last executing test programs: 1m16.271459118s ago: executing program 0 (id=451): r0 = socket$nl_route(0x10, 0x3, 0x0) mq_open(0x0, 0x40, 0x168, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001940)=@newtfilter={0x5ac, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x578, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xc, 0x3}}, @TCA_MATCHALL_ACT={0xfc, 0x2, [@m_ct={0xf8, 0x19, 0x0, 0x0, {{0x7}, {0x4}, {0xcd, 0x6, "26acb19f1cf0baae9c70200ae6a3558acc20f836573876554d1d4e9dc01d294d3a9eb4432f071a646a854b488f3034bfde64457bef80965f95f9d2014feb68df49c48aa40db1014e943550fd07078a328aa3c7bf200b6eeea43bc0b4ec59df3282f65a40da1799e4d713c8909311aa0d3b639707f1030e60a24d234ac9b783abbcf3e933ea07a3869c739a61c431b80626094ad05ed7c11720439a8c8f05999a162f93e8ff5b321d6356358fd4d291dc79ab9cdb485d92bbae1584e64dd3101b81800e0959119dce05"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}, @TCA_MATCHALL_ACT={0x468, 0x2, [@m_sample={0xf8, 0x1a, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0xecd8}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x3}]}, {0xb9, 0x6, "7e1e51d23c762cd80411b242b6950e6937df410e9925147e097813840a3cd0ee7ed5504065e0d7811d685a023e3a5efc2d2c78beff461b077b9c70aa21dc75c4c675aacd20eb728915bebc2a5493030006794b473bbb55f91461ce7ed5b59fd725a9878d85d7eba1aba62dae2d2849bdef7cdf51d93f6f28f0f24fd8cb77a42c6ed8179b7fda4b4cd15132172c65a4a8ef86265244a08429c172dbcbb98976ab09ccd0e63469fb72bc5c10976781b3a52a48ccc517"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_gact={0x130, 0x1a, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x8, 0x10000000, 0x4, 0x8}}]}, {0xe9, 0x6, "d741256cc624687f9ac6634da43610b4a33b40048bf93fda7dce4bb232b5a99ac1ade0566a888eb33e7f4af4fb145890579f194b55a1422543a3054482b274ccf5f2ad24b88fbfc8b7a323bfd1340721466a40be23f00703096e5c166750a394a505cbd5255ffbc37551bb9fc599ba7811ef221bbaa7d7491f38d5806e607c33b9e871b8dd225d93ac0fdd1f68a4e59be79eca130a3ff756b34fb1a7d55e39a78ec2e0851216931cf874ad0a8bc5d7dcf20a1684a3e751a73515a3230939d41ff274523923b5a3f940b28c52717fd289e6f22249472beb25692ba15852c9564679262a3095"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_mirred={0x1a4, 0xa, 0x0, 0x0, {{0xb}, {0xa4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xc, 0x95b, 0x20000002, 0x2, 0x8}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x1, 0x10000000, 0xffffffff, 0x1}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x8000, 0xfff, 0xffffffffffffffff, 0x7f, 0x405}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x6, 0x10000000, 0x8, 0x2}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x1, 0x8, 0xc, 0xb9c}}}]}, {0xd7, 0x6, "228d19df1161252733edc8153ef1d01f5cff8c06bc7de4379093b3da027d0bbc6b5b9bd96eba94b95b08c20caa57c2e5c57375332c377806818a923bbd4871b5c476e54c339b60e11d5d669d7bdbdd89fdfc57dda40c90cf1b22ec089e24814e98702c918d8bb8f55c4bee4b94e51593083b3816eeafd29df71d54755e3a6ba0a39968dd00676a6b85dc3d92c04380732853fcb720d7f739dec78c51b30e580b734eff67110606c5cfb51505a51b02d70f6876718aabc98b86534b7dfb365ed0432ca30b2d43b15edd8737e6c9382a7bbdff1b"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_tunnel_key={0x98, 0x19, 0x0, 0x0, {{0xf}, {0x68, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x7fffffff}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0xe, 0x4, 0x5, 0xf}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @private=0xa010102}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xdad, 0xc8, 0xffffffffffffffff, 0xffff, 0x4}, 0x1}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x5ac}}, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000a00)={&(0x7f0000000900)=[0x0, 0x0], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000009c0)=[0x0], 0x2, 0x6, 0x4, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@x86={0xe8, 0x4, 0x5, 0x0, 0x3, 0x6, 0x6, 0x0, 0x1, 0x7, 0x1, 0x5, 0x0, 0x15, 0x802, 0x4, 0xa, 0x1, 0x6, '\x00', 0x2, 0x1}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="580000001000010029bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0c71040000000000140003006e657464657673696d30000000000000080028005e4b00001c0016801800018014000a"], 0x58}}, 0x0) 1m15.719129696s ago: executing program 0 (id=452): recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) (fail_nth: 6) 1m14.359267641s ago: executing program 0 (id=454): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$l2tp6(0xa, 0x2, 0x73) listen(r0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001240)={0x6, 0xb, &(0x7f00000000c0)=@raw=[@map_idx={0x18, 0x4, 0x5, 0x0, 0xd}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x38}, @initr0={0x18, 0x0, 0x0, 0x0, 0xd4a, 0x0, 0x0, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], &(0x7f0000000140)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x41000, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000001200)={0x4, 0xd, 0x0, 0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x398, @void, @value}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001400)={@cgroup, 0x4, 0x1, 0x80000001, &(0x7f0000001300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000001340)=[0x0], &(0x7f0000001380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000013c0)=[0x0], 0x0}, 0x40) r3 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x20010, r3, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001440)={@ifindex, r1, 0x26, 0x10, 0x0, @void, @value=r3, @void, @void, r2}, 0x20) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000000) read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000001480)={0x10, 0x0, 0x25dfdbfb, 0x20}, 0xc) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) r6 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r6, 0x47f4, 0x0, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000014c0)={0xa, 0x4e20, 0xa, @private0}, 0x1c) ioctl$SG_GET_VERSION_NUM(r5, 0x2284, &(0x7f0000000080)) 1m11.159804747s ago: executing program 0 (id=461): r0 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe80, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ftruncate(r0, 0x3f) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) setrlimit(0x1, &(0x7f0000000000)={0x0, 0x11}) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r6 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$UHID_INPUT(r6, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000001fc0)={0x42, 0x3, 0x0, {0x0, 0x21, 0x0, '/proc/sys/net/ipv4/vs/secure_tcp\x00'}}, 0x42) sendfile(r1, r2, 0x0, 0x85) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x12, r0, 0x0) r7 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r8, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000000)) pwritev(r0, &(0x7f0000003980)=[{0x0}], 0x1, 0x0, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) ioperm(0x0, 0x4, 0xa) semtimedop(0x0, &(0x7f00000002c0)=[{0x3, 0x6, 0x800}], 0x1, 0x0) 1m10.105636631s ago: executing program 0 (id=464): mknodat$null(0xffffffffffffff9c, 0x0, 0x40, 0x103) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r2, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a001307000000000000001cac141400"/60, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x8040) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = syz_io_uring_setup(0x50ca, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f0000003580)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000600)=@hci}) io_uring_enter(r5, 0x291c, 0x0, 0x0, 0x0, 0x0) chdir(&(0x7f0000000700)='./file1\x00') r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r9 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x10000) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r9, 0xc0189378, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r8, {r10}}, './file0\x00'}) r11 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r11, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@secondary) 1m9.601393534s ago: executing program 0 (id=466): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x80, 0x0, 0xe4}]}, 0x8) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)="b5d383823677f025217943343e363268a73daecfa0fdc5beb5a7ac332a11533627b41dbe33a6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a813bc3ebba62168141343c9938965233cdae", 0x6e}, {0x0}], 0x2}}], 0x1, 0xc0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102376, 0x18fe8) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x700, 0x1, 0x40000000}, &(0x7f0000000380)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206030000000000000000000900000405000500020000000900020073797a320000000005000400010000000500010007000000106173683a69702c6d6163000c000780080012400000000d00000000"], 0x54}}, 0x4000) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r2, 0x89f0, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x0, 0x0, "bb40af00008000"}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') chdir(&(0x7f0000000100)='./file1\x00') quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000602, 0x0, &(0x7f0000000040)={0x100000000805, 0x6, 0x0, 0x6}) 1m8.626981016s ago: executing program 32 (id=466): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x80, 0x0, 0xe4}]}, 0x8) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000840)="b5d383823677f025217943343e363268a73daecfa0fdc5beb5a7ac332a11533627b41dbe33a6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a813bc3ebba62168141343c9938965233cdae", 0x6e}, {0x0}], 0x2}}], 0x1, 0xc0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102376, 0x18fe8) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x700, 0x1, 0x40000000}, &(0x7f0000000380)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206030000000000000000000900000405000500020000000900020073797a320000000005000400010000000500010007000000106173683a69702c6d6163000c000780080012400000000d00000000"], 0x54}}, 0x4000) ftruncate(0xffffffffffffffff, 0xffff) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r2, 0x89f0, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x0, 0x0, "bb40af00008000"}) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') chdir(&(0x7f0000000100)='./file1\x00') quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000602, 0x0, &(0x7f0000000040)={0x100000000805, 0x6, 0x0, 0x6}) 1.942885054s ago: executing program 5 (id=643): msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5) 1.797741984s ago: executing program 3 (id=646): bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x5}, 0x1c) 1.68145981s ago: executing program 5 (id=648): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000880}, 0x800) 1.651347233s ago: executing program 4 (id=649): r0 = socket$inet6(0xa, 0x3, 0xff) getsockopt$inet6_opts(r0, 0x29, 0x1, 0x0, &(0x7f0000000000)) 1.497750422s ago: executing program 1 (id=650): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xb, 0xb9, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000340)={r0, 0x0}, 0x20) 1.373466091s ago: executing program 5 (id=651): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000200)={0x81, 0x0, 0x3}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000100)={0x4, 0x80a0000, 0x401, 0x1, 0x8001}) 1.373188958s ago: executing program 3 (id=652): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020a001402"], 0x10}}, 0x30004000) 1.372992975s ago: executing program 2 (id=653): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xb, 0x42, 0x40, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.276353235s ago: executing program 1 (id=654): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004b00)=ANY=[@ANYBLOB="581300001d0001000000000000000000070000000800bf00"], 0x1358}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) 1.267296056s ago: executing program 4 (id=655): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x2}, 0x4) r1 = socket$inet_icmp(0x2, 0x2, 0x1) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000140)=ANY=[@ANYRES32=r1]) 1.093760473s ago: executing program 2 (id=656): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f00000000c0)=0xffff, 0x4) write(r0, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24) recvmmsg(r0, &(0x7f0000006340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/3, 0x3}, 0x62}], 0x1, 0x20022, 0x0) 1.093535204s ago: executing program 3 (id=657): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) read$FUSE(r0, &(0x7f0000003180)={0x2020}, 0x2020) 1.030536722s ago: executing program 1 (id=658): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000040)={{0x8001, 0xffffffff}, {0x0, 0x5}, 0x0, 0x6}) 954.625252ms ago: executing program 5 (id=659): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x1007, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0xe8a2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 832.481571ms ago: executing program 3 (id=660): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, 0x0) 832.230723ms ago: executing program 4 (id=661): setgroups(0x0, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xee00]) setregid(0x0, r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sendmsg$unix(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee01, 0xee00}}}], 0x20, 0x884}, 0x0) 831.99597ms ago: executing program 2 (id=662): write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 701.719646ms ago: executing program 1 (id=663): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) r1 = fanotify_init(0x4, 0x101801) fanotify_mark(r1, 0x105, 0x40001032, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r2, 0x400, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020) 647.648377ms ago: executing program 4 (id=664): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000440)={@host}) 621.991105ms ago: executing program 2 (id=665): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x41080) ioctl$EVIOCSREP(r0, 0x40084503, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) 561.793391ms ago: executing program 3 (id=666): syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb000800103a"], 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b0f, &(0x7f0000000000)={'wlan0\x00'}) 503.741674ms ago: executing program 1 (id=667): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100003e4e00000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x18) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) 473.369484ms ago: executing program 2 (id=668): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, 0x0, 0x9, 0x801, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFCTH_TUPLE={0x18, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast2}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0xc004}, 0x4044000) 388.241901ms ago: executing program 5 (id=669): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x2, 0x4) 307.559978ms ago: executing program 3 (id=670): socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) fsopen(&(0x7f0000000140)='incremental-fs\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730109000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 288.730107ms ago: executing program 4 (id=671): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) 177.884068ms ago: executing program 2 (id=672): syz_clone(0x8800400, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) 177.6644ms ago: executing program 5 (id=673): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x20, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x81, 0xffff7ffffffffffe, 0x10000000000, 0x0, 0x0, 0x5, 0x7, 0x1, 0x1f9a, 0x9], 0xffff1000, 0x328a16}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 177.494472ms ago: executing program 1 (id=674): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001200)=""/150, 0x96}], 0x1) ioctl$TCSETS(r0, 0x5402, &(0x7f00000014c0)={0xfffffffb, 0x1, 0x1c02, 0x2, 0x2, "cc33101d3f0000002000"}) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x200, 0x9, 0x40000, 0x44, "0001000000000000809f5880000000000100"}) r1 = syz_open_pts(r0, 0x42) r2 = dup3(r1, r0, 0x0) write$UHID_INPUT(r2, &(0x7f00000001c0)={0xd, {"08c39ee52f329f1698b1c4865f8b0a0a5eee9f496a0809c3d21c25867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76013256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) 0s ago: executing program 4 (id=675): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000500)={@random="43e663ecd0c2", @empty, @void, {@ipv4={0x800, @tipc={{0x10, 0x4, 0x0, 0x9, 0x58, 0x66, 0x0, 0xff, 0x6, 0x0, @loopback, @broadcast, {[@ra={0x94, 0x4, 0x1}, @generic={0x44, 0xf, "00c4cbba38b261c3b40c575fe4"}, @lsrr={0x83, 0x7, 0xd6, [@multicast2]}, @rr={0x7, 0xf, 0xef, [@remote, @local, @multicast1]}]}}, @payload_conn={{{0x18, 0x0, 0x1, 0x0, 0x1, 0x6, 0x3, 0x2, 0x6, 0x0, 0x0, 0x3, 0x1, 0x0, 0x400, 0x620, 0x0, 0x4e22, 0x4e21}}}}}}}, 0x0) kernel console output (not intermixed with test programs): ? __pfx_bpf_trace_run2+0x10/0x10 [ 114.882186][ T6077] ? trace_sys_enter+0x74/0x120 [ 114.882208][ T6077] ? rcu_is_watching+0x15/0xb0 [ 114.882232][ T6077] ? trace_sys_enter+0x25/0x120 [ 114.882259][ T6077] do_syscall_64+0xf3/0x230 [ 114.882283][ T6077] ? clear_bhb_loop+0x45/0xa0 [ 114.882307][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.882327][ T6077] RIP: 0033:0x7f0e0438d169 [ 114.882344][ T6077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.882359][ T6077] RSP: 002b:00007f0e052a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.882380][ T6077] RAX: ffffffffffffffda RBX: 00007f0e045a5fa0 RCX: 00007f0e0438d169 [ 114.882395][ T6077] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 0000000000000004 [ 114.882408][ T6077] RBP: 00007f0e052a9090 R08: 0000000000000000 R09: 0000000000000000 [ 114.882420][ T6077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.882435][ T6077] R13: 0000000000000000 R14: 00007f0e045a5fa0 R15: 00007ffeb4ad20e8 [ 114.882466][ T6077] [ 115.563157][ T5966] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 115.735200][ T5966] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 115.780106][ T5966] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 115.811967][ T5966] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 115.839936][ T5966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.884794][ T6078] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 115.950804][ T5966] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 116.812088][ T6089] No control pipe specified [ 116.885577][ T5966] usb 2-1: USB disconnect, device number 3 [ 116.886936][ T6089] netlink: 28 bytes leftover after parsing attributes in process `syz.0.46'. [ 117.012376][ T5915] usb 4-1: USB disconnect, device number 2 [ 117.839755][ T5915] usb 5-1: USB disconnect, device number 3 [ 118.171707][ T30] audit: type=1326 audit(1744062352.522:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.220448][ T30] audit: type=1326 audit(1744062352.522:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.290240][ T30] audit: type=1326 audit(1744062352.522:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.347049][ T6108] netlink: zone id is out of range [ 118.357456][ T30] audit: type=1326 audit(1744062352.522:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.379949][ T6110] loop2: detected capacity change from 0 to 7 [ 118.400137][ T6110] Dev loop2: unable to read RDB block 7 [ 118.405048][ T6108] netlink: zone id is out of range [ 118.421082][ T6110] loop2: unable to read partition table [ 118.421767][ T6108] netlink: zone id is out of range [ 118.440792][ T6110] loop2: partition table beyond EOD, truncated [ 118.442311][ T6108] netlink: zone id is out of range [ 118.452469][ T30] audit: type=1326 audit(1744062352.522:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.474420][ T6108] netlink: zone id is out of range [ 118.482903][ T6108] netlink: zone id is out of range [ 118.492268][ T6108] netlink: zone id is out of range [ 118.502486][ T6108] netlink: zone id is out of range [ 118.514248][ T30] audit: type=1326 audit(1744062352.522:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.536095][ T6110] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 118.720036][ T30] audit: type=1326 audit(1744062352.522:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 118.728141][ T6113] Unknown options in mask 5 [ 118.741485][ T30] audit: type=1326 audit(1744062352.522:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 119.163496][ T6111] trusted_key: encrypted_key: master key parameter 'if#"R_' is invalid [ 119.165258][ T30] audit: type=1326 audit(1744062352.522:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 119.224757][ T6111] trusted_key: encrypted_key: master key parameter 'truste' is invalid [ 119.274065][ T6108] netlink: set zone limit has 4 unknown bytes [ 119.301948][ T30] audit: type=1326 audit(1744062352.522:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6100 comm="syz.1.50" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec898d169 code=0x7ffc0000 [ 119.321140][ T6113] netlink: 40 bytes leftover after parsing attributes in process `syz.0.55'. [ 119.762876][ T5915] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 119.975612][ T5915] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 120.128625][ T5915] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 120.237636][ T5915] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 120.291120][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.335724][ T6118] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 120.412712][ T5915] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 122.125407][ T6161] netlink: 308 bytes leftover after parsing attributes in process `syz.0.68'. [ 122.149594][ T6161] mmap: syz.0.68 (6161) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 122.176929][ T6161] syz.0.68 uses old SIOCAX25GETINFO [ 123.078103][ T6165] macvtap1: entered promiscuous mode [ 123.102383][ T5883] usb 4-1: USB disconnect, device number 3 [ 123.123341][ T6165] macvtap1: entered allmulticast mode [ 123.167442][ T6165] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 123.281878][ T6165] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 123.462850][ T5884] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 123.650003][ T5884] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 123.663147][ T5884] usb 1-1: config 0 has no interface number 0 [ 123.669336][ T5884] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 123.689416][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.720042][ T5884] usb 1-1: config 0 descriptor?? [ 123.786861][ T5884] usb 1-1: selecting invalid altsetting 1 [ 123.807608][ T5884] dvb_ttusb_budget: ttusb_init_controller: error [ 123.848763][ T5884] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 124.300924][ T5884] DVB: Unable to find symbol cx22700_attach() [ 124.510465][ T6205] warning: `syz.2.78' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 124.732243][ T5884] DVB: Unable to find symbol tda10046_attach() [ 124.744897][ T5884] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 125.351417][ T5822] usb 1-1: USB disconnect, device number 2 [ 126.113453][ T6243] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 127.730996][ T5935] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 127.967015][ T5935] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 127.994746][ T5935] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 128.025285][ T5935] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 128.062306][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.108779][ T6266] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 128.116266][ T5883] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 128.166020][ T5935] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 128.216236][ T6273] x_tables: duplicate underflow at hook 2 [ 128.308500][ T5883] usb 5-1: config 1 interface 0 has no altsetting 0 [ 128.329160][ T5883] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 128.376744][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.423928][ T5883] usb 5-1: Product: syz [ 128.483449][ T5883] usb 5-1: Manufacturer: syz [ 128.489533][ T5883] usb 5-1: SerialNumber: syz [ 129.050460][ T5883] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 129.074291][ T5883] usb 5-1: USB disconnect, device number 4 [ 129.090958][ T5883] usblp0: removed [ 129.260933][ T49] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 129.593626][ T49] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 129.606420][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.617671][ T49] usb 2-1: Product: syz [ 129.622039][ T49] usb 2-1: Manufacturer: syz [ 129.627113][ T49] usb 2-1: SerialNumber: syz [ 129.648355][ T49] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 129.712266][ T5884] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 130.196857][ T5935] usb 2-1: USB disconnect, device number 4 [ 130.216356][ T6281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.535246][ T5883] usb 1-1: USB disconnect, device number 3 [ 131.299636][ T5884] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 131.369949][ T6311] netlink: 20 bytes leftover after parsing attributes in process `syz.4.106'. [ 131.430783][ T5884] ath9k_htc: Failed to initialize the device [ 131.446209][ T5935] usb 2-1: ath9k_htc: USB layer deinitialized [ 131.515774][ T6313] netlink: 20 bytes leftover after parsing attributes in process `syz.1.108'. [ 131.547645][ T6309] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 131.623368][ T6309] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 131.755075][ T5915] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 132.034134][ T5915] usb 5-1: config 4 has an invalid interface number: 196 but max is 0 [ 132.099361][ T5915] usb 5-1: config 4 has no interface number 0 [ 132.142409][ T5915] usb 5-1: config 4 interface 196 has no altsetting 0 [ 132.213788][ T5915] usb 5-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice=f3.03 [ 132.274114][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.319369][ T5915] usb 5-1: Product: syz [ 132.324400][ T5915] usb 5-1: Manufacturer: syz [ 132.330204][ T5915] usb 5-1: SerialNumber: syz [ 132.401062][ T5915] keyspan 5-1:4.196: Keyspan 1 port adapter converter detected [ 132.439265][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 84 [ 132.495230][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 81 [ 132.518917][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 82 [ 132.585416][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 1 [ 132.680858][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 2 [ 132.753803][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 83 [ 132.801407][ T5915] keyspan 5-1:4.196: found no endpoint descriptor for endpoint 3 [ 132.902645][ T5915] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 133.199373][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.206338][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.243218][ T5915] usb 5-1: USB disconnect, device number 5 [ 133.350547][ T5915] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 133.534896][ T6337] overlayfs: failed to resolve './file0': -2 [ 133.638430][ T5915] keyspan 5-1:4.196: device disconnected [ 133.842754][ T5883] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 134.815799][ T5883] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 134.852625][ T5883] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 134.894720][ T5883] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 134.961418][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.659624][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 135.659644][ T30] audit: type=1326 audit(1744062370.042:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6355 comm="syz.4.120" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6e8d8d169 code=0x0 [ 135.744729][ T6336] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 135.796054][ T5883] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 135.954111][ T5915] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 136.192866][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 136.206264][ T5915] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 136.227802][ T5915] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 136.242100][ T5915] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 136.253991][ T5915] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 136.266141][ T5915] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 136.286313][ T5915] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 136.297871][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.571088][ T5915] usb 3-1: usb_control_msg returned -32 [ 136.578986][ T5915] usbtmc 3-1:16.0: can't read capabilities [ 137.511220][ T5918] usb 2-1: USB disconnect, device number 5 [ 138.089530][ T6410] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 138.702707][ T5918] usb 3-1: USB disconnect, device number 2 [ 140.054833][ T5935] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.829650][ T5935] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 140.846575][ T5935] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 140.882667][ T5935] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 140.907000][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.909012][ T6452] FAULT_INJECTION: forcing a failure. [ 140.909012][ T6452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.950069][ T6445] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 140.972534][ T6452] CPU: 1 UID: 0 PID: 6452 Comm: syz.1.139 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 140.972577][ T6452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 140.972589][ T6452] Call Trace: [ 140.972597][ T6452] [ 140.972606][ T6452] dump_stack_lvl+0x241/0x360 [ 140.972643][ T6452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.972672][ T6452] ? __pfx__printk+0x10/0x10 [ 140.972712][ T6452] should_fail_ex+0x424/0x570 [ 140.972740][ T6452] _copy_to_user+0x31/0xb0 [ 140.972772][ T6452] simple_read_from_buffer+0xc4/0x170 [ 140.972800][ T6452] proc_fail_nth_read+0x1ef/0x260 [ 140.972830][ T6452] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.972860][ T6452] ? rw_verify_area+0x246/0x630 [ 140.972887][ T6452] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 140.972914][ T6452] vfs_read+0x21f/0xb90 [ 140.972959][ T6452] ? __pfx___mutex_lock+0x10/0x10 [ 140.972985][ T6452] ? __pfx_vfs_read+0x10/0x10 [ 140.973015][ T6452] ? __fget_files+0x2a/0x420 [ 140.973040][ T6452] ? __fget_files+0x39d/0x420 [ 140.973061][ T6452] ? __fget_files+0x2a/0x420 [ 140.973094][ T6452] ksys_read+0x19d/0x2d0 [ 140.973123][ T6452] ? __pfx_ksys_read+0x10/0x10 [ 140.973156][ T6452] ? do_syscall_64+0xb6/0x230 [ 140.973184][ T6452] do_syscall_64+0xf3/0x230 [ 140.973226][ T6452] ? clear_bhb_loop+0x45/0xa0 [ 140.973251][ T6452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.973271][ T6452] RIP: 0033:0x7fcec898bb7c [ 140.973289][ T6452] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 140.973305][ T6452] RSP: 002b:00007fcec977a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 140.973327][ T6452] RAX: ffffffffffffffda RBX: 00007fcec8ba5fa0 RCX: 00007fcec898bb7c [ 140.973342][ T6452] RDX: 000000000000000f RSI: 00007fcec977a0a0 RDI: 0000000000000005 [ 140.973355][ T6452] RBP: 00007fcec977a090 R08: 0000000000000000 R09: 0000000000000000 [ 140.973367][ T6452] R10: 0000000000000032 R11: 0000000000000246 R12: 0000000000000001 [ 140.973380][ T6452] R13: 0000000000000000 R14: 00007fcec8ba5fa0 R15: 00007ffd87c21c38 [ 140.973412][ T6452] [ 140.984328][ T5935] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 142.191927][ T5935] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 142.911181][ T5883] usb 4-1: USB disconnect, device number 4 [ 143.045682][ T5935] usb 1-1: Using ep0 maxpacket: 16 [ 143.085245][ T5935] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 31 [ 143.912765][ T5935] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 144.083467][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.365191][ T5935] usb 1-1: Product: syz [ 146.400562][ T5935] usb 1-1: Manufacturer: syz [ 146.428190][ T5935] usb 1-1: SerialNumber: syz [ 146.661629][ T5935] usb 1-1: config 0 descriptor?? [ 146.665345][ T6491] ======================================================= [ 146.665345][ T6491] WARNING: The mand mount option has been deprecated and [ 146.665345][ T6491] and is ignored by this kernel. Remove the mand [ 146.665345][ T6491] option from the mount to silence this warning. [ 146.665345][ T6491] ======================================================= [ 147.429344][ T5935] usb 1-1: can't set config #0, error -71 [ 147.437058][ T5935] usb 1-1: USB disconnect, device number 4 [ 147.447145][ T6486] capability: warning: `syz.2.149' uses deprecated v2 capabilities in a way that may be insecure [ 147.458227][ T6486] capability: warning: `syz.2.149' uses 32-bit capabilities (legacy support in use) [ 147.499918][ T6493] netlink: 16 bytes leftover after parsing attributes in process `syz.0.152'. [ 147.509021][ T6493] netlink: 32 bytes leftover after parsing attributes in process `syz.0.152'. [ 149.072482][ T5822] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 151.452765][ T5822] usb 2-1: device descriptor read/all, error -71 [ 152.535464][ T5966] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 152.802721][ T5966] usb 3-1: Using ep0 maxpacket: 32 [ 152.812032][ T5966] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.843432][ T5966] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 152.853649][ T5966] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.861833][ T5966] usb 3-1: Product: syz [ 152.878775][ T5966] usb 3-1: Manufacturer: syz [ 152.907805][ T6533] No control pipe specified [ 153.651219][ T5966] usb 3-1: SerialNumber: syz [ 153.723365][ T5966] usb 3-1: config 0 descriptor?? [ 153.742842][ T5966] usb 3-1: bad CDC descriptors [ 153.761750][ T5966] usb 3-1: unsupported MDLM descriptors [ 153.976505][ T5884] usb 3-1: USB disconnect, device number 3 [ 155.097905][ T6549] ALSA: mixer_oss: invalid index 40000 [ 155.832665][ T5935] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 156.146029][ T6588] No control pipe specified [ 156.848085][ T5935] usb 4-1: config 0 has an invalid interface number: 229 but max is 0 [ 156.859934][ T5935] usb 4-1: config 0 has no interface number 0 [ 156.866813][ T5935] usb 4-1: config 0 interface 229 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 156.886380][ T5935] usb 4-1: New USB device found, idVendor=e748, idProduct=7698, bcdDevice=38.cc [ 156.922907][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.939626][ T5935] usb 4-1: Product: syz [ 156.948696][ T5935] usb 4-1: Manufacturer: syz [ 156.962265][ T5935] usb 4-1: SerialNumber: syz [ 156.977679][ T5935] usb 4-1: config 0 descriptor?? [ 156.983210][ T5883] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 157.037897][ T5935] usb 4-1: bad CDC descriptors [ 157.213494][ T5883] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 157.261489][ T5883] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 157.307540][ T5883] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 157.384729][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.470111][ T6584] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 157.525714][ T5883] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 157.680419][ T6609] FAULT_INJECTION: forcing a failure. [ 157.680419][ T6609] name failslab, interval 1, probability 0, space 0, times 0 [ 157.693438][ T6609] CPU: 1 UID: 0 PID: 6609 Comm: syz.1.176 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 157.693458][ T6609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 157.693467][ T6609] Call Trace: [ 157.693474][ T6609] [ 157.693480][ T6609] dump_stack_lvl+0x241/0x360 [ 157.693507][ T6609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.693527][ T6609] ? __pfx__printk+0x10/0x10 [ 157.693550][ T6609] ? __pfx___might_resched+0x10/0x10 [ 157.693572][ T6609] should_fail_ex+0x424/0x570 [ 157.693591][ T6609] should_failslab+0xac/0x100 [ 157.693607][ T6609] __kmalloc_cache_noprof+0x73/0x370 [ 157.693622][ T6609] ? snd_pcm_oss_change_params_locked+0x1ad/0x4150 [ 157.693648][ T6609] snd_pcm_oss_change_params_locked+0x1ad/0x4150 [ 157.693677][ T6609] ? rcu_is_watching+0x15/0xb0 [ 157.693698][ T6609] ? __mutex_lock+0x380/0x10c0 [ 157.693720][ T6609] ? tomoyo_path_number_perm+0x215/0x790 [ 157.693741][ T6609] ? smack_log+0x132/0x630 [ 157.693756][ T6609] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 157.693778][ T6609] ? snd_pcm_oss_get_active_substream+0x140/0x280 [ 157.693802][ T6609] ? __pfx___mutex_lock+0x10/0x10 [ 157.693819][ T6609] ? ksys_write+0x24e/0x2d0 [ 157.693838][ T6609] ? smk_access+0x4ab/0x4e0 [ 157.693866][ T6609] snd_pcm_oss_get_active_substream+0x1cc/0x280 [ 157.693891][ T6609] snd_pcm_oss_ioctl+0xc11/0x10b0 [ 157.693913][ T6609] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 157.693933][ T6609] ? __fget_files+0x2a/0x420 [ 157.693958][ T6609] ? __fget_files+0x2a/0x420 [ 157.693978][ T6609] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 157.693999][ T6609] __se_sys_ioctl+0xf1/0x160 [ 157.694021][ T6609] do_syscall_64+0xf3/0x230 [ 157.694039][ T6609] ? clear_bhb_loop+0x45/0xa0 [ 157.694057][ T6609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.694071][ T6609] RIP: 0033:0x7fcec898d169 [ 157.694085][ T6609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.694097][ T6609] RSP: 002b:00007fcec9738038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.694113][ T6609] RAX: ffffffffffffffda RBX: 00007fcec8ba6160 RCX: 00007fcec898d169 [ 157.694129][ T6609] RDX: 0000000000000000 RSI: 0000000080045002 RDI: 0000000000000008 [ 157.694141][ T6609] RBP: 00007fcec9738090 R08: 0000000000000000 R09: 0000000000000000 [ 157.694153][ T6609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.694165][ T6609] R13: 0000000000000000 R14: 00007fcec8ba6160 R15: 00007ffd87c21c38 [ 157.694196][ T6609] [ 158.328974][ T5966] usb 4-1: USB disconnect, device number 5 [ 159.449237][ T5883] usb 3-1: USB disconnect, device number 4 [ 159.662736][ T6638] x_tables: unsorted underflow at hook 1 [ 159.957968][ T6642] random: crng reseeded on system resumption [ 162.016257][ T6666] tmpfs: Bad value for 'mpol' [ 162.067868][ T5918] IPVS: starting estimator thread 0... [ 162.087428][ T6672] IPVS: ip_vs_edit_dest(): server weight less than zero [ 162.242791][ T6673] IPVS: using max 28 ests per chain, 67200 per kthread [ 162.421248][ T6681] x_tables: unsorted underflow at hook 1 [ 162.596901][ T5918] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 163.052341][ T5918] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 163.061596][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.091059][ T5918] usb 2-1: Product: syz [ 163.109431][ T5918] usb 2-1: Manufacturer: syz [ 163.124174][ T5918] usb 2-1: SerialNumber: syz [ 163.234200][ T6688] overlayfs: missing 'lowerdir' [ 163.323897][ T5918] usb 2-1: config 0 descriptor?? [ 163.690029][ T5918] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 164.080393][ T6701] netlink: 14 bytes leftover after parsing attributes in process `syz.4.205'. [ 164.115975][ T5918] usb 2-1: USB disconnect, device number 8 [ 165.258724][ T6717] x_tables: unsorted underflow at hook 1 [ 165.997966][ T6721] random: crng reseeded on system resumption [ 166.016667][ T6701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.097001][ T6701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.219915][ T6701] bond0 (unregistering): Released all slaves [ 167.666580][ T6746] FAULT_INJECTION: forcing a failure. [ 167.666580][ T6746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.683538][ T6746] CPU: 1 UID: 0 PID: 6746 Comm: syz.4.215 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 167.683567][ T6746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 167.683589][ T6746] Call Trace: [ 167.683597][ T6746] [ 167.683605][ T6746] dump_stack_lvl+0x241/0x360 [ 167.683642][ T6746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.683669][ T6746] ? __pfx__printk+0x10/0x10 [ 167.683724][ T6746] should_fail_ex+0x424/0x570 [ 167.683752][ T6746] _copy_to_user+0x31/0xb0 [ 167.683785][ T6746] simple_read_from_buffer+0xc4/0x170 [ 167.683811][ T6746] proc_fail_nth_read+0x1ef/0x260 [ 167.683841][ T6746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.683870][ T6746] ? rw_verify_area+0x246/0x630 [ 167.683896][ T6746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 167.683923][ T6746] vfs_read+0x21f/0xb90 [ 167.683968][ T6746] ? __pfx_vfs_read+0x10/0x10 [ 167.683992][ T6746] ? do_sys_openat2+0x165/0x1d0 [ 167.684039][ T6746] ksys_read+0x19d/0x2d0 [ 167.684070][ T6746] ? __pfx_ksys_read+0x10/0x10 [ 167.684117][ T6746] ? do_syscall_64+0xb6/0x230 [ 167.684145][ T6746] do_syscall_64+0xf3/0x230 [ 167.684169][ T6746] ? clear_bhb_loop+0x45/0xa0 [ 167.684193][ T6746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.684231][ T6746] RIP: 0033:0x7fa6e8d8bb7c [ 167.684250][ T6746] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 167.684267][ T6746] RSP: 002b:00007fa6e9ca7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.684289][ T6746] RAX: ffffffffffffffda RBX: 00007fa6e8fa5fa0 RCX: 00007fa6e8d8bb7c [ 167.684304][ T6746] RDX: 000000000000000f RSI: 00007fa6e9ca70a0 RDI: 0000000000000004 [ 167.684317][ T6746] RBP: 00007fa6e9ca7090 R08: 0000000000000000 R09: 0000000000000000 [ 167.684329][ T6746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.684341][ T6746] R13: 0000000000000000 R14: 00007fa6e8fa5fa0 R15: 00007ffc2b59a778 [ 167.684373][ T6746] [ 170.019747][ T6775] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5 [ 170.739780][ T6779] x_tables: unsorted underflow at hook 1 [ 172.030810][ T6795] new mount options do not match the existing superblock, will be ignored [ 172.670729][ T6795] xt_CT: No such helper "pptp" [ 174.195823][ T6821] overlay: ./file0 is not a directory [ 174.203394][ T6822] random: crng reseeded on system resumption [ 175.841512][ T6843] x_tables: unsorted underflow at hook 1 [ 176.693439][ T5915] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 176.801958][ T30] audit: type=1326 audit(1744062411.182:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6851 comm="syz.1.239" exe="/root/syz-executor" sig=31 arch=c000003e syscall=317 compat=0 ip=0x7fcec898d169 code=0x0 [ 176.935639][ T5915] usb 4-1: config 1 has an invalid descriptor of length 6, skipping remainder of the config [ 177.326349][ T5915] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 177.342187][ T5915] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 177.437335][ T5915] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 177.482877][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.520724][ T5915] usb 4-1: Product: syz [ 177.538761][ T5915] usb 4-1: Manufacturer: syz [ 177.557780][ T5915] usb 4-1: SerialNumber: syz [ 178.524515][ T6849] syz.3.237: attempt to access beyond end of device [ 178.524515][ T6849] nbd3: rw=0, sector=2, nr_sectors = 1 limit=0 [ 178.730593][ T5833] Bluetooth: hci3: unexpected event for opcode 0x0404 [ 178.736690][ T6849] hfs: can't find a HFS filesystem on dev nbd3 [ 178.871014][ T5915] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 178.910055][ T5915] cdc_ncm 4-1:1.0: bind() failure [ 178.961477][ T6872] netlink: 'syz.2.243': attribute type 10 has an invalid length. [ 178.976904][ T5915] usb 4-1: USB disconnect, device number 6 [ 179.018679][ T6872] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 179.059688][ T5966] kernel write not supported for file /snd/seq (pid: 5966 comm: kworker/1:7) [ 179.070905][ T6872] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 179.206186][ T6876] xt_CT: You must specify a L4 protocol and not use inversions on it [ 179.421256][ T6878] netem: incorrect ge model size [ 179.477479][ T6878] netem: change failed [ 180.917776][ T6894] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input6 [ 181.905561][ T6901] x_tables: unsorted underflow at hook 1 [ 182.430403][ T6902] kvm: pic: level sensitive irq not supported [ 182.430644][ T6902] kvm: pic: non byte read [ 182.450846][ T6902] kvm: pic: level sensitive irq not supported [ 182.450920][ T6902] kvm: pic: non byte read [ 182.462986][ T6902] kvm: pic: level sensitive irq not supported [ 182.463057][ T6902] kvm: pic: non byte read [ 182.695544][ T6910] netlink: 'syz.0.254': attribute type 2 has an invalid length. [ 182.793803][ T5833] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 182.802374][ T5833] Bluetooth: hci3: Injecting HCI hardware error event [ 182.811913][ T5833] Bluetooth: hci3: hardware error 0x00 [ 184.585727][ T6930] netlink: 'syz.1.257': attribute type 6 has an invalid length. [ 184.876546][ T5833] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 186.928599][ T5966] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 186.929998][ T6955] x_tables: unsorted underflow at hook 1 [ 187.522414][ T5966] usb 4-1: Using ep0 maxpacket: 32 [ 187.687759][ T5966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.699657][ T5966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.709814][ T5966] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 187.719592][ T5966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.752429][ T5966] usb 4-1: config 0 descriptor?? [ 188.944100][ T5966] usbhid 4-1:0.0: can't add hid device: -71 [ 188.950174][ T5966] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 189.013602][ T5966] usb 4-1: USB disconnect, device number 7 [ 190.139268][ T6970] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7 [ 190.366266][ T6976] netlink: 96 bytes leftover after parsing attributes in process `syz.1.270'. [ 190.535458][ T6976] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 191.562961][ T6991] loop9: detected capacity change from 0 to 7 [ 191.571638][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.580229][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.589228][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.597816][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.606349][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.614942][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.625153][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.633654][ T6991] ldm_validate_partition_table(): Disk read failed. [ 191.640662][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.649392][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.657984][ T6991] Buffer I/O error on dev loop9, logical block 0, async page read [ 191.667157][ T6991] Dev loop9: unable to read RDB block 0 [ 191.674286][ T6991] loop9: unable to read partition table [ 191.680760][ T6991] loop9: partition table beyond EOD, truncated [ 191.687228][ T6991] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 191.687228][ T6991] U) failed (rc=-5) [ 192.488549][ T6998] netlink: 'syz.0.275': attribute type 10 has an invalid length. [ 192.508238][ T6998] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 192.576113][ T6998] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 193.904162][ T5883] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 194.486939][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.493657][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.523816][ T5883] usb 3-1: Using ep0 maxpacket: 16 [ 194.567138][ T5883] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 194.613453][ T5883] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 194.705914][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.714882][ T7020] xt_CT: You must specify a L4 protocol and not use inversions on it [ 194.789484][ T5883] usb 3-1: Product: syz [ 195.776965][ T5883] usb 3-1: Manufacturer: syz [ 195.781634][ T5883] usb 3-1: SerialNumber: syz [ 195.790005][ T5883] usb 3-1: config 0 descriptor?? [ 196.917037][ T5883] usb 3-1: can't set config #0, error -71 [ 196.932451][ T5883] usb 3-1: USB disconnect, device number 5 [ 199.792353][ T30] audit: type=1326 audit(1744062434.172:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7042 comm="syz.1.287" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcec898d169 code=0x0 [ 200.092300][ T7055] netlink: 'syz.3.291': attribute type 10 has an invalid length. [ 200.111709][ T7056] random: crng reseeded on system resumption [ 200.118170][ T7055] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 200.134875][ T7055] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 200.258774][ T7063] syz.0.292 uses obsolete (PF_INET,SOCK_PACKET) [ 201.165027][ T5935] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 202.022750][ T5935] usb 2-1: Using ep0 maxpacket: 32 [ 202.048741][ T5935] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 202.077404][ T5935] usb 2-1: config 0 has no interface number 0 [ 202.103063][ T5935] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 202.125568][ T5935] usb 2-1: config 0 interface 85 has no altsetting 0 [ 202.138902][ T5935] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 202.171783][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.210435][ T5935] usb 2-1: Product: syz [ 202.220177][ T5935] usb 2-1: Manufacturer: syz [ 202.247144][ T5935] usb 2-1: SerialNumber: syz [ 202.519245][ T5935] usb 2-1: config 0 descriptor?? [ 202.938343][ T7087] 9pnet_fd: Insufficient options for proto=fd [ 203.752237][ T5935] appletouch 2-1:0.85: Geyser mode initialized. [ 203.765516][ T5935] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input8 [ 204.091736][ T49] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 204.388775][ T49] usb 4-1: too many configurations: 246, using maximum allowed: 8 [ 205.093511][ T49] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 205.101161][ T49] usb 4-1: can't read configurations, error -61 [ 205.191465][ T5918] usb 2-1: USB disconnect, device number 9 [ 205.191537][ C0] appletouch 2-1:0.85: atp_complete: usb_submit_urb failed with result -19 [ 205.235910][ T5918] appletouch 2-1:0.85: input: appletouch disconnected [ 205.274067][ T49] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 205.342012][ T7108] netlink: 80 bytes leftover after parsing attributes in process `syz.2.304'. [ 205.464425][ T30] audit: type=1326 audit(1744062439.852:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7111 comm="syz.0.306" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f47e498d169 code=0x0 [ 205.668692][ T49] usb 4-1: too many configurations: 246, using maximum allowed: 8 [ 205.692073][ T49] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 205.830330][ T49] usb 4-1: can't read configurations, error -61 [ 205.886440][ T49] usb usb4-port1: attempt power cycle [ 206.309436][ T49] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 206.904626][ T49] usb 4-1: device descriptor read/all, error -71 [ 208.201624][ T7134] random: crng reseeded on system resumption [ 209.971233][ T7149] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input9 [ 211.659916][ T7162] loop9: detected capacity change from 0 to 7 [ 211.666636][ T7162] buffer_io_error: 4 callbacks suppressed [ 211.666653][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.680518][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.690328][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.698356][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.706361][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.714420][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.722373][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.730308][ T7162] ldm_validate_partition_table(): Disk read failed. [ 211.736998][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.744961][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.753131][ T7162] Buffer I/O error on dev loop9, logical block 0, async page read [ 211.761142][ T7162] Dev loop9: unable to read RDB block 0 [ 211.767016][ T7162] loop9: unable to read partition table [ 211.772922][ T7162] loop9: partition table beyond EOD, truncated [ 211.779119][ T7162] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 211.779119][ T7162] U) failed (rc=-5) [ 212.118054][ T7163] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input10 [ 212.591508][ T49] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 213.154333][ T49] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 213.244288][ T49] usb 4-1: config 0 interface 0 has no altsetting 0 [ 213.601676][ T49] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 214.102279][ T49] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 214.120846][ T49] usb 4-1: Product: syz [ 214.151240][ T49] usb 4-1: Manufacturer: syz [ 214.171470][ T49] usb 4-1: SerialNumber: syz [ 214.223515][ T49] usb 4-1: config 0 descriptor?? [ 214.316121][ T49] usb 4-1: selecting invalid altsetting 0 [ 214.506742][ T49] usb 4-1: USB disconnect, device number 12 [ 214.722072][ T7188] random: crng reseeded on system resumption [ 214.840264][ T6050] udevd[6050]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 215.933359][ T5918] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 216.112633][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 216.352584][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.376309][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.396628][ T5918] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 216.422613][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.460942][ T5918] usb 4-1: config 0 descriptor?? [ 216.966203][ T7205] can0: slcan on ttyS3. [ 217.097514][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 217.097621][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 217.112404][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 217.999785][ T7200] can0 (unregistered): slcan off ttyS3. [ 218.298483][ T7212] netlink: 16 bytes leftover after parsing attributes in process `syz.0.329'. [ 218.307687][ T7212] netlink: 32 bytes leftover after parsing attributes in process `syz.0.329'. [ 219.594581][ T7222] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input11 [ 222.061691][ T5918] usbhid 4-1:0.0: can't add hid device: -71 [ 222.128249][ T7239] No control pipe specified [ 222.267819][ T5918] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 222.290148][ T5918] usb 4-1: USB disconnect, device number 13 [ 222.818615][ T7238] netlink: 100 bytes leftover after parsing attributes in process `syz.1.334'. [ 225.135864][ T7251] random: crng reseeded on system resumption [ 225.433472][ T55] Bluetooth: hci2: command 0x0405 tx timeout [ 227.799029][ T7290] FAULT_INJECTION: forcing a failure. [ 227.799029][ T7290] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.812306][ T7290] CPU: 0 UID: 0 PID: 7290 Comm: syz.2.344 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 227.812333][ T7290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 227.812345][ T7290] Call Trace: [ 227.812355][ T7290] [ 227.812363][ T7290] dump_stack_lvl+0x241/0x360 [ 227.812404][ T7290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.812432][ T7290] ? __pfx__printk+0x10/0x10 [ 227.812472][ T7290] should_fail_ex+0x424/0x570 [ 227.812504][ T7290] _copy_from_user+0x2d/0xb0 [ 227.812541][ T7290] restore_altstack+0x9a/0x160 [ 227.812568][ T7290] ? __pfx_restore_altstack+0x10/0x10 [ 227.812608][ T7290] __do_sys_rt_sigreturn+0x19a/0x290 [ 227.812643][ T7290] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 227.812680][ T7290] ? do_syscall_64+0xb6/0x230 [ 227.812709][ T7290] do_syscall_64+0xf3/0x230 [ 227.812733][ T7290] ? clear_bhb_loop+0x45/0xa0 [ 227.812757][ T7290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.812778][ T7290] RIP: 0033:0x7f0e04329359 [ 227.812800][ T7290] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 227.812817][ T7290] RSP: 002b:00007f0e05266a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 227.812838][ T7290] RAX: ffffffffffffffda RBX: 00007f0e045a6160 RCX: 00007f0e04329359 [ 227.812853][ T7290] RDX: 00007f0e05266a80 RSI: 00007f0e05266bb0 RDI: 0000000000000021 [ 227.812866][ T7290] RBP: 00007f0e05267090 R08: 0000000000000000 R09: 0000000000000000 [ 227.812879][ T7290] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 227.812891][ T7290] R13: 0000000000000000 R14: 00007f0e045a6160 R15: 00007ffeb4ad20e8 [ 227.812922][ T7290] [ 228.524088][ T7302] process 'syz.4.346' launched './file2' with NULL argv: empty string added [ 230.307113][ T7318] netlink: 512 bytes leftover after parsing attributes in process `syz.4.349'. [ 230.338804][ T7318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.349'. [ 230.348109][ T7318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.349'. [ 230.403416][ T5884] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 230.724109][ T5884] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 230.756639][ T5884] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 230.802964][ T5884] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 231.742633][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.772790][ T7316] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 231.795102][ T5884] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 231.925161][ T7333] netlink: 24 bytes leftover after parsing attributes in process `syz.1.353'. [ 232.072866][ T7341] random: crng reseeded on system resumption [ 232.131846][ T7339] netlink: 16 bytes leftover after parsing attributes in process `syz.4.355'. [ 232.212087][ T7339] netlink: 32 bytes leftover after parsing attributes in process `syz.4.355'. [ 232.285869][ T7348] FAULT_INJECTION: forcing a failure. [ 232.285869][ T7348] name failslab, interval 1, probability 0, space 0, times 0 [ 232.299202][ T7348] CPU: 1 UID: 0 PID: 7348 Comm: syz.3.354 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 232.299232][ T7348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 232.299244][ T7348] Call Trace: [ 232.299252][ T7348] [ 232.299261][ T7348] dump_stack_lvl+0x241/0x360 [ 232.299297][ T7348] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.299326][ T7348] ? __pfx__printk+0x10/0x10 [ 232.299365][ T7348] ? __pfx___might_resched+0x10/0x10 [ 232.299396][ T7348] should_fail_ex+0x424/0x570 [ 232.299423][ T7348] should_failslab+0xac/0x100 [ 232.299446][ T7348] __kmalloc_noprof+0xdf/0x4d0 [ 232.299467][ T7348] ? tomoyo_encode+0x26f/0x540 [ 232.299493][ T7348] tomoyo_encode+0x26f/0x540 [ 232.299520][ T7348] tomoyo_mount_permission+0x56a/0xbd0 [ 232.299560][ T7348] ? tomoyo_mount_permission+0x29d/0xbd0 [ 232.299596][ T7348] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 232.299689][ T7348] security_sb_mount+0xe0/0x2f0 [ 232.299716][ T7348] path_mount+0xb9/0xfa0 [ 232.299736][ T7348] ? kmem_cache_free+0x197/0x410 [ 232.299756][ T7348] ? user_path_at+0x44/0x60 [ 232.299791][ T7348] __se_sys_mount+0x38c/0x400 [ 232.299822][ T7348] ? __pfx___se_sys_mount+0x10/0x10 [ 232.299853][ T7348] ? __x64_sys_mount+0x20/0xc0 [ 232.299878][ T7348] do_syscall_64+0xf3/0x230 [ 232.299904][ T7348] ? clear_bhb_loop+0x45/0xa0 [ 232.299928][ T7348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.299948][ T7348] RIP: 0033:0x7fa5ea78d169 [ 232.299966][ T7348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.300000][ T7348] RSP: 002b:00007fa5eb66e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 232.300023][ T7348] RAX: ffffffffffffffda RBX: 00007fa5ea9a6160 RCX: 00007fa5ea78d169 [ 232.300038][ T7348] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000 [ 232.300052][ T7348] RBP: 00007fa5eb66e090 R08: 0000200000000480 R09: 0000000000000000 [ 232.300066][ T7348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 232.300078][ T7348] R13: 0000000000000000 R14: 00007fa5ea9a6160 R15: 00007ffd4f971778 [ 232.300112][ T7348] [ 234.150318][ T7358] loop9: detected capacity change from 0 to 7 [ 234.163691][ T7358] buffer_io_error: 4 callbacks suppressed [ 234.163718][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.178062][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.186894][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.197012][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.205831][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.248963][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.257870][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.266286][ T7358] ldm_validate_partition_table(): Disk read failed. [ 234.273462][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.282060][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.290822][ T7358] Buffer I/O error on dev loop9, logical block 0, async page read [ 234.355486][ T7358] Dev loop9: unable to read RDB block 0 [ 234.364053][ T7358] loop9: unable to read partition table [ 234.371559][ T7358] loop9: partition table beyond EOD, truncated [ 234.378133][ T7358] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 234.378133][ T7358] U) failed (rc=-5) [ 234.589455][ T5966] usb 3-1: USB disconnect, device number 6 [ 236.027924][ T7380] FAULT_INJECTION: forcing a failure. [ 236.027924][ T7380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.082747][ T7380] CPU: 0 UID: 0 PID: 7380 Comm: syz.1.361 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 236.082780][ T7380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 236.082793][ T7380] Call Trace: [ 236.082802][ T7380] [ 236.082811][ T7380] dump_stack_lvl+0x241/0x360 [ 236.082850][ T7380] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.082879][ T7380] ? __pfx__printk+0x10/0x10 [ 236.082919][ T7380] should_fail_ex+0x424/0x570 [ 236.082948][ T7380] _copy_to_user+0x31/0xb0 [ 236.082981][ T7380] simple_read_from_buffer+0xc4/0x170 [ 236.083010][ T7380] proc_fail_nth_read+0x1ef/0x260 [ 236.083040][ T7380] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 236.083071][ T7380] ? rw_verify_area+0x246/0x630 [ 236.083099][ T7380] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 236.083128][ T7380] vfs_read+0x21f/0xb90 [ 236.083163][ T7380] ? __pfx___mutex_lock+0x10/0x10 [ 236.083190][ T7380] ? __pfx_vfs_read+0x10/0x10 [ 236.083222][ T7380] ? __fget_files+0x2a/0x420 [ 236.083248][ T7380] ? __fget_files+0x39d/0x420 [ 236.083270][ T7380] ? __fget_files+0x2a/0x420 [ 236.083305][ T7380] ksys_read+0x19d/0x2d0 [ 236.083337][ T7380] ? __pfx_ksys_read+0x10/0x10 [ 236.083372][ T7380] ? do_syscall_64+0xb6/0x230 [ 236.083401][ T7380] do_syscall_64+0xf3/0x230 [ 236.083426][ T7380] ? clear_bhb_loop+0x45/0xa0 [ 236.083451][ T7380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.083471][ T7380] RIP: 0033:0x7fcec898bb7c [ 236.083490][ T7380] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 236.083507][ T7380] RSP: 002b:00007fcec977a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 236.083530][ T7380] RAX: ffffffffffffffda RBX: 00007fcec8ba5fa0 RCX: 00007fcec898bb7c [ 236.083545][ T7380] RDX: 000000000000000f RSI: 00007fcec977a0a0 RDI: 0000000000000005 [ 236.083558][ T7380] RBP: 00007fcec977a090 R08: 0000000000000000 R09: 0000000000000000 [ 236.083571][ T7380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 236.083583][ T7380] R13: 0000000000000000 R14: 00007fcec8ba5fa0 R15: 00007ffd87c21c38 [ 236.083617][ T7380] [ 236.632891][ T5884] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 237.514601][ T5884] usb 4-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.772328][ T5884] usb 4-1: config 0 interface 0 altsetting 238 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.784375][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 237.791042][ T5884] usb 4-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 237.801907][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.813380][ T5884] usb 4-1: config 0 descriptor?? [ 238.643250][ T7414] x_tables: duplicate entry at hook 2 [ 238.727756][ T7390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.365'. [ 238.795539][ T7390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.365'. [ 238.847050][ T7390] netlink: 45 bytes leftover after parsing attributes in process `syz.3.365'. [ 239.157167][ T5884] usbhid 4-1:0.0: can't add hid device: -71 [ 239.172696][ T5884] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 239.206450][ T5884] usb 4-1: USB disconnect, device number 14 [ 241.373536][ T7430] random: crng reseeded on system resumption [ 242.601256][ T7446] No control pipe specified [ 242.606958][ T7446] netlink: 100 bytes leftover after parsing attributes in process `syz.3.378'. [ 244.253610][ T7453] kAFS: unparsable volume name [ 244.578920][ T7460] netlink: 60 bytes leftover after parsing attributes in process `syz.3.381'. [ 244.605524][ T7458] netlink: 60 bytes leftover after parsing attributes in process `syz.3.381'. [ 244.635340][ T7460] netlink: 60 bytes leftover after parsing attributes in process `syz.3.381'. [ 245.624592][ T7477] trusted_key: syz.3.386 sent an empty control message without MSG_MORE. [ 245.778321][ T7474] syz.2.382: attempt to access beyond end of device [ 245.778321][ T7474] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 245.818567][ T5822] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 246.016448][ T5822] usb 2-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.224118][ T7486] netlink: 20 bytes leftover after parsing attributes in process `syz.0.388'. [ 246.243797][ T5822] usb 2-1: config 0 interface 0 altsetting 238 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.270214][ T5822] usb 2-1: config 0 interface 0 has no altsetting 0 [ 246.280329][ T5822] usb 2-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 246.289862][ T5822] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.434720][ T7490] x_tables: duplicate entry at hook 2 [ 246.787221][ T5822] usb 2-1: config 0 descriptor?? [ 246.812341][ T7492] netlink: 'syz.3.389': attribute type 10 has an invalid length. [ 247.024509][ T7465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.384'. [ 247.062771][ T7465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.384'. [ 247.088506][ T7465] netlink: 45 bytes leftover after parsing attributes in process `syz.1.384'. [ 247.141139][ T5822] usbhid 2-1:0.0: can't add hid device: -71 [ 247.367613][ T5822] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 247.403984][ T5822] usb 2-1: USB disconnect, device number 10 [ 248.277219][ T7509] FAULT_INJECTION: forcing a failure. [ 248.277219][ T7509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.342921][ T7509] CPU: 0 UID: 0 PID: 7509 Comm: syz.4.395 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 248.342953][ T7509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 248.342976][ T7509] Call Trace: [ 248.342984][ T7509] [ 248.342993][ T7509] dump_stack_lvl+0x241/0x360 [ 248.343030][ T7509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.343059][ T7509] ? __pfx__printk+0x10/0x10 [ 248.343102][ T7509] should_fail_ex+0x424/0x570 [ 248.343129][ T7509] _copy_from_iter+0x211/0x1c70 [ 248.343163][ T7509] ? __build_skb_around+0x247/0x3d0 [ 248.343201][ T7509] ? __alloc_skb+0x298/0x480 [ 248.343232][ T7509] ? __pfx__copy_from_iter+0x10/0x10 [ 248.343263][ T7509] ? __pfx___alloc_skb+0x10/0x10 [ 248.343292][ T7509] ? is_bpf_text_address+0x26/0x2a0 [ 248.343317][ T7509] ? 0xffffffffa0000964 [ 248.343334][ T7509] ? skb_put+0x114/0x1f0 [ 248.343359][ T7509] pfkey_sendmsg+0x23b/0x1140 [ 248.343382][ T7509] ? kernel_text_address+0xa7/0xe0 [ 248.343414][ T7509] ? __kernel_text_address+0xd/0x40 [ 248.343442][ T7509] ? _parse_integer_limit+0x1b4/0x200 [ 248.343478][ T7509] ? smack_socket_sendmsg+0x184/0x580 [ 248.343510][ T7509] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 248.343533][ T7509] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 248.343566][ T7509] ? tomoyo_socket_sendmsg_permission+0x285/0x420 [ 248.343596][ T7509] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 248.343626][ T7509] ? __import_iovec+0x585/0x830 [ 248.343667][ T7509] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 248.343687][ T7509] __sock_sendmsg+0x221/0x270 [ 248.343719][ T7509] ____sys_sendmsg+0x523/0x860 [ 248.343751][ T7509] ? __pfx_____sys_sendmsg+0x10/0x10 [ 248.343771][ T7509] ? __fget_files+0x2a/0x420 [ 248.343799][ T7509] ? __fget_files+0x2a/0x420 [ 248.343832][ T7509] __sys_sendmsg+0x271/0x360 [ 248.343860][ T7509] ? __pfx___sys_sendmsg+0x10/0x10 [ 248.343947][ T7509] ? do_syscall_64+0xb6/0x230 [ 248.343976][ T7509] do_syscall_64+0xf3/0x230 [ 248.344001][ T7509] ? clear_bhb_loop+0x45/0xa0 [ 248.344027][ T7509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.344047][ T7509] RIP: 0033:0x7fa6e8d8d169 [ 248.344064][ T7509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.344081][ T7509] RSP: 002b:00007fa6e9ca7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 248.344103][ T7509] RAX: ffffffffffffffda RBX: 00007fa6e8fa5fa0 RCX: 00007fa6e8d8d169 [ 248.344119][ T7509] RDX: 0000000000000000 RSI: 0000200000003780 RDI: 0000000000000005 [ 248.344131][ T7509] RBP: 00007fa6e9ca7090 R08: 0000000000000000 R09: 0000000000000000 [ 248.344144][ T7509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.344156][ T7509] R13: 0000000000000000 R14: 00007fa6e8fa5fa0 R15: 00007ffc2b59a778 [ 248.344188][ T7509] [ 248.633523][ T7515] FAULT_INJECTION: forcing a failure. [ 248.633523][ T7515] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.646749][ T7515] CPU: 0 UID: 0 PID: 7515 Comm: syz.3.397 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 248.646775][ T7515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 248.646786][ T7515] Call Trace: [ 248.646794][ T7515] [ 248.646802][ T7515] dump_stack_lvl+0x241/0x360 [ 248.646836][ T7515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.646864][ T7515] ? __pfx__printk+0x10/0x10 [ 248.646903][ T7515] should_fail_ex+0x424/0x570 [ 248.646929][ T7515] _copy_to_user+0x31/0xb0 [ 248.646961][ T7515] simple_read_from_buffer+0xc4/0x170 [ 248.646989][ T7515] proc_fail_nth_read+0x1ef/0x260 [ 248.647021][ T7515] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 248.647049][ T7515] ? rw_verify_area+0x246/0x630 [ 248.647077][ T7515] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 248.647105][ T7515] vfs_read+0x21f/0xb90 [ 248.647139][ T7515] ? __pfx___mutex_lock+0x10/0x10 [ 248.647166][ T7515] ? __pfx_vfs_read+0x10/0x10 [ 248.647198][ T7515] ? __fget_files+0x2a/0x420 [ 248.647223][ T7515] ? __fget_files+0x39d/0x420 [ 248.647245][ T7515] ? __fget_files+0x2a/0x420 [ 248.647279][ T7515] ksys_read+0x19d/0x2d0 [ 248.647310][ T7515] ? __pfx_ksys_read+0x10/0x10 [ 248.647345][ T7515] ? do_syscall_64+0xb6/0x230 [ 248.647373][ T7515] do_syscall_64+0xf3/0x230 [ 248.647399][ T7515] ? clear_bhb_loop+0x45/0xa0 [ 248.647424][ T7515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.647444][ T7515] RIP: 0033:0x7fa5ea78bb7c [ 248.647463][ T7515] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 248.647486][ T7515] RSP: 002b:00007fa5eb6b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 248.647508][ T7515] RAX: ffffffffffffffda RBX: 00007fa5ea9a5fa0 RCX: 00007fa5ea78bb7c [ 248.647523][ T7515] RDX: 000000000000000f RSI: 00007fa5eb6b00a0 RDI: 0000000000000003 [ 248.647535][ T7515] RBP: 00007fa5eb6b0090 R08: 0000000000000000 R09: 0000000000000000 [ 248.647548][ T7515] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001 [ 248.647560][ T7515] R13: 0000000000000001 R14: 00007fa5ea9a5fa0 R15: 00007ffd4f971778 [ 248.647594][ T7515] [ 249.553710][ T7524] 9pnet: p9_errstr2errno: server reported unknown error ../file0 [ 249.785016][ T7532] loop9: detected capacity change from 0 to 7 [ 249.793341][ T7532] buffer_io_error: 4 callbacks suppressed [ 249.793386][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.807760][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.816224][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.824775][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.833836][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.842453][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.850969][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.859375][ T7532] ldm_validate_partition_table(): Disk read failed. [ 249.866464][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.875024][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.885430][ T7532] Buffer I/O error on dev loop9, logical block 0, async page read [ 249.894194][ T7532] Dev loop9: unable to read RDB block 0 [ 249.901326][ T7532] loop9: unable to read partition table [ 249.908218][ T7532] loop9: partition table beyond EOD, truncated [ 249.914648][ T7532] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 249.914648][ T7532] U) failed (rc=-5) [ 250.002607][ T5822] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 251.169993][ T5822] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 251.201300][ T5822] usb 5-1: config 0 has no interface number 0 [ 251.374651][ T5822] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 251.442568][ T7540] x_tables: duplicate entry at hook 2 [ 251.484495][ T5822] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 252.114899][ T5822] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 252.188983][ T5822] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 252.324378][ T5822] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 252.464896][ T5822] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 252.761416][ T5822] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 252.771656][ T5822] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.794307][ T5822] usb 5-1: config 0 descriptor?? [ 252.836649][ T5822] usb 5-1: can't set config #0, error -71 [ 252.872974][ T5822] usb 5-1: USB disconnect, device number 6 [ 253.103259][ T49] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 253.283055][ T49] usb 2-1: Using ep0 maxpacket: 8 [ 254.232650][ T5822] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 254.240825][ T5884] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 254.264158][ T49] usb 2-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 254.282603][ T49] usb 2-1: config 0 has an invalid interface number: 150 but max is 64 [ 254.292457][ T49] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 254.504905][ T5822] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 254.550529][ T5822] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 254.606160][ T5822] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 254.664124][ T49] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 65 [ 254.673556][ T49] usb 2-1: config 0 has no interface number 0 [ 254.679956][ T49] usb 2-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 254.693091][ T49] usb 2-1: config 0 interface 150 has no altsetting 0 [ 254.701386][ T49] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 254.710698][ T49] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.722207][ T49] usb 2-1: config 0 descriptor?? [ 254.747716][ T5884] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 254.760944][ T5884] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 254.810889][ T5884] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 255.045918][ T5822] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.081830][ T7556] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 255.093675][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 255.101727][ T5884] usb 3-1: SerialNumber: syz [ 255.134299][ T49] usb 2-1: USB disconnect, device number 11 [ 255.196979][ T7567] new mount options do not match the existing superblock, will be ignored [ 255.753253][ T7567] xt_CT: No such helper "pptp" [ 255.790876][ T5884] usb 3-1: 0:2 : does not exist [ 255.857747][ T5884] usb 3-1: USB disconnect, device number 7 [ 255.926292][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.933267][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.036112][ T5822] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 256.535233][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.150/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 256.997365][ T7583] new mount options do not match the existing superblock, will be ignored [ 257.626479][ T6048] udevd[6048]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 257.641883][ T7583] xt_CT: No such helper "pptp" [ 257.867744][ T5929] usb 5-1: USB disconnect, device number 7 [ 259.442235][ T7604] netlink: 'syz.1.420': attribute type 29 has an invalid length. [ 259.522627][ T7609] FAULT_INJECTION: forcing a failure. [ 259.522627][ T7609] name failslab, interval 1, probability 0, space 0, times 0 [ 259.535512][ T7609] CPU: 1 UID: 0 PID: 7609 Comm: syz.1.420 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 259.535539][ T7609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 259.535553][ T7609] Call Trace: [ 259.535561][ T7609] [ 259.535570][ T7609] dump_stack_lvl+0x241/0x360 [ 259.535615][ T7609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.535644][ T7609] ? __pfx__printk+0x10/0x10 [ 259.535677][ T7609] ? __pfx___might_resched+0x10/0x10 [ 259.535706][ T7609] should_fail_ex+0x424/0x570 [ 259.535733][ T7609] should_failslab+0xac/0x100 [ 259.535757][ T7609] __kmalloc_noprof+0xdf/0x4d0 [ 259.535777][ T7609] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 259.535798][ T7609] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 259.535825][ T7609] tomoyo_realpath_from_path+0xcf/0x5e0 [ 259.535861][ T7609] tomoyo_path_number_perm+0x245/0x790 [ 259.535894][ T7609] ? tomoyo_path_number_perm+0x215/0x790 [ 259.535926][ T7609] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 259.535963][ T7609] ? ksys_write+0x24e/0x2d0 [ 259.536001][ T7609] ? __lock_acquire+0xad5/0xd80 [ 259.536043][ T7609] ? __fget_files+0x2a/0x420 [ 259.536067][ T7609] ? __fget_files+0x2a/0x420 [ 259.536094][ T7609] ? __fget_files+0x2a/0x420 [ 259.536124][ T7609] security_file_ioctl+0xc6/0x2a0 [ 259.536156][ T7609] __se_sys_ioctl+0x46/0x160 [ 259.536211][ T7609] do_syscall_64+0xf3/0x230 [ 259.536239][ T7609] ? clear_bhb_loop+0x45/0xa0 [ 259.536264][ T7609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.536285][ T7609] RIP: 0033:0x7fcec898d169 [ 259.536304][ T7609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.536321][ T7609] RSP: 002b:00007fcec9759038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 259.536343][ T7609] RAX: ffffffffffffffda RBX: 00007fcec8ba6080 RCX: 00007fcec898d169 [ 259.536358][ T7609] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 000000000000000a [ 259.536372][ T7609] RBP: 00007fcec9759090 R08: 0000000000000000 R09: 0000000000000000 [ 259.536385][ T7609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.536396][ T7609] R13: 0000000000000000 R14: 00007fcec8ba6080 R15: 00007ffd87c21c38 [ 259.536429][ T7609] [ 259.536473][ T7609] ERROR: Out of memory at tomoyo_realpath_from_path. [ 262.392727][ T49] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 262.692680][ T7628] 9pnet_fd: Insufficient options for proto=fd [ 263.525919][ T7633] netlink: 16 bytes leftover after parsing attributes in process `syz.4.429'. [ 263.534960][ T7633] netlink: 32 bytes leftover after parsing attributes in process `syz.4.429'. [ 265.173415][ T5966] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 265.555200][ T5966] usb 4-1: Using ep0 maxpacket: 32 [ 265.738855][ T5966] usb 4-1: unable to get BOS descriptor or descriptor too short [ 265.889455][ T49] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 265.975736][ T5966] usb 4-1: config 4 has an invalid interface number: 255 but max is 2 [ 266.122065][ T5966] usb 4-1: config 4 has an invalid interface number: 224 but max is 2 [ 266.265752][ T49] usb 2-1: No LPM exit latency info found, disabling LPM. [ 266.291701][ T5966] usb 4-1: config 4 has an invalid interface number: 55 but max is 2 [ 266.456810][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 266.476554][ T5966] usb 4-1: config 4 has an invalid interface number: 210 but max is 2 [ 266.867211][ T5966] usb 4-1: config 4 has 4 interfaces, different from the descriptor's value: 3 [ 266.917025][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x82 is Bulk; changing to Interrupt [ 267.118568][ T5966] usb 4-1: config 4 has no interface number 0 [ 267.195645][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x3 is Bulk; changing to Interrupt [ 267.270973][ T5966] usb 4-1: config 4 has no interface number 1 [ 267.383056][ T5966] usb 4-1: config 4 has no interface number 2 [ 267.389212][ T5966] usb 4-1: config 4 has no interface number 3 [ 267.396404][ T49] usb 2-1: config 1 interface 0 has no altsetting 0 [ 267.503716][ T5966] usb 4-1: config 4 interface 255 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 267.644726][ T7662] No control pipe specified [ 267.668497][ T7662] netlink: 100 bytes leftover after parsing attributes in process `syz.3.436'. [ 267.688412][ T5966] usb 4-1: config 4 interface 255 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 7 [ 268.015470][ T5966] usb 4-1: too many endpoints for config 4 interface 224 altsetting 130: 180, using maximum allowed: 30 [ 268.173019][ T5966] usb 4-1: config 4 interface 224 altsetting 130 has a duplicate endpoint with address 0xA, skipping [ 268.203736][ T5966] usb 4-1: config 4 interface 224 altsetting 130 has 1 endpoint descriptor, different from the interface descriptor's value: 180 [ 268.270421][ T49] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 268.312691][ T5966] usb 4-1: config 4 interface 224 has no altsetting 0 [ 268.328476][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.338310][ T5966] usb 4-1: config 4 interface 55 has no altsetting 0 [ 268.352893][ T5966] usb 4-1: config 4 interface 210 has no altsetting 0 [ 268.377488][ T49] usb 2-1: can't set config #1, error -71 [ 268.420289][ T5966] usb 4-1: string descriptor 0 read error: -71 [ 268.449283][ T49] usb 2-1: USB disconnect, device number 12 [ 268.623136][ T5966] usb 4-1: New USB device found, idVendor=067b, idProduct=2317, bcdDevice= 0.01 [ 268.632278][ T5966] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.692917][ T5966] usb 4-1: can't set config #4, error -71 [ 268.756318][ T5966] usb 4-1: USB disconnect, device number 15 [ 269.825721][ T7697] loop9: detected capacity change from 0 to 7 [ 269.832619][ T7697] buffer_io_error: 4 callbacks suppressed [ 269.832638][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.846579][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.856413][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.864506][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.873472][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.881511][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.889492][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.897477][ T7697] ldm_validate_partition_table(): Disk read failed. [ 269.904174][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.912136][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.920320][ T7697] Buffer I/O error on dev loop9, logical block 0, async page read [ 269.928589][ T7697] Dev loop9: unable to read RDB block 0 [ 269.934518][ T7697] loop9: unable to read partition table [ 269.940401][ T7697] loop9: partition table beyond EOD, truncated [ 269.946644][ T7697] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 269.946644][ T7697] U) failed (rc=-5) [ 271.152891][ T5822] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 271.390461][ T5822] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 271.414937][ T49] usb 2-1: new low-speed USB device number 13 using dummy_hcd [ 271.432274][ T5822] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 271.468207][ T5822] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 271.538867][ T5822] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.642948][ T7719] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 271.655012][ T7707] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 271.717469][ T5822] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 271.753404][ T49] usb 2-1: No LPM exit latency info found, disabling LPM. [ 272.033326][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 272.395084][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x82 is Bulk; changing to Interrupt [ 272.462935][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x3 is Bulk; changing to Interrupt [ 272.549085][ T7727] FAULT_INJECTION: forcing a failure. [ 272.549085][ T7727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 272.563063][ T49] usb 2-1: config 1 interface 0 has no altsetting 0 [ 272.584282][ T7727] CPU: 1 UID: 0 PID: 7727 Comm: syz.0.452 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 272.584312][ T7727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 272.584325][ T7727] Call Trace: [ 272.584334][ T7727] [ 272.584346][ T7727] dump_stack_lvl+0x241/0x360 [ 272.584384][ T7727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.584412][ T7727] ? __pfx__printk+0x10/0x10 [ 272.584455][ T7727] should_fail_ex+0x424/0x570 [ 272.584483][ T7727] _copy_from_user+0x2d/0xb0 [ 272.584514][ T7727] csum_and_copy_from_iter_full+0x4cd/0x21a0 [ 272.584539][ T7727] ? alloc_skb_with_frags+0x787/0x830 [ 272.584579][ T7727] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 272.584622][ T7727] ip_generic_getfrag+0x151/0x320 [ 272.584648][ T7727] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 272.584673][ T7727] ? skb_put+0x114/0x1f0 [ 272.584697][ T7727] __ip_append_data+0x3626/0x4750 [ 272.584716][ T7727] ? rcu_is_watching+0x15/0xb0 [ 272.584765][ T7727] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 272.584809][ T7727] ? __pfx___ip_append_data+0x10/0x10 [ 272.584828][ T7727] ? __pfx_ipv4_mtu+0x10/0x10 [ 272.584861][ T7727] ? ip_setup_cork+0x580/0x9a0 [ 272.584887][ T7727] ip_make_skb+0x19a/0x420 [ 272.584914][ T7727] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 272.584936][ T7727] ? __pfx_ip_make_skb+0x10/0x10 [ 272.584979][ T7727] udp_sendmsg+0x1c7e/0x2ca0 [ 272.585031][ T7727] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 272.585053][ T7727] ? __pfx_udp_sendmsg+0x10/0x10 [ 272.585080][ T7727] ? count_memcg_event_mm+0x388/0x440 [ 272.585101][ T7727] ? count_memcg_event_mm+0x96/0x440 [ 272.585141][ T7727] ? handle_mm_fault+0x173e/0x1aa0 [ 272.585183][ T7727] udpv6_sendmsg+0xe4c/0x3070 [ 272.585239][ T7727] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 272.585279][ T7727] ? irqentry_exit+0x63/0x90 [ 272.585302][ T7727] ? exc_page_fault+0x5f8/0x920 [ 272.585349][ T7727] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 272.585376][ T7727] ? sock_rps_record_flow+0x1a/0x410 [ 272.585396][ T7727] ? inet_send_prepare+0x21/0x260 [ 272.585433][ T7727] __sock_sendmsg+0xef/0x270 [ 272.585465][ T7727] ____sys_sendmsg+0x523/0x860 [ 272.585497][ T7727] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.585517][ T7727] ? __fget_files+0x2a/0x420 [ 272.585545][ T7727] ? __fget_files+0x2a/0x420 [ 272.585578][ T7727] __sys_sendmmsg+0x3a0/0x7b0 [ 272.585614][ T7727] ? __pfx___sys_sendmmsg+0x10/0x10 [ 272.585676][ T7727] ? rcu_read_lock_any_held+0xbb/0x160 [ 272.585703][ T7727] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 272.585733][ T7727] ? vfs_write+0xb29/0xd10 [ 272.585771][ T7727] ? ksys_write+0x24e/0x2d0 [ 272.585804][ T7727] ? __mutex_unlock_slowpath+0x229/0x800 [ 272.585862][ T7727] ? ksys_write+0x275/0x2d0 [ 272.585904][ T7727] __x64_sys_sendmmsg+0xa0/0xb0 [ 272.585929][ T7727] do_syscall_64+0xf3/0x230 [ 272.585954][ T7727] ? clear_bhb_loop+0x45/0xa0 [ 272.585979][ T7727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.585999][ T7727] RIP: 0033:0x7f47e498d169 [ 272.586018][ T7727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.586035][ T7727] RSP: 002b:00007f47e5824038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 272.586057][ T7727] RAX: ffffffffffffffda RBX: 00007f47e4ba5fa0 RCX: 00007f47e498d169 [ 272.586072][ T7727] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000003 [ 272.586086][ T7727] RBP: 00007f47e5824090 R08: 0000000000000000 R09: 0000000000000000 [ 272.586099][ T7727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.586111][ T7727] R13: 0000000000000000 R14: 00007f47e4ba5fa0 R15: 00007ffd32c718b8 [ 272.586143][ T7727] [ 272.946730][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.955706][ T7732] syz.4.453 (7732) used greatest stack depth: 18920 bytes left [ 274.481530][ T5918] usb 3-1: USB disconnect, device number 8 [ 274.555882][ T49] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 274.591229][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.736991][ T7746] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input12 [ 275.486436][ T49] usb 2-1: can't set config #1, error -71 [ 275.548927][ T49] usb 2-1: USB disconnect, device number 13 [ 275.839151][ T7751] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 275.849553][ T7751] PKCS7: Only support pkcs7_signedData type [ 277.606324][ T7779] tipc: Started in network mode [ 277.611311][ T7779] tipc: Node identity ac141441, cluster identity 4711 [ 277.619279][ T7779] tipc: Enabled bearer , priority 10 [ 277.682601][ T5918] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 277.887603][ T5918] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 277.992936][ T5918] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 278.035553][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 278.088619][ T5918] usb 4-1: Product: syz [ 278.097446][ T83] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.098180][ T5918] usb 4-1: Manufacturer: syz [ 278.430048][ T5918] usb 4-1: SerialNumber: syz [ 278.455440][ T5918] usb 4-1: config 0 descriptor?? [ 278.585942][ T5918] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 278.615042][ T5822] tipc: Node number set to 2886997057 [ 278.637944][ T83] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.699041][ T5918] usb 4-1: USB disconnect, device number 16 [ 278.795108][ T83] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.888862][ T7788] netlink: 40 bytes leftover after parsing attributes in process `syz.2.469'. [ 278.903907][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 278.927404][ T7788] netlink: 40 bytes leftover after parsing attributes in process `syz.2.469'. [ 279.148617][ T83] bond0: (slave netdevsim0): Releasing backup interface [ 279.179999][ T83] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.263010][ T5915] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 279.475814][ T5915] usb 2-1: No LPM exit latency info found, disabling LPM. [ 279.559998][ T5915] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 279.664212][ T5915] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x82 is Bulk; changing to Interrupt [ 279.687698][ T5915] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x3 is Bulk; changing to Interrupt [ 279.716244][ T5915] usb 2-1: config 1 interface 0 has no altsetting 0 [ 280.206231][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 280.217206][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 280.227251][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 280.235988][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 280.245253][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 280.272974][ T83] bridge_slave_1: left allmulticast mode [ 280.278884][ T83] bridge_slave_1: left promiscuous mode [ 280.403457][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.596794][ T83] bridge_slave_0: left allmulticast mode [ 280.618595][ T83] bridge_slave_0: left promiscuous mode [ 280.636723][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.640977][ T7821] netlink: 64 bytes leftover after parsing attributes in process `syz.3.474'. [ 281.029613][ T7827] FAT-fs (nullb0): bogus number of reserved sectors [ 281.036717][ T7827] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 281.784802][ T7835] FAULT_INJECTION: forcing a failure. [ 281.784802][ T7835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.825901][ T7835] CPU: 0 UID: 0 PID: 7835 Comm: syz.3.478 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 281.825932][ T7835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 281.825946][ T7835] Call Trace: [ 281.825954][ T7835] [ 281.825963][ T7835] dump_stack_lvl+0x241/0x360 [ 281.826002][ T7835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 281.826031][ T7835] ? __pfx__printk+0x10/0x10 [ 281.826071][ T7835] should_fail_ex+0x424/0x570 [ 281.826099][ T7835] _copy_to_user+0x31/0xb0 [ 281.826133][ T7835] video_usercopy+0xf30/0x1330 [ 281.826167][ T7835] ? __pfx___video_do_ioctl+0x10/0x10 [ 281.826187][ T7835] ? __pfx_video_usercopy+0x10/0x10 [ 281.826205][ T7835] ? smack_file_ioctl+0x306/0x3b0 [ 281.826246][ T7835] ? __fget_files+0x2a/0x420 [ 281.826274][ T7835] ? __fget_files+0x2a/0x420 [ 281.826301][ T7835] v4l2_ioctl+0x189/0x1e0 [ 281.826333][ T7835] ? __pfx_v4l2_ioctl+0x10/0x10 [ 281.826366][ T7835] __se_sys_ioctl+0xf1/0x160 [ 281.826406][ T7835] do_syscall_64+0xf3/0x230 [ 281.826433][ T7835] ? clear_bhb_loop+0x45/0xa0 [ 281.826460][ T7835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.826480][ T7835] RIP: 0033:0x7fa5ea78d169 [ 281.826499][ T7835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.826518][ T7835] RSP: 002b:00007fa5eb6b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 281.826540][ T7835] RAX: ffffffffffffffda RBX: 00007fa5ea9a5fa0 RCX: 00007fa5ea78d169 [ 281.826557][ T7835] RDX: 0000200000000080 RSI: 00000000c0405602 RDI: 0000000000000003 [ 281.826571][ T7835] RBP: 00007fa5eb6b0090 R08: 0000000000000000 R09: 0000000000000000 [ 281.826584][ T7835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.826597][ T7835] R13: 0000000000000000 R14: 00007fa5ea9a5fa0 R15: 00007ffd4f971778 [ 281.826631][ T7835] [ 282.053152][ T7836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.468'. [ 282.087751][ T7836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.468'. [ 282.097724][ T7840] netlink: 16 bytes leftover after parsing attributes in process `syz.2.479'. [ 282.106720][ T7840] netlink: 32 bytes leftover after parsing attributes in process `syz.2.479'. [ 282.117534][ T7836] netlink: 45 bytes leftover after parsing attributes in process `syz.1.468'. [ 282.358289][ T55] Bluetooth: hci1: command tx timeout [ 283.556589][ T5915] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 283.581930][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.617909][ T7856] ptrace attach of "./syz-executor exec"[5828] was attempted by " [ 283.618231][ T5915] usb 2-1: can't set config #1, error -71 [ 283.794720][ T5915] usb 2-1: USB disconnect, device number 14 [ 283.806233][ T7860] overlayfs: conflicting lowerdir path [ 284.393788][ T55] Bluetooth: hci1: command tx timeout [ 284.707229][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.486'. [ 284.830807][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.850837][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.867631][ T83] bond0 (unregistering): Released all slaves [ 285.965383][ T7890] FAT-fs (nullb0): bogus number of reserved sectors [ 285.972069][ T7890] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 286.474256][ T55] Bluetooth: hci1: command tx timeout [ 287.629621][ T7901] x_tables: unsorted underflow at hook 1 [ 287.878452][ T5822] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 288.172748][ T49] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 288.270789][ T5822] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 288.300985][ T5822] usb 5-1: New USB device found, idVendor=0079, idProduct=1803, bcdDevice= 0.00 [ 288.338331][ T5822] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.354976][ T49] usb 2-1: No LPM exit latency info found, disabling LPM. [ 288.372676][ T83] hsr_slave_0: left promiscuous mode [ 288.375145][ T5822] usb 5-1: config 0 descriptor?? [ 288.389347][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 288.410814][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x82 is Bulk; changing to Interrupt [ 288.432651][ T83] hsr_slave_1: left promiscuous mode [ 288.440989][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 288.457050][ T49] usb 2-1: config 1 interface 0 altsetting 80 endpoint 0x3 is Bulk; changing to Interrupt [ 288.476722][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 288.502665][ T49] usb 2-1: config 1 interface 0 has no altsetting 0 [ 288.524090][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 288.545557][ T7911] FAULT_INJECTION: forcing a failure. [ 288.545557][ T7911] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.552171][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.562618][ T55] Bluetooth: hci1: command tx timeout [ 288.592102][ T7911] CPU: 1 UID: 0 PID: 7911 Comm: syz.3.495 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 288.592133][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 288.592147][ T7911] Call Trace: [ 288.592156][ T7911] [ 288.592169][ T7911] dump_stack_lvl+0x241/0x360 [ 288.592209][ T7911] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.592238][ T7911] ? __pfx__printk+0x10/0x10 [ 288.592278][ T7911] should_fail_ex+0x424/0x570 [ 288.592307][ T7911] _copy_to_user+0x31/0xb0 [ 288.592341][ T7911] simple_read_from_buffer+0xc4/0x170 [ 288.592368][ T7911] proc_fail_nth_read+0x1ef/0x260 [ 288.592411][ T7911] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 288.592444][ T7911] ? rw_verify_area+0x246/0x630 [ 288.592471][ T7911] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 288.592498][ T7911] vfs_read+0x21f/0xb90 [ 288.592532][ T7911] ? __pfx___mutex_lock+0x10/0x10 [ 288.592558][ T7911] ? __pfx_vfs_read+0x10/0x10 [ 288.592590][ T7911] ? __fget_files+0x2a/0x420 [ 288.592617][ T7911] ? __fget_files+0x39d/0x420 [ 288.592640][ T7911] ? __fget_files+0x2a/0x420 [ 288.592674][ T7911] ksys_read+0x19d/0x2d0 [ 288.592706][ T7911] ? __pfx_ksys_read+0x10/0x10 [ 288.592741][ T7911] ? do_syscall_64+0xb6/0x230 [ 288.592772][ T7911] do_syscall_64+0xf3/0x230 [ 288.592797][ T7911] ? clear_bhb_loop+0x45/0xa0 [ 288.592822][ T7911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.592842][ T7911] RIP: 0033:0x7fa5ea78bb7c [ 288.592861][ T7911] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 288.592880][ T7911] RSP: 002b:00007fa5eb6b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 288.592904][ T7911] RAX: ffffffffffffffda RBX: 00007fa5ea9a5fa0 RCX: 00007fa5ea78bb7c [ 288.592920][ T7911] RDX: 000000000000000f RSI: 00007fa5eb6b00a0 RDI: 0000000000000003 [ 288.592933][ T7911] RBP: 00007fa5eb6b0090 R08: 0000000000000000 R09: 0000000000000000 [ 288.592945][ T7911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.592957][ T7911] R13: 0000000000000000 R14: 00007fa5ea9a5fa0 R15: 00007ffd4f971778 [ 288.592990][ T7911] [ 288.819157][ T7896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.841557][ T7896] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.888372][ T83] veth1_macvtap: left promiscuous mode [ 288.894411][ T83] veth0_macvtap: left promiscuous mode [ 288.901740][ T83] veth1_vlan: left promiscuous mode [ 288.908015][ T83] veth0_vlan: left promiscuous mode [ 288.979680][ T5822] usbhid 5-1:0.0: can't add hid device: -71 [ 289.059984][ T5822] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 289.074664][ T7914] No control pipe specified [ 289.097195][ T7914] netlink: 100 bytes leftover after parsing attributes in process `syz.2.496'. [ 289.190189][ T5822] usb 5-1: USB disconnect, device number 9 [ 289.618884][ T7918] Invalid ELF header type: 0 != 1 [ 290.050037][ T7926] netlink: 36 bytes leftover after parsing attributes in process `syz.2.500'. [ 290.600506][ T7946] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 290.654385][ T49] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 290.693307][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.755318][ T49] usb 2-1: can't set config #1, error -71 [ 290.790524][ T49] usb 2-1: USB disconnect, device number 15 [ 291.869176][ T83] team0 (unregistering): Port device team_slave_1 removed [ 291.939010][ T83] team0 (unregistering): Port device team_slave_0 removed [ 292.110285][ T7970] overlayfs: failed to resolve './file1': -2 [ 292.206792][ T7971] could not allocate digest TFM handle crc32-pclmul [ 292.328775][ T7978] FAULT_INJECTION: forcing a failure. [ 292.328775][ T7978] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.355935][ T7978] CPU: 0 UID: 0 PID: 7978 Comm: syz.1.508 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 292.355968][ T7978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 292.355982][ T7978] Call Trace: [ 292.355990][ T7978] [ 292.356000][ T7978] dump_stack_lvl+0x241/0x360 [ 292.356040][ T7978] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.356072][ T7978] ? __pfx__printk+0x10/0x10 [ 292.356114][ T7978] should_fail_ex+0x424/0x570 [ 292.356142][ T7978] _copy_from_user+0x2d/0xb0 [ 292.356174][ T7978] copy_msghdr_from_user+0xb3/0x580 [ 292.356211][ T7978] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 292.356230][ T7978] ? __fget_files+0x2a/0x420 [ 292.356250][ T7978] ? __fget_files+0x2a/0x420 [ 292.356273][ T7978] __sys_sendmsg+0x20a/0x360 [ 292.356293][ T7978] ? __pfx___sys_sendmsg+0x10/0x10 [ 292.356357][ T7978] ? do_syscall_64+0xb6/0x230 [ 292.356377][ T7978] do_syscall_64+0xf3/0x230 [ 292.356395][ T7978] ? clear_bhb_loop+0x45/0xa0 [ 292.356413][ T7978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.356428][ T7978] RIP: 0033:0x7fcec898d169 [ 292.356441][ T7978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.356454][ T7978] RSP: 002b:00007fcec977a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 292.356471][ T7978] RAX: ffffffffffffffda RBX: 00007fcec8ba5fa0 RCX: 00007fcec898d169 [ 292.356482][ T7978] RDX: 0000000020040000 RSI: 0000200000000200 RDI: 0000000000000003 [ 292.356491][ T7978] RBP: 00007fcec977a090 R08: 0000000000000000 R09: 0000000000000000 [ 292.356500][ T7978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.356509][ T7978] R13: 0000000000000000 R14: 00007fcec8ba5fa0 R15: 00007ffd87c21c38 [ 292.356531][ T7978] [ 293.035538][ T7983] new mount options do not match the existing superblock, will be ignored [ 293.524378][ T7983] xt_CT: No such helper "pptp" [ 293.577122][ T7982] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 293.949716][ T5929] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 294.093466][ T7997] tipc: Enabled bearer , priority 0 [ 294.844162][ T5929] usb 5-1: No LPM exit latency info found, disabling LPM. [ 294.904391][ T5929] usb 5-1: config 1 interface 0 altsetting 80 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 294.936321][ T7806] chnl_net:caif_netlink_parms(): no params data found [ 294.968654][ T5929] usb 5-1: config 1 interface 0 altsetting 80 endpoint 0x82 is Bulk; changing to Interrupt [ 295.039307][ T5929] usb 5-1: config 1 interface 0 altsetting 80 endpoint 0x3 is Bulk; changing to Interrupt [ 295.086749][ T5929] usb 5-1: config 1 interface 0 has no altsetting 0 [ 295.519689][ T8016] FAT-fs (nullb0): bogus number of reserved sectors [ 295.526464][ T8016] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 296.209909][ T7806] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.265016][ T7806] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.293804][ T7806] bridge_slave_0: entered allmulticast mode [ 296.301720][ T7806] bridge_slave_0: entered promiscuous mode [ 296.348083][ T7806] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.368810][ T7806] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.388200][ T7806] bridge_slave_1: entered allmulticast mode [ 296.604800][ T7806] bridge_slave_1: entered promiscuous mode [ 297.387877][ T7806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.503792][ T5929] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 297.523505][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.537055][ T7806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.541365][ T5929] usb 5-1: can't set config #1, error -71 [ 297.563971][ T5929] usb 5-1: USB disconnect, device number 10 [ 297.864146][ T7806] team0: Port device team_slave_0 added [ 297.903723][ T7806] team0: Port device team_slave_1 added [ 298.659945][ T7806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.713081][ T7806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.792599][ T7806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.806058][ T8044] FAULT_INJECTION: forcing a failure. [ 298.806058][ T8044] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.892567][ T8044] CPU: 0 UID: 0 PID: 8044 Comm: syz.2.521 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 298.892614][ T8044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 298.892634][ T8044] Call Trace: [ 298.892654][ T8044] [ 298.892663][ T8044] dump_stack_lvl+0x241/0x360 [ 298.892701][ T8044] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.892734][ T8044] ? __pfx__printk+0x10/0x10 [ 298.892776][ T8044] should_fail_ex+0x424/0x570 [ 298.892805][ T8044] _copy_from_iter+0x211/0x1c70 [ 298.892839][ T8044] ? __build_skb_around+0x247/0x3d0 [ 298.892876][ T8044] ? __alloc_skb+0x298/0x480 [ 298.892907][ T8044] ? __pfx__copy_from_iter+0x10/0x10 [ 298.892937][ T8044] ? __pfx___alloc_skb+0x10/0x10 [ 298.892972][ T8044] ? skb_put+0x114/0x1f0 [ 298.892998][ T8044] netlink_sendmsg+0x73c/0xcd0 [ 298.893043][ T8044] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.893087][ T8044] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.893114][ T8044] __sock_sendmsg+0x221/0x270 [ 298.893146][ T8044] ____sys_sendmsg+0x523/0x860 [ 298.893179][ T8044] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.893198][ T8044] ? __fget_files+0x2a/0x420 [ 298.893227][ T8044] ? __fget_files+0x2a/0x420 [ 298.893261][ T8044] __sys_sendmsg+0x271/0x360 [ 298.893289][ T8044] ? __pfx___sys_sendmsg+0x10/0x10 [ 298.893372][ T8044] ? do_syscall_64+0xb6/0x230 [ 298.893401][ T8044] do_syscall_64+0xf3/0x230 [ 298.893426][ T8044] ? clear_bhb_loop+0x45/0xa0 [ 298.893452][ T8044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.893472][ T8044] RIP: 0033:0x7f0e0438d169 [ 298.893491][ T8044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.893510][ T8044] RSP: 002b:00007f0e052a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.893533][ T8044] RAX: ffffffffffffffda RBX: 00007f0e045a5fa0 RCX: 00007f0e0438d169 [ 298.893549][ T8044] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 298.893562][ T8044] RBP: 00007f0e052a9090 R08: 0000000000000000 R09: 0000000000000000 [ 298.893576][ T8044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.893589][ T8044] R13: 0000000000000000 R14: 00007f0e045a5fa0 R15: 00007ffeb4ad20e8 [ 298.893621][ T8044] [ 299.121178][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.180773][ T7806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.187894][ T7806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.213914][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.220153][ T7806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.853242][ T7806] hsr_slave_0: entered promiscuous mode [ 300.065254][ T7806] hsr_slave_1: entered promiscuous mode [ 300.079902][ T7806] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 300.094175][ T7806] Cannot create hsr debugfs directory [ 300.635764][ T8066] netlink: 16 bytes leftover after parsing attributes in process `syz.2.528'. [ 300.644767][ T8066] netlink: 32 bytes leftover after parsing attributes in process `syz.2.528'. [ 303.112819][ T30] audit: type=1326 audit(1744062537.432:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0438d169 code=0x7ffc0000 [ 303.270724][ T30] audit: type=1326 audit(1744062537.432:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0438d169 code=0x7ffc0000 [ 303.272695][ T5883] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 303.530842][ T30] audit: type=1326 audit(1744062537.432:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e0438d169 code=0x7ffc0000 [ 303.638701][ T30] audit: type=1326 audit(1744062537.432:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0438d169 code=0x7ffc0000 [ 303.681070][ T30] audit: type=1326 audit(1744062537.432:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8085 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e0438d169 code=0x7ffc0000 [ 303.735476][ T5883] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 303.772043][ T5883] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 303.799611][ T5883] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 303.808967][ T5822] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 303.848675][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.909168][ T8089] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 303.982691][ T5822] usb 4-1: Using ep0 maxpacket: 8 [ 304.015668][ T5883] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 304.223460][ T7806] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 304.272732][ T5822] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 304.441954][ T5822] usb 4-1: config 179 has no interface number 0 [ 304.470820][ T5822] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 304.516677][ T5822] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 304.572855][ T5822] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 304.613075][ T5822] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 304.722596][ T5822] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 304.776911][ T5822] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 304.806714][ T5822] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.848689][ T8094] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 304.923307][ T7806] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 305.019604][ T7806] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 305.101363][ T8106] syz.4.537 (8106): drop_caches: 2 [ 305.118193][ T7806] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 305.359618][ T8094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.368553][ T5822] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input13 [ 305.412211][ T8094] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.537106][ T8114] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 305.721396][ T8094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.742151][ T5822] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input14 [ 305.769898][ T8094] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.934013][ T5884] usb 4-1: USB disconnect, device number 17 [ 305.934029][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 305.948998][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 305.949644][ T8121] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 306.025225][ T5884] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 306.098800][ T5822] usb 2-1: USB disconnect, device number 16 [ 306.130900][ T8125] cgroup: name respecified [ 306.248220][ T7806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 306.363372][ T7806] 8021q: adding VLAN 0 to HW filter on device team0 [ 306.623644][ T7600] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.631276][ T7600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 306.991572][ T6349] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.998884][ T6349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.386913][ T7806] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 307.469650][ T7806] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 307.984442][ T8161] cgroup: release_agent respecified [ 308.058355][ T8161] overlay: ./file0 is not a directory [ 308.350448][ T7806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.705550][ T30] audit: type=1326 audit(1744062543.082:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8175 comm="syz.4.551" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6e8d8d169 code=0x0 [ 308.726277][ C1] vkms_vblank_simulate: vblank timer overrun [ 309.080428][ T8189] syz.1.553 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 309.238291][ T8194] x_tables: duplicate entry at hook 2 [ 309.281710][ T7806] veth0_vlan: entered promiscuous mode [ 309.392009][ T7806] veth1_vlan: entered promiscuous mode [ 309.668021][ T7806] veth0_macvtap: entered promiscuous mode [ 309.721594][ T7806] veth1_macvtap: entered promiscuous mode [ 309.741662][ T8202] netlink: 'syz.3.557': attribute type 21 has an invalid length. [ 309.781491][ T8202] netlink: 4 bytes leftover after parsing attributes in process `syz.3.557'. [ 309.879669][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.926462][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.946748][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.961499][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.000862][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.021900][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.058971][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.103674][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.136364][ T7806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.158414][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.209371][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.267313][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.895529][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.928103][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.957776][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.998335][ T7806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 311.027373][ T7806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 311.038925][ T7806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 311.068342][ T7806] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.130502][ T7806] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.160600][ T7806] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.193026][ T7806] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.311577][ T8232] FAULT_INJECTION: forcing a failure. [ 311.311577][ T8232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.442783][ T8235] netlink: 116 bytes leftover after parsing attributes in process `syz.3.563'. [ 311.453315][ T8235] netlink: 48 bytes leftover after parsing attributes in process `syz.3.563'. [ 311.462967][ T8232] CPU: 1 UID: 0 PID: 8232 Comm: syz.2.562 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 311.462998][ T8232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 311.463012][ T8232] Call Trace: [ 311.463021][ T8232] [ 311.463029][ T8232] dump_stack_lvl+0x241/0x360 [ 311.463070][ T8232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.463103][ T8232] ? __pfx__printk+0x10/0x10 [ 311.463148][ T8232] should_fail_ex+0x424/0x570 [ 311.463187][ T8232] _copy_from_user+0x2d/0xb0 [ 311.463222][ T8232] ____sys_sendmsg+0x324/0x860 [ 311.463247][ T8232] ? __asan_memset+0x23/0x50 [ 311.463285][ T8232] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.463330][ T8232] __sys_sendmsg_sock+0x29/0x40 [ 311.463354][ T8232] io_sendmsg+0x1e8/0x590 [ 311.463391][ T8232] __io_issue_sqe+0x1c9/0x3a0 [ 311.463417][ T8232] io_issue_sqe+0x1cb/0xe90 [ 311.463440][ T8232] ? io_msg_alloc_async+0x2ab/0x390 [ 311.463469][ T8232] ? __pfx_io_issue_sqe+0x10/0x10 [ 311.463495][ T8232] ? rcu_is_watching+0x15/0xb0 [ 311.463528][ T8232] io_submit_sqes+0xa85/0x1ce0 [ 311.463588][ T8232] __se_sys_io_uring_enter+0x2cd/0x3560 [ 311.463621][ T8232] ? rcu_read_lock_any_held+0xbb/0x160 [ 311.463649][ T8232] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 311.463682][ T8232] ? vfs_write+0xb29/0xd10 [ 311.463722][ T8232] ? vfs_write+0xb29/0xd10 [ 311.463751][ T8232] ? do_sys_openat2+0x165/0x1d0 [ 311.463778][ T8232] ? kmem_cache_free+0x206/0x410 [ 311.463803][ T8232] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 311.463829][ T8232] ? __pfx_vfs_write+0x10/0x10 [ 311.463855][ T8232] ? do_sys_openat2+0x165/0x1d0 [ 311.463882][ T8232] ? __pfx_do_sys_openat2+0x10/0x10 [ 311.463928][ T8232] ? ksys_write+0x266/0x2d0 [ 311.463974][ T8232] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 311.464003][ T8232] do_syscall_64+0xf3/0x230 [ 311.464031][ T8232] ? clear_bhb_loop+0x45/0xa0 [ 311.464059][ T8232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.464081][ T8232] RIP: 0033:0x7f0e0438d169 [ 311.464100][ T8232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.464120][ T8232] RSP: 002b:00007f0e052a9038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 311.464144][ T8232] RAX: ffffffffffffffda RBX: 00007f0e045a5fa0 RCX: 00007f0e0438d169 [ 311.464168][ T8232] RDX: 0000000000009327 RSI: 00000000000057b6 RDI: 0000000000000005 [ 311.464182][ T8232] RBP: 00007f0e052a9090 R08: 0000000000000000 R09: 0000000000000000 [ 311.464196][ T8232] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 311.464210][ T8232] R13: 0000000000000000 R14: 00007f0e045a5fa0 R15: 00007ffeb4ad20e8 [ 311.464245][ T8232] [ 312.352256][ T8234] netlink: 'syz.3.563': attribute type 7 has an invalid length. [ 312.360047][ T8234] netlink: 'syz.3.563': attribute type 5 has an invalid length. [ 312.367909][ T8234] netlink: 17 bytes leftover after parsing attributes in process `syz.3.563'. [ 312.808926][ T5950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.810283][ T8244] block device autoloading is deprecated and will be removed. [ 313.036623][ T5950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.140538][ T7600] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.178226][ T7600] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.188593][ T8250] new mount options do not match the existing superblock, will be ignored [ 314.663233][ T49] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 314.862342][ T49] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 315.028162][ T49] usb 3-1: config 6 has 1 interface, different from the descriptor's value: 3 [ 315.262657][ T49] usb 3-1: New USB device found, idVendor=082d, idProduct=0300, bcdDevice=b5.17 [ 315.310733][ T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.394571][ T49] usb 3-1: Product: syz [ 315.427175][ T49] usb 3-1: Manufacturer: syz [ 315.447426][ T49] usb 3-1: SerialNumber: syz [ 315.542674][ T979] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 315.711350][ T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 315.734013][ T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 26232, setting to 64 [ 315.761321][ T979] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 315.787203][ T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.818870][ T979] usb 4-1: config 0 descriptor?? [ 316.878905][ T979] ath6kl: Failed to submit usb control message: -110 [ 316.946105][ T979] ath6kl: unable to send the bmi data to the device: -110 [ 316.986951][ T979] ath6kl: Unable to send get target info: -110 [ 317.015270][ T979] ath6kl: Failed to init ath6kl core: -110 [ 317.024298][ T979] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 317.278759][ T8306] netlink: 52 bytes leftover after parsing attributes in process `syz.4.576'. [ 317.366109][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.372613][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.809811][ T8303] overlayfs: failed to resolve './file1': -2 [ 317.881501][ T49] usb 3-1: active config #6 != 1 ?? [ 317.912166][ T8309] fuse: Unknown parameter '017777777777777777777770x0000000000000005' [ 317.935466][ T49] usb 3-1: USB disconnect, device number 9 [ 318.282336][ T8322] 9pnet_fd: Insufficient options for proto=fd [ 319.258926][ T979] usb 4-1: USB disconnect, device number 18 [ 319.553061][ T8331] netfs: Couldn't get user pages (rc=-14) [ 324.693872][ T8369] 9pnet_fd: Insufficient options for proto=fd [ 326.543614][ T8387] netlink: 116 bytes leftover after parsing attributes in process `syz.4.595'. [ 326.553266][ T8387] netlink: 48 bytes leftover after parsing attributes in process `syz.4.595'. [ 326.615128][ T8387] netlink: 'syz.4.595': attribute type 7 has an invalid length. [ 326.623275][ T8387] netlink: 'syz.4.595': attribute type 5 has an invalid length. [ 326.634126][ T8387] netlink: 17 bytes leftover after parsing attributes in process `syz.4.595'. [ 327.839016][ T8399] new mount options do not match the existing superblock, will be ignored [ 328.867610][ T979] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 329.420637][ T8412] FAULT_INJECTION: forcing a failure. [ 329.420637][ T8412] name failslab, interval 1, probability 0, space 0, times 0 [ 329.464218][ T979] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 329.478477][ T979] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 329.490137][ T979] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 329.499776][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.511561][ T8412] CPU: 1 UID: 0 PID: 8412 Comm: syz.5.601 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 329.511592][ T8412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 329.511604][ T8412] Call Trace: [ 329.511612][ T8412] [ 329.511626][ T8412] dump_stack_lvl+0x241/0x360 [ 329.511664][ T8412] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.511693][ T8412] ? __pfx__printk+0x10/0x10 [ 329.511725][ T8412] ? __pfx___might_resched+0x10/0x10 [ 329.511755][ T8412] should_fail_ex+0x424/0x570 [ 329.511784][ T8412] should_failslab+0xac/0x100 [ 329.511807][ T8412] __kmalloc_cache_noprof+0x73/0x370 [ 329.511829][ T8412] ? alloc_fs_context+0x63/0x800 [ 329.511858][ T8412] alloc_fs_context+0x63/0x800 [ 329.511882][ T8412] ? do_raw_read_unlock+0x3c/0x80 [ 329.511911][ T8412] ? _raw_read_unlock+0x28/0x50 [ 329.511932][ T8412] ? get_fs_type+0x3fd/0x480 [ 329.511939][ T8403] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 329.511964][ T8412] do_new_mount+0x160/0xb70 [ 329.511991][ T8412] ? __pfx_do_new_mount+0x10/0x10 [ 329.512025][ T8412] __se_sys_mount+0x38c/0x400 [ 329.512060][ T8412] ? __pfx___se_sys_mount+0x10/0x10 [ 329.512095][ T8412] ? __x64_sys_mount+0x20/0xc0 [ 329.512122][ T8412] do_syscall_64+0xf3/0x230 [ 329.512151][ T8412] ? clear_bhb_loop+0x45/0xa0 [ 329.512179][ T8412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.512201][ T8412] RIP: 0033:0x7f1b02b8d169 [ 329.512222][ T8412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.512241][ T8412] RSP: 002b:00007f1b03a28038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 329.512266][ T8412] RAX: ffffffffffffffda RBX: 00007f1b02da5fa0 RCX: 00007f1b02b8d169 [ 329.512283][ T8412] RDX: 00002000000000c0 RSI: 0000200000000140 RDI: 0000000000000000 [ 329.512308][ T8412] RBP: 00007f1b03a28090 R08: 00002000000002c0 R09: 0000000000000000 [ 329.512323][ T8412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 329.512337][ T8412] R13: 0000000000000000 R14: 00007f1b02da5fa0 R15: 00007ffd5f603aa8 [ 329.512372][ T8412] [ 329.891095][ T8419] netlink: 16 bytes leftover after parsing attributes in process `syz.5.605'. [ 329.900692][ T8419] netlink: 32 bytes leftover after parsing attributes in process `syz.5.605'. [ 329.908556][ T979] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 331.413970][ T979] usb 3-1: USB disconnect, device number 10 [ 331.972199][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 332.815104][ T8452] FAULT_INJECTION: forcing a failure. [ 332.815104][ T8452] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 332.882572][ T8452] CPU: 1 UID: 0 PID: 8452 Comm: syz.2.611 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 332.882603][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 332.882615][ T8452] Call Trace: [ 332.882624][ T8452] [ 332.882633][ T8452] dump_stack_lvl+0x241/0x360 [ 332.882670][ T8452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.882699][ T8452] ? __pfx__printk+0x10/0x10 [ 332.882739][ T8452] should_fail_ex+0x424/0x570 [ 332.882767][ T8452] prepare_alloc_pages+0x220/0x610 [ 332.882805][ T8452] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 332.882838][ T8452] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 332.882865][ T8452] ? __mod_memcg_lruvec_state+0x301/0x4f0 [ 332.882913][ T8452] alloc_pages_mpol+0x339/0x690 [ 332.882941][ T8452] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 332.882969][ T8452] ? do_raw_spin_unlock+0x13c/0x8b0 [ 332.883009][ T8452] alloc_pages_noprof+0x121/0x190 [ 332.883034][ T8452] __pmd_alloc+0x9d/0x440 [ 332.883059][ T8452] ? __pfx___pmd_alloc+0x10/0x10 [ 332.883082][ T8452] ? mtree_range_walk+0x700/0x8e0 [ 332.883113][ T8452] handle_mm_fault+0xe93/0x1aa0 [ 332.883164][ T8452] ? __pfx_handle_mm_fault+0x10/0x10 [ 332.883204][ T8452] ? __pfx_find_vma+0x10/0x10 [ 332.883228][ T8452] ? vma_is_secretmem+0xd/0x50 [ 332.883245][ T8452] ? check_vma_flags+0x4ea/0x590 [ 332.883274][ T8452] __get_user_pages+0x1adc/0x4180 [ 332.883340][ T8452] ? __pfx___get_user_pages+0x10/0x10 [ 332.883366][ T8452] ? __pfx_mt_find+0x10/0x10 [ 332.883413][ T8452] populate_vma_page_range+0x266/0x340 [ 332.883440][ T8452] ? __pfx_populate_vma_page_range+0x10/0x10 [ 332.883460][ T8452] ? userfaultfd_unmap_complete+0x30e/0x360 [ 332.883497][ T8452] ? vm_mmap_pgoff+0x340/0x530 [ 332.883522][ T8452] __mm_populate+0x27d/0x460 [ 332.883551][ T8452] ? __pfx___mm_populate+0x10/0x10 [ 332.883585][ T8452] vm_mmap_pgoff+0x390/0x530 [ 332.883616][ T8452] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 332.883634][ T8452] ? ksys_write+0x275/0x2d0 [ 332.883672][ T8452] ? ksys_mmap_pgoff+0xdf/0x720 [ 332.883694][ T8452] ? __x64_sys_mmap+0x7f/0x140 [ 332.883720][ T8452] do_syscall_64+0xf3/0x230 [ 332.883746][ T8452] ? clear_bhb_loop+0x45/0xa0 [ 332.883771][ T8452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.883791][ T8452] RIP: 0033:0x7f0e0438d169 [ 332.883811][ T8452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.883828][ T8452] RSP: 002b:00007f0e052a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 332.883851][ T8452] RAX: ffffffffffffffda RBX: 00007f0e045a5fa0 RCX: 00007f0e0438d169 [ 332.883867][ T8452] RDX: b635773f006bbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 332.883881][ T8452] RBP: 00007f0e052a9090 R08: ffffffffffffffff R09: 0000000000000000 [ 332.883895][ T8452] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000002 [ 332.883908][ T8452] R13: 0000000000000001 R14: 00007f0e045a5fa0 R15: 00007ffeb4ad20e8 [ 332.883941][ T8452] [ 333.520313][ T8459] FAT-fs (nullb0): bogus number of reserved sectors [ 333.527375][ T8459] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 334.197648][ T49] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 334.431726][ T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 334.684386][ T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.765098][ T49] usb 6-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 334.862588][ T49] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.918594][ T49] usb 6-1: config 0 descriptor?? [ 335.379662][ T49] sony 0003:054C:024B.0002: unexpected long global item [ 335.409516][ T8481] netlink: 'syz.1.617': attribute type 2 has an invalid length. [ 335.422938][ T49] sony 0003:054C:024B.0002: parse failed [ 335.652846][ T49] sony 0003:054C:024B.0002: probe with driver sony failed with error -22 [ 335.682974][ T49] usb 6-1: USB disconnect, device number 2 [ 337.012600][ T8500] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input15 [ 341.234488][ T8536] netlink: 'syz.5.627': attribute type 5 has an invalid length. [ 341.971376][ T8544] FAT-fs (nullb0): bogus number of reserved sectors [ 341.978295][ T8544] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 342.482622][ T5884] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 342.559701][ T8555] netlink: 36 bytes leftover after parsing attributes in process `syz.1.632'. [ 342.638592][ T5884] usb 6-1: device descriptor read/64, error -71 [ 343.113758][ T5884] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 343.832668][ T5884] usb 6-1: device descriptor read/64, error -71 [ 343.943128][ T5884] usb usb6-port1: attempt power cycle [ 345.182616][ T5884] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 345.270529][ T5884] usb 6-1: device descriptor read/8, error -71 [ 345.390716][ T8587] Bluetooth: MGMT ver 1.23 [ 345.902222][ T8609] netlink: 1040 bytes leftover after parsing attributes in process `syz.2.647'. [ 346.279019][ T8626] netlink: 4924 bytes leftover after parsing attributes in process `syz.1.654'. [ 347.094232][ T8660] netlink: 'syz.2.668': attribute type 1 has an invalid length. [ 347.525467][ T8682] ------------[ cut here ]------------ [ 347.531306][ T8682] WARNING: CPU: 1 PID: 8682 at ./include/linux/memcontrol.h:361 folio_memcg+0x1a6/0x310 [ 347.541237][ T8682] Modules linked in: [ 347.545501][ T8682] CPU: 1 UID: 0 PID: 8682 Comm: syz.5.673 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 347.555850][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 347.566009][ T8682] RIP: 0010:folio_memcg+0x1a6/0x310 [ 347.571305][ T8682] Code: 42 80 3c 28 00 74 08 4c 89 ff e8 e5 a7 1d 00 4d 8b 3f 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 5b 0f b6 ff 90 <0f> 0b 90 eb c6 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fe ff ff [ 347.592639][ T8682] RSP: 0018:ffffc900036c7178 EFLAGS: 00010283 [ 347.598775][ T8682] RAX: ffffffff820d3505 RBX: 0000000000000000 RCX: 0000000000080000 [ 347.608285][ T8682] RDX: ffffc9001af61000 RSI: 0000000000001950 RDI: 0000000000001951 [ 347.616409][ T8682] RBP: 0000000000000000 R08: ffffffff820d34c8 R09: 1ffffd40003ce5a8 [ 347.624506][ T8682] R10: dffffc0000000000 R11: fffff940003ce5a9 R12: ffffea0001e72d70 [ 347.632606][ T8682] R13: dffffc0000000000 R14: ffffea0001e72d40 R15: ffff888024850280 [ 347.640625][ T8682] FS: 00007f1b03a076c0(0000) GS:ffff8881250c9000(0000) knlGS:0000000000000000 [ 347.649754][ T8682] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 347.656956][ T8682] CR2: 0000000000000000 CR3: 0000000079650000 CR4: 00000000003526f0 [ 347.665135][ T8682] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 347.673268][ T8682] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 347.682808][ T8682] Call Trace: [ 347.686132][ T8682] [ 347.689100][ T8682] workingset_activation+0x5f/0x4b0 [ 347.695553][ T8682] ? folio_mark_accessed+0x721/0xa40 [ 347.700905][ T8682] folio_mark_accessed+0x73e/0xa40 [ 347.706128][ T8682] ? folio_mark_accessed+0x2d2/0xa40 [ 347.711465][ T8682] kvm_release_page_clean+0x9b/0xe0 [ 347.716757][ T8682] kvm_tdp_page_fault+0x304/0x3a0 [ 347.721848][ T8682] kvm_mmu_do_page_fault+0x579/0xb50 [ 347.727258][ T8682] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 347.733246][ T8682] ? vmx_vcpu_run+0x16cf/0x2780 [ 347.738154][ T8682] kvm_mmu_page_fault+0x2e5/0xc70 [ 347.743319][ T8682] ? __pfx_kvm_mmu_load+0x10/0x10 [ 347.748398][ T8682] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 347.754120][ T8682] ? rcu_is_watching+0x15/0xb0 [ 347.758922][ T8682] ? handle_ept_violation+0x35b/0x690 [ 347.764421][ T8682] ? __pfx_handle_ept_violation+0x10/0x10 [ 347.770190][ T8682] vmx_handle_exit+0x1076/0x1b20 [ 347.775251][ T8682] ? vcpu_run+0x4cbf/0x7ad0 [ 347.781239][ T8682] vcpu_run+0x5ecb/0x7ad0 [ 347.786887][ T8682] ? vcpu_run+0x4cbf/0x7ad0 [ 347.791511][ T8682] ? __pfx_vcpu_run+0x10/0x10 [ 347.796292][ T8682] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 347.802083][ T8682] ? __set_regs+0x7ba/0x8d0 [ 347.806707][ T8682] kvm_arch_vcpu_ioctl_run+0x1047/0x1910 [ 347.812404][ T8682] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1910 [ 347.818232][ T8682] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 347.824394][ T8682] ? __pfx___mutex_trylock_common+0x10/0x10 [ 347.830342][ T8682] ? rcu_is_watching+0x15/0xb0 [ 347.835294][ T8682] ? look_up_lock_class+0x7b/0x170 [ 347.840459][ T8682] ? register_lock_class+0x54/0x330 [ 347.845794][ T8682] ? __lock_acquire+0xad5/0xd80 [ 347.850697][ T8682] ? do_raw_write_lock+0x14a/0x4f0 [ 347.855967][ T8682] kvm_vcpu_ioctl+0xa24/0x1030 [ 347.860790][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 347.866111][ T8682] ? __lock_acquire+0xad5/0xd80 [ 347.871006][ T8682] ? __asan_memset+0x23/0x50 [ 347.875719][ T8682] ? smack_file_ioctl+0x361/0x3b0 [ 347.882233][ T8682] ? __pfx_smack_file_ioctl+0x10/0x10 [ 347.888915][ T8682] ? __fget_files+0x2a/0x420 [ 347.893612][ T8682] ? __fget_files+0x2a/0x420 [ 347.898255][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 347.903554][ T8682] __se_sys_ioctl+0xf1/0x160 [ 347.908205][ T8682] do_syscall_64+0xf3/0x230 [ 347.912813][ T8682] ? clear_bhb_loop+0x45/0xa0 [ 347.917548][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.923526][ T8682] RIP: 0033:0x7f1b02b8d169 [ 347.927979][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.947717][ T8682] RSP: 002b:00007f1b03a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 347.956245][ T8682] RAX: ffffffffffffffda RBX: 00007f1b02da6080 RCX: 00007f1b02b8d169 [ 347.964312][ T8682] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 347.972326][ T8682] RBP: 00007f1b02c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 347.980480][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.990020][ T8682] R13: 0000000000000000 R14: 00007f1b02da6080 R15: 00007ffd5f603aa8 [ 347.999316][ T8682] [ 348.002399][ T8682] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 348.009719][ T8682] CPU: 1 UID: 0 PID: 8682 Comm: syz.5.673 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 348.019908][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 348.030000][ T8682] Call Trace: [ 348.033316][ T8682] [ 348.036283][ T8682] dump_stack_lvl+0x241/0x360 [ 348.041017][ T8682] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.046263][ T8682] ? __pfx__printk+0x10/0x10 [ 348.050907][ T8682] ? vscnprintf+0x5d/0x90 [ 348.055295][ T8682] panic+0x349/0x880 [ 348.059234][ T8682] ? __warn+0x174/0x4d0 [ 348.063441][ T8682] ? __pfx_panic+0x10/0x10 [ 348.067932][ T8682] __warn+0x344/0x4d0 [ 348.071960][ T8682] ? folio_memcg+0x1a6/0x310 [ 348.076607][ T8682] report_bug+0x2b3/0x500 [ 348.080984][ T8682] ? folio_memcg+0x1a6/0x310 [ 348.085626][ T8682] ? folio_memcg+0x1a6/0x310 [ 348.090273][ T8682] ? folio_memcg+0x1a8/0x310 [ 348.094975][ T8682] handle_bug+0x89/0x170 [ 348.099243][ T8682] exc_invalid_op+0x1a/0x50 [ 348.103765][ T8682] asm_exc_invalid_op+0x1a/0x20 [ 348.108710][ T8682] RIP: 0010:folio_memcg+0x1a6/0x310 [ 348.113926][ T8682] Code: 42 80 3c 28 00 74 08 4c 89 ff e8 e5 a7 1d 00 4d 8b 3f 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 5b 0f b6 ff 90 <0f> 0b 90 eb c6 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fe ff ff [ 348.133546][ T8682] RSP: 0018:ffffc900036c7178 EFLAGS: 00010283 [ 348.139629][ T8682] RAX: ffffffff820d3505 RBX: 0000000000000000 RCX: 0000000000080000 [ 348.147609][ T8682] RDX: ffffc9001af61000 RSI: 0000000000001950 RDI: 0000000000001951 [ 348.155590][ T8682] RBP: 0000000000000000 R08: ffffffff820d34c8 R09: 1ffffd40003ce5a8 [ 348.163576][ T8682] R10: dffffc0000000000 R11: fffff940003ce5a9 R12: ffffea0001e72d70 [ 348.171560][ T8682] R13: dffffc0000000000 R14: ffffea0001e72d40 R15: ffff888024850280 [ 348.179548][ T8682] ? folio_memcg+0x168/0x310 [ 348.184158][ T8682] ? folio_memcg+0x1a5/0x310 [ 348.188779][ T8682] ? folio_memcg+0x1a5/0x310 [ 348.193394][ T8682] workingset_activation+0x5f/0x4b0 [ 348.198610][ T8682] ? folio_mark_accessed+0x721/0xa40 [ 348.203917][ T8682] folio_mark_accessed+0x73e/0xa40 [ 348.209039][ T8682] ? folio_mark_accessed+0x2d2/0xa40 [ 348.214337][ T8682] kvm_release_page_clean+0x9b/0xe0 [ 348.219552][ T8682] kvm_tdp_page_fault+0x304/0x3a0 [ 348.224598][ T8682] kvm_mmu_do_page_fault+0x579/0xb50 [ 348.229916][ T8682] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 348.235751][ T8682] ? vmx_vcpu_run+0x16cf/0x2780 [ 348.240622][ T8682] kvm_mmu_page_fault+0x2e5/0xc70 [ 348.245669][ T8682] ? __pfx_kvm_mmu_load+0x10/0x10 [ 348.250711][ T8682] ? __pfx_kvm_mmu_page_fault+0x10/0x10 [ 348.256272][ T8682] ? rcu_is_watching+0x15/0xb0 [ 348.261046][ T8682] ? handle_ept_violation+0x35b/0x690 [ 348.266433][ T8682] ? __pfx_handle_ept_violation+0x10/0x10 [ 348.272171][ T8682] vmx_handle_exit+0x1076/0x1b20 [ 348.277129][ T8682] ? vcpu_run+0x4cbf/0x7ad0 [ 348.281725][ T8682] vcpu_run+0x5ecb/0x7ad0 [ 348.286077][ T8682] ? vcpu_run+0x4cbf/0x7ad0 [ 348.290649][ T8682] ? __pfx_vcpu_run+0x10/0x10 [ 348.295348][ T8682] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 348.301101][ T8682] ? __set_regs+0x7ba/0x8d0 [ 348.305627][ T8682] kvm_arch_vcpu_ioctl_run+0x1047/0x1910 [ 348.311286][ T8682] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1910 [ 348.317024][ T8682] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 348.323024][ T8682] ? __pfx___mutex_trylock_common+0x10/0x10 [ 348.328930][ T8682] ? rcu_is_watching+0x15/0xb0 [ 348.333709][ T8682] ? look_up_lock_class+0x7b/0x170 [ 348.338832][ T8682] ? register_lock_class+0x54/0x330 [ 348.344040][ T8682] ? __lock_acquire+0xad5/0xd80 [ 348.348902][ T8682] ? do_raw_write_lock+0x14a/0x4f0 [ 348.354045][ T8682] kvm_vcpu_ioctl+0xa24/0x1030 [ 348.358825][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 348.364039][ T8682] ? __lock_acquire+0xad5/0xd80 [ 348.368899][ T8682] ? __asan_memset+0x23/0x50 [ 348.373502][ T8682] ? smack_file_ioctl+0x361/0x3b0 [ 348.378544][ T8682] ? __pfx_smack_file_ioctl+0x10/0x10 [ 348.383935][ T8682] ? __fget_files+0x2a/0x420 [ 348.388540][ T8682] ? __fget_files+0x2a/0x420 [ 348.393159][ T8682] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 348.398385][ T8682] __se_sys_ioctl+0xf1/0x160 [ 348.402994][ T8682] do_syscall_64+0xf3/0x230 [ 348.407509][ T8682] ? clear_bhb_loop+0x45/0xa0 [ 348.412195][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.418097][ T8682] RIP: 0033:0x7f1b02b8d169 [ 348.422521][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.442154][ T8682] RSP: 002b:00007f1b03a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 348.450603][ T8682] RAX: ffffffffffffffda RBX: 00007f1b02da6080 RCX: 00007f1b02b8d169 [ 348.458618][ T8682] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 348.466618][ T8682] RBP: 00007f1b02c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 348.474616][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.482604][ T8682] R13: 0000000000000000 R14: 00007f1b02da6080 R15: 00007ffd5f603aa8 [ 348.490611][ T8682] [ 348.493917][ T8682] Kernel Offset: disabled [ 348.498293][ T8682] Rebooting in 86400 seconds..