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6452b8cd29 code=0x7ffc0000 [ 365.042714][ T5941] gspca_sq930x: reg_w 0105 0f00 failed -71 [ 365.048715][ T5941] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 365.144238][ T5941] usb 4-1: USB disconnect, device number 21 [ 365.269847][ T8437] futex_wake_op: syz.2.673 tries to shift op by -1; fix this program [ 365.372684][ T8440] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 365.404558][ T8439] hsr_slave_0: left promiscuous mode [ 365.415119][ T8439] hsr_slave_1: left promiscuous mode [ 365.471718][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.0.675'. [ 365.527289][ T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 365.577166][ T8443] FAULT_INJECTION: forcing a failure. [ 365.577166][ T8443] name failslab, interval 1, probability 0, space 0, times 0 [ 365.591097][ T8443] CPU: 0 UID: 0 PID: 8443 Comm: syz.1.676 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 365.591123][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 365.591148][ T8443] Call Trace: [ 365.591156][ T8443] [ 365.591165][ T8443] dump_stack_lvl+0x241/0x360 [ 365.591208][ T8443] ? __pfx_dump_stack_lvl+0x10/0x10 [ 365.591242][ T8443] ? __pfx__printk+0x10/0x10 [ 365.591288][ T8443] should_fail_ex+0x3b0/0x4e0 [ 365.591316][ T8443] should_failslab+0xac/0x100 [ 365.591342][ T8443] ? skb_clone+0x20c/0x390 [ 365.591373][ T8443] kmem_cache_alloc_noprof+0x70/0x380 [ 365.591407][ T8443] skb_clone+0x20c/0x390 [ 365.591454][ T8443] ? dev_queue_xmit_nit+0x3fe/0xca0 [ 365.591484][ T8443] dev_queue_xmit_nit+0x249/0xca0 [ 365.591512][ T8443] ? dev_queue_xmit_nit+0x2b/0xca0 [ 365.591539][ T8443] ? validate_xmit_skb+0x9b8/0xff0 [ 365.591574][ T8443] dev_hard_start_xmit+0x15f/0x7d0 [ 365.591606][ T8443] ? __pfx_validate_xmit_skb+0x10/0x10 [ 365.591665][ T8443] __dev_queue_xmit+0x1b73/0x3f50 [ 365.591696][ T8443] ? kasan_save_track+0x51/0x80 [ 365.591722][ T8443] ? ____sys_sendmsg+0x52a/0x7e0 [ 365.591757][ T8443] ? __dev_queue_xmit+0x2f4/0x3f50 [ 365.591793][ T8443] ? __pfx___dev_queue_xmit+0x10/0x10 [ 365.591843][ T8443] ? __copy_skb_header+0x437/0x5b0 [ 365.591875][ T8443] ? __asan_memcpy+0x40/0x70 [ 365.591907][ T8443] ? __copy_skb_header+0x437/0x5b0 [ 365.591943][ T8443] ? __skb_clone+0x454/0x6c0 [ 365.591982][ T8443] ? skb_clone+0x240/0x390 [ 365.592017][ T8443] __netlink_deliver_tap+0x56b/0x7f0 [ 365.592061][ T8443] ? netlink_deliver_tap+0x2e/0x1b0 [ 365.592090][ T8443] netlink_deliver_tap+0x19d/0x1b0 [ 365.592122][ T8443] netlink_unicast+0x7c4/0x990 [ 365.592159][ T8443] ? __pfx_netlink_unicast+0x10/0x10 [ 365.592184][ T8443] ? __virt_addr_valid+0x45f/0x530 [ 365.592215][ T8443] ? __phys_addr_symbol+0x2f/0x70 [ 365.592243][ T8443] ? __check_object_size+0x47a/0x730 [ 365.592275][ T8443] netlink_sendmsg+0x8e4/0xcb0 [ 365.592319][ T8443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 365.592364][ T8443] ? __pfx_netlink_sendmsg+0x10/0x10 [ 365.592393][ T8443] __sock_sendmsg+0x221/0x270 [ 365.592420][ T8443] ____sys_sendmsg+0x52a/0x7e0 [ 365.592469][ T8443] ? __pfx_____sys_sendmsg+0x10/0x10 [ 365.592497][ T8443] ? __fget_files+0x2a/0x410 [ 365.592527][ T8443] ? __fget_files+0x2a/0x410 [ 365.592565][ T8443] __sys_sendmsg+0x269/0x350 [ 365.592602][ T8443] ? __pfx___sys_sendmsg+0x10/0x10 [ 365.592647][ T8443] ? do_sys_openat2+0x17a/0x1d0 [ 365.592705][ T8443] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 365.592735][ T8443] ? do_syscall_64+0x100/0x230 [ 365.592766][ T8443] ? do_syscall_64+0xb6/0x230 [ 365.592796][ T8443] do_syscall_64+0xf3/0x230 [ 365.592822][ T8443] ? clear_bhb_loop+0x35/0x90 [ 365.592855][ T8443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.592883][ T8443] RIP: 0033:0x7fb05538cd29 [ 365.592903][ T8443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.592922][ T8443] RSP: 002b:00007fb056118038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 365.592945][ T8443] RAX: ffffffffffffffda RBX: 00007fb0555a5fa0 RCX: 00007fb05538cd29 [ 365.592960][ T8443] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003 [ 365.592973][ T8443] RBP: 00007fb056118090 R08: 0000000000000000 R09: 0000000000000000 [ 365.592986][ T8443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 365.592998][ T8443] R13: 0000000000000000 R14: 00007fb0555a5fa0 R15: 00007fffb7acc838 [ 365.593031][ T8443] [ 365.990644][ T8443] netlink: 96 bytes leftover after parsing attributes in process `syz.1.676'. [ 365.999747][ T8443] netlink: 12 bytes leftover after parsing attributes in process `syz.1.676'. [ 366.010026][ T8443] netlink: 40 bytes leftover after parsing attributes in process `syz.1.676'. [ 366.065779][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.076915][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.116448][ T9] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 366.125713][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.157966][ T9] usb 5-1: config 0 descriptor?? [ 366.440252][ T8436] netlink: 'syz.4.674': attribute type 39 has an invalid length. [ 366.848344][ T9] itetech 0003:06CB:73F5.0008: unknown main item tag 0x0 [ 366.906511][ T9] itetech 0003:06CB:73F5.0008: unbalanced collection at end of report description [ 367.009539][ T8457] openvswitch: netlink: Tunnel attr 54 out of range max 16 [ 367.743270][ T8455] netlink: 16 bytes leftover after parsing attributes in process `syz.2.679'. [ 367.977585][ T9] itetech 0003:06CB:73F5.0008: probe with driver itetech failed with error -22 [ 368.602248][ T8469] netlink: 24 bytes leftover after parsing attributes in process `syz.0.685'. [ 370.092342][ T5941] usb 5-1: USB disconnect, device number 27 [ 370.320769][ T8485] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 370.365541][ T8485] netlink: 12 bytes leftover after parsing attributes in process `syz.4.689'. [ 370.382668][ T8485] tipc: Enabling of bearer rejected, failed to enable media [ 371.189072][ T8496] netlink: 16 bytes leftover after parsing attributes in process `syz.3.693'. [ 372.619898][ T8504] 9pnet_virtio: no channels available for device syz [ 374.264915][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 374.264954][ T29] audit: type=1326 audit(1737956081.237:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 374.330445][ T29] audit: type=1326 audit(1737956081.237:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 374.436079][ T29] audit: type=1326 audit(1737956082.117:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 374.480120][ T29] audit: type=1326 audit(1737956082.117:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 374.526650][ T8520] x_tables: duplicate underflow at hook 1 [ 374.553123][ T8520] dccp_invalid_packet: P.type (CLOSEREQ) not Data || [Data]Ack, while P.X == 0 [ 374.562543][ T29] audit: type=1326 audit(1737956082.117:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 375.055548][ T29] audit: type=1326 audit(1737956082.117:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 375.126535][ T29] audit: type=1326 audit(1737956082.117:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 375.192899][ T29] audit: type=1326 audit(1737956082.117:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 375.252789][ T29] audit: type=1326 audit(1737956082.127:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb05538b690 code=0x7ffc0000 [ 375.302603][ T29] audit: type=1326 audit(1737956082.127:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.1.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05538cd29 code=0x7ffc0000 [ 376.136270][ T8530] FAULT_INJECTION: forcing a failure. [ 376.136270][ T8530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 376.195191][ T8530] CPU: 1 UID: 0 PID: 8530 Comm: syz.1.702 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 376.195220][ T8530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 376.195234][ T8530] Call Trace: [ 376.195241][ T8530] [ 376.195250][ T8530] dump_stack_lvl+0x241/0x360 [ 376.195291][ T8530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.195325][ T8530] ? __pfx__printk+0x10/0x10 [ 376.195358][ T8530] ? __pfx_lock_release+0x10/0x10 [ 376.195394][ T8530] should_fail_ex+0x3b0/0x4e0 [ 376.195422][ T8530] _copy_from_user+0x2d/0xb0 [ 376.195443][ T8530] copy_msghdr_from_user+0xae/0x680 [ 376.195475][ T8530] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 376.195497][ T8530] ? __fget_files+0x2a/0x410 [ 376.195527][ T8530] ? __fget_files+0x2a/0x410 [ 376.195562][ T8530] __sys_sendmsg+0x209/0x350 [ 376.195599][ T8530] ? __pfx___sys_sendmsg+0x10/0x10 [ 376.195650][ T8530] ? do_sys_openat2+0x17a/0x1d0 [ 376.195704][ T8530] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 376.195734][ T8530] ? do_syscall_64+0x100/0x230 [ 376.195764][ T8530] ? do_syscall_64+0xb6/0x230 [ 376.195792][ T8530] do_syscall_64+0xf3/0x230 [ 376.195818][ T8530] ? clear_bhb_loop+0x35/0x90 [ 376.195851][ T8530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.195878][ T8530] RIP: 0033:0x7fb05538cd29 [ 376.195896][ T8530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.195914][ T8530] RSP: 002b:00007fb056118038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 376.195937][ T8530] RAX: ffffffffffffffda RBX: 00007fb0555a5fa0 RCX: 00007fb05538cd29 [ 376.195952][ T8530] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 376.195965][ T8530] RBP: 00007fb056118090 R08: 0000000000000000 R09: 0000000000000000 [ 376.195978][ T8530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 376.195990][ T8530] R13: 0000000000000000 R14: 00007fb0555a5fa0 R15: 00007fffb7acc838 [ 376.196021][ T8530] [ 376.936790][ T8540] netlink: 16 bytes leftover after parsing attributes in process `syz.1.706'. [ 378.772617][ T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 378.806777][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.816419][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.022638][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 379.054559][ T9] usb 4-1: no configurations [ 379.059217][ T9] usb 4-1: can't read configurations, error -22 [ 379.712583][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 380.489274][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 380.540790][ T9] usb 4-1: no configurations [ 380.598422][ T9] usb 4-1: can't read configurations, error -22 [ 380.644350][ T8578] 9pnet_virtio: no channels available for device syz [ 380.659749][ T9] usb usb4-port1: attempt power cycle [ 381.056990][ T8582] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 381.066592][ T8582] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 382.193141][ T8594] netlink: 16 bytes leftover after parsing attributes in process `syz.0.719'. [ 382.562722][ T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 382.795100][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.822944][ T5876] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 382.897285][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 382.917620][ T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 382.962730][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.004328][ T9] usb 4-1: config 0 descriptor?? [ 383.009522][ T5876] usb 5-1: Using ep0 maxpacket: 8 [ 383.057708][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 383.092632][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 383.152605][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 383.232603][ T5876] usb 5-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00 [ 383.241744][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.339176][ T5876] usb 5-1: config 0 descriptor?? [ 383.451277][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.524530][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.550629][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.580898][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.615081][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.637321][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.670220][ T9] pyra 0003:1E7D:2CF6.0009: unknown main item tag 0x0 [ 383.714840][ T9] pyra 0003:1E7D:2CF6.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 383.735093][ T8602] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 383.800474][ T8602] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 383.827226][ T5876] wacom 0003:056A:033B.000A: Unknown device_type for 'HID 056a:033b'. Assuming pen. [ 383.907680][ T5876] wacom 0003:056A:033B.000A: hidraw1: USB HID v0.00 Device [HID 056a:033b] on usb-dummy_hcd.4-1/input0 [ 383.908289][ T8602] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 383.928260][ T5876] input: Wacom Intuos S 2 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:033B.000A/input/input10 [ 383.993391][ T8602] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 384.025759][ T5876] usb 5-1: USB disconnect, device number 28 [ 384.281426][ T8602] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 384.324086][ T8602] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 384.330289][ T8602] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 384.638541][ T8606] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 385.232882][ T8608] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 385.242573][ T8608] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 385.523850][ T9] pyra 0003:1E7D:2CF6.0009: couldn't init struct pyra_device [ 385.550310][ T9] pyra 0003:1E7D:2CF6.0009: couldn't install mouse [ 385.853149][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 385.884073][ T9] pyra 0003:1E7D:2CF6.0009: probe with driver pyra failed with error -71 [ 385.896185][ T9] usb 4-1: USB disconnect, device number 25 [ 385.922669][ T5828] Bluetooth: hci2: command 0x0406 tx timeout [ 386.323011][ T5828] Bluetooth: hci3: command 0x0406 tx timeout [ 386.402608][ T5828] Bluetooth: hci4: command 0x0406 tx timeout [ 386.495078][ T46] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 386.656547][ T8631] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 387.482568][ T46] usb 3-1: device descriptor read/64, error -71 [ 387.534279][ T8632] netlink: 'syz.1.732': attribute type 3 has an invalid length. [ 387.542409][ T8632] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.732'. [ 387.982806][ T46] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 388.002735][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 388.008824][ T5828] Bluetooth: hci2: command 0x0406 tx timeout [ 388.192658][ T46] usb 3-1: device descriptor read/64, error -71 [ 388.482703][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 388.708025][ T46] usb usb3-port1: attempt power cycle [ 389.188646][ T8643] netlink: 16 bytes leftover after parsing attributes in process `syz.0.733'. [ 389.422958][ T46] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 389.683821][ T8647] netlink: 16 bytes leftover after parsing attributes in process `syz.1.736'. [ 390.253916][ T46] usb 3-1: device descriptor read/8, error -71 [ 390.260636][ T8649] 9pnet_virtio: no channels available for device syz [ 390.388223][ T8650] netlink: 16 bytes leftover after parsing attributes in process `syz.3.737'. [ 391.554316][ T46] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 392.087808][ T46] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 392.128446][ T46] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 392.218400][ T46] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 392.242320][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.347291][ T46] usb 3-1: config 0 descriptor?? [ 392.362365][ T46] usb-storage 3-1:0.0: USB Mass Storage device detected [ 392.399874][ T46] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 392.576059][ T8653] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.617943][ T9] usb 3-1: USB disconnect, device number 19 [ 394.567176][ T8694] netlink: 'syz.3.750': attribute type 3 has an invalid length. [ 394.575314][ T8694] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.750'. [ 395.195514][ T8698] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 395.205082][ T8698] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 396.772933][ T5876] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 397.082080][ T5876] usb 3-1: Using ep0 maxpacket: 16 [ 397.111986][ T5876] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 397.128158][ T5876] usb 3-1: config 0 has no interface number 0 [ 397.157300][ T5876] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.272544][ T5876] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 397.307229][ T5876] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 397.351608][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.384897][ T5876] usb 3-1: config 0 descriptor?? [ 397.817059][ T5876] uclogic 0003:28BD:0071.000B: pen parameters not found [ 397.887574][ T5876] uclogic 0003:28BD:0071.000B: interface is invalid, ignoring [ 399.815218][ T5824] usb 3-1: USB disconnect, device number 20 [ 400.160671][ T8801] nvme_fabrics: missing parameter 'transport=%s' [ 400.272717][ T8801] nvme_fabrics: missing parameter 'nqn=%s' [ 401.360509][ T8816] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 403.814907][ T8839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.769'. [ 404.579820][ T8846] netlink: 16 bytes leftover after parsing attributes in process `syz.3.768'. [ 408.528264][ T8881] netlink: 'syz.4.778': attribute type 3 has an invalid length. [ 408.536617][ T8881] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.778'. [ 409.199056][ T8883] FAULT_INJECTION: forcing a failure. [ 409.199056][ T8883] name failslab, interval 1, probability 0, space 0, times 0 [ 409.211859][ T8883] CPU: 1 UID: 0 PID: 8883 Comm: syz.3.782 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 409.211885][ T8883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 409.211897][ T8883] Call Trace: [ 409.211906][ T8883] [ 409.211915][ T8883] dump_stack_lvl+0x241/0x360 [ 409.211951][ T8883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 409.211983][ T8883] ? __pfx__printk+0x10/0x10 [ 409.212014][ T8883] ? fs_reclaim_acquire+0x93/0x130 [ 409.212044][ T8883] ? __pfx___might_resched+0x10/0x10 [ 409.212070][ T8883] should_fail_ex+0x3b0/0x4e0 [ 409.212095][ T8883] should_failslab+0xac/0x100 [ 409.212121][ T8883] __kmalloc_noprof+0xdd/0x4c0 [ 409.212145][ T8883] ? tomoyo_encode+0x26f/0x540 [ 409.212176][ T8883] tomoyo_encode+0x26f/0x540 [ 409.212210][ T8883] tomoyo_realpath_from_path+0x59e/0x5e0 [ 409.212251][ T8883] tomoyo_path_number_perm+0x236/0x860 [ 409.212274][ T8883] ? __lock_acquire+0x1397/0x2100 [ 409.212302][ T8883] ? tomoyo_path_number_perm+0x206/0x860 [ 409.212329][ T8883] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 409.212392][ T8883] ? __fget_files+0x2a/0x410 [ 409.212442][ T8883] ? __fget_files+0x2a/0x410 [ 409.212472][ T8883] security_file_ioctl+0xc6/0x2a0 [ 409.212503][ T8883] __se_sys_ioctl+0x46/0x170 [ 409.212537][ T8883] do_syscall_64+0xf3/0x230 [ 409.212563][ T8883] ? clear_bhb_loop+0x35/0x90 [ 409.212596][ T8883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.212623][ T8883] RIP: 0033:0x7fe9d598cd29 [ 409.212642][ T8883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.212659][ T8883] RSP: 002b:00007fe9d682a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 409.212681][ T8883] RAX: ffffffffffffffda RBX: 00007fe9d5ba5fa0 RCX: 00007fe9d598cd29 [ 409.212697][ T8883] RDX: 0000000020000040 RSI: 0000000000002284 RDI: 0000000000000007 [ 409.212709][ T8883] RBP: 00007fe9d682a090 R08: 0000000000000000 R09: 0000000000000000 [ 409.212722][ T8883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.212734][ T8883] R13: 0000000000000000 R14: 00007fe9d5ba5fa0 R15: 00007ffc4995abd8 [ 409.212765][ T8883] [ 409.425254][ T8883] ERROR: Out of memory at tomoyo_realpath_from_path. [ 411.266196][ T8898] netlink: 16 bytes leftover after parsing attributes in process `syz.4.783'. [ 411.343509][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 414.294925][ T5882] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 414.442531][ T5882] usb 3-1: device descriptor read/64, error -71 [ 414.923632][ T5882] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 416.136949][ T5882] usb 3-1: device descriptor read/64, error -71 [ 416.267937][ T5882] usb usb3-port1: attempt power cycle [ 416.642616][ T5882] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 416.683079][ T5882] usb 3-1: device descriptor read/8, error -71 [ 417.014746][ T5882] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 417.442613][ T5882] usb 3-1: device descriptor read/8, error -71 [ 417.763180][ T8956] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 417.772754][ T8956] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 417.810157][ T5882] usb usb3-port1: unable to enumerate USB device [ 418.224445][ T5882] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 418.714258][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 418.726745][ T5882] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 418.742952][ T5882] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 418.772057][ T8969] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 418.906592][ T5882] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 418.952621][ T5882] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 419.023454][ T5882] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 419.070860][ T5882] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 419.266784][ T8975] FAULT_INJECTION: forcing a failure. [ 419.266784][ T8975] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 419.280054][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.299202][ T8975] CPU: 0 UID: 0 PID: 8975 Comm: syz.3.808 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 419.299233][ T8975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 419.299246][ T8975] Call Trace: [ 419.299255][ T8975] [ 419.299264][ T8975] dump_stack_lvl+0x241/0x360 [ 419.299325][ T8975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.299358][ T8975] ? __pfx__printk+0x10/0x10 [ 419.299390][ T8975] ? __lock_acquire+0x1397/0x2100 [ 419.299424][ T8975] should_fail_ex+0x3b0/0x4e0 [ 419.299452][ T8975] prepare_alloc_pages+0x1da/0x5b0 [ 419.299481][ T8975] __alloc_pages_noprof+0x16f/0x710 [ 419.299507][ T8975] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 419.299547][ T8975] alloc_pages_mpol_noprof+0x3e1/0x780 [ 419.299579][ T8975] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 419.299604][ T8975] ? mark_lock+0x9a/0x360 [ 419.299635][ T8975] ? __import_iovec+0x590/0x870 [ 419.299654][ T8975] ? alloc_pages_noprof+0xef/0x170 [ 419.299682][ T8975] get_free_pages_noprof+0xc/0x30 [ 419.299702][ T8975] environ_read+0xc3/0x460 [ 419.299744][ T8975] vfs_readv+0x6bc/0xa80 [ 419.299780][ T8975] ? __pfx_environ_read+0x10/0x10 [ 419.299811][ T8975] ? __pfx_vfs_readv+0x10/0x10 [ 419.299834][ T8975] ? vfs_write+0x7fa/0xd10 [ 419.299880][ T8975] ? __fget_files+0x2a/0x410 [ 419.299908][ T8975] ? __fget_files+0x395/0x410 [ 419.299933][ T8975] ? __fget_files+0x2a/0x410 [ 419.299967][ T8975] __x64_sys_preadv+0x1b7/0x2d0 [ 419.299990][ T8975] ? __pfx___x64_sys_preadv+0x10/0x10 [ 419.300013][ T8975] ? do_syscall_64+0x100/0x230 [ 419.300041][ T8975] ? do_syscall_64+0xb6/0x230 [ 419.300070][ T8975] do_syscall_64+0xf3/0x230 [ 419.300095][ T8975] ? clear_bhb_loop+0x35/0x90 [ 419.300127][ T8975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.300155][ T8975] RIP: 0033:0x7fe9d598cd29 [ 419.300173][ T8975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.300190][ T8975] RSP: 002b:00007fe9d682a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 419.300213][ T8975] RAX: ffffffffffffffda RBX: 00007fe9d5ba5fa0 RCX: 00007fe9d598cd29 [ 419.300228][ T8975] RDX: 0000000000000001 RSI: 0000000020001400 RDI: 0000000000000003 [ 419.300241][ T8975] RBP: 00007fe9d682a090 R08: 0000000000001000 R09: 0000000000000000 [ 419.300254][ T8975] R10: 0000000000c002a0 R11: 0000000000000246 R12: 0000000000000001 [ 419.300267][ T8975] R13: 0000000000000000 R14: 00007fe9d5ba5fa0 R15: 00007ffc4995abd8 [ 419.300303][ T8975] [ 420.515033][ T5882] usb 3-1: usb_control_msg returned -32 [ 420.520687][ T5882] usbtmc 3-1:16.0: can't read capabilities [ 420.940516][ T8984] ISOFS: Unable to identify CD-ROM format. [ 421.392065][ T8995] capability: warning: `syz.4.813' uses 32-bit capabilities (legacy support in use) [ 421.432341][ T8995] netlink: 'syz.4.813': attribute type 3 has an invalid length. [ 422.300223][ T9001] netlink: 'syz.3.814': attribute type 10 has an invalid length. [ 422.310369][ T9001] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.318188][ T9001] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.343560][ T9001] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.350760][ T9001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 422.359329][ T9001] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.367001][ T9001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 422.390409][ T9001] : (slave bridge0): Enslaving as an active interface with an up link [ 422.415475][ T9001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.814'. [ 422.425094][ T9001] bridge_slave_1: left allmulticast mode [ 422.430780][ T9001] bridge_slave_1: left promiscuous mode [ 422.436617][ T9001] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.676358][ T9001] bridge_slave_0: left allmulticast mode [ 422.682177][ T9001] bridge_slave_0: left promiscuous mode [ 422.689131][ T9001] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.802729][ T9001] : (slave bridge0): Releasing backup interface [ 423.110693][ T5941] usb 3-1: USB disconnect, device number 25 [ 423.212613][ T46] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 423.382929][ T9005] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 423.392589][ T9005] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 423.522912][ T5876] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 423.612658][ T46] usb 4-1: Using ep0 maxpacket: 32 [ 423.680307][ T46] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 423.741217][ T5876] usb 5-1: config 0 has an invalid interface number: 76 but max is 0 [ 423.776704][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.800915][ T5876] usb 5-1: config 0 has no interface number 0 [ 423.877301][ T5876] usb 5-1: config 0 interface 76 has no altsetting 0 [ 423.917115][ T46] usb 4-1: config 0 descriptor?? [ 423.996249][ T5876] usb 5-1: New USB device found, idVendor=2304, idProduct=020f, bcdDevice=f0.08 [ 424.232486][ C0] [ 424.234869][ C0] ============================= [ 424.239750][ C0] [ BUG: Invalid wait context ] [ 424.244618][ C0] 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Not tainted [ 424.251407][ C0] ----------------------------- [ 424.256269][ C0] syz.2.818/9017 is trying to lock: [ 424.261480][ C0] ffff88813fffca18 (&zone->lock){-.-.}-{3:3}, at: get_page_from_freelist+0xb41/0x37a0 [ 424.271103][ C0] other info that might help us debug this: [ 424.277003][ C0] context-{2:2} [ 424.280473][ C0] 2 locks held by syz.2.818/9017: [ 424.285504][ C0] #0: ffff88802f993c60 (&mm->mmap_lock){++++}-{4:4}, at: __mm_populate+0x1b0/0x460 [ 424.294951][ C0] #1: ffff8880b86447d8 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x7d7/0x37a0 [ 424.305099][ C0] stack backtrace: [ 424.308836][ C0] CPU: 0 UID: 0 PID: 9017 Comm: syz.2.818 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 424.308862][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 424.308875][ C0] Call Trace: [ 424.308884][ C0] [ 424.308892][ C0] dump_stack_lvl+0x241/0x360 [ 424.308930][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 424.308963][ C0] ? __pfx__printk+0x10/0x10 [ 424.309001][ C0] ? sched_clock_cpu+0x76/0x490 [ 424.309025][ C0] __lock_acquire+0x15a8/0x2100 [ 424.309058][ C0] lock_acquire+0x1ed/0x550 [ 424.309081][ C0] ? get_page_from_freelist+0xb41/0x37a0 [ 424.309106][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 424.309129][ C0] ? __pfx_validate_chain+0x10/0x10 [ 424.309159][ C0] ? validate_chain+0x11e/0x5920 [ 424.309187][ C0] ? __pfx_validate_chain+0x10/0x10 [ 424.309215][ C0] ? validate_chain+0x11e/0x5920 [ 424.309248][ C0] _raw_spin_lock_irqsave+0xd5/0x120 [ 424.309267][ C0] ? get_page_from_freelist+0xb41/0x37a0 [ 424.309287][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 424.309311][ C0] get_page_from_freelist+0xb41/0x37a0 [ 424.309353][ C0] __alloc_pages_noprof+0x292/0x710 [ 424.309374][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 424.309393][ C0] ? 0xffffffffa0001b74 [ 424.309410][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 424.309433][ C0] ? __kernel_text_address+0xd/0x40 [ 424.309462][ C0] ? unwind_get_return_address+0x4d/0x90 [ 424.309490][ C0] alloc_pages_mpol_noprof+0x3e1/0x780 [ 424.309517][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 424.309541][ C0] ? stack_trace_save+0x118/0x1d0 [ 424.309560][ C0] ? alloc_pages_noprof+0x43/0x170 [ 424.309582][ C0] stack_depot_save_flags+0x72d/0x940 [ 424.309605][ C0] kasan_save_stack+0x4f/0x60 [ 424.309622][ C0] ? kasan_save_stack+0x3f/0x60 [ 424.309638][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 424.309661][ C0] ? task_work_add+0xd9/0x490 [ 424.309685][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 424.309711][ C0] ? tick_nohz_handler+0x37c/0x500 [ 424.309730][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 424.309782][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 424.309809][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 424.309837][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 424.309858][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 424.309886][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 424.309906][ C0] ? __rmqueue_pcplist+0x2231/0x2ad0 [ 424.309924][ C0] ? get_page_from_freelist+0x88a/0x37a0 [ 424.309944][ C0] ? __alloc_pages_noprof+0x292/0x710 [ 424.309961][ C0] ? alloc_pages_mpol_noprof+0x3e1/0x780 [ 424.309983][ C0] ? vma_alloc_folio_noprof+0x12e/0x230 [ 424.310007][ C0] ? folio_prealloc+0x2e/0x170 [ 424.310036][ C0] ? handle_pte_fault+0x2c98/0x5ed0 [ 424.310055][ C0] ? handle_mm_fault+0x1165/0x1c60 [ 424.310082][ C0] ? __get_user_pages+0x1c82/0x49e0 [ 424.310110][ C0] ? populate_vma_page_range+0x264/0x330 [ 424.310137][ C0] ? __mm_populate+0x27a/0x460 [ 424.310162][ C0] ? do_mlock+0x6cc/0x850 [ 424.310183][ C0] ? __x64_sys_mlock+0x60/0x70 [ 424.310203][ C0] ? do_syscall_64+0xf3/0x230 [ 424.310225][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.310264][ C0] ? __phys_addr+0xba/0x170 [ 424.310291][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 424.310318][ C0] task_work_add+0xd9/0x490 [ 424.310347][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 424.310371][ C0] ? __pfx_task_work_add+0x10/0x10 [ 424.310380][ T46] as10x_usb: device has been detected [ 424.310404][ C0] run_posix_cpu_timers+0x6ac/0x810 [ 424.310436][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 424.310468][ C0] ? sched_balance_trigger+0x1a3/0x890 [ 424.310499][ C0] tick_nohz_handler+0x37c/0x500 [ 424.310523][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 424.310544][ C0] __hrtimer_run_queues+0x551/0xd30 [ 424.310582][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 424.310611][ C0] ? sched_clock+0x4a/0x70 [ 424.310633][ C0] ? read_tsc+0x9/0x20 [ 424.310652][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 424.310682][ C0] hrtimer_interrupt+0x403/0xa40 [ 424.310742][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 424.310772][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 424.310812][ C0] [ 424.310819][ C0] [ 424.310827][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 424.310856][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 424.310880][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 ee e3 33 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 f3 fc 9d f5 65 8b 05 b4 33 14 74 85 c0 74 43 48 c7 04 24 0e 36 [ 424.310898][ C0] RSP: 0018:ffffc9000c61ec20 EFLAGS: 00000206 [ 424.310918][ C0] RAX: 79068feca49aea00 RBX: 1ffff920018c3d88 RCX: ffffffff819b470a [ 424.310934][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0a9200 RDI: 0000000000000001 [ 424.310949][ C0] RBP: ffffc9000c61ecb8 R08: ffffffff942c3847 R09: 1ffffffff2858708 [ 424.310964][ C0] R10: dffffc0000000000 R11: fffffbfff2858709 R12: dffffc0000000000 [ 424.310997][ C0] R13: 1ffff920018c3d84 R14: ffffc9000c61ec40 R15: 0000000000000246 [ 424.311015][ C0] ? mark_lock+0x9a/0x360 [ 424.311045][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 424.311070][ C0] __rmqueue_pcplist+0x2231/0x2ad0 [ 424.311101][ C0] ? __pfx_do_raw_spin_trylock+0x10/0x10 [ 424.311128][ C0] get_page_from_freelist+0x88a/0x37a0 [ 424.311156][ C0] ? __pfx___might_resched+0x10/0x10 [ 424.311191][ C0] __alloc_pages_noprof+0x292/0x710 [ 424.311211][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 424.311237][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 424.311262][ C0] alloc_pages_mpol_noprof+0x3e1/0x780 [ 424.311289][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 424.311318][ C0] vma_alloc_folio_noprof+0x12e/0x230 [ 424.311344][ C0] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 424.311372][ C0] folio_prealloc+0x2e/0x170 [ 424.311402][ C0] handle_pte_fault+0x2c98/0x5ed0 [ 424.311429][ C0] ? mark_lock+0x9a/0x360 [ 424.311456][ C0] ? __pfx_handle_pte_fault+0x10/0x10 [ 424.311476][ C0] ? __lock_acquire+0x1397/0x2100 [ 424.311513][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 424.311537][ C0] ? count_memcg_event_mm+0x3c2/0x420 [ 424.311565][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 424.311590][ C0] handle_mm_fault+0x1165/0x1c60 [ 424.311629][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 424.311657][ C0] ? follow_page_pte+0x97f/0x1ca0 [ 424.311681][ C0] ? __pfx_find_vma+0x10/0x10 [ 424.311708][ C0] ? vma_is_secretmem+0xd/0x50 [ 424.311729][ C0] ? check_vma_flags+0x52b/0x5a0 [ 424.311757][ C0] __get_user_pages+0x1c82/0x49e0 [ 424.311822][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 424.311853][ C0] ? __pfx_mt_find+0x10/0x10 [ 424.311887][ C0] populate_vma_page_range+0x264/0x330 [ 424.311920][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 424.311950][ C0] ? apply_vma_lock_flags+0x42a/0x510 [ 424.311980][ C0] __mm_populate+0x27a/0x460 [ 424.312011][ C0] ? __pfx___mm_populate+0x10/0x10 [ 424.312045][ C0] do_mlock+0x6cc/0x850 [ 424.312068][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 424.312094][ C0] ? __pfx_do_mlock+0x10/0x10 [ 424.312119][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 424.312146][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 424.312172][ C0] ? do_syscall_64+0x100/0x230 [ 424.312200][ C0] __x64_sys_mlock+0x60/0x70 [ 424.312222][ C0] do_syscall_64+0xf3/0x230 [ 424.312246][ C0] ? clear_bhb_loop+0x35/0x90 [ 424.312276][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.312303][ C0] RIP: 0033:0x7fdf58d8cd29 [ 424.312321][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.312338][ C0] RSP: 002b:00007fdf59b9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 424.312358][ C0] RAX: ffffffffffffffda RBX: 00007fdf58fa5fa0 RCX: 00007fdf58d8cd29 [ 424.312373][ C0] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020bff000 [ 424.312387][ C0] RBP: 00007fdf58e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 424.312400][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.312412][ C0] R13: 0000000000000000 R14: 00007fdf58fa5fa0 R15: 00007fff40550a68 [ 424.312433][ C0] [ 424.901555][ T8] usb 1-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 424.906570][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.918539][ T8] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -110 [ 424.921874][ T5876] usb 5-1: Product: syz [ 424.935719][ T8] usb 1-1: USB disconnect, device number 15 [ 424.937307][ T5876] usb 5-1: Manufacturer: syz [ 425.164990][ T5876] usb 5-1: SerialNumber: syz [ 425.166458][ T46] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 425.171652][ T9018] tty tty1: ldisc open failed (-12), clearing slot 0 [ 425.178188][ T5876] usb 5-1: config 0 descriptor?? [ 425.189741][ T5876] usb 5-1: can't set config #0, error -71 [ 425.197605][ T5876] usb 5-1: USB disconnect, device number 29 [ 425.242989][ T46] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 425.288167][ T46] as10x_usb: error during firmware upload part1 [ 425.294857][ T46] Registered device nBox DVB-T Dongle [ 425.411162][ T5876] usb 4-1: USB disconnect, device number 26 [ 425.435285][ T5876] Unregistered device nBox DVB-T Dongle [ 425.437347][ T5876] as10x_usb: device has been disconnected [ 428.474592][ T7172] udevd (7172) used greatest stack depth: 18096 bytes left