last executing test programs: 1m18.662019711s ago: executing program 3 (id=802): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000000440)=0xd, 0x4) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000690005"], 0x28}}, 0x0) recvmmsg(r2, &(0x7f0000000800), 0x40000000000024a, 0x40002022, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newlink={0x60, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x614}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @dev}}, @IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5}, @IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x8}]}}}, @IFLA_MTU={0x8, 0x4, 0x44}]}, 0x60}, 0x9}, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140), 0x2) r4 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) 1m9.235291887s ago: executing program 3 (id=826): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$isdn(0x22, 0x3, 0x1) sendto$isdn(r1, &(0x7f0000000100)={0x3, 0x7, "b249e8761e3fe5c392563f1a93e374683f2b8d940c85b80c8d142ed0eb7771983c515ba10ab060da72c95eb1bc263f60d321e9ad6d359d034ad5bce3b323c944c199a3a31af8fe87bfeae449e39ef276c8e7dcfeadfacca43e64d618a6f1d99eb2fa8d956784a0f2bf5eb31d64c1f07fef3560ad95373abd7bc1137f"}, 0x84, 0x1, &(0x7f00000002c0)={0x22, 0x2, 0x10, 0x0, 0x51}, 0x6) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @local}], 0x10) syz_open_procfs(0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1}) io_uring_enter(r2, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x4, 0x3, 0xf02, 0x0, 0x90, 0x0, 0x5}, 0x9c) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x64, 0x0, 0x0, 0x804c040}, 0x0) 1m8.807344891s ago: executing program 3 (id=829): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 1m6.912678655s ago: executing program 3 (id=835): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x212d099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000500)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x4000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1m6.286812711s ago: executing program 3 (id=839): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7206d30102430109021200010000000009040000000206"], 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0015"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r4, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x2000000, &(0x7f0000000280)="10"}) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="401604000000af0800e0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1m5.214736461s ago: executing program 3 (id=844): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r0, @ANYBLOB="00032dbd7000fcdbdf2510000000080006009100000008000800020000000800080004000000400001800800030007000000080003000100000008000300020000000800030001000000140002007369743000000000000000000000000008000300010000002c0001801400020067656e00020076657468305f6d616376746170000000080006000600000008000600010400000800060001"], 0xb0}}, 0x4000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) ioctl$SIOCAX25NOUID(0xffffffffffffffff, 0x89e3, &(0x7f0000000540)) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10802601}, 0xc, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB="90000000051404002abd7000fddbdf2508000100020000000800030003000000080001000000000008000300040000000800010000000000080003000000000008000100020000000800030001009e8c46000008000100000000000800030003000000080001000200000008000300000000000800010000000000080003000000000008000100020000000800030002"], 0x90}, 0x1, 0x0, 0x0, 0xc000}, 0x801) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0xff, 0x0, @time={0x0, 0x859}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x5, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x4}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1m3.825150417s ago: executing program 32 (id=844): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r0, @ANYBLOB="00032dbd7000fcdbdf2510000000080006009100000008000800020000000800080004000000400001800800030007000000080003000100000008000300020000000800030001000000140002007369743000000000000000000000000008000300010000002c0001801400020067656e00020076657468305f6d616376746170000000080006000600000008000600010400000800060001"], 0xb0}}, 0x4000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) ioctl$SIOCAX25NOUID(0xffffffffffffffff, 0x89e3, &(0x7f0000000540)) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10802601}, 0xc, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB="90000000051404002abd7000fddbdf2508000100020000000800030003000000080001000000000008000300040000000800010000000000080003000000000008000100020000000800030001009e8c46000008000100000000000800030003000000080001000200000008000300000000000800010000000000080003000000000008000100020000000800030002"], 0x90}, 0x1, 0x0, 0x0, 0xc000}, 0x801) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0xff, 0x0, @time={0x0, 0x859}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x5, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x4}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 14.014154227s ago: executing program 5 (id=962): r0 = syz_open_dev$video(&(0x7f0000000040), 0x4, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f00000006c0)={0xe, @pix={0x4, 0x0, 0x34565348, 0x0, 0x2000, 0x10000, 0x9, 0xfeedcafe, 0x0, 0xffffff80, 0x1, 0x2}}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f00000002c0), 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r3, &(0x7f00000000c0)=""/85, 0x55) getdents(r3, 0xfffffffffffffffd, 0x58) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x600000, 0x0) setsockopt$packet_int(r6, 0x107, 0x10, &(0x7f0000000200)=0x8, 0x4) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ppoll(&(0x7f0000000080)=[{r7}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(r7, 0x5100) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="300000003c000701fcffffff00000000017c0000100036800c0002000896d4aa0dacada196b9bb72d1dc84000180060206"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) mount$binder(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000380), 0x280000, &(0x7f00000008c0)={[{}], [{@euid_eq}, {@appraise_type}, {@flag='dirsync'}, {@measure}, {@audit}, {@audit}]}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) write$sndseq(r8, 0x0, 0x0) poll(&(0x7f0000000000)=[{r8, 0x8a}], 0x1, 0x100) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r8, 0x4058534c, &(0x7f0000001140)={0x80, 0x1, 0x7d0}) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="380000003e000701feffffff00000000017c0000040042800c000180080006008b9f3f146798d159046a139271361252bea458a0a66a27fa16cc7ef558613e6f7f01730e6ffaaf222c23e134e9729c156c548daada93d6e6889b642d934f72176841e26a54729f841724614f5e457a2c9f299b578d10f95e0d7ed7f4726b6125138860ae93215a6068d2f6fbc920eba0ee7680e5b410477ccc3a1d90cba6166213ec1b112f725e87d1475797b7397e0885c17870dac629daf147c57234b204", @ANYRES32=r2, @ANYBLOB="14000280100014800c00038008007700", @ANYRES32=r8, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 11.126532012s ago: executing program 5 (id=971): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x800, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x70}}, 0x20040000) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf050000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc83df03395287fd51a700ea6553f304000000815dcf00c3eebc52267b042d196bde7c382d21ff79a8583a7482c5994747e19325b1ee980cbd800d845dacbcf5ad8cdbc7abf9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48) bpf$BPF_LINK_CREATE(0xa, &(0x7f0000000000)={r0, 0xffffffffffffffff, 0x24, 0x7, @val=@uprobe_multi={&(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x8, 0x0, 0x1}}, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r3], 0x90}}, 0x0) 9.909876161s ago: executing program 5 (id=974): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000914e73f"], 0x30}, 0x1, 0x0, 0x0, 0xbe9b70537f099e1}, 0x0) recvfrom(r0, 0x0, 0x0, 0x20, 0x0, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000180)={0x0, 0x6, 0x5, &(0x7f0000000140)={0x2, "c39c75c9b12c2238191850bde79523173296c82e3e7dfdcf10beb58a051d8559b2"}}) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB="3800000054000100010000000000000007000000", @ANYRES32=0x0, @ANYBLOB="2000010056fb49e950ded19651564e7d88b57fee87ef6498208dbba1e27f1634fbc6", @ANYRES32=0x0, @ANYBLOB="01010700ac1e000100000000000000000000000086dd0000"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) io_setup(0x8, &(0x7f00000001c0)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r5, r4, 0x25, 0x0, @val=@netkit={@void, @value=r5}}, 0x1c) syz_emit_ethernet(0xfdef, &(0x7f0000000240)=ANY=[@ANYRESHEX], 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f000100000000000000080002010080140003000000000000000000000000000000000178fe0100fe80000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1bda4681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc358170000"], 0x114}], 0x1}, 0x140000c4) io_submit(r2, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000300)="8799", 0x2, 0x4}]) getsockname$packet(r6, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000200)=0x14) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f00000004c0)={&(0x7f0000000280), 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x1c, 0x3, 0x6, 0x3, 0x0, 0x0, {0xa, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4004080) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000600)={'syztnl2\x00', &(0x7f0000000580)={'syztnl2\x00', r4, 0x2f, 0x9, 0x80, 0x0, 0x46, @loopback, @mcast1, 0x700, 0x0, 0x5, 0x2}}) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) 9.355959444s ago: executing program 5 (id=976): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000b52400000900000000000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x48) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x300000b, 0x11, r1, 0x0) 9.09512268s ago: executing program 5 (id=978): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000200)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000280)={@local}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r3, 0x7a9, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000140)=ANY=[@ANYRES32=r4], 0x8) r5 = landlock_create_ruleset(&(0x7f0000000080)={0xa05, 0x1, 0x1}, 0x18, 0x2) r6 = socket$inet6(0xa, 0x3, 0x3c) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@fallback=r5, 0xffffffffffffffff, 0xa, 0x0, 0x0, @void, @value=0x0}, 0x20) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYRES16=r1], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOGETCMAP(r8, 0x4604, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140ff"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) r9 = socket$netlink(0x10, 0x3, 0x0) writev(r9, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000400000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 6.115804283s ago: executing program 1 (id=985): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x8804, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) dup(r5) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) setrlimit(0x40000000000008, &(0x7f0000000000)) r8 = socket$pppl2tp(0x18, 0x1, 0x1) r9 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) r10 = inotify_init1(0x800) r11 = fcntl$dupfd(r8, 0x406, r10) setsockopt$inet_mtu(r11, 0x111, 0xa, &(0x7f0000000000), 0x4) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r6, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r7, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r7, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000}) 5.686813678s ago: executing program 4 (id=986): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380)={0x10000008}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000180)='mqueue\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x2000030, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2a5c0, 0x1c1}, 0x18) r2 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0) write$binfmt_register(r2, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x9, 0x3a, 'M', 0x3a, '^', 0x3a, './file0', 0x3a, [0x46]}, 0x2a) 5.347944803s ago: executing program 0 (id=988): r0 = syz_open_dev$sg(0x0, 0x0, 0x40800) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r4 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) r5 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) tkill(r5, 0xb) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) 4.474856628s ago: executing program 4 (id=989): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x48) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x300000b, 0x11, r1, 0x0) 3.57111167s ago: executing program 1 (id=991): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCXONC(r1, 0x540a, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0xa) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720af0fff8ffffff71a4f0ff0000000071102800000000001d400500000000004704000001ed00000f030000000000006f44000000000000730a00fe000000007203000000000006b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f18564a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccc99069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad24b89b6a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c87852730a3bd7ac923fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = userfaultfd(0x1) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140), 0x60000, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r4, 0x80044d0a, &(0x7f0000000240)) sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) r5 = syz_open_dev$audion(&(0x7f0000000280), 0x2, 0x0) ioctl$SNDCTL_SEQ_SYNC(r5, 0x5101) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r6, 0x7fffffff}, 0x8) r7 = fsopen(&(0x7f0000000300)='jfs\x00', 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f00000003c0)=[@in6={0xa, 0x4e20, 0xfffffc01, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, @in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e22, @multicast1}], 0x3c) r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r9 = dup3(0xffffffffffffffff, r8, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r9, 0x9201, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) 3.282725539s ago: executing program 2 (id=992): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0x1}, 0x18) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x4000000000, 0x0, 0x9, 0x40000000, 0x0, 0x7fffffff, 0x7}, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}, {&(0x7f0000000100)="a7", 0xfec7}, {&(0x7f0000000880)="9f3846581b1b5159fa75b369536aed7fc089b18592fd1bd099864f1ed35c7046e78c84f4cf0e59594f6dac655efbe84343ff8c186af752f7691c612987b6c089fc2ac412de8edab1f67d0300a1acf9ef331f2b436ff4322adcde8648bcd1e193eb1cb83b0ff2de12d2", 0xfdb9}, {&(0x7f0000000300)='b', 0x1}], 0x28, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) sendmsg$alg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}], 0x18}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000600), 0xfec8) 3.282170522s ago: executing program 4 (id=993): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCXONC(r1, 0x540a, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0xa) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = userfaultfd(0x1) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140), 0x60000, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r4, 0x80044d0a, &(0x7f0000000240)) sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) r5 = syz_open_dev$audion(&(0x7f0000000280), 0x2, 0x0) ioctl$SNDCTL_SEQ_SYNC(r5, 0x5101) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r6, 0x7fffffff}, 0x8) r7 = fsopen(&(0x7f0000000300)='jfs\x00', 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f00000003c0)=[@in6={0xa, 0x4e20, 0xfffffc01, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, @in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e22, @multicast1}], 0x3c) r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r9 = dup3(0xffffffffffffffff, r8, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r9, 0x9201, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) 3.252790923s ago: executing program 0 (id=994): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x181101, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0x6) ioctl$TCSBRKP(r1, 0x5425, 0xfffffffffffffffd) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) umount2(0x0, 0x0) openat$dsp(0xffffff9c, 0x0, 0x0, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x6b8200, 0x0) prctl$PR_GET_NAME(0x10, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) 2.494725479s ago: executing program 5 (id=995): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f00000001c0)}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000088a82a00810013000800451f001c006800000112009078c0000001d9f2029d3f685ad32611158ca1e59f3db8e07ad4e6173d8181f8d4f195c6ed5f99e200febf7d9d536fa157976b3d14b6bdc17c56ab73ef1a05ac389846b714aa1288d95c50bf0ce0d43f5894cf44a173b3c8340cbe56bc3ee293002f9af31afd7d73e571bab4353a3ffad3520dbb134f81a147da56c79c935bcd099fe6c80fe389b043e896bc94c7c430cdaadf8a543bcdbe6c5125f5592036d191d53b6b76722a96c943e3293c700f0e5f34028c49816161a3ce3ea8dfeb185b36a6b5bd18543687048cc1367b141801a99b9d9ba48455b2f8a1e49d38"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c0c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x2800) 2.070952465s ago: executing program 2 (id=996): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000005000000000000000100000458e0000003000000020000000008000002000000000000053f00000000005f2e"], 0x0, 0x41}, 0x28) 1.377733774s ago: executing program 1 (id=997): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000181101"], 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r0, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x41, &(0x7f0000000040)=r2, 0x4) 1.359428044s ago: executing program 0 (id=998): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='mm_lru_activate\x00', r2}, 0x10) write$cgroup_int(r1, &(0x7f0000000200), 0x43451) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0x43451) 1.283928898s ago: executing program 4 (id=999): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000ff0100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000004000000b704000000000000850000001500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000500", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.202905666s ago: executing program 2 (id=1000): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r1}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 1.202643174s ago: executing program 0 (id=1001): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4) sendmsg$unix(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)="82", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="140000"], 0x18, 0x48000}, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2) sendmsg$unix(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000980)="ffe7fe69", 0x4}], 0x1, 0x0, 0x0, 0x4000854}, 0x890) 1.140330695s ago: executing program 1 (id=1002): bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0xb, 0x7, 0x6, 0x7f, 0x1, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r0}, 0x38) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r0}, &(0x7f0000000000)=0x18, &(0x7f0000000080)='%ps \x00'}, 0x20) 1.050262402s ago: executing program 2 (id=1003): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@enum64={0x1, 0x0, 0x0, 0x13, 0x0, 0x4}]}, {0x0, [0x61]}}, &(0x7f00000005c0)=""/217, 0x27, 0xd9, 0x1}, 0x28) 930.91748ms ago: executing program 0 (id=1004): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 930.615317ms ago: executing program 1 (id=1005): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000680)=ANY=[], 0x48}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000340)=ANY=[]) 829.893545ms ago: executing program 2 (id=1006): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000180)={0x2, 0x0, @ioapic={0x0, 0x0, 0xfffffffe, 0x7fffffff, 0x0, [{}, {0xff, 0x0, 0x4}, {}, {}, {0x0, 0xdc}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x4}, {0x0, 0x8}, {0x0, 0x1}, {0x0, 0x0, 0x9}, {0x0, 0xf, 0x0, '\x00', 0xff}, {0x0, 0x89, 0x0, '\x00', 0xff}, {0x0, 0x2, 0x40}, {0x70, 0x0, 0x1}, {0x0, 0x0, 0x0, '\x00', 0x4}, {0x4}, {0x9}, {}, {0x0, 0x1}, {}, {0x20}, {0x3}, {0x4, 0x7}]}}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000040)={0x9, 0xfffffa9d}) 709.515009ms ago: executing program 0 (id=1007): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x28000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000001000000000000420f"], 0x185}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x4, 0x0, 0x0, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r4, 0xc0189436, &(0x7f0000000300)=ANY=[]) 186.790637ms ago: executing program 4 (id=1008): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x5, 0x8, 0xfe, 0x0, 0x8, 0x2, 0x8, 0x72, 0x5, 0xfa, '\x00', 0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x2000003, 0x11, r2, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0) 282.472µs ago: executing program 1 (id=1009): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0xc, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2100b066eeb9e00a00000f"], 0x56}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000380)={0x2, 0x102000, 0x1}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f00000000c0)={0x3}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 2 (id=1010): ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) munmap(&(0x7f0000d83000/0x4000)=nil, 0x4000) munmap(&(0x7f0000f2e000/0x4000)=nil, 0x4000) munmap(&(0x7f0000fcf000/0x2000)=nil, 0x2000) munmap(&(0x7f0000482000/0x2000)=nil, 0x2000) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000) mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000f11000/0x2000)=nil, 0x2000) mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000) kernel console output (not intermixed with test programs): 1 vid 0x0525 pid 0xA4A8 [ 313.106422][ T5944] usb 2-1: USB disconnect, device number 15 [ 313.125766][ T5944] usblp0: removed [ 314.532402][ T5944] usb 2-1: new low-speed USB device number 16 using dummy_hcd [ 314.603613][ T7949] netlink: 'syz.3.552': attribute type 1 has an invalid length. [ 314.771466][ T5944] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 314.801152][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.840653][ T5944] usb 2-1: config 0 descriptor?? [ 316.412686][ T7960] ubi: mtd0 is already attached to ubi8 [ 317.276036][ T7961] netlink: 16 bytes leftover after parsing attributes in process `syz.1.550'. [ 317.286807][ T7961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.550'. [ 317.296575][ T7961] netlink: 16 bytes leftover after parsing attributes in process `syz.1.550'. [ 317.305681][ T7961] netlink: 20 bytes leftover after parsing attributes in process `syz.1.550'. [ 317.550924][ T5944] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 317.566494][ T5944] asix 2-1:0.0: probe with driver asix failed with error -61 [ 317.812965][ T5918] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 317.992339][ T5918] usb 4-1: Using ep0 maxpacket: 32 [ 318.070977][ T7978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.559'. [ 318.080611][ T7978] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 318.086768][ T5918] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 318.100665][ T7978] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 318.113736][ T5918] usb 4-1: config 1 interface 0 has no altsetting 0 [ 318.153619][ T5918] usb 4-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.40 [ 318.166679][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.225911][ T5918] usb 4-1: Product: ퟭ衏嫍搒㉍爉䰃郤䔹䍈捑敥盧ꊾ诹镦辁䕞밯칟쵂꬗⥌拠뛚㫜჏烥褙⣍ꐓꫦꑥ䳺샢㳾խ鯶죪࢖萵훴■㌿ȼ꽶뾖솤当괤䨧䌬⑌옒䌰칛ℽ횭椾誀렂㜑첖鹐
켁室욃參둵恁ቚ䫛ꑘ吀굿㵘簷渿鐌ᄐ见辠칀୩拆⻇妲뜽꬝䳾ᯘ꥽廸⭋✠툜茨䘎▽ᩍ엫奿笩ᩪ⭆൲濞례蘤 [ 318.261758][ T7978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 318.270401][ T7978] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 318.277142][ T5918] usb 4-1: Manufacturer: з [ 318.513342][ T5918] usb 4-1: SerialNumber: 䎀ًޙ툭鍨뫫딧ಀ싂➠䣂踐契즶꼶ᐬ䝹쾾瓑္講꯼爋ފ亍ঈ䬾䠭ꐮ䎺⺫䨫嬽㜵遞馀אּ懴⛚厐х [ 318.869672][ T5944] usb 2-1: USB disconnect, device number 16 [ 319.794286][ T7968] netlink: 12 bytes leftover after parsing attributes in process `syz.3.556'. [ 319.972214][ T5918] usbhid 4-1:1.0: can't add hid device: -71 [ 319.978393][ T5918] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 320.084935][ T5918] usb 4-1: USB disconnect, device number 10 [ 321.290649][ T8022] vivid-000: disconnect [ 321.551692][ T8031] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 321.592366][ T43] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 322.112944][ T43] usb 4-1: not running at top speed; connect to a high speed hub [ 322.134237][ T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 322.164993][ T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 322.688378][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.737063][ T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 322.752406][ T5911] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 322.756637][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.790533][ T43] usb 4-1: Product: syz [ 322.810009][ T43] usb 4-1: Manufacturer: syz [ 322.822333][ T43] usb 4-1: SerialNumber: syz [ 322.926345][ T5911] usb 3-1: Using ep0 maxpacket: 32 [ 322.947096][ T5911] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 322.974221][ T5911] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 322.992332][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.001323][ T5911] usb 3-1: Product: syz [ 323.036362][ T5911] usb 3-1: Manufacturer: syz [ 323.041131][ T5911] usb 3-1: SerialNumber: syz [ 323.051031][ T8019] vivid-000: reconnect [ 323.073880][ T43] usb 4-1: 0:9 : does not exist [ 323.106552][ T5911] usb 3-1: config 0 descriptor?? [ 323.124171][ T8035] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 323.149023][ T5911] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input13 [ 323.189095][ T43] usb 4-1: USB disconnect, device number 11 [ 323.355849][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 323.565762][ T8043] binder: BC_ATTEMPT_ACQUIRE not supported [ 323.578661][ T43] usb 3-1: USB disconnect, device number 16 [ 323.578791][ C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 323.595419][ T8043] binder: 8042:8043 ioctl c0306201 2000000001c0 returned -22 [ 323.892457][ T5944] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 324.154804][ T5944] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 324.180610][ T5944] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 324.297424][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 324.352876][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 324.548689][ T8053] netlink: 'syz.0.580': attribute type 1 has an invalid length. [ 324.637730][ T5944] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 324.643520][ T8053] netlink: 144 bytes leftover after parsing attributes in process `syz.0.580'. [ 324.772012][ T8053] netlink: 28 bytes leftover after parsing attributes in process `syz.0.580'. [ 324.772541][ T5944] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 324.815925][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 324.829871][ T5944] usb 2-1: Product: syz [ 324.835835][ T5944] usb 2-1: Manufacturer: syz [ 324.840529][ T5944] usb 2-1: SerialNumber: syz [ 324.897020][ T5944] usb 2-1: config 0 descriptor?? [ 325.148485][ T5944] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 325.179283][ T5944] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 325.560458][ T8070] netlink: 'syz.0.583': attribute type 10 has an invalid length. [ 325.581244][ T8070] team0: Device ipvlan1 failed to register rx_handler [ 325.588142][ T8071] netlink: 'syz.4.584': attribute type 1 has an invalid length. [ 325.729954][ T8071] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 326.336903][ T5944] usb 2-1: USB disconnect, device number 17 [ 327.095610][ T5911] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 327.505213][ T5911] usb 5-1: Using ep0 maxpacket: 8 [ 327.559029][ T5911] usb 5-1: unable to get BOS descriptor or descriptor too short [ 327.605392][ T8094] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 327.615001][ T8088] netlink: 44 bytes leftover after parsing attributes in process `syz.0.590'. [ 327.624499][ T8094] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 327.624591][ T5911] usb 5-1: config 8 has an invalid interface number: 255 but max is 0 [ 327.725341][ T43] Process accounting resumed [ 327.784814][ T5911] usb 5-1: config 8 has no interface number 0 [ 327.807892][ T5911] usb 5-1: config 8 interface 255 has no altsetting 0 [ 327.838965][ T5911] usb 5-1: string descriptor 0 read error: -22 [ 327.842042][ T8097] Process accounting resumed [ 327.857416][ T5911] usb 5-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 327.892539][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.066865][ T8104] netlink: 'syz.3.593': attribute type 1 has an invalid length. [ 328.094230][ T8104] netlink: 144 bytes leftover after parsing attributes in process `syz.3.593'. [ 328.122369][ T8104] netlink: 28 bytes leftover after parsing attributes in process `syz.3.593'. [ 329.169242][ T8116] binder: BC_ATTEMPT_ACQUIRE not supported [ 329.198748][ T5911] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.4-1, 00:00:00:00:00:00. [ 329.222615][ T8116] binder: 8115:8116 ioctl c0306201 2000000001c0 returned -22 [ 329.963286][ T43] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 330.105819][ T5911] usb 5-1: USB disconnect, device number 15 [ 330.176641][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 330.254352][ T43] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 330.293149][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 330.368547][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 330.392479][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 330.437738][ T43] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 330.457896][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 330.470555][ T43] usb 2-1: Product: syz [ 330.477345][ T43] usb 2-1: Manufacturer: syz [ 330.483761][ T43] usb 2-1: SerialNumber: syz [ 330.525806][ T43] usb 2-1: config 0 descriptor?? [ 330.672356][ T5911] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 330.756125][ T43] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 330.774195][ T43] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 330.854462][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 330.882218][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 330.912568][ T5911] usb 5-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 330.921887][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.956917][ T43] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 330.962964][ T5911] usb 5-1: config 0 descriptor?? [ 330.989826][ T43] radio-si470x 2-1:0.0: si470x_get_scratch: si470x_get_report returned -32 [ 330.995793][ T8130] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 331.005242][ T43] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 331.254881][ T8130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 331.284733][ T8130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.455338][ T5911] usb 5-1: USB disconnect, device number 16 [ 331.460806][ T43] usb 2-1: USB disconnect, device number 18 [ 331.472519][ T8145] netlink: 'syz.3.606': attribute type 1 has an invalid length. [ 331.487851][ T8145] netlink: 144 bytes leftover after parsing attributes in process `syz.3.606'. [ 331.569540][ T8146] netlink: 'syz.2.605': attribute type 1 has an invalid length. [ 331.577446][ T8146] netlink: 'syz.2.605': attribute type 4 has an invalid length. [ 331.585581][ T8146] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.605'. [ 331.803114][ T8146] ceph: No mds server is up or the cluster is laggy [ 331.815486][ T5828] libceph: connect (1)[c::]:6789 error -101 [ 331.934307][ T5828] libceph: mon0 (1)[c::]:6789 connect error [ 332.188067][ T8145] netlink: 28 bytes leftover after parsing attributes in process `syz.3.606'. [ 332.732270][ T5828] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 333.142526][ T5911] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 333.422589][ T5911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.472252][ T5911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.574841][ T5828] usb 4-1: Using ep0 maxpacket: 16 [ 333.694280][ T5911] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 333.708229][ T5911] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 333.717592][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.770772][ T5911] usb 3-1: config 0 descriptor?? [ 333.798948][ T5828] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.946473][ T8164] macvlan3: entered promiscuous mode [ 334.185340][ T5828] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.343593][ T5828] usb 4-1: config 0 interface 0 has no altsetting 0 [ 334.350746][ T5828] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 334.589290][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.602750][ T5828] usb 4-1: config 0 descriptor?? [ 335.361373][ T8172] FAULT_INJECTION: forcing a failure. [ 335.361373][ T8172] name failslab, interval 1, probability 0, space 0, times 0 [ 335.376555][ T8172] CPU: 1 UID: 0 PID: 8172 Comm: syz.0.614 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 335.376585][ T8172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 335.376616][ T8172] Call Trace: [ 335.376629][ T8172] [ 335.376639][ T8172] dump_stack_lvl+0x189/0x250 [ 335.376671][ T8172] ? __pfx____ratelimit+0x10/0x10 [ 335.376695][ T8172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.376721][ T8172] ? __pfx__printk+0x10/0x10 [ 335.376754][ T8172] ? __pfx___might_resched+0x10/0x10 [ 335.376779][ T8172] ? fs_reclaim_acquire+0x7d/0x100 [ 335.376811][ T8172] should_fail_ex+0x414/0x560 [ 335.376839][ T8172] should_failslab+0xa8/0x100 [ 335.376865][ T8172] __kmalloc_noprof+0xcb/0x4f0 [ 335.376886][ T8172] ? tomoyo_encode+0x28b/0x550 [ 335.376921][ T8172] tomoyo_encode+0x28b/0x550 [ 335.376956][ T8172] tomoyo_realpath_from_path+0x58d/0x5d0 [ 335.376998][ T8172] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 335.377023][ T8172] tomoyo_path_number_perm+0x1e8/0x5a0 [ 335.377050][ T8172] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 335.377074][ T8172] ? __lock_acquire+0xab9/0xd20 [ 335.377140][ T8172] ? __pfx_current_check_access_path+0x10/0x10 [ 335.377182][ T8172] ? lookup_one_qstr_excl_raw+0x126/0x280 [ 335.377216][ T8172] tomoyo_path_mkdir+0xa8/0xe0 [ 335.377247][ T8172] ? __pfx_tomoyo_path_mkdir+0x10/0x10 [ 335.377283][ T8172] ? __pfx_filename_create+0x10/0x10 [ 335.377323][ T8172] security_path_mkdir+0x171/0x380 [ 335.377359][ T8172] do_mkdirat+0x1bd/0x590 [ 335.377396][ T8172] ? __pfx_do_mkdirat+0x10/0x10 [ 335.377434][ T8172] ? getname_flags+0x1e5/0x540 [ 335.377466][ T8172] __x64_sys_mkdirat+0x87/0xa0 [ 335.377501][ T8172] do_syscall_64+0xfa/0x3b0 [ 335.377524][ T8172] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.377547][ T8172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.377569][ T8172] ? clear_bhb_loop+0x60/0xb0 [ 335.377596][ T8172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.377624][ T8172] RIP: 0033:0x7fc15718ebe9 [ 335.377645][ T8172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.377664][ T8172] RSP: 002b:00007fc157f46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 335.377688][ T8172] RAX: ffffffffffffffda RBX: 00007fc1573b5fa0 RCX: 00007fc15718ebe9 [ 335.377704][ T8172] RDX: 0000000000000408 RSI: 0000200000000300 RDI: 0000000000000005 [ 335.377717][ T8172] RBP: 00007fc157f46090 R08: 0000000000000000 R09: 0000000000000000 [ 335.377731][ T8172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.377744][ T8172] R13: 00007fc1573b6038 R14: 00007fc1573b5fa0 R15: 00007ffe9806b078 [ 335.377779][ T8172] [ 335.377845][ T8172] ERROR: Out of memory at tomoyo_realpath_from_path. [ 335.673383][ T5828] hid (null): report_id 0 is invalid [ 335.762025][ T5911] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 335.875645][ T9] usb 4-1: USB disconnect, device number 12 [ 336.058099][ T8179] netlink: 'syz.4.617': attribute type 1 has an invalid length. [ 336.087045][ T8179] netlink: 144 bytes leftover after parsing attributes in process `syz.4.617'. [ 336.107196][ T8179] netlink: 28 bytes leftover after parsing attributes in process `syz.4.617'. [ 336.231798][ T8155] netlink: 40 bytes leftover after parsing attributes in process `syz.2.608'. [ 336.428544][ T8183] bridge0: entered promiscuous mode [ 336.435392][ T8183] macvlan2: entered promiscuous mode [ 337.075927][ T8192] binder: BC_ATTEMPT_ACQUIRE not supported [ 337.086720][ T8192] binder: 8189:8192 ioctl c0306201 2000000001c0 returned -22 [ 337.106054][ T9] usb 3-1: reset high-speed USB device number 17 using dummy_hcd [ 337.322270][ T5929] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 337.472502][ T5929] usb 4-1: Using ep0 maxpacket: 8 [ 337.483109][ T5929] usb 4-1: unable to get BOS descriptor or descriptor too short [ 337.495697][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 337.508189][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 337.526644][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 337.537672][ T5929] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 337.548708][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 337.560470][ T5929] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 222 [ 337.585272][ T5929] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 337.623705][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.658164][ T5929] usb 4-1: Product: syz [ 337.663762][ T5929] usb 4-1: Manufacturer: syz [ 337.669302][ T5929] usb 4-1: SerialNumber: syz [ 337.684301][ T5929] usb 4-1: config 0 descriptor?? [ 337.693827][ T8188] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 337.703021][ T8188] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 337.733054][ T5929] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 337.920453][ T5911] usb 3-1: USB disconnect, device number 17 [ 339.211789][ T30] audit: type=1400 audit(1754522129.603:136): lsm=SMACK fn=smack_inode_removexattr action=denied subject="w" object="_" requested=w pid=8203 comm="syz.4.624" name="file1" dev="tmpfs" ino=686 [ 340.202035][ T8209] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 342.172279][ T5911] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 342.322584][ T5828] usb 4-1: USB disconnect, device number 13 [ 342.376811][ T8224] netlink: 'syz.2.628': attribute type 1 has an invalid length. [ 342.407015][ T8224] netlink: 144 bytes leftover after parsing attributes in process `syz.2.628'. [ 342.447178][ T8224] netlink: 28 bytes leftover after parsing attributes in process `syz.2.628'. [ 342.482251][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 342.505031][ T8226] syzkaller0: entered promiscuous mode [ 342.514098][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 342.552248][ T8226] syzkaller0: entered allmulticast mode [ 342.555324][ T5911] usb 5-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b [ 342.591787][ T5911] usb 5-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0 [ 342.621263][ T5911] usb 5-1: Manufacturer: syz [ 342.657694][ T5911] usb 5-1: config 0 descriptor?? [ 342.735144][ T8228] netlink: 48 bytes leftover after parsing attributes in process `syz.0.630'. [ 342.910063][ T8213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.999207][ T8213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 344.258713][ T8251] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 346.101964][ T8258] binder: BC_ATTEMPT_ACQUIRE not supported [ 346.123052][ T8258] binder: 8257:8258 ioctl c0306201 2000000001c0 returned -22 [ 346.148429][ T5911] usbhid 5-1:0.0: can't add hid device: -71 [ 346.166027][ T5911] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 346.232519][ T5911] usb 5-1: USB disconnect, device number 17 [ 346.472514][ T9] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 346.874884][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 346.968429][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 347.306035][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 347.350644][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 347.534902][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 347.551690][ T9] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 347.562990][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 347.591207][ T9] usb 2-1: Product: syz [ 347.595589][ T9] usb 2-1: Manufacturer: syz [ 347.600446][ T9] usb 2-1: SerialNumber: syz [ 348.013922][ T9] usb 2-1: config 0 descriptor?? [ 348.382452][ T9] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 348.390643][ T8283] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 348.402410][ T9] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 348.416949][ T8282] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 348.574866][ T9] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 348.602332][ T9] radio-si470x 2-1:0.0: si470x_get_scratch: si470x_get_report returned -32 [ 348.611716][ T9] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 348.972918][ T9] usb 2-1: USB disconnect, device number 19 [ 349.010861][ T8289] netlink: 16 bytes leftover after parsing attributes in process `syz.4.644'. [ 349.302262][ T5918] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 349.452229][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 349.514884][ T5918] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=d3.06 [ 349.532410][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 349.540597][ T5918] usb 4-1: Product: syz [ 349.548692][ T5918] usb 4-1: Manufacturer: syz [ 349.554628][ T5918] usb 4-1: SerialNumber: syz [ 350.407914][ T5918] r8152-cfgselector 4-1: Unknown version 0x0000 [ 350.465575][ T5918] r8152-cfgselector 4-1: config 0 descriptor?? [ 350.975220][ T8311] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 352.015188][ T8291] netlink: 24 bytes leftover after parsing attributes in process `syz.3.645'. [ 352.052566][ T8291] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 352.142975][ T8312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.353619][ T8312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.367916][ T8312] binder: 8290:8312 ioctl c0306201 200000000040 returned -22 [ 353.661783][ T8334] netlink: 212296 bytes leftover after parsing attributes in process `syz.4.656'. [ 353.799104][ T5929] r8152-cfgselector 4-1: USB disconnect, device number 14 [ 354.573417][ T8345] netlink: 16 bytes leftover after parsing attributes in process `syz.0.659'. [ 355.203445][ T8346] netlink: 8 bytes leftover after parsing attributes in process `syz.1.657'. [ 355.695083][ T8351] netlink: 244 bytes leftover after parsing attributes in process `syz.0.661'. [ 355.857093][ T8357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.660'. [ 356.021335][ T8358] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 356.828303][ T8357] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.448479][ T8367] comedi comedi2: dt2814: I/O port conflict (0xb000,2) [ 357.571230][ T8357] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.716442][ T8352] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 357.773775][ T8352] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 358.407734][ T8352] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 358.415051][ T8352] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 358.451360][ T8371] netlink: 'syz.2.665': attribute type 1 has an invalid length. [ 358.460746][ T8371] netlink: 224 bytes leftover after parsing attributes in process `syz.2.665'. [ 358.645005][ T8352] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 358.699762][ T8352] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 358.752579][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 358.958427][ T8374] netlink: 20 bytes leftover after parsing attributes in process `syz.1.666'. [ 359.160912][ T8352] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 359.254478][ T8352] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 359.367081][ T8352] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 359.444124][ T8352] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 360.165689][ T5929] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 360.432520][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 360.691780][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 360.832638][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 360.940617][ T5929] usb 5-1: device descriptor read/all, error -71 [ 361.414331][ T8393] netlink: 16 bytes leftover after parsing attributes in process `syz.4.671'. [ 361.657894][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 361.657956][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 362.522433][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 362.753535][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 362.817329][ T8409] binder: BC_ATTEMPT_ACQUIRE not supported [ 362.893256][ T8409] binder: 8408:8409 ioctl c0306201 2000000001c0 returned -22 [ 363.366000][ T8414] comedi comedi2: dt2814: I/O port conflict (0xb000,2) [ 363.712577][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 363.719683][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 363.853781][ T8407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.674'. [ 363.932246][ T5911] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 364.136452][ T5911] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 364.157164][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 364.212058][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 364.276427][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 364.332073][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 364.399473][ T5911] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 364.409110][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 364.436937][ T5911] usb 5-1: Product: syz [ 364.449586][ T5911] usb 5-1: Manufacturer: syz [ 364.467368][ T5911] usb 5-1: SerialNumber: syz [ 364.489294][ T5911] usb 5-1: config 0 descriptor?? [ 364.731747][ T5911] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 364.776418][ T5911] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 364.921129][ T5911] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 365.429536][ T5911] radio-si470x 5-1:0.0: si470x_get_scratch: si470x_get_report returned -32 [ 365.614794][ T5911] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5 [ 366.152821][ T5911] usb 5-1: USB disconnect, device number 20 [ 367.643238][ T8440] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'. [ 367.655619][ T8440] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.778903][ T30] audit: type=1326 audit(1754522158.323:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.4.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad198ebe9 code=0x7ffc0000 [ 367.809109][ T8440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.829431][ T30] audit: type=1326 audit(1754522158.353:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8441 comm="syz.4.684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad198ebe9 code=0x7ffc0000 [ 368.029000][ T8439] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 368.050504][ T8439] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 368.219830][ T8439] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 368.229099][ T8439] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 368.236403][ T8439] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 368.249951][ T8445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 369.012928][ T8445] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.090573][ T8445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 369.150286][ T8452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 369.172505][ T5929] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 369.189462][ T8445] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.210750][ T8452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.312393][ T5929] usb 3-1: device descriptor read/64, error -71 [ 369.462837][ T5911] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 370.233168][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 370.239435][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 370.273145][ T5854] Bluetooth: hci1: command 0x0406 tx timeout [ 370.279498][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 370.285888][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 370.836352][ T8466] fuse: Unknown parameter '' [ 371.431815][ T5911] usb 5-1: device descriptor read/64, error -71 [ 371.692043][ T5911] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 371.846614][ T5911] usb 5-1: device descriptor read/64, error -71 [ 371.976217][ T5911] usb usb5-port1: attempt power cycle [ 371.979172][ T8470] netlink: 12 bytes leftover after parsing attributes in process `syz.2.692'. [ 372.047749][ T8470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.692'. [ 372.230867][ T8467] wg1 speed is unknown, defaulting to 1000 [ 372.395794][ T8473] netlink: 144 bytes leftover after parsing attributes in process `syz.0.689'. [ 372.422260][ T7193] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 372.582232][ T7193] usb 4-1: Using ep0 maxpacket: 8 [ 372.591249][ T7193] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 372.611546][ T7193] usb 4-1: config 0 has no interface number 0 [ 372.771973][ T7193] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 372.783067][ T7193] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 372.795643][ T7193] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 372.807291][ T7193] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 372.820859][ T8483] random: crng reseeded on system resumption [ 372.856176][ T8489] netlink: 24 bytes leftover after parsing attributes in process `syz.2.696'. [ 372.863560][ T7193] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 372.890843][ T7193] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.930835][ T7193] usb 4-1: config 0 descriptor?? [ 372.990733][ T7193] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 373.315328][ T8480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.366377][ T8480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.849650][ T8503] trusted_key: syz.2.698 sent an empty control message without MSG_MORE. [ 374.174520][ T5911] usb 4-1: USB disconnect, device number 15 [ 374.429793][ T5911] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 376.082404][ T8526] netlink: 'syz.3.704': attribute type 1 has an invalid length. [ 376.090083][ T8526] netlink: 144 bytes leftover after parsing attributes in process `syz.3.704'. [ 376.120716][ T8526] netlink: 28 bytes leftover after parsing attributes in process `syz.3.704'. [ 376.314200][ T8526] team0: No ports can be present during mode change [ 376.951122][ T5911] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 377.744476][ T5911] usb 3-1: Using ep0 maxpacket: 8 [ 377.766619][ T5911] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 377.796533][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.813607][ T8544] FAULT_INJECTION: forcing a failure. [ 377.813607][ T8544] name failslab, interval 1, probability 0, space 0, times 0 [ 377.834638][ T5911] usb 3-1: Product: syz [ 377.852335][ T5911] usb 3-1: Manufacturer: syz [ 377.857181][ T5911] usb 3-1: SerialNumber: syz [ 377.876064][ T8544] CPU: 0 UID: 0 PID: 8544 Comm: syz.3.710 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 377.876095][ T8544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 377.876114][ T8544] Call Trace: [ 377.876134][ T8544] [ 377.876145][ T8544] dump_stack_lvl+0x189/0x250 [ 377.876176][ T8544] ? __pfx____ratelimit+0x10/0x10 [ 377.876200][ T8544] ? __pfx_dump_stack_lvl+0x10/0x10 [ 377.876226][ T8544] ? __pfx__printk+0x10/0x10 [ 377.876262][ T8544] ? __pfx___might_resched+0x10/0x10 [ 377.876285][ T8544] ? fs_reclaim_acquire+0x7d/0x100 [ 377.876318][ T8544] should_fail_ex+0x414/0x560 [ 377.876347][ T8544] should_failslab+0xa8/0x100 [ 377.876374][ T8544] kmem_cache_alloc_noprof+0x73/0x3c0 [ 377.876395][ T8544] ? alloc_empty_file+0x55/0x1d0 [ 377.876429][ T8544] alloc_empty_file+0x55/0x1d0 [ 377.876460][ T8544] alloc_file_pseudo+0x13d/0x210 [ 377.876487][ T8544] ? do_raw_spin_unlock+0x122/0x240 [ 377.876520][ T8544] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 377.876547][ T8544] ? _raw_spin_unlock+0x28/0x50 [ 377.876597][ T8544] anon_inode_getfd+0xca/0x1b0 [ 377.876629][ T8544] bpf_enable_stats+0xdc/0x140 [ 377.876651][ T8544] __sys_bpf+0x7b0/0x860 [ 377.876687][ T8544] ? __pfx___sys_bpf+0x10/0x10 [ 377.876735][ T8544] ? ksys_write+0x22a/0x250 [ 377.876759][ T8544] ? __pfx_ksys_write+0x10/0x10 [ 377.876777][ T8544] ? rcu_is_watching+0x15/0xb0 [ 377.876810][ T8544] __x64_sys_bpf+0x7c/0x90 [ 377.876841][ T8544] do_syscall_64+0xfa/0x3b0 [ 377.876864][ T8544] ? lockdep_hardirqs_on+0x9c/0x150 [ 377.876887][ T8544] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.876910][ T8544] ? clear_bhb_loop+0x60/0xb0 [ 377.876937][ T8544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.876959][ T8544] RIP: 0033:0x7f319038ebe9 [ 377.876978][ T8544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.876998][ T8544] RSP: 002b:00007f31911ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 377.877021][ T8544] RAX: ffffffffffffffda RBX: 00007f31905b5fa0 RCX: 00007f319038ebe9 [ 377.877042][ T8544] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000020 [ 377.877055][ T8544] RBP: 00007f31911ec090 R08: 0000000000000000 R09: 0000000000000000 [ 377.877069][ T8544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 377.877081][ T8544] R13: 00007f31905b6038 R14: 00007f31905b5fa0 R15: 00007fff99a2b8b8 [ 377.877125][ T8544] [ 378.238560][ T8553] sctp: [Deprecated]: syz.3.713 (pid 8553) Use of struct sctp_assoc_value in delayed_ack socket option. [ 378.238560][ T8553] Use struct sctp_sack_info instead [ 378.626133][ T5911] usb 3-1: config 0 descriptor?? [ 378.743062][ T8564] netlink: 40 bytes leftover after parsing attributes in process `syz.1.715'. [ 378.923174][ T5911] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 379.032549][ T8562] netlink: 8 bytes leftover after parsing attributes in process `syz.4.711'. [ 379.133683][ T8531] syz.2.706 (8531): attempted to duplicate a private mapping with mremap. This is not supported. [ 379.375115][ T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 380.192939][ T5911] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 381.951533][ T5911] usb 3-1: USB disconnect, device number 20 [ 382.366546][ T8586] netlink: 'syz.2.720': attribute type 1 has an invalid length. [ 382.415809][ T8586] netlink: 144 bytes leftover after parsing attributes in process `syz.2.720'. [ 382.465945][ T8586] netlink: 28 bytes leftover after parsing attributes in process `syz.2.720'. [ 382.548930][ T8586] team0: No ports can be present during mode change [ 383.294611][ T8598] tipc: Enabled bearer , priority 0 [ 383.321555][ T8598] syzkaller0: entered promiscuous mode [ 383.357902][ T8598] syzkaller0: entered allmulticast mode [ 383.438850][ T8598] tipc: Resetting bearer [ 383.453958][ T8597] tipc: Resetting bearer [ 383.571409][ T8597] tipc: Disabling bearer [ 383.702540][ T8605] binder: 8604:8605 ioctl c0306201 200000000640 returned -14 [ 383.891829][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.605194][ T8613] netlink: 8 bytes leftover after parsing attributes in process `syz.0.726'. [ 385.709145][ T8625] macvlan3: entered promiscuous mode [ 386.679153][ T8632] autofs: Unknown parameter '0x0000000000000000' [ 389.412355][ T8658] ubi: mtd0 is already attached to ubi8 [ 389.575626][ T8656] netlink: 44 bytes leftover after parsing attributes in process `syz.2.737'. [ 389.585929][ T8656] netlink: 43 bytes leftover after parsing attributes in process `syz.2.737'. [ 389.594978][ T8656] netlink: 'syz.2.737': attribute type 6 has an invalid length. [ 389.602733][ T8656] netlink: 'syz.2.737': attribute type 5 has an invalid length. [ 389.610400][ T8656] netlink: 43 bytes leftover after parsing attributes in process `syz.2.737'. [ 389.849154][ T8658] syzkaller0: entered promiscuous mode [ 389.855245][ T8658] syzkaller0: entered allmulticast mode [ 395.674980][ T8681] tipc: Enabled bearer , priority 0 [ 395.685384][ T8699] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ULvyآDUDw}z [ 395.692668][ T8682] syzkaller0: entered promiscuous mode [ 395.700507][ T8682] syzkaller0: entered allmulticast mode [ 395.995369][ T8735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.749'. [ 396.023094][ T8735] netlink: 'syz.2.749': attribute type 30 has an invalid length. [ 396.051580][ T8706] tipc: Resetting bearer [ 396.066157][ T8735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.749'. [ 396.144135][ T8706] tipc: Disabling bearer [ 396.383182][ T9] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 396.417035][ T5929] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 396.587946][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 396.643005][ T8752] macvlan4: entered promiscuous mode [ 396.699555][ T5929] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 41407, setting to 1024 [ 396.723250][ T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 396.798350][ T5929] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 396.834690][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 396.933384][ T5929] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 397.021009][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 397.131900][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.158908][ T5929] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 397.169605][ T9] usb 3-1: Product: syz [ 397.189963][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.199077][ T9] usb 3-1: Manufacturer: syz [ 397.216346][ T9] usb 3-1: SerialNumber: syz [ 397.234127][ T5929] usb 4-1: Product: syz [ 397.252238][ T5929] usb 4-1: Manufacturer: syz [ 397.271470][ T5929] usb 4-1: SerialNumber: syz [ 397.306569][ T8740] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 397.317829][ T9] hub 3-1:1.0: bad descriptor, ignoring hub [ 397.361700][ T5929] hub 4-1:1.0: bad descriptor, ignoring hub [ 397.372652][ T9] hub 3-1:1.0: probe with driver hub failed with error -5 [ 397.403296][ T5929] hub 4-1:1.0: probe with driver hub failed with error -5 [ 397.559274][ T9] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 397.621354][ T5929] usblp 4-1:1.0: usblp1: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 397.985268][ T8762] comedi comedi1: bad chanlist[0]=0x00000004 chan=4 range length=1 [ 398.088489][ T8764] comedi comedi1: bad chanlist[0]=0x00000004 chan=4 range length=1 [ 398.294132][ T30] audit: type=1326 audit(1754522188.843:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8746 comm="syz.0.753" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc15718ebe9 code=0x200000 [ 398.318885][ T8739] netlink: del zone limit has 4 unknown bytes [ 398.327264][ T5929] usb 4-1: USB disconnect, device number 17 [ 398.403386][ T5929] usblp1: removed [ 398.617153][ T5944] usb 3-1: USB disconnect, device number 21 [ 398.649393][ T5944] usblp0: removed [ 398.702620][ T9] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 398.905852][ T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 398.942444][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.966465][ T9] usb 5-1: Product: syz [ 398.970818][ T9] usb 5-1: Manufacturer: syz [ 398.988501][ T9] usb 5-1: SerialNumber: syz [ 399.009532][ T9] usb 5-1: config 0 descriptor?? [ 399.267585][ T9] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 400.031480][ T8781] bridge0: entered promiscuous mode [ 400.037007][ T8781] macvlan2: entered promiscuous mode [ 401.039465][ T8799] netlink: 44 bytes leftover after parsing attributes in process `syz.1.760'. [ 401.711370][ T9] usb 5-1: dvb_usb_v2: will use the device's hardware PID filter (table count: 32) [ 401.745523][ T9] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick) [ 401.780229][ T9] usb 5-1: media controller created [ 401.800614][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 401.882451][ T8795] tipc: Enabled bearer , priority 0 [ 401.920032][ T8797] syzkaller0: entered promiscuous mode [ 401.936846][ T8797] syzkaller0: entered allmulticast mode [ 402.109416][ T9] i2c i2c-1: Added multiplexed i2c bus 2 [ 402.128128][ T8794] tipc: Resetting bearer [ 402.164065][ T9] rtl2832 1-0010: Realtek RTL2832 successfully attached [ 402.268467][ T9] usb 5-1: DVB: registering adapter 1 frontend 0 (Realtek RTL2832 (DVB-T))... [ 402.283324][ T8794] tipc: Disabling bearer [ 402.337306][ T9] dvbdev: dvb_create_media_entity: media entity 'Realtek RTL2832 (DVB-T)' registered. [ 402.788541][ T9] usb 5-1: USB disconnect, device number 24 [ 403.092784][ T8824] binder: BC_ATTEMPT_ACQUIRE not supported [ 403.182331][ T8829] syz.0.766: attempt to access beyond end of device [ 403.182331][ T8829] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0 [ 403.198570][ T8829] syz.0.766: attempt to access beyond end of device [ 403.198570][ T8829] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0 [ 403.212018][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 403.224022][ T8829] syz.0.766: attempt to access beyond end of device [ 403.224022][ T8829] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0 [ 403.237523][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 403.253732][ T8829] syz.0.766: attempt to access beyond end of device [ 403.253732][ T8829] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0 [ 403.268311][ T8829] syz.0.766: attempt to access beyond end of device [ 403.268311][ T8829] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0 [ 403.281759][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 403.292474][ T8829] syz.0.766: attempt to access beyond end of device [ 403.292474][ T8829] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 403.306047][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 403.320542][ T8829] syz.0.766: attempt to access beyond end of device [ 403.320542][ T8829] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 403.334780][ T8829] syz.0.766: attempt to access beyond end of device [ 403.334780][ T8829] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 403.348215][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 403.358781][ T8829] syz.0.766: attempt to access beyond end of device [ 403.358781][ T8829] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 403.372223][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 403.385505][ T8829] syz.0.766: attempt to access beyond end of device [ 403.385505][ T8829] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 403.400630][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 403.411499][ T8829] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 403.421302][ T8829] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 403.568527][ T8824] binder: 8823:8824 ioctl c0306201 2000000001c0 returned -22 [ 404.010535][ T8833] bond0: Unable to set down delay as MII monitoring is disabled [ 404.122822][ T9] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 404.319776][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.361360][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 404.401471][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 404.436927][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 404.481632][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 404.546865][ T9] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 404.601580][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 404.623675][ T9] usb 5-1: Product: syz [ 404.627910][ T9] usb 5-1: Manufacturer: syz [ 404.676052][ T9] usb 5-1: SerialNumber: syz [ 404.714757][ T9] usb 5-1: config 0 descriptor?? [ 404.797965][ T8843] FAULT_INJECTION: forcing a failure. [ 404.797965][ T8843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.852232][ T8843] CPU: 0 UID: 0 PID: 8843 Comm: syz.0.771 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 404.852265][ T8843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 404.852279][ T8843] Call Trace: [ 404.852287][ T8843] [ 404.852297][ T8843] dump_stack_lvl+0x189/0x250 [ 404.852326][ T8843] ? __pfx____ratelimit+0x10/0x10 [ 404.852348][ T8843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 404.852373][ T8843] ? __pfx__printk+0x10/0x10 [ 404.852422][ T8843] should_fail_ex+0x414/0x560 [ 404.852449][ T8843] _copy_to_user+0x31/0xb0 [ 404.852481][ T8843] do_pagemap_cmd+0xb06/0xbb0 [ 404.852514][ T8843] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 404.852565][ T8843] ? __fget_files+0x3a0/0x420 [ 404.852589][ T8843] ? __fget_files+0x2a/0x420 [ 404.852617][ T8843] ? bpf_lsm_file_ioctl+0x9/0x20 [ 404.852643][ T8843] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 404.852666][ T8843] __se_sys_ioctl+0xfc/0x170 [ 404.852702][ T8843] do_syscall_64+0xfa/0x3b0 [ 404.852725][ T8843] ? lockdep_hardirqs_on+0x9c/0x150 [ 404.852747][ T8843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.852769][ T8843] ? clear_bhb_loop+0x60/0xb0 [ 404.852795][ T8843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.852816][ T8843] RIP: 0033:0x7fc15718ebe9 [ 404.852836][ T8843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.852854][ T8843] RSP: 002b:00007fc157f46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 404.852876][ T8843] RAX: ffffffffffffffda RBX: 00007fc1573b5fa0 RCX: 00007fc15718ebe9 [ 404.852891][ T8843] RDX: 00002000000001c0 RSI: 00000000c0606610 RDI: 0000000000000005 [ 404.852906][ T8843] RBP: 00007fc157f46090 R08: 0000000000000000 R09: 0000000000000000 [ 404.852919][ T8843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.852932][ T8843] R13: 00007fc1573b6038 R14: 00007fc1573b5fa0 R15: 00007ffe9806b078 [ 404.852966][ T8843] [ 405.286658][ T9] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 405.330503][ T9] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5 [ 406.565043][ T8863] tipc: Enabled bearer , priority 0 [ 406.594420][ T8863] syzkaller0: entered promiscuous mode [ 406.610358][ T8863] syzkaller0: entered allmulticast mode [ 406.659898][ T8863] tipc: Resetting bearer [ 406.686045][ T8862] tipc: Resetting bearer [ 406.770416][ T8862] tipc: Disabling bearer [ 406.952361][ T5918] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 407.122409][ T5918] usb 3-1: Using ep0 maxpacket: 16 [ 407.150155][ T5918] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.03 [ 407.167252][ T5918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 407.178166][ T5918] usb 3-1: SerialNumber: syz [ 407.230809][ T5918] usb 3-1: config 0 descriptor?? [ 408.056183][ T9] usb 5-1: USB disconnect, device number 25 [ 409.733088][ T8884] syz.2.779 (8884) used greatest stack depth: 18880 bytes left [ 410.663901][ T8905] random: crng reseeded on system resumption [ 410.936200][ T5918] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 410.965014][ T5918] usb 3-1: Detected SIO [ 411.096762][ T5918] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 411.395289][ T5918] usb 3-1: USB disconnect, device number 22 [ 411.456476][ T5918] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 411.685275][ T5918] ftdi_sio 3-1:0.0: device disconnected [ 412.334819][ T8930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.789'. [ 412.840088][ T8936] binder: BC_ATTEMPT_ACQUIRE not supported [ 412.849785][ T8936] binder: 8934:8936 ioctl c0306201 2000000001c0 returned -22 [ 413.152874][ T8944] loop7: detected capacity change from 0 to 16384 [ 413.306200][ T5918] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 414.256692][ T5918] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 414.409185][ T5918] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 414.589592][ T5918] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 414.638380][ T5918] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 415.212634][ T5918] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 415.225350][ T8944] loop7: detected capacity change from 16384 to 0 [ 415.247036][ C0] I/O error, dev loop7, sector 4880 op 0x0:(READ) flags 0x80700 phys_seg 6 prio class 0 [ 415.270335][ T5918] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 415.302216][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 415.386526][ T5918] usb 3-1: Product: syz [ 415.390872][ T5918] usb 3-1: Manufacturer: syz [ 415.416970][ T5918] usb 3-1: SerialNumber: syz [ 415.432279][ T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 415.442289][ T5918] usb 3-1: config 0 descriptor?? [ 415.612351][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 415.686723][ T8965] random: crng reseeded on system resumption [ 416.550727][ T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 416.565364][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.589980][ T5918] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 416.616152][ T9] pvrusb2: Hardware description: Terratec Grabster AV400 [ 416.645184][ T5918] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5 [ 416.654247][ T9] pvrusb2: ********** [ 416.658290][ T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 416.688609][ T9] pvrusb2: Important functionality might not be entirely working. [ 416.698042][ T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 416.719528][ T9] pvrusb2: ********** [ 416.741613][ T5918] usb 3-1: USB disconnect, device number 23 [ 417.096651][ T2342] pvrusb2: Invalid write control endpoint [ 417.116811][ T9] usb 5-1: USB disconnect, device number 26 [ 417.127086][ T30] audit: type=1800 audit(1754522207.663:140): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.804" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 417.156365][ T8980] netlink: 16 bytes leftover after parsing attributes in process `syz.3.802'. [ 417.163280][ T8970] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 418.464217][ T8984] comedi comedi2: dt2814: I/O port conflict (0xb000,2) [ 418.704205][ T2342] pvrusb2: Invalid write control endpoint [ 418.710442][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 418.798476][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 418.829117][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 418.915803][ T2342] pvrusb2: Device being rendered inoperable [ 418.935624][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 418.954665][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 418.967113][ T8994] fuse: Bad value for 'fd' [ 419.007738][ T8995] netlink: 168 bytes leftover after parsing attributes in process `syz.0.807'. [ 419.034952][ T2342] pvrusb2: Attached sub-driver cx25840 [ 419.054391][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 419.238969][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 419.375828][ T9004] 9pnet_fd: Insufficient options for proto=fd [ 420.853173][ T9014] netlink: 'syz.1.812': attribute type 1 has an invalid length. [ 421.189927][ T8995] syz.0.807 (8995): drop_caches: 2 [ 422.612684][ T9030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.816'. [ 422.798788][ T9033] ISOFS: Unable to identify CD-ROM format. [ 422.981221][ T9041] netlink: 16 bytes leftover after parsing attributes in process `syz.1.818'. [ 423.256501][ T9044] macvlan4: entered promiscuous mode [ 425.057676][ T9056] netlink: 16 bytes leftover after parsing attributes in process `syz.1.822'. [ 426.629881][ T9080] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 428.527755][ T9101] wg1 speed is unknown, defaulting to 1000 [ 429.297705][ T9111] netlink: 16 bytes leftover after parsing attributes in process `syz.4.836'. [ 429.374083][ T9113] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.837'. [ 429.831393][ T30] audit: type=1326 audit(1754522220.373:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9114 comm="syz.0.840" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc15718ebe9 code=0x0 [ 430.495068][ T9131] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 431.132273][ T5911] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 431.307160][ T5911] usb 2-1: unable to get BOS descriptor or descriptor too short [ 431.319482][ T6136] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.330561][ T5911] usb 2-1: not running at top speed; connect to a high speed hub [ 431.349841][ T5911] usb 2-1: config 129 has an invalid interface number: 135 but max is 0 [ 431.369566][ T5911] usb 2-1: config 129 has an invalid interface number: 5 but max is 0 [ 431.388162][ T5911] usb 2-1: config 129 descriptor has 1 excess byte, ignoring [ 431.402234][ T5911] usb 2-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 431.424493][ T5911] usb 2-1: config 129 has no interface number 0 [ 431.432440][ T5911] usb 2-1: config 129 has no interface number 1 [ 431.439953][ T5911] usb 2-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 431.454147][ T5911] usb 2-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 431.465970][ T5911] usb 2-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 431.479765][ T5911] usb 2-1: config 129 interface 135 has no altsetting 0 [ 431.510029][ T5911] usb 2-1: config 129 interface 5 has no altsetting 0 [ 431.520407][ T6136] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.533712][ T5911] usb 2-1: string descriptor 0 read error: -22 [ 431.540314][ T5911] usb 2-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62 [ 431.562947][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.638416][ T5911] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 431.664238][ T5911] usb 2-1: MIDIStreaming interface descriptor not found [ 431.846989][ T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 431.862507][ T30] audit: type=1800 audit(1754522222.333:142): pid=9138 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.846" name="bus" dev="overlay" ino=841 res=0 errno=0 [ 431.995550][ T5911] usb 2-1: USB disconnect, device number 20 [ 432.024557][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 432.056803][ T9] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 432.066731][ T6136] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.082189][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.200847][ T9] usb 3-1: Product: syz [ 432.226133][ T9] usb 3-1: Manufacturer: syz [ 432.253439][ T9] usb 3-1: SerialNumber: syz [ 432.259329][ T6136] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.278710][ T9] usb 3-1: config 0 descriptor?? [ 432.301113][ T9] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 432.933909][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 432.981818][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 432.990719][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 433.006012][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 433.019534][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 433.115453][ T9] gspca_ov534_9: reg_w failed -71 [ 433.342574][ T7193] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 433.482722][ T9] gspca_ov534_9: Unknown sensor 0000 [ 433.482820][ T9] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 433.502553][ T7193] usb 2-1: Using ep0 maxpacket: 8 [ 433.518387][ T7193] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 433.541859][ T9] usb 3-1: USB disconnect, device number 24 [ 433.543244][ T7193] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.576490][ T7193] usb 2-1: Product: syz [ 433.582454][ T7193] usb 2-1: Manufacturer: syz [ 433.598607][ T7193] usb 2-1: SerialNumber: syz [ 433.621015][ T7193] usb 2-1: config 0 descriptor?? [ 433.846756][ T7193] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 434.008362][ T6136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.053763][ T6136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 434.076665][ T6136] bond0 (unregistering): Released all slaves [ 434.100210][ T9144] wg1 speed is unknown, defaulting to 1000 [ 434.155213][ T30] audit: type=1326 audit(1754522224.693:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.241818][ T6136] tipc: Left network mode [ 434.257076][ T30] audit: type=1326 audit(1754522224.693:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.327306][ T30] audit: type=1326 audit(1754522224.693:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.352804][ T30] audit: type=1326 audit(1754522224.693:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.402646][ T30] audit: type=1326 audit(1754522224.693:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.507939][ T30] audit: type=1326 audit(1754522224.693:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.579802][ T30] audit: type=1326 audit(1754522224.693:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 434.671224][ T30] audit: type=1326 audit(1754522224.693:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9157 comm="syz.2.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 435.072432][ T51] Bluetooth: hci4: command tx timeout [ 435.244811][ T9183] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 435.854292][ T9178] netlink: 'syz.4.854': attribute type 9 has an invalid length. [ 436.016612][ T7193] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 436.053922][ T7193] usb 2-1: USB disconnect, device number 21 [ 436.089893][ T9195] program syz.0.858 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 436.221264][ T9197] binder: BC_ATTEMPT_ACQUIRE not supported [ 436.237739][ T9197] binder: 9196:9197 ioctl c0306201 2000000001c0 returned -22 [ 436.422948][ T9201] netlink: 16 bytes leftover after parsing attributes in process `syz.2.857'. [ 436.539071][ T6136] hsr_slave_0: left promiscuous mode [ 436.802136][ T6136] hsr_slave_1: left promiscuous mode [ 436.808594][ T6136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 436.822235][ T6136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.897637][ T6136] veth1_macvtap: left promiscuous mode [ 436.926639][ T6136] veth0_macvtap: left promiscuous mode [ 436.952669][ T6136] veth1_vlan: left promiscuous mode [ 436.968228][ T6136] veth0_vlan: left promiscuous mode [ 437.152939][ T51] Bluetooth: hci4: command tx timeout [ 438.040730][ T6136] team0 (unregistering): Port device team_slave_1 removed [ 438.109009][ T6136] team0 (unregistering): Port device team_slave_0 removed [ 439.242588][ T51] Bluetooth: hci4: command tx timeout [ 439.358553][ T9] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 439.643980][ T9225] comedi comedi2: fl512: I/O port conflict (0x10,16) [ 440.367250][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 440.387572][ T9144] chnl_net:caif_netlink_parms(): no params data found [ 440.407657][ T9] usb 5-1: not running at top speed; connect to a high speed hub [ 440.439848][ T9] usb 5-1: config 219 has 1 interface, different from the descriptor's value: 2 [ 440.452663][ T9] usb 5-1: config 219 interface 0 has no altsetting 0 [ 440.460276][ T9] usb 5-1: config 219 interface 0 has no altsetting 1 [ 440.514149][ T9] usb 5-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e [ 440.551537][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.582478][ T9] usb 5-1: Product: syz [ 440.586720][ T9] usb 5-1: Manufacturer: syz [ 440.624430][ T9] usb 5-1: SerialNumber: syz [ 441.322387][ T51] Bluetooth: hci4: command tx timeout [ 441.758638][ T5944] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 441.827542][ T9] usb 5-1: selecting invalid altsetting 0 [ 441.857612][ T9] usb 5-1: selecting invalid altsetting 0 [ 441.909284][ T9144] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.922261][ T5944] usb 2-1: Using ep0 maxpacket: 16 [ 441.922309][ T9144] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.944998][ T9144] bridge_slave_0: entered allmulticast mode [ 441.945995][ T5944] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=d3.06 [ 441.963670][ T9144] bridge_slave_0: entered promiscuous mode [ 442.002608][ T9144] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.009922][ T9144] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.026398][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 442.032453][ T9144] bridge_slave_1: entered allmulticast mode [ 442.052732][ T9] usb 5-1: USB disconnect, device number 27 [ 442.082019][ T5944] usb 2-1: Product: syz [ 442.088656][ T9144] bridge_slave_1: entered promiscuous mode [ 442.096227][ T5944] usb 2-1: Manufacturer: syz [ 442.138150][ T5944] usb 2-1: SerialNumber: syz [ 442.238223][ T5944] r8152-cfgselector 2-1: Unknown version 0x0000 [ 442.248031][ T5944] r8152-cfgselector 2-1: config 0 descriptor?? [ 442.435166][ T6309] udevd[6309]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 443.106352][ T9239] netlink: 24 bytes leftover after parsing attributes in process `syz.1.869'. [ 443.145282][ T9239] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 443.211185][ T9144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.261181][ T9262] macvlan5: entered promiscuous mode [ 443.283688][ T9144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.454205][ T924] r8152-cfgselector 2-1: USB disconnect, device number 22 [ 443.567549][ T9272] netlink: 24 bytes leftover after parsing attributes in process `syz.0.875'. [ 443.702615][ T5944] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 443.891001][ T9144] team0: Port device team_slave_0 added [ 443.950136][ T5944] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 41407, setting to 1024 [ 444.006699][ T9144] team0: Port device team_slave_1 added [ 444.019343][ T5944] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 444.092228][ T5944] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 444.161152][ T5944] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 444.196609][ T5944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.246240][ T5944] usb 5-1: Product: syz [ 444.268631][ T5944] usb 5-1: Manufacturer: syz [ 444.299354][ T5944] usb 5-1: SerialNumber: syz [ 444.325189][ T9266] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 444.409982][ T5944] hub 5-1:1.0: bad descriptor, ignoring hub [ 444.464055][ T5944] hub 5-1:1.0: probe with driver hub failed with error -5 [ 444.888436][ T5944] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 445.057303][ T9283] comedi comedi1: bad chanlist[0]=0x00000004 chan=4 range length=1 [ 445.096551][ T9144] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 445.105526][ T9144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 445.140191][ T9144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 445.194635][ T9144] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 445.214001][ T9144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 445.277594][ T5944] usb 5-1: USB disconnect, device number 28 [ 445.297635][ T9144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 445.318329][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.347441][ T5944] usblp0: removed [ 445.734685][ T9144] hsr_slave_0: entered promiscuous mode [ 445.741552][ T9144] hsr_slave_1: entered promiscuous mode [ 445.772506][ T9287] comedi comedi2: dt2814: I/O port conflict (0xb000,2) [ 446.172667][ T9144] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 446.204764][ T9144] Cannot create hsr debugfs directory [ 447.114326][ T9304] netlink: 4 bytes leftover after parsing attributes in process `syz.4.881'. [ 447.299207][ T9307] bio_check_eod: 2 callbacks suppressed [ 447.299227][ T9307] syz.1.882: attempt to access beyond end of device [ 447.299227][ T9307] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 447.321604][ T9307] syz.1.882: attempt to access beyond end of device [ 447.321604][ T9307] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 447.335023][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 447.346154][ T9307] syz.1.882: attempt to access beyond end of device [ 447.346154][ T9307] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 447.359767][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 447.370455][ T9307] syz.1.882: attempt to access beyond end of device [ 447.370455][ T9307] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 447.383499][ T9307] syz.1.882: attempt to access beyond end of device [ 447.383499][ T9307] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 447.396583][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 447.406579][ T9307] syz.1.882: attempt to access beyond end of device [ 447.406579][ T9307] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 447.419604][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 447.429781][ T9307] syz.1.882: attempt to access beyond end of device [ 447.429781][ T9307] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 447.442826][ T9307] syz.1.882: attempt to access beyond end of device [ 447.442826][ T9307] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 447.455967][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 447.465654][ T9307] syz.1.882: attempt to access beyond end of device [ 447.465654][ T9307] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 447.478785][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 447.488845][ T9307] syz.1.882: attempt to access beyond end of device [ 447.488845][ T9307] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 447.502010][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 447.511711][ T9307] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 447.521446][ T9307] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 447.801224][ T9316] netlink: 'syz.2.883': attribute type 1 has an invalid length. [ 447.809380][ T9316] netlink: 224 bytes leftover after parsing attributes in process `syz.2.883'. [ 449.416585][ T9144] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 449.445146][ T9144] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 450.173875][ T9144] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 450.213523][ T9331] macvlan5: entered promiscuous mode [ 450.355853][ T9144] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 451.360872][ T9144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.458662][ T9144] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.541403][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.549135][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.621701][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.628988][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 452.301349][ T9363] FAULT_INJECTION: forcing a failure. [ 452.301349][ T9363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 452.421401][ T9363] CPU: 1 UID: 0 PID: 9363 Comm: syz.0.891 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 452.421432][ T9363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 452.421448][ T9363] Call Trace: [ 452.421457][ T9363] [ 452.421467][ T9363] dump_stack_lvl+0x189/0x250 [ 452.421507][ T9363] ? __pfx____ratelimit+0x10/0x10 [ 452.421536][ T9363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 452.421561][ T9363] ? __pfx__printk+0x10/0x10 [ 452.421591][ T9363] ? __might_fault+0xb0/0x130 [ 452.421626][ T9363] should_fail_ex+0x414/0x560 [ 452.421656][ T9363] _copy_from_iter+0x1db/0x16f0 [ 452.421688][ T9363] ? preempt_schedule_common+0x83/0xd0 [ 452.421715][ T9363] ? __pfx_preempt_schedule+0x10/0x10 [ 452.421737][ T9363] ? __pfx__copy_from_iter+0x10/0x10 [ 452.421763][ T9363] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 452.421802][ T9363] ? preempt_schedule_thunk+0x16/0x30 [ 452.421845][ T9363] skb_copy_datagram_from_iter+0xf5/0x720 [ 452.421878][ T9363] ? iov_iter_single_seg_count+0xc9/0x2f0 [ 452.421913][ T9363] tun_get_user+0x15c3/0x3ce0 [ 452.421962][ T9363] ? __might_fault+0xb0/0x130 [ 452.421987][ T9363] ? __pfx_tun_get_user+0x10/0x10 [ 452.422025][ T9363] ? __lock_acquire+0xab9/0xd20 [ 452.422053][ T9363] ? ref_tracker_alloc+0x318/0x460 [ 452.422075][ T9363] ? __lock_acquire+0xab9/0xd20 [ 452.422095][ T9363] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 452.422123][ T9363] ? tun_get+0x1c/0x2f0 [ 452.422157][ T9363] ? tun_get+0x1c/0x2f0 [ 452.422184][ T9363] ? tun_get+0x1c/0x2f0 [ 452.422218][ T9363] tun_chr_write_iter+0x113/0x200 [ 452.422249][ T9363] vfs_write+0x54b/0xa90 [ 452.422277][ T9363] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 452.422306][ T9363] ? __pfx_vfs_write+0x10/0x10 [ 452.422339][ T9363] ? __fget_files+0x2a/0x420 [ 452.422376][ T9363] ksys_write+0x145/0x250 [ 452.422401][ T9363] ? __pfx_ksys_write+0x10/0x10 [ 452.422429][ T9363] ? do_syscall_64+0xbe/0x3b0 [ 452.422459][ T9363] do_syscall_64+0xfa/0x3b0 [ 452.422489][ T9363] ? lockdep_hardirqs_on+0x9c/0x150 [ 452.422512][ T9363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.422534][ T9363] ? clear_bhb_loop+0x60/0xb0 [ 452.422562][ T9363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.422583][ T9363] RIP: 0033:0x7fc15718ebe9 [ 452.422603][ T9363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.422623][ T9363] RSP: 002b:00007fc157f25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 452.422647][ T9363] RAX: ffffffffffffffda RBX: 00007fc1573b6090 RCX: 00007fc15718ebe9 [ 452.422663][ T9363] RDX: 0000000000000066 RSI: 0000200000000000 RDI: 0000000000000004 [ 452.422678][ T9363] RBP: 00007fc157f25090 R08: 0000000000000000 R09: 0000000000000000 [ 452.422691][ T9363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 452.422704][ T9363] R13: 00007fc1573b6128 R14: 00007fc1573b6090 R15: 00007ffe9806b078 [ 452.422739][ T9363] [ 453.209296][ T9376] bio_check_eod: 2 callbacks suppressed [ 453.209317][ T9376] syz.2.892: attempt to access beyond end of device [ 453.209317][ T9376] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 453.228351][ T9376] syz.2.892: attempt to access beyond end of device [ 453.228351][ T9376] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 453.243019][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 453.253005][ T9376] syz.2.892: attempt to access beyond end of device [ 453.253005][ T9376] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 453.266131][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 453.280000][ T9376] syz.2.892: attempt to access beyond end of device [ 453.280000][ T9376] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 453.293976][ T9376] syz.2.892: attempt to access beyond end of device [ 453.293976][ T9376] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 453.323475][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 453.334704][ T9376] syz.2.892: attempt to access beyond end of device [ 453.334704][ T9376] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 453.348929][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 453.363021][ T9376] syz.2.892: attempt to access beyond end of device [ 453.363021][ T9376] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 453.377101][ T9376] syz.2.892: attempt to access beyond end of device [ 453.377101][ T9376] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 453.391431][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 453.402498][ T9376] syz.2.892: attempt to access beyond end of device [ 453.402498][ T9376] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 453.419383][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 453.433612][ T9376] syz.2.892: attempt to access beyond end of device [ 453.433612][ T9376] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 453.448747][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 453.463388][ T9376] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 453.478460][ T9376] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 454.845419][ T9374] comedi comedi2: dt2814: I/O port conflict (0xb000,2) [ 457.123344][ T9388] netlink: 12 bytes leftover after parsing attributes in process `syz.4.896'. [ 457.564277][ T9144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 457.842724][ T5828] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 457.847683][ T9414] netlink: 'syz.4.900': attribute type 1 has an invalid length. [ 457.861390][ T9414] netlink: 224 bytes leftover after parsing attributes in process `syz.4.900'. [ 458.036146][ T5828] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 458.064665][ T5828] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 458.102258][ T5828] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.151227][ T5828] usb 3-1: config 0 descriptor?? [ 458.181253][ T5828] pwc: Askey VC010 type 2 USB webcam detected. [ 458.593576][ T9429] netlink: 'syz.0.898': attribute type 1 has an invalid length. [ 458.601300][ T9429] netlink: 'syz.0.898': attribute type 4 has an invalid length. [ 458.609348][ T9429] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.898'. [ 458.880908][ T5828] pwc: recv_control_msg error -32 req 02 val 2b00 [ 458.942327][ T5828] pwc: recv_control_msg error -32 req 02 val 2700 [ 458.952573][ T5828] pwc: recv_control_msg error -32 req 02 val 2c00 [ 458.970230][ T5828] pwc: recv_control_msg error -32 req 04 val 1000 [ 459.017762][ T5828] pwc: recv_control_msg error -32 req 04 val 1300 [ 459.035185][ T5828] pwc: recv_control_msg error -32 req 04 val 1400 [ 459.065289][ T5828] pwc: recv_control_msg error -32 req 02 val 2000 [ 459.073738][ T5828] pwc: recv_control_msg error -32 req 02 val 2100 [ 459.090510][ T5828] pwc: recv_control_msg error -32 req 04 val 1500 [ 459.116300][ T5828] pwc: recv_control_msg error -32 req 02 val 2500 [ 459.125338][ T5828] pwc: recv_control_msg error -32 req 02 val 2400 [ 459.133524][ T5828] pwc: recv_control_msg error -32 req 02 val 2600 [ 459.143183][ T5828] pwc: recv_control_msg error -32 req 02 val 2900 [ 459.261024][ T5828] pwc: recv_control_msg error -71 req 02 val 2800 [ 459.277203][ T9144] veth0_vlan: entered promiscuous mode [ 459.293847][ T9144] veth1_vlan: entered promiscuous mode [ 459.306081][ T5828] pwc: recv_control_msg error -71 req 04 val 1100 [ 459.342631][ T5828] pwc: recv_control_msg error -71 req 04 val 1200 [ 459.402627][ T5828] pwc: Registered as video103. [ 459.406544][ T9144] veth0_macvtap: entered promiscuous mode [ 459.433895][ T5828] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input15 [ 459.488495][ T5828] usb 3-1: USB disconnect, device number 25 [ 459.519554][ T9144] veth1_macvtap: entered promiscuous mode [ 459.591173][ T9144] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 459.668986][ T9144] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 459.809000][ T9439] trusted_key: encrypted_key: insufficient parameters specified [ 460.219010][ T9144] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.273000][ T9144] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.297851][ T9144] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.336097][ T9144] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.220330][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.265910][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.310442][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 461.310464][ T30] audit: type=1326 audit(1754522251.843:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9451 comm="syz.1.905" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f528338ebe9 code=0x7ffc0000 [ 461.485155][ T6339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.493477][ T6339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.011279][ T30] audit: type=1326 audit(1754522253.553:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad198ebe9 code=0x7ffc0000 [ 463.136149][ T30] audit: type=1326 audit(1754522253.553:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9464 comm="syz.4.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad198ebe9 code=0x7ffc0000 [ 463.437897][ T9483] netlink: 'syz.2.910': attribute type 1 has an invalid length. [ 463.446282][ T9483] netlink: 'syz.2.910': attribute type 4 has an invalid length. [ 463.454160][ T9483] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.910'. [ 464.021982][ T9483] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 464.449392][ T9493] netlink: 12 bytes leftover after parsing attributes in process `syz.2.913'. [ 465.551281][ T9492] random: crng reseeded on system resumption [ 466.378719][ T30] audit: type=1326 audit(1754522256.923:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 466.459814][ T30] audit: type=1326 audit(1754522256.983:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9502 comm="syz.2.915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7429b8ebe9 code=0x7ffc0000 [ 467.145232][ T5929] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 467.570757][ T9521] netlink: 228 bytes leftover after parsing attributes in process `syz.5.921'. [ 467.588203][ T5929] usb 5-1: Using ep0 maxpacket: 8 [ 467.624191][ T5929] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 467.707693][ T9524] bio_check_eod: 2 callbacks suppressed [ 467.707739][ T9524] syz.1.920: attempt to access beyond end of device [ 467.707739][ T9524] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 467.727178][ T9524] syz.1.920: attempt to access beyond end of device [ 467.727178][ T9524] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 467.740269][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 467.750420][ T9524] syz.1.920: attempt to access beyond end of device [ 467.750420][ T9524] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 467.763690][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 467.775455][ T9524] syz.1.920: attempt to access beyond end of device [ 467.775455][ T9524] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 467.789482][ T9524] syz.1.920: attempt to access beyond end of device [ 467.789482][ T9524] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 467.802630][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 467.812598][ T9524] syz.1.920: attempt to access beyond end of device [ 467.812598][ T9524] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 467.843733][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 467.854884][ T9524] syz.1.920: attempt to access beyond end of device [ 467.854884][ T9524] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 467.868326][ T9524] syz.1.920: attempt to access beyond end of device [ 467.868326][ T9524] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 467.881616][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 467.891780][ T9524] syz.1.920: attempt to access beyond end of device [ 467.891780][ T9524] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 467.905048][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 467.916620][ T9524] syz.1.920: attempt to access beyond end of device [ 467.916620][ T9524] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 467.930136][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 467.940532][ T9524] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 467.950146][ T9524] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 468.568048][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.576456][ T5929] usb 5-1: Product: syz [ 468.580782][ T5929] usb 5-1: Manufacturer: syz [ 468.585503][ T5929] usb 5-1: SerialNumber: syz [ 468.599961][ T5929] usb 5-1: config 0 descriptor?? [ 469.799007][ T5929] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 469.841549][ T9527] xt_hashlimit: size too large, truncated to 1048576 [ 469.973428][ T9527] syz.5.922: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 470.041264][ T9527] CPU: 0 UID: 0 PID: 9527 Comm: syz.5.922 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 470.041304][ T9527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 470.041319][ T9527] Call Trace: [ 470.041328][ T9527] [ 470.041339][ T9527] dump_stack_lvl+0x189/0x250 [ 470.041377][ T9527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 470.041404][ T9527] ? __pfx__printk+0x10/0x10 [ 470.041435][ T9527] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 470.041470][ T9527] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 470.041502][ T9527] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 470.041534][ T9527] warn_alloc+0x214/0x310 [ 470.041570][ T9527] ? __pfx_warn_alloc+0x10/0x10 [ 470.041607][ T9527] ? __get_vm_area_node+0x28f/0x300 [ 470.041633][ T9527] ? htable_create+0xfc/0x7a0 [ 470.041661][ T9527] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 470.041722][ T9527] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 470.041757][ T9527] ? rcu_is_watching+0x15/0xb0 [ 470.041784][ T9527] ? htable_create+0xfc/0x7a0 [ 470.041805][ T9527] ? htable_create+0xfc/0x7a0 [ 470.041825][ T9527] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 470.041850][ T9527] ? htable_create+0xfc/0x7a0 [ 470.041869][ T9527] ? hashlimit_pernet+0x23/0x240 [ 470.041902][ T9527] htable_create+0xfc/0x7a0 [ 470.041933][ T9527] hashlimit_mt_check_common+0x719/0xa10 [ 470.041969][ T9527] xt_check_match+0x3ce/0xab0 [ 470.042004][ T9527] ? __pfx___mutex_lock+0x10/0x10 [ 470.042036][ T9527] ? __pfx_xt_check_match+0x10/0x10 [ 470.042074][ T9527] ? pcpu_alloc_noprof+0xfdd/0x16b0 [ 470.042108][ T9527] ? xt_find_match+0x1f7/0x250 [ 470.042151][ T9527] translate_table+0x1553/0x2040 [ 470.042212][ T9527] ? __pfx_translate_table+0x10/0x10 [ 470.042249][ T9527] ? __might_fault+0xb0/0x130 [ 470.042294][ T9527] ? _copy_from_user+0x94/0xb0 [ 470.042332][ T9527] do_ip6t_set_ctl+0x970/0xce0 [ 470.042373][ T9527] ? rcu_is_watching+0x15/0xb0 [ 470.042397][ T9527] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 470.042453][ T9527] ? __pfx___mutex_lock+0x10/0x10 [ 470.042486][ T9527] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 470.042524][ T9527] ? __lock_acquire+0xab9/0xd20 [ 470.042552][ T9527] nf_setsockopt+0x26c/0x290 [ 470.042591][ T9527] rawv6_setsockopt+0x23b/0x5b0 [ 470.042619][ T9527] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 470.042644][ T9527] ? sock_common_setsockopt+0x36/0xc0 [ 470.042674][ T9527] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 470.042706][ T9527] do_sock_setsockopt+0x179/0x1b0 [ 470.042744][ T9527] __x64_sys_setsockopt+0x13f/0x1b0 [ 470.042785][ T9527] do_syscall_64+0xfa/0x3b0 [ 470.042808][ T9527] ? lockdep_hardirqs_on+0x9c/0x150 [ 470.042831][ T9527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.042853][ T9527] ? clear_bhb_loop+0x60/0xb0 [ 470.042880][ T9527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.042900][ T9527] RIP: 0033:0x7f685f38ebe9 [ 470.042921][ T9527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.042941][ T9527] RSP: 002b:00007f68601c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 470.042965][ T9527] RAX: ffffffffffffffda RBX: 00007f685f5b5fa0 RCX: 00007f685f38ebe9 [ 470.042982][ T9527] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000000 [ 470.042995][ T9527] RBP: 00007f685f411e19 R08: 00000000000005c0 R09: 0000000000000000 [ 470.043010][ T9527] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000000 [ 470.043023][ T9527] R13: 00007f685f5b6038 R14: 00007f685f5b5fa0 R15: 00007ffe0952c708 [ 470.043057][ T9527] [ 470.604146][ T9527] Mem-Info: [ 470.607463][ T9527] active_anon:3138 inactive_anon:9341 isolated_anon:0 [ 470.607463][ T9527] active_file:13668 inactive_file:39732 isolated_file:0 [ 470.607463][ T9527] unevictable:768 dirty:100 writeback:0 [ 470.607463][ T9527] slab_reclaimable:10280 slab_unreclaimable:100381 [ 470.607463][ T9527] mapped:34551 shmem:7312 pagetables:1358 [ 470.607463][ T9527] sec_pagetables:0 bounce:0 [ 470.607463][ T9527] kernel_misc_reclaimable:0 [ 470.607463][ T9527] free:1312081 free_pcp:13009 free_cma:0 [ 470.754994][ T9527] Node 0 active_anon:12552kB inactive_anon:37364kB active_file:54416kB inactive_file:158924kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138148kB dirty:400kB writeback:0kB shmem:27712kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12672kB pagetables:5300kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 470.790136][ T5929] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 470.802019][ T5929] usb 5-1: USB disconnect, device number 29 [ 470.811199][ T9527] Node 1 active_anon:0kB inactive_anon:0kB active_file:256kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 470.872727][ T9527] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 470.933820][ T9527] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 470.959501][ T9527] Node 0 DMA32 free:1329476kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12548kB inactive_anon:37520kB active_file:52644kB inactive_file:158856kB unevictable:1536kB writepending:400kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:30212kB local_pcp:8548kB free_cma:0kB [ 470.993842][ T9527] lowmem_reserve[]: 0 0 1 1 1 [ 470.998998][ T9527] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1772kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 471.030354][ T9527] lowmem_reserve[]: 0 0 0 0 0 [ 471.036049][ T9527] Node 1 Normal free:3902704kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:256kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:22436kB local_pcp:8836kB free_cma:0kB [ 471.069517][ T9527] lowmem_reserve[]: 0 0 0 0 0 [ 471.080115][ T9527] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 471.203346][ T9527] Node 0 DMA32: 691*4kB (UME) 100*8kB (UME) 166*16kB (UME) 365*32kB (UME) 227*64kB (UME) 44*128kB (UME) 31*256kB (UME) 11*512kB (M) 6*1024kB (UME) 5*2048kB (UM) 308*4096kB (M) = 1329580kB [ 471.272342][ T9527] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 471.352321][ T9527] Node 1 Normal: 196*4kB (UME) 44*8kB (UME) 50*16kB (UME) 157*32kB (UME) 37*64kB (UME) 9*128kB (UME) 2*256kB (M) 3*512kB (UM) 1*1024kB (M) 1*2048kB (U) 949*4096kB (ME) = 3902704kB [ 471.416533][ T9527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 471.444519][ T9527] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 471.481511][ T9527] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 471.508573][ T9527] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 471.535221][ T9527] 60732 total pagecache pages [ 471.556479][ T9527] 0 pages in swap cache [ 471.562521][ T9527] Free swap = 124996kB [ 471.578895][ T9527] Total swap = 124996kB [ 471.585518][ T9527] 2097051 pages RAM [ 471.599432][ T9527] 0 pages HighMem/MovableOnly [ 471.616680][ T9527] 424695 pages reserved [ 471.620899][ T9527] 0 pages cma reserved [ 471.938026][ T30] audit: type=1326 audit(1754522262.483:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9545 comm="syz.5.926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685f38ebe9 code=0x7ffc0000 [ 472.620208][ T9560] FAULT_INJECTION: forcing a failure. [ 472.620208][ T9560] name failslab, interval 1, probability 0, space 0, times 0 [ 472.673379][ T9560] CPU: 1 UID: 0 PID: 9560 Comm: syz.2.929 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 472.673411][ T9560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 472.673424][ T9560] Call Trace: [ 472.673433][ T9560] [ 472.673443][ T9560] dump_stack_lvl+0x189/0x250 [ 472.673475][ T9560] ? __pfx____ratelimit+0x10/0x10 [ 472.673500][ T9560] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.673525][ T9560] ? __pfx__printk+0x10/0x10 [ 472.673556][ T9560] ? __pfx___might_resched+0x10/0x10 [ 472.673580][ T9560] ? fs_reclaim_acquire+0x7d/0x100 [ 472.673612][ T9560] should_fail_ex+0x414/0x560 [ 472.673641][ T9560] should_failslab+0xa8/0x100 [ 472.673667][ T9560] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 472.673690][ T9560] ? dup_task_struct+0x52/0x860 [ 472.673721][ T9560] dup_task_struct+0x52/0x860 [ 472.673746][ T9560] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.673772][ T9560] copy_process+0x544/0x3b80 [ 472.673832][ T9560] ? __pfx_copy_process+0x10/0x10 [ 472.673871][ T9560] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 472.673907][ T9560] vhost_task_create+0x1c4/0x290 [ 472.674008][ T9560] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 472.674044][ T9560] ? __pfx_vhost_task_create+0x10/0x10 [ 472.674083][ T9560] ? __pfx_vhost_task_fn+0x10/0x10 [ 472.674123][ T9560] ? kasan_save_track+0x4f/0x80 [ 472.674155][ T9560] ? kasan_save_track+0x3e/0x80 [ 472.674192][ T9560] kvm_mmu_post_init_vm+0x147/0x2b0 [ 472.674219][ T9560] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 472.674256][ T9560] ? __mutex_trylock_common+0x153/0x260 [ 472.674285][ T9560] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 472.674319][ T9560] ? rcu_is_watching+0x15/0xb0 [ 472.674343][ T9560] ? look_up_lock_class+0x74/0x170 [ 472.674369][ T9560] ? register_lock_class+0x51/0x320 [ 472.674415][ T9560] ? __lock_acquire+0xab9/0xd20 [ 472.674470][ T9560] kvm_vcpu_ioctl+0x95c/0xe90 [ 472.674505][ T9560] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 472.674530][ T9560] ? __lock_acquire+0xab9/0xd20 [ 472.674555][ T9560] ? __asan_memset+0x22/0x50 [ 472.674584][ T9560] ? smack_file_ioctl+0x302/0x340 [ 472.674609][ T9560] ? __pfx_smack_file_ioctl+0x10/0x10 [ 472.674643][ T9560] ? __fget_files+0x2a/0x420 [ 472.674667][ T9560] ? __fget_files+0x3a0/0x420 [ 472.674691][ T9560] ? __fget_files+0x2a/0x420 [ 472.674719][ T9560] ? bpf_lsm_file_ioctl+0x9/0x20 [ 472.674746][ T9560] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 472.674773][ T9560] __se_sys_ioctl+0xfc/0x170 [ 472.674808][ T9560] do_syscall_64+0xfa/0x3b0 [ 472.674832][ T9560] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.674854][ T9560] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.674875][ T9560] ? clear_bhb_loop+0x60/0xb0 [ 472.674902][ T9560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.674931][ T9560] RIP: 0033:0x7f7429b8ebe9 [ 472.674950][ T9560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.674969][ T9560] RSP: 002b:00007f742a929038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 472.674992][ T9560] RAX: ffffffffffffffda RBX: 00007f7429db5fa0 RCX: 00007f7429b8ebe9 [ 472.675008][ T9560] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 472.675021][ T9560] RBP: 00007f742a929090 R08: 0000000000000000 R09: 0000000000000000 [ 472.675034][ T9560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.675047][ T9560] R13: 00007f7429db6038 R14: 00007f7429db5fa0 R15: 00007fff58a5d338 [ 472.675083][ T9560] [ 473.345653][ T9566] netlink: 'syz.2.933': attribute type 1 has an invalid length. [ 473.359231][ T9568] netlink: 8 bytes leftover after parsing attributes in process `syz.4.932'. [ 473.390148][ T9571] FAULT_INJECTION: forcing a failure. [ 473.390148][ T9571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 473.404375][ T9566] netlink: 216 bytes leftover after parsing attributes in process `syz.2.933'. [ 473.415744][ T9566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.933'. [ 473.449264][ T9571] CPU: 0 UID: 0 PID: 9571 Comm: syz.5.931 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 473.449297][ T9571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 473.449311][ T9571] Call Trace: [ 473.449320][ T9571] [ 473.449330][ T9571] dump_stack_lvl+0x189/0x250 [ 473.449361][ T9571] ? __pfx____ratelimit+0x10/0x10 [ 473.449385][ T9571] ? __pfx_dump_stack_lvl+0x10/0x10 [ 473.449409][ T9571] ? __pfx__printk+0x10/0x10 [ 473.449456][ T9571] should_fail_ex+0x414/0x560 [ 473.449484][ T9571] _copy_to_user+0x31/0xb0 [ 473.449518][ T9571] simple_read_from_buffer+0xe1/0x170 [ 473.449548][ T9571] proc_fail_nth_read+0x1df/0x250 [ 473.449578][ T9571] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 473.449607][ T9571] ? rw_verify_area+0x258/0x650 [ 473.449640][ T9571] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 473.449668][ T9571] vfs_read+0x200/0x980 [ 473.449711][ T9571] ? __pfx_vfs_read+0x10/0x10 [ 473.449748][ T9571] ? smack_file_ioctl+0x24a/0x340 [ 473.449773][ T9571] ? __pfx_smack_file_ioctl+0x10/0x10 [ 473.449806][ T9571] ksys_read+0x145/0x250 [ 473.449829][ T9571] ? __pfx_ksys_read+0x10/0x10 [ 473.449855][ T9571] ? do_syscall_64+0xbe/0x3b0 [ 473.449885][ T9571] do_syscall_64+0xfa/0x3b0 [ 473.449907][ T9571] ? lockdep_hardirqs_on+0x9c/0x150 [ 473.449931][ T9571] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.449953][ T9571] ? clear_bhb_loop+0x60/0xb0 [ 473.449979][ T9571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.450000][ T9571] RIP: 0033:0x7f685f38d5fc [ 473.450019][ T9571] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 473.450039][ T9571] RSP: 002b:00007f68601c3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 473.450061][ T9571] RAX: ffffffffffffffda RBX: 00007f685f5b5fa0 RCX: 00007f685f38d5fc [ 473.450078][ T9571] RDX: 000000000000000f RSI: 00007f68601c30a0 RDI: 0000000000000004 [ 473.450101][ T9571] RBP: 00007f68601c3090 R08: 0000000000000000 R09: 0000000000000000 [ 473.450115][ T9571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.450128][ T9571] R13: 00007f685f5b6038 R14: 00007f685f5b5fa0 R15: 00007ffe0952c708 [ 473.450163][ T9571] [ 474.010563][ T30] audit: type=1326 audit(1754522264.553:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9585 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685f38ebe9 code=0x7ffc0000 [ 474.038660][ T30] audit: type=1326 audit(1754522264.553:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9585 comm="syz.5.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f685f38ebe9 code=0x7ffc0000 [ 474.691486][ T9604] bio_check_eod: 2 callbacks suppressed [ 474.691533][ T9604] syz.5.939: attempt to access beyond end of device [ 474.691533][ T9604] nbd5: rw=0, sector=64, nr_sectors = 1 limit=0 [ 474.712160][ T9604] syz.5.939: attempt to access beyond end of device [ 474.712160][ T9604] nbd5: rw=0, sector=256, nr_sectors = 1 limit=0 [ 474.725719][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 474.737276][ T9604] syz.5.939: attempt to access beyond end of device [ 474.737276][ T9604] nbd5: rw=0, sector=512, nr_sectors = 1 limit=0 [ 474.750936][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 474.811786][ T9604] syz.5.939: attempt to access beyond end of device [ 474.811786][ T9604] nbd5: rw=0, sector=64, nr_sectors = 2 limit=0 [ 474.826642][ T9604] syz.5.939: attempt to access beyond end of device [ 474.826642][ T9604] nbd5: rw=0, sector=512, nr_sectors = 2 limit=0 [ 474.840212][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 474.851440][ T9604] syz.5.939: attempt to access beyond end of device [ 474.851440][ T9604] nbd5: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 474.865094][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 474.879161][ T9604] syz.5.939: attempt to access beyond end of device [ 474.879161][ T9604] nbd5: rw=0, sector=64, nr_sectors = 4 limit=0 [ 474.893599][ T9604] syz.5.939: attempt to access beyond end of device [ 474.893599][ T9604] nbd5: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 474.907157][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 474.917963][ T9604] syz.5.939: attempt to access beyond end of device [ 474.917963][ T9604] nbd5: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 474.931728][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 474.945263][ T9604] syz.5.939: attempt to access beyond end of device [ 474.945263][ T9604] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 474.959768][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 474.970490][ T9604] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 474.980138][ T9604] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1) [ 475.491852][ T30] audit: type=1326 audit(1754522266.033:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 475.614941][ T30] audit: type=1326 audit(1754522266.113:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 475.688579][ T9617] FAULT_INJECTION: forcing a failure. [ 475.688579][ T9617] name failslab, interval 1, probability 0, space 0, times 0 [ 475.701354][ T9617] CPU: 1 UID: 0 PID: 9617 Comm: syz.5.945 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 475.701374][ T9617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 475.701384][ T9617] Call Trace: [ 475.701391][ T9617] [ 475.701398][ T9617] dump_stack_lvl+0x189/0x250 [ 475.701420][ T9617] ? __pfx____ratelimit+0x10/0x10 [ 475.701437][ T9617] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.701454][ T9617] ? __pfx__printk+0x10/0x10 [ 475.701481][ T9617] ? ref_tracker_alloc+0x318/0x460 [ 475.701501][ T9617] should_fail_ex+0x414/0x560 [ 475.701520][ T9617] should_failslab+0xa8/0x100 [ 475.701539][ T9617] kmem_cache_alloc_noprof+0x73/0x3c0 [ 475.701554][ T9617] ? skb_clone+0x212/0x3a0 [ 475.701573][ T9617] skb_clone+0x212/0x3a0 [ 475.701591][ T9617] __netlink_deliver_tap+0x404/0x850 [ 475.701623][ T9617] ? netlink_deliver_tap+0x2e/0x1b0 [ 475.701647][ T9617] netlink_deliver_tap+0x19c/0x1b0 [ 475.701672][ T9617] netlink_unicast+0x730/0x8e0 [ 475.701701][ T9617] netlink_sendmsg+0x805/0xb30 [ 475.701731][ T9617] ? __pfx_netlink_sendmsg+0x10/0x10 [ 475.701755][ T9617] ? __lock_acquire+0xab9/0xd20 [ 475.701772][ T9617] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 475.701788][ T9617] ? __pfx_netlink_sendmsg+0x10/0x10 [ 475.701811][ T9617] __sock_sendmsg+0x21c/0x270 [ 475.701832][ T9617] sock_write_iter+0x258/0x330 [ 475.701851][ T9617] ? __pfx_sock_write_iter+0x10/0x10 [ 475.701877][ T9617] ? bpf_lsm_file_permission+0x9/0x20 [ 475.701894][ T9617] ? security_file_permission+0x75/0x290 [ 475.701931][ T9617] vfs_write+0x54b/0xa90 [ 475.701950][ T9617] ? __pfx_sock_write_iter+0x10/0x10 [ 475.701968][ T9617] ? __pfx_vfs_write+0x10/0x10 [ 475.701991][ T9617] ? __fget_files+0x2a/0x420 [ 475.702016][ T9617] ksys_write+0x145/0x250 [ 475.702033][ T9617] ? __pfx_ksys_write+0x10/0x10 [ 475.702045][ T9617] ? rcu_is_watching+0x15/0xb0 [ 475.702079][ T9617] ? do_syscall_64+0xbe/0x3b0 [ 475.702106][ T9617] do_syscall_64+0xfa/0x3b0 [ 475.702129][ T9617] ? lockdep_hardirqs_on+0x9c/0x150 [ 475.702151][ T9617] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.702171][ T9617] ? clear_bhb_loop+0x60/0xb0 [ 475.702198][ T9617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.702220][ T9617] RIP: 0033:0x7f685f38ebe9 [ 475.702240][ T9617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.702259][ T9617] RSP: 002b:00007f68601c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 475.702283][ T9617] RAX: ffffffffffffffda RBX: 00007f685f5b5fa0 RCX: 00007f685f38ebe9 [ 475.702296][ T9617] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000008 [ 475.702306][ T9617] RBP: 00007f68601c3090 R08: 0000000000000000 R09: 0000000000000000 [ 475.702316][ T9617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.702325][ T9617] R13: 00007f685f5b6038 R14: 00007f685f5b5fa0 R15: 00007ffe0952c708 [ 475.702350][ T9617] [ 476.123498][ T9619] macvlan3: entered promiscuous mode [ 476.414492][ T9617] netlink: 4 bytes leftover after parsing attributes in process `syz.5.945'. [ 476.423460][ T9617] bridge_slave_1: left allmulticast mode [ 476.429120][ T9617] bridge_slave_1: left promiscuous mode [ 476.435191][ T9617] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.449597][ T30] audit: type=1326 audit(1754522266.223:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 476.472135][ T30] audit: type=1326 audit(1754522266.223:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 476.559232][ T30] audit: type=1326 audit(1754522266.223:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 476.585610][ T30] audit: type=1326 audit(1754522266.223:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 476.609832][ T30] audit: type=1326 audit(1754522266.223:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9612 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15718ebe9 code=0x7ffc0000 [ 476.646988][ T9617] bridge_slave_0: left allmulticast mode [ 476.654638][ T9617] bridge_slave_0: left promiscuous mode [ 476.660410][ T9617] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.702616][ T9624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.947'. [ 476.852217][ T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 476.973222][ T9624] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 476.980994][ T9624] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 477.044177][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 477.070123][ T9] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=d3.06 [ 477.161751][ T9630] netlink: 12 bytes leftover after parsing attributes in process `syz.2.947'. [ 477.481545][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 477.772165][ T9] usb 5-1: Product: syz [ 477.776417][ T9] usb 5-1: Manufacturer: syz [ 477.781070][ T9] usb 5-1: SerialNumber: syz [ 477.859506][ T9] r8152-cfgselector 5-1: Unknown version 0x0000 [ 478.083024][ T9] r8152-cfgselector 5-1: config 0 descriptor?? [ 478.497847][ T9621] netlink: 24 bytes leftover after parsing attributes in process `syz.4.946'. [ 478.497895][ T9621] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 478.530974][ T9644] binder: BC_ATTEMPT_ACQUIRE not supported [ 478.530998][ T9644] binder: 9641:9644 ioctl c0306201 2000000001c0 returned -22 [ 478.721139][ T7193] r8152-cfgselector 5-1: USB disconnect, device number 30 [ 478.772605][ T924] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 478.824811][ T9650] FAULT_INJECTION: forcing a failure. [ 478.824811][ T9650] name failslab, interval 1, probability 0, space 0, times 0 [ 478.900245][ T9650] CPU: 1 UID: 0 PID: 9650 Comm: syz.2.951 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 478.900275][ T9650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.900289][ T9650] Call Trace: [ 478.900296][ T9650] [ 478.900306][ T9650] dump_stack_lvl+0x189/0x250 [ 478.900341][ T9650] ? __pfx____ratelimit+0x10/0x10 [ 478.900365][ T9650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 478.900389][ T9650] ? __pfx__printk+0x10/0x10 [ 478.900420][ T9650] ? __pfx___might_resched+0x10/0x10 [ 478.900442][ T9650] ? fs_reclaim_acquire+0x7d/0x100 [ 478.900474][ T9650] should_fail_ex+0x414/0x560 [ 478.900502][ T9650] should_failslab+0xa8/0x100 [ 478.900528][ T9650] __kmalloc_noprof+0xcb/0x4f0 [ 478.900547][ T9650] ? tomoyo_encode+0x28b/0x550 [ 478.900579][ T9650] tomoyo_encode+0x28b/0x550 [ 478.900615][ T9650] tomoyo_realpath_from_path+0x58d/0x5d0 [ 478.900646][ T9650] ? tomoyo_domain+0xda/0x130 [ 478.900685][ T9650] tomoyo_path_perm+0x213/0x4b0 [ 478.900709][ T9650] ? tomoyo_path_perm+0x1e3/0x4b0 [ 478.900731][ T9650] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 478.900803][ T9650] ? __might_fault+0xb0/0x130 [ 478.900837][ T9650] security_inode_getattr+0x12f/0x330 [ 478.900862][ T9650] vfs_statx+0x18e/0x550 [ 478.900895][ T9650] ? __pfx_vfs_statx+0x10/0x10 [ 478.900922][ T9650] ? getname_flags+0x1e5/0x540 [ 478.900958][ T9650] vfs_fstatat+0x118/0x170 [ 478.900987][ T9650] __x64_sys_newfstatat+0x116/0x190 [ 478.901020][ T9650] ? __pfx___x64_sys_newfstatat+0x10/0x10 [ 478.901073][ T9650] ? __pfx_ksys_write+0x10/0x10 [ 478.901100][ T9650] ? do_syscall_64+0xbe/0x3b0 [ 478.901130][ T9650] do_syscall_64+0xfa/0x3b0 [ 478.901152][ T9650] ? lockdep_hardirqs_on+0x9c/0x150 [ 478.901176][ T9650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.901198][ T9650] ? clear_bhb_loop+0x60/0xb0 [ 478.901225][ T9650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.901247][ T9650] RIP: 0033:0x7f7429b8ebe9 [ 478.901266][ T9650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.901285][ T9650] RSP: 002b:00007f7427df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 478.901308][ T9650] RAX: ffffffffffffffda RBX: 00007f7429db6090 RCX: 00007f7429b8ebe9 [ 478.901325][ T9650] RDX: 0000200000000dc0 RSI: 0000200000000d80 RDI: ffffffffffffff9c [ 478.901340][ T9650] RBP: 00007f7427df6090 R08: 0000000000000000 R09: 0000000000000000 [ 478.901355][ T9650] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 478.901368][ T9650] R13: 00007f7429db6128 R14: 00007f7429db6090 R15: 00007fff58a5d338 [ 478.901403][ T9650] [ 478.901425][ T9650] ERROR: Out of memory at tomoyo_realpath_from_path. [ 479.221101][ T924] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 479.231847][ T924] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 479.246644][ T924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 479.258890][ T924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 479.287405][ T9658] netlink: 'syz.0.953': attribute type 8 has an invalid length. [ 479.343926][ T924] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 479.405491][ T924] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 479.445302][ T924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 479.480616][ T924] usb 2-1: Product: syz [ 479.531271][ T924] usb 2-1: Manufacturer: syz [ 479.592795][ T924] usb 2-1: SerialNumber: syz [ 479.621097][ T924] usb 2-1: config 0 descriptor?? [ 479.861927][ T924] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 479.892922][ T924] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 479.989800][ T9673] overlayfs: failed to resolve './file0': -2 [ 480.065397][ T924] radio-si470x 2-1:0.0: software version 0, hardware version 0 [ 480.076808][ T924] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 480.103551][ T924] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 480.265417][ T924] radio-si470x 2-1:0.0: submitting int urb failed (-90) [ 480.313506][ T9680] netlink: 8 bytes leftover after parsing attributes in process `syz.5.959'. [ 480.329167][ T9682] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.958'. [ 480.678854][ T9689] netlink: zone id is out of range [ 480.687213][ T9689] netlink: zone id is out of range [ 480.692707][ T9689] netlink: zone id is out of range [ 480.697980][ T9689] netlink: zone id is out of range [ 480.703805][ T9689] netlink: zone id is out of range [ 480.709155][ T9689] netlink: zone id is out of range [ 480.714622][ T9689] netlink: zone id is out of range [ 480.820395][ T9688] netlink: 32 bytes leftover after parsing attributes in process `syz.4.961'. [ 481.695109][ T9693] netlink: 20 bytes leftover after parsing attributes in process `syz.5.962'. [ 481.713821][ T9693] netlink: 'syz.5.962': attribute type 1 has an invalid length. [ 482.071122][ T924] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 482.194324][ T9705] bio_check_eod: 2 callbacks suppressed [ 482.194367][ T9705] syz.4.965: attempt to access beyond end of device [ 482.194367][ T9705] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0 [ 482.214838][ T9705] syz.4.965: attempt to access beyond end of device [ 482.214838][ T9705] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0 [ 482.228238][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 482.239432][ T9705] syz.4.965: attempt to access beyond end of device [ 482.239432][ T9705] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0 [ 482.252941][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 482.268628][ T9705] syz.4.965: attempt to access beyond end of device [ 482.268628][ T9705] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 482.283110][ T9705] syz.4.965: attempt to access beyond end of device [ 482.283110][ T9705] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 482.296577][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 482.346468][ T9705] syz.4.965: attempt to access beyond end of device [ 482.346468][ T9705] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 482.360303][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 482.374759][ T9705] syz.4.965: attempt to access beyond end of device [ 482.374759][ T9705] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 482.389065][ T9705] syz.4.965: attempt to access beyond end of device [ 482.389065][ T9705] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 482.402737][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 482.413510][ T9705] syz.4.965: attempt to access beyond end of device [ 482.413510][ T9705] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 482.427052][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 482.440492][ T9705] syz.4.965: attempt to access beyond end of device [ 482.440492][ T9705] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 482.454950][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 482.469088][ T9705] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 482.478726][ T9705] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1) [ 482.850184][ T924] usb 2-1: USB disconnect, device number 23 [ 483.094204][ T9702] bond0: Unable to set down delay as MII monitoring is disabled [ 484.355485][ T9725] netlink: 28 bytes leftover after parsing attributes in process `syz.5.971'. [ 484.369831][ T9725] netlink: 'syz.5.971': attribute type 7 has an invalid length. [ 484.378750][ T9725] netlink: 'syz.5.971': attribute type 8 has an invalid length. [ 484.386569][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.5.971'. [ 484.463648][ T9727] fuse: Bad value for 'fd' [ 485.074376][ T9725] erspan0: entered promiscuous mode [ 485.087926][ T9725] batadv_slave_1: entered promiscuous mode [ 485.448198][ T9735] netlink: 'syz.0.972': attribute type 1 has an invalid length. [ 485.456016][ T9735] netlink: 'syz.0.972': attribute type 4 has an invalid length. [ 485.464209][ T9735] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.972'. [ 485.487429][ T9737] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.974'. [ 485.511656][ T924] libceph: connect (1)[c::]:6789 error -101 [ 485.527002][ T9735] ceph: No mds server is up or the cluster is laggy [ 485.567758][ T924] libceph: mon0 (1)[c::]:6789 connect error [ 485.685692][ T9747] net_ratelimit: 116 callbacks suppressed [ 485.685816][ T9747] netlink: zone id is out of range [ 485.697793][ T9747] netlink: zone id is out of range [ 485.703669][ T9747] netlink: zone id is out of range [ 485.709147][ T9747] netlink: zone id is out of range [ 485.714620][ T9747] netlink: zone id is out of range [ 485.720054][ T9747] netlink: zone id is out of range [ 485.725658][ T9747] netlink: zone id is out of range [ 485.731071][ T9747] netlink: zone id is out of range [ 485.737858][ T9747] netlink: zone id is out of range [ 485.745246][ T9747] netlink: zone id is out of range [ 485.892223][ T5911] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 486.052256][ T5911] usb 2-1: Using ep0 maxpacket: 32 [ 486.072007][ T5911] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 486.127480][ T5911] usb 2-1: config 0 has no interface number 0 [ 486.165663][ T5911] usb 2-1: config 0 interface 184 has no altsetting 0 [ 486.204764][ T5911] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 486.243726][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.262727][ T5911] usb 2-1: Product: syz [ 486.268334][ T5911] usb 2-1: Manufacturer: syz [ 486.274490][ T5911] usb 2-1: SerialNumber: syz [ 486.282976][ T5911] usb 2-1: config 0 descriptor?? [ 486.303360][ T5911] smsc75xx v1.0.0 [ 486.599709][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 486.601158][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 486.607419][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 486.608428][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 486.612204][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 486.612952][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 486.615955][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 486.616718][ T9761] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 486.616796][ T9761] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 487.653874][ T9745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.654323][ T9745] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.655292][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 487.655324][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 487.898525][ T9775] bond0: Unable to set down delay as MII monitoring is disabled [ 487.915628][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 487.915660][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 487.915681][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 487.915706][ T5911] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 487.915949][ T5911] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32 [ 488.878251][ T9776] netlink: 'syz.4.980': attribute type 4 has an invalid length. [ 488.884475][ T9776] veth1_macvtap: left promiscuous mode [ 489.121444][ T924] usb 2-1: USB disconnect, device number 24 [ 489.362298][ T9784] macvlan4: entered promiscuous mode [ 489.699658][ T9785] netlink: 24 bytes leftover after parsing attributes in process `syz.0.984'. [ 489.829492][ T9789] binfmt_misc: register: failed to install interpreter file ./file0 [ 490.687961][ T9790] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 491.300362][ T9801] netlink: 'syz.0.988': attribute type 1 has an invalid length. [ 491.300501][ T9801] netlink: 'syz.0.988': attribute type 4 has an invalid length. [ 491.300590][ T9801] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.988'. [ 491.523327][ T9801] ceph: No mds server is up or the cluster is laggy [ 491.639251][ T5828] libceph: connect (1)[c::]:6789 error -101 [ 491.639435][ T5828] libceph: mon0 (1)[c::]:6789 connect error [ 491.840649][ T9802] tty tty1: ldisc open failed (-12), clearing slot 0 [ 494.900016][ T9868] random: crng reseeded on system resumption [ 495.406800][ T9873] ------------[ cut here ]------------ [ 495.412923][ T9873] WARNING: CPU: 0 PID: 9873 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 495.423613][ T9873] Modules linked in: [ 495.428787][ T9873] CPU: 0 UID: 0 PID: 9873 Comm: syz.4.1008 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 495.439208][ T9873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 495.449390][ T9873] RIP: 0010:folio_memcg+0x1a8/0x310 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 495.454726][ T9873] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 495.474526][ T9873] RSP: 0018:ffffc900038ff250 EFLAGS: 00010287 [ 495.480659][ T9873] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 495.488932][ T9873] RDX: ffffc9000c6db000 RSI: 000000000001248a RDI: 000000000001248b [ 495.497049][ T9873] RBP: 0000000000000000 R08: ffffea0001611ec7 R09: 1ffffd40002c23d8 [ 495.505332][ T9873] R10: dffffc0000000000 R11: fffff940002c23d9 R12: ffffea0001611ef0 [ 495.513445][ T9873] R13: dffffc0000000000 R14: ffff88803307ad00 R15: 0000000000000002 [ 495.521476][ T9873] FS: 00007f7ad27bd6c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 495.531276][ T9873] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 495.538408][ T9873] CR2: 0000000000000000 CR3: 000000006575c000 CR4: 00000000003526f0 [ 495.546675][ T9873] Call Trace: [ 495.550011][ T9873] [ 495.553045][ T9873] workingset_activation+0x5f/0x4a0 [ 495.558313][ T9873] ? folio_mark_accessed+0x361/0x4a0 [ 495.563730][ T9873] folio_mark_accessed+0x3b5/0x4a0 [ 495.568921][ T9873] kvm_release_page_dirty+0xa2/0xf0 [ 495.574237][ T9873] kvm_tdp_page_fault+0x2dd/0x370 [ 495.579897][ T9873] kvm_mmu_do_page_fault+0x2c5/0x640 [ 495.585312][ T9873] ? vmx_vcpu_run+0xd8b/0x25d0 [ 495.590144][ T9873] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 495.596336][ T9873] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 495.601970][ T9873] ? __pfx_current_save_fsgs+0x10/0x10 [ 495.607561][ T9873] kvm_mmu_page_fault+0x22f/0xb70 [ 495.612714][ T9873] ? __pfx_handle_ept_violation+0x10/0x10 [ 495.618500][ T9873] vmx_handle_exit+0x1090/0x18a0 [ 495.623615][ T9873] ? vcpu_run+0x361c/0x6f70 [ 495.628197][ T9873] vcpu_run+0x432e/0x6f70 [ 495.635238][ T9873] ? vcpu_run+0x361c/0x6f70 [ 495.639882][ T9873] ? __pfx_vcpu_run+0x10/0x10 [ 495.645245][ T9873] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 495.651062][ T9873] ? rcu_is_watching+0x15/0xb0 [ 495.655999][ T9873] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 495.661671][ T9873] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 495.667522][ T9873] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 495.673638][ T9873] ? rcu_is_watching+0x15/0xb0 [ 495.678453][ T9873] ? look_up_lock_class+0x74/0x170 [ 495.683684][ T9873] ? register_lock_class+0x51/0x320 [ 495.688960][ T9873] ? __lock_acquire+0xab9/0xd20 [ 495.693945][ T9873] kvm_vcpu_ioctl+0x95c/0xe90 [ 495.698696][ T9873] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 495.703997][ T9873] ? __lock_acquire+0xab9/0xd20 [ 495.708917][ T9873] ? __asan_memset+0x22/0x50 [ 495.714188][ T9873] ? smack_file_ioctl+0x302/0x340 [ 495.719294][ T9873] ? __pfx_smack_file_ioctl+0x10/0x10 [ 495.724808][ T9873] ? __fget_files+0x2a/0x420 [ 495.729458][ T9873] ? __fget_files+0x3a0/0x420 [ 495.734956][ T9873] ? __fget_files+0x2a/0x420 [ 495.739607][ T9873] ? bpf_lsm_file_ioctl+0x9/0x20 [ 495.745157][ T9873] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 495.750434][ T9873] __se_sys_ioctl+0xfc/0x170 [ 495.755167][ T9873] do_syscall_64+0xfa/0x3b0 [ 495.759732][ T9873] ? lockdep_hardirqs_on+0x9c/0x150 [ 495.765029][ T9873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.771145][ T9873] ? clear_bhb_loop+0x60/0xb0 [ 495.775945][ T9873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.781887][ T9873] RIP: 0033:0x7f7ad198ebe9 [ 495.786445][ T9873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 495.806487][ T9873] RSP: 002b:00007f7ad27bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 495.815016][ T9873] RAX: ffffffffffffffda RBX: 00007f7ad1bb5fa0 RCX: 00007f7ad198ebe9 [ 495.823202][ T9873] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 495.831231][ T9873] RBP: 00007f7ad1a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 495.840161][ T9873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 495.848659][ T9873] R13: 00007f7ad1bb6038 R14: 00007f7ad1bb5fa0 R15: 00007ffe6fc31b18 [ 495.856773][ T9873] [ 495.859853][ T9873] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 495.867177][ T9873] CPU: 0 UID: 0 PID: 9873 Comm: syz.4.1008 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 495.877131][ T9873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 495.887209][ T9873] Call Trace: [ 495.890596][ T9873] [ 495.893548][ T9873] dump_stack_lvl+0x99/0x250 [ 495.898186][ T9873] ? __asan_memcpy+0x40/0x70 [ 495.902809][ T9873] ? __pfx_dump_stack_lvl+0x10/0x10 [ 495.908032][ T9873] ? __pfx__printk+0x10/0x10 [ 495.912667][ T9873] panic+0x2db/0x790 [ 495.916588][ T9873] ? __pfx_panic+0x10/0x10 [ 495.921128][ T9873] __warn+0x31b/0x4b0 [ 495.925148][ T9873] ? folio_memcg+0x1a8/0x310 [ 495.929770][ T9873] ? folio_memcg+0x1a8/0x310 [ 495.934383][ T9873] report_bug+0x2be/0x4f0 [ 495.938742][ T9873] ? folio_memcg+0x1a8/0x310 [ 495.943356][ T9873] ? folio_memcg+0x1a8/0x310 [ 495.947967][ T9873] ? folio_memcg+0x1aa/0x310 [ 495.952607][ T9873] handle_bug+0x84/0x160 [ 495.956900][ T9873] exc_invalid_op+0x1a/0x50 [ 495.961449][ T9873] asm_exc_invalid_op+0x1a/0x20 [ 495.966342][ T9873] RIP: 0010:folio_memcg+0x1a8/0x310 [ 495.971777][ T9873] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 495.991440][ T9873] RSP: 0018:ffffc900038ff250 EFLAGS: 00010287 [ 495.997552][ T9873] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 496.005559][ T9873] RDX: ffffc9000c6db000 RSI: 000000000001248a RDI: 000000000001248b [ 496.013560][ T9873] RBP: 0000000000000000 R08: ffffea0001611ec7 R09: 1ffffd40002c23d8 [ 496.021558][ T9873] R10: dffffc0000000000 R11: fffff940002c23d9 R12: ffffea0001611ef0 [ 496.029561][ T9873] R13: dffffc0000000000 R14: ffff88803307ad00 R15: 0000000000000002 [ 496.037686][ T9873] ? folio_memcg+0x1a7/0x310 [ 496.042339][ T9873] workingset_activation+0x5f/0x4a0 [ 496.047586][ T9873] ? folio_mark_accessed+0x361/0x4a0 [ 496.052924][ T9873] folio_mark_accessed+0x3b5/0x4a0 [ 496.058085][ T9873] kvm_release_page_dirty+0xa2/0xf0 [ 496.063350][ T9873] kvm_tdp_page_fault+0x2dd/0x370 [ 496.068510][ T9873] kvm_mmu_do_page_fault+0x2c5/0x640 [ 496.073835][ T9873] ? vmx_vcpu_run+0xd8b/0x25d0 [ 496.078636][ T9873] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 496.084522][ T9873] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 496.090111][ T9873] ? __pfx_current_save_fsgs+0x10/0x10 [ 496.095613][ T9873] kvm_mmu_page_fault+0x22f/0xb70 [ 496.100679][ T9873] ? __pfx_handle_ept_violation+0x10/0x10 [ 496.106435][ T9873] vmx_handle_exit+0x1090/0x18a0 [ 496.111413][ T9873] ? vcpu_run+0x361c/0x6f70 [ 496.115962][ T9873] vcpu_run+0x432e/0x6f70 [ 496.120347][ T9873] ? vcpu_run+0x361c/0x6f70 [ 496.124941][ T9873] ? __pfx_vcpu_run+0x10/0x10 [ 496.129656][ T9873] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 496.135435][ T9873] ? rcu_is_watching+0x15/0xb0 [ 496.140233][ T9873] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 496.145826][ T9873] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 496.151613][ T9873] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 496.157656][ T9873] ? rcu_is_watching+0x15/0xb0 [ 496.162505][ T9873] ? look_up_lock_class+0x74/0x170 [ 496.167671][ T9873] ? register_lock_class+0x51/0x320 [ 496.172917][ T9873] ? __lock_acquire+0xab9/0xd20 [ 496.177832][ T9873] kvm_vcpu_ioctl+0x95c/0xe90 [ 496.182552][ T9873] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 496.187818][ T9873] ? __lock_acquire+0xab9/0xd20 [ 496.192715][ T9873] ? __asan_memset+0x22/0x50 [ 496.197439][ T9873] ? smack_file_ioctl+0x302/0x340 [ 496.202498][ T9873] ? __pfx_smack_file_ioctl+0x10/0x10 [ 496.207904][ T9873] ? __fget_files+0x2a/0x420 [ 496.212528][ T9873] ? __fget_files+0x3a0/0x420 [ 496.217239][ T9873] ? __fget_files+0x2a/0x420 [ 496.221948][ T9873] ? bpf_lsm_file_ioctl+0x9/0x20 [ 496.226918][ T9873] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 496.232234][ T9873] __se_sys_ioctl+0xfc/0x170 [ 496.236865][ T9873] do_syscall_64+0xfa/0x3b0 [ 496.241406][ T9873] ? lockdep_hardirqs_on+0x9c/0x150 [ 496.246640][ T9873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.252744][ T9873] ? clear_bhb_loop+0x60/0xb0 [ 496.257456][ T9873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.263385][ T9873] RIP: 0033:0x7f7ad198ebe9 [ 496.267941][ T9873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.287682][ T9873] RSP: 002b:00007f7ad27bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 496.296480][ T9873] RAX: ffffffffffffffda RBX: 00007f7ad1bb5fa0 RCX: 00007f7ad198ebe9 [ 496.304477][ T9873] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 496.312474][ T9873] RBP: 00007f7ad1a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 496.320467][ T9873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 496.328455][ T9873] R13: 00007f7ad1bb6038 R14: 00007f7ad1bb5fa0 R15: 00007ffe6fc31b18 [ 496.336764][ T9873] [ 496.340078][ T9873] Kernel Offset: disabled [ 496.344450][ T9873] Rebooting in 86400 seconds..