last executing test programs: 12.982262073s ago: executing program 0 (id=1461): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000006880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010083000000fddbdf256600000008000300", @ANYRES32=r2, @ANYBLOB="08002600a80900000800d861f8e05e9f00060000008000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 12.722077383s ago: executing program 0 (id=1463): bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018200000000000003400000034000000060000000400000000000d00000904000000000000000000800400000000000000000000000800000000000000006100"/82], 0x0, 0x52}, 0x20) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x2}], 0x1, 0x24d86c8c) mount$binderfs(0x0, 0x0, 0x0, 0x20, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x600, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xd) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef) 11.429464093s ago: executing program 0 (id=1469): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x4, {{0x41}, 0x2}}, 0x10) bind$tipc(r0, &(0x7f0000000180)=@name={0x1e, 0x2, 0x1, {{0x43, 0x3}, 0x2}}, 0x10) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0xa, 0x400000) sendmmsg$inet6(r2, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_smc(0x2b, 0x1, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_usb_disconnect(r1) syz_usb_connect(0x4, 0x24, 0x0, 0x0) 11.160238096s ago: executing program 4 (id=1470): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x9010, 0x100, 0x4, 0x165}, &(0x7f0000000000), &(0x7f0000000280)) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) 10.881805736s ago: executing program 2 (id=1472): r0 = syz_open_dev$vim2m(&(0x7f0000000300), 0x61, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000280)={0xe7, 0x50323234, 0x3, @stepwise={0x0, 0x0, 0x13, 0x400, 0x8, 0x2}}) 10.684276351s ago: executing program 2 (id=1474): socket$inet_mptcp(0x2, 0x1, 0x106) memfd_create(&(0x7f0000000300)='+\x8a\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfp\xe3k\xd8?\xd9OeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x00'/392, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ni\x00'}, 0xffffffffffffffbd) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x101, 0x0, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) 9.524932815s ago: executing program 2 (id=1476): r0 = openat$ocfs2_control(0xffffff9c, &(0x7f00000001c0), 0x8000, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0xad3394dc192dae8b, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) io_uring_enter(0xffffffffffffffff, 0x0, 0xc6b6, 0x9, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001000000", @ANYRES32, @ANYBLOB="080000001221b9220000000400000000000000108bde3946d50000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000001001000001"], 0x10}, 0x8000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f) r6 = socket$inet6(0xa, 0x80002, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80882, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close(r0) 7.919359899s ago: executing program 1 (id=1479): bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018200000000000003400000034000000060000000400000000000d00000904000000000000000000800400000000000000000000000800000000000000006100"/82], 0x0, 0x52}, 0x20) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x2}], 0x1, 0x24d86c8c) mount$binderfs(0x0, 0x0, 0x0, 0x20, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x600, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xd) r2 = dup(0xffffffffffffffff) write$UHID_INPUT(r2, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef) 6.416265665s ago: executing program 1 (id=1480): bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a34000000090a010400000000000000000a000004090001e072797a3100000000080005400000002b0900020073797a3100000000140000001100010000000000000000000100000a"], 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, 0x0, 0x0) r2 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) r4 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_vif\x00') r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000940)=@bpf_tracing={0x1a, 0x0, 0x0, &(0x7f0000000540)='GPL\x00', 0x6, 0x34, &(0x7f0000000580)=""/52, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0xe6a2, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000008c0), 0x10, 0x4}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="182120a6fd1835400a9841020000010000000000000003000000180000", @ANYRES16=r2, @ANYRESDEC=r1, @ANYRES32=r6], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0xe, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2c62b2b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50) ioctl$AUTOFS_DEV_IOCTL_FAIL(r5, 0xc0189377, &(0x7f0000000340)={{0x1, 0x1, 0x18, r5, {0x30000, 0x2}}, './file0\x00'}) pread64(r5, &(0x7f0000000140)=""/100, 0x64, 0x200) 6.090006765s ago: executing program 4 (id=1482): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18) open(&(0x7f0000000580)='./file0\x00', 0x181242, 0x1df2a23c5997fa5f) 5.272261038s ago: executing program 3 (id=1483): openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) removexattr(0x0, &(0x7f0000000240)=@known='user.incfs.metadata\x00') sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x1, 0x0, 0x3ff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x7e0}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x1, 0x5, 0x9}}, 0x28) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64030101}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x1a}, {0xbd1, 0x0, 0x40000003, 0x0, 0xb41}, {0x81, 0x2, 0x4}, 0x1fffffe, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x2, @in=@local, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0x11c) 4.551088122s ago: executing program 4 (id=1484): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000340)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000300), r2, 0x0, 0x2, 0x4}}, 0x20) 4.461315212s ago: executing program 3 (id=1485): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) writev(r0, &(0x7f0000000700)=[{&(0x7f0000000280)="00b39bb245016234", 0x8}, {&(0x7f0000000180)='Z', 0x1}], 0x2) 4.315358111s ago: executing program 1 (id=1486): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001040)={'wlan1\x00'}) 4.315001284s ago: executing program 4 (id=1487): socket(0x18, 0x0, 0xf9a) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f0000000080)=0x4, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040)="4dc07f9471633078", 0x8) r4 = accept4(r3, 0x0, 0x0, 0x80000) r5 = dup(r4) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {&(0x7f0000000100)="d5", 0x1}], 0x2}}], 0x1, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4138ae84, &(0x7f0000000240)=@x86={0x0, 0x2, 0x84, 0x0, 0x1, 0x5, 0x3, 0x4, 0x80, 0x10, 0x3, 0xbe, 0x0, 0x7f, 0x4, 0xf0, 0xd5, 0x8, 0x6, '\x00', 0xc, 0x21}) ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f0000000e40)={0x2, 0x0, @ioapic={0x1000, 0xffffffff, 0x40, 0x4, 0x0, [{0x1, 0x85, 0x8, '\x00', 0x6}, {0xb, 0x0, 0x0, '\x00', 0xa}, {0x6c, 0x8, 0x6, '\x00', 0xff}, {0xf2, 0x8, 0x10, '\x00', 0x9}, {0x9, 0x1, 0x3, '\x00', 0xb}, {0x2, 0xff, 0x9, '\x00', 0x1}, {0xf0, 0x3, 0xf7, '\x00', 0xf3}, {0x0, 0xa, 0x40, '\x00', 0x3}, {0x80, 0x74, 0x3, '\x00', 0xd}, {0xe7, 0xfe, 0xfe, '\x00', 0xf}, {0xbe, 0x1, 0x4, '\x00', 0x2}, {0x8, 0x5, 0xf, '\x00', 0x7f}, {0xa6, 0x0, 0xd, '\x00', 0x18}, {0x15, 0x8, 0x0, '\x00', 0x6}, {0x4, 0x4d, 0x9, '\x00', 0x1}, {0x9, 0xa, 0x9, '\x00', 0x2}, {0x5, 0x8, 0x81, '\x00', 0x3}, {0x7, 0x7, 0x90, '\x00', 0xfe}, {0xfd, 0x0, 0x5, '\x00', 0x7f}, {0xfd, 0x3, 0xe2, '\x00', 0x2}, {0x0, 0x2, 0x7, '\x00', 0x6}, {0x0, 0xfe, 0xfd, '\x00', 0x9}, {0xe, 0x11, 0x2, '\x00', 0xfd}, {0xd, 0x9, 0x8e, '\x00', 0x8}]}}) 4.060451342s ago: executing program 3 (id=1488): ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000140)={'multiq3\x00', [0x7, 0x2566, 0xfffffffe, 0x6, 0x15d, 0x0, 0x5, 0x10, 0x1002, 0xffffffff, 0x101, 0x5d, 0x344, 0x1ff, 0x4, 0x0, 0x4, 0x8, 0x9, 0xa, 0x100, 0x1005, 0x7, 0x5, 0x2, 0x3, 0xb0c4, 0x7df, 0x6, 0x400007, 0xffffffff]}) 4.012240693s ago: executing program 1 (id=1489): r0 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) syz_open_procfs(r0, &(0x7f0000000040)='attr/exec\x00') 3.682551409s ago: executing program 3 (id=1490): openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) removexattr(0x0, &(0x7f0000000240)=@known='user.incfs.metadata\x00') sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x1, 0x0, 0x3ff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x7e0}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x1, 0x5, 0x9}}, 0x28) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64030101}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x1a}, {0xbd1, 0x0, 0x40000003, 0x0, 0xb41}, {0x81, 0x2, 0x4}, 0x1fffffe, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x2, @in=@local, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0x11c) 2.548363027s ago: executing program 1 (id=1491): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0) ioctl$TCSETS(r0, 0x80044704, &(0x7f0000000040)={0x0, 0x6, 0x9, 0x3f, 0x1a, "3eccef5569e209000000000000000e4100"}) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200) ioctl$NBD_SET_SOCK(r4, 0xab00, 0xffffffffffffffff) r5 = dup3(r4, r1, 0x80000) ioctl$NBD_DO_IT(r5, 0xab03) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r3, 0x1, 0x70bd2b, 0x6, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) 2.437408767s ago: executing program 2 (id=1492): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x28, 0x2d, 0x9, 0x70bd27, 0x0, {0x5}, [@typed={0x14, 0xa, 0x0, 0x0, @ipv6=@loopback={0x200000000000000}}]}, 0x28}}, 0x84) 2.393872922s ago: executing program 3 (id=1493): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x40000, 0x6) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4004ae52, &(0x7f0000000140)=0x1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r1 = epoll_create(0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x11}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000bc0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff024}, {0x28}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r6, &(0x7f0000001c00), 0x400000000000159, 0x40840) epoll_pwait2(r1, &(0x7f00000029c0)=[{}], 0x1, &(0x7f0000002a00), 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r8, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x268, 0x1, 0x5, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [{{0x254, 0x1, {{0x1, 0x1}, 0x9, 0xf9, 0x2, 0x4, 0x10, 'syz1\x00', "dbd5ecd43987107ad9e65b4dc8aa9e22ee8ea4deba76028a5b9ce1a51d9e2f0a", "643a7b0414f8709a0d5844b4270d9520212f0653496b4239dbddf8d11a78e5dd", [{0x7, 0x200, {0x3, 0x3}}, {0xff, 0xfff9, {0x3, 0x2}}, {0x10, 0x9, {0x1, 0x8}}, {0x8, 0x0, {0x3, 0x2}}, {0x2, 0x8, {0x2, 0x7}}, {0x0, 0x1652, {0x1, 0x4}}, {0x9, 0xfffa, {0x2, 0x5}}, {0x2, 0x6, {0x2, 0x80000001}}, {0xa, 0x9, {0x0, 0x7}}, {0xf890, 0x0, {0x2, 0x1}}, {0x5, 0x4, {0x3, 0x80000001}}, {0x5, 0x5, {0x2, 0xfffffe01}}, {0xd7, 0xfff9, {0x0, 0x1}}, {0x2, 0xf62b, {0x3, 0x144}}, {0x0, 0x83c, {0x2, 0x3}}, {0x1000, 0x8, {0x2, 0x7}}, {0x800, 0x9, {0x2, 0x10000}}, {0x4, 0x2, {0x1, 0x1}}, {0x1, 0x1, {0x0, 0x3ff}}, {0x6, 0x5, {0x0, 0x20}}, {0xb, 0x0, {0x2, 0x1}}, {0x1ff, 0x5, {0x3, 0x40}}, {0x1, 0x800, {0x3, 0xffffffff}}, {0xb50, 0xff0a, {0x3, 0x4}}, {0x6df, 0x621, {0x3, 0x6}}, {0x9, 0x9, {0x1, 0x3}}, {0x927, 0x3, {0x0, 0x9}}, {0x7, 0x2, {0x0, 0x6}}, {0x2, 0x5, {0x2, 0x5}}, {0x5, 0x2972, {0x0, 0xffffffff}}, {0x3, 0x5, {0x1, 0x3}}, {0xd, 0x5, {0x0, 0x2}}, {0x4, 0xc, {0x0, 0x5}}, {0x87, 0x2, {0x2, 0x5}}, {0x7, 0x9553, {0x2, 0x5}}, {0xf, 0x12, {0x0, 0x7}}, {0x0, 0x8d, {0x3, 0x4}}, {0x6, 0x6, {0x1, 0xd0bb}}, {0xf, 0x6, {0x1, 0x74}}, {0x40, 0x2, {0x3, 0x7}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x4}, 0x4000) 2.313611724s ago: executing program 0 (id=1494): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x7c}}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b"]) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fccbdf250900000005000700020000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x24084001}, 0x0) r6 = dup(r1) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r7) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, 0x3, 0x6, 0x5}, 0x14}}, 0x20000090) write$UHID_INPUT(r6, &(0x7f0000001980)={0xf, {"a2e3ad214fc752f91b29090942f70e0dd038e7ff7fc6e5539b3267078b089b34083b681a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313b0d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) getpid() 1.182796319s ago: executing program 2 (id=1495): openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) removexattr(0x0, &(0x7f0000000240)=@known='user.incfs.metadata\x00') sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x1, 0x0, 0x3ff) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r2 = accept4(r1, 0x0, 0x0, 0x80000) sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x7e0}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x1, 0x5, 0x9}}, 0x28) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x6}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64030101}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x1a}, {0xbd1, 0x0, 0x40000003, 0x0, 0xb41}, {0x81, 0x2, 0x4}, 0x1fffffe, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x2, @in=@local, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0x11c) 1.181937693s ago: executing program 3 (id=1496): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x18, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x81, @string={0x81, 0x3, "31be5044002d6c60086f73b7aab365aa3c9478820123fef6110478f813b152b7e82c8e5ecab5cc4f0fe7a4b6338c537832f5c44dfd5030ba14b15395d72a149ae610d647118fbe83ffcd9fc6d2322bb498d750aa4f05c98fa1eeb83689a3fbcc218420149add68854aae45e83b16949d182b2c9572357263b11a463f7d7b6b"}}, 0x0, 0x0, 0x0}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1}) 827.742735ms ago: executing program 1 (id=1497): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000140)={0x60, 0xc, &(0x7f0000000380)="ae95b0d06a839daf700e6f3fba0775d87a8b88bc227b84053e8f664ee25eb35b3e3288a8aa88769864d838935c52b0d94a2d1da4db82ec190be4288735d17d9734c15ebe7badda47e8e59371da7b92dee25c02917c1a079b3682dc3375aff4c0d5fbe15d88688f74c6cbe9234e4afd381ae99eb9a37eb6d2847eb0cdca2cad9f57629cd25403dff238e3c9216e9a07239f6b399f25352cea88361ccd880fc1ddb6480030f1cab61f05a8d92cd27ec3922c5d5529f3bfe8ae4119f6349e3a98c2ae23159425d2d7e683fd68c796d47bfb64db082c60cb422ee0894470c49d8036caa9d276a616824edae59cb74bd218f251ca453083117d82e57d5c94d369295f150751a9df8c4e9f82c46e4d01c48c9c53268021bbfa242e28a3ae715c63d675830d5b023fae9c39b7f872d931f7a59997f67de7c0c43ed78da10c10968fe23b3959ca5860d1bcbfa8dd820af2efd0527bdc02353c64b8d61128d0f92e3dfcfd248209010808cd3dc6bc89bc843521725d990092478a1389fe44550f510ef9b77a3c06ec130060daf4e9fa43a68cbeff64240a4c4009d1f22d5b84175cbc1054406d73569e326d542628fd3328659d124f0e361f0b2dee7d1e3f969e5290f2f9e0b931670a73f90b804a55b7c97eec2ee5d8bd94d37490b1c15bd7e6c3322b891317f5f71736b28f05060fa156d3d01cf0b928b5fa58b3a1261c2eed0e72cc3302d5a9624866d3a91620131d7b699ebb277e73f69fff1b59d184e7af41910376b30015d9e7faa4a60459eece65ac6163c81e140ed8872ef55846831252e9b2a9ccf3d871ef54dc9766a45bf2d8ba1d50192a2465350dd41c0fce1f9b9df81c7ee82cac6cb9d91328e480688a01a4167789ad3f2b7c8d0e0ccd2d0a6b1b379160a4e641aa1abe22776137d8b16201e843e597e0e16e00196bbf1d712f142424f3c0c2e385fa1b50bad8c1cc5f92ef9af3b042fff070a5cea4d7025b72e21d25730d316bbf889ba2b5490763e5e850c90de27f72d4e5c0457d8931181fe3771d439181aa1197b267c8958a7c4580cb56cbf54db61b2d44213bc622d498b017b18665f1ea197fb077b94aff49016bd205f99057fe9c22301415c20c54b258132c4dde3c1398c977e59e57394b7e83bc8c6751bb2d75a52928843048c9b26be6e32b0d9b95ba245ad509daf4fdcee46adc037412245b826cd6c214c2382e5b011a33576bd304f183ac57e07e1c2160299570a5684d6866dd083ccb93f2c4edd7199985e4af7eda19c7c5043f073c63c0d0285622cd026e5995b0186e476e40453c219daff041b32abfc2494228631fe4779fcfc2f71feab2f161e2a8bafb9d8fecbe76ba4308f83ee3956060bfdfa8048f820d0dc3b3499b25a0f99f17b4f3e2084449e96b86d5469b3a678474bfaca27682689bceeb1a69a595241aa1d902911f96"}) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket(0x2, 0x2, 0x1) r8 = syz_io_uring_setup(0x332e, &(0x7f0000000480)={0x0, 0xaeb7, 0x40, 0x3, 0x2d9}, &(0x7f00000001c0), &(0x7f0000000400)) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r8, 0x1e, &(0x7f0000000500)={r7}, 0x1) ioctl$TCFLSH(r6, 0x80047456, 0xffefff1f00000000) 278.875401ms ago: executing program 0 (id=1498): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) 226.108893ms ago: executing program 2 (id=1499): setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x15) writev(r4, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2) r5 = socket$rxrpc(0x21, 0x2, 0xa) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7ffd}, 0xf0ffffff}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) bind$rxrpc(r5, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff00000000000000008500000027000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94) fsync(r3) 161.045565ms ago: executing program 4 (id=1500): r0 = openat$comedi(0xffffff9c, 0x0, 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'multiq3\x00', [0x7, 0x2566, 0xfffffffe, 0x6, 0x15d, 0x0, 0x5, 0x10, 0x1002, 0xffffffff, 0x101, 0x5d, 0x344, 0x1ff, 0x4, 0x0, 0x4, 0x8, 0x9, 0xa, 0x100, 0x1005, 0x7, 0x5, 0x2, 0x3, 0xb0c4, 0x7df, 0x6, 0x400007, 0xffffffff]}) 12.17439ms ago: executing program 0 (id=1501): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x100f9}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x4, &(0x7f0000000180)) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f00000003c0)=[{}], 0x1, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)={r0}) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'c6xdigio\x00', [0x4f2b, 0x5, 0x3, 0x4, 0x5, 0xcc7, 0xf, 0xb, 0xa, 0x100, 0x2, 0x1, 0xfffffffd, 0x40, 0x6, 0x101, 0x0, 0x1a449, 0x2, 0x40000003, 0x99, 0xcaa7, 0x0, 0x20001e58, 0xa, 0xe69, 0x3f, 0x8, 0x2, 0x0, 0xfffffff8]}) setsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, &(0x7f0000000140)=0xa, 0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000010400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d10300002c0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x24, r4, 0x209, 0x0, 0x0, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x24}}, 0x0) 0s ago: executing program 4 (id=1502): bind$xdp(0xffffffffffffffff, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, 0x0, 0x0}, 0x94) r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1) kernel console output (not intermixed with test programs): 6718] netlink: 'syz.4.197': attribute type 3 has an invalid length. [ 182.493532][ T6718] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.197'. [ 182.578452][ T10] usb 2-1: USB disconnect, device number 7 [ 182.627126][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.4.197'. [ 182.873438][ T5926] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 183.863404][ T5926] usb 4-1: device descriptor read/64, error -71 [ 183.965804][ T5898] usb 1-1: USB disconnect, device number 8 [ 184.057748][ T30] audit: type=1326 audit(1755601741.359:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6733 comm="syz.1.201" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd77f8ebe9 code=0x0 [ 184.137920][ T5926] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 184.199487][ T6741] netlink: 4 bytes leftover after parsing attributes in process `syz.1.201'. [ 184.303769][ T5926] usb 4-1: device descriptor read/64, error -71 [ 184.413739][ T5926] usb usb4-port1: attempt power cycle [ 184.699810][ T6754] IPVS: Error joining to the multicast group [ 184.933471][ T5926] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 184.980908][ T5926] usb 4-1: device descriptor read/8, error -71 [ 191.885250][ T6797] kAFS: No cell specified [ 192.446846][ T6801] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.469001][ T6801] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.549242][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 192.941365][ T10] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 193.600875][ T6821] netlink: 'syz.3.216': attribute type 10 has an invalid length. [ 193.748852][ T6823] openvswitch: netlink: Geneve opt len 10 is not a multiple of 4. [ 195.066641][ T6821] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 197.165146][ T6821] syz.3.216 (6821) used greatest stack depth: 19744 bytes left [ 197.787505][ T6861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.218'. [ 197.985544][ T6876] devtmpfs: Too few inodes for current use [ 199.569006][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.575557][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.999769][ T6894] sysfs: Unknown parameter 'tS' [ 203.429744][ T6926] sysfs: Unknown parameter 'tS' [ 203.983559][ T6921] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 203.983559][ T6921] The task syz.1.229 (6921) triggered the difference, watch for misbehavior. [ 204.011566][ T6921] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.229' sets config #0 [ 206.196896][ T6935] netlink: 'syz.3.233': attribute type 10 has an invalid length. [ 208.902539][ T6962] netlink: 4 bytes leftover after parsing attributes in process `syz.4.239'. [ 213.361500][ T6982] Invalid source name [ 213.365720][ T6982] UBIFS error (pid: 6982): cannot open "./file0", error -22 [ 213.394086][ T6982] binder: 6978:6982 ioctl 40046210 0 returned -14 [ 213.418788][ T6982] netlink: 4 bytes leftover after parsing attributes in process `syz.2.244'. [ 214.165892][ T6982] team0: Port device team_slave_1 removed [ 214.458038][ T6990] binder: 6989:6990 ioctl c00c620f 0 returned -14 [ 215.490700][ T7002] netlink: 4 bytes leftover after parsing attributes in process `syz.2.249'. [ 216.042838][ T7004] syz.4.250 (7004): drop_caches: 2 [ 216.050554][ T7004] syz.4.250 (7004): drop_caches: 2 [ 217.148176][ T5847] Bluetooth: hci1: command 0x0406 tx timeout [ 217.156925][ T5847] Bluetooth: hci2: command 0x0406 tx timeout [ 217.163046][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 217.197451][ T7011] netlink: 'syz.4.251': attribute type 21 has an invalid length. [ 217.205373][ T7011] IPv6: NLM_F_CREATE should be specified when creating new route [ 217.213431][ T7011] IPv6: Can't replace route, no match found [ 219.105312][ T7019] netlink: 36 bytes leftover after parsing attributes in process `syz.1.254'. [ 221.765767][ T7043] IPVS: Error joining to the multicast group [ 222.199389][ T7055] netlink: 'syz.2.262': attribute type 2 has an invalid length. [ 222.541291][ T7055] netlink: 32 bytes leftover after parsing attributes in process `syz.2.262'. [ 222.669287][ T7064] IPv6: NLM_F_CREATE should be specified when creating new route [ 223.125663][ T7074] syz.1.269 (7074): drop_caches: 2 [ 223.137725][ T7070] netlink: 'syz.2.267': attribute type 3 has an invalid length. [ 223.148903][ T7070] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.267'. [ 223.461523][ T7074] syz.1.269 (7074): drop_caches: 2 [ 223.597561][ T7081] netlink: 4 bytes leftover after parsing attributes in process `syz.4.268'. [ 224.655456][ T7088] xt_CT: You must specify a L4 protocol and not use inversions on it [ 225.892732][ T7094] ucma_write: process 207 (syz.1.272) changed security contexts after opening file descriptor, this is not allowed. [ 226.369903][ T7111] binder: BINDER_SET_CONTEXT_MGR already set [ 226.408492][ T7111] binder: 7105:7111 ioctl 4018620d 2000000002c0 returned -16 [ 226.473104][ T7115] xt_CT: You must specify a L4 protocol and not use inversions on it [ 229.445247][ T1209] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 229.550447][ T7134] netlink: 20 bytes leftover after parsing attributes in process `syz.4.286'. [ 229.735406][ T1209] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.803497][ T1209] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.855069][ T1209] usb 3-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 229.897017][ T1209] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.927586][ T1209] usb 3-1: config 0 descriptor?? [ 231.043205][ T5926] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 231.180508][ T1209] cypress 0003:04B4:DE61.0002: item fetching failed at offset 5/7 [ 231.200654][ T5926] usb 5-1: config 5 has an invalid interface number: 123 but max is 0 [ 231.294896][ T5926] usb 5-1: config 5 has no interface number 0 [ 231.308450][ T1209] cypress 0003:04B4:DE61.0002: parse failed [ 231.327514][ T5926] usb 5-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 231.340099][ T1209] cypress 0003:04B4:DE61.0002: probe with driver cypress failed with error -22 [ 231.359766][ T5926] usb 5-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0 [ 231.398584][ T5926] usb 5-1: config 5 interface 123 has no altsetting 0 [ 231.410324][ T5926] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7 [ 231.434380][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.456649][ T5926] usb 5-1: Product: syz [ 231.461063][ T5926] usb 5-1: Manufacturer: syz [ 231.466876][ T5926] usb 5-1: SerialNumber: syz [ 231.973206][ T7156] cramfs: Unknown parameter 'discard' [ 233.411389][ T5932] usb 3-1: USB disconnect, device number 4 [ 233.567412][ T7164] binder: BINDER_SET_CONTEXT_MGR already set [ 233.588763][ T7164] binder: 7161:7164 ioctl 4018620d 2000000002c0 returned -16 [ 233.640528][ T7169] netlink: 72 bytes leftover after parsing attributes in process `syz.2.294'. [ 233.651942][ T7169] netlink: 24 bytes leftover after parsing attributes in process `syz.2.294'. [ 234.074635][ T7178] netlink: 72 bytes leftover after parsing attributes in process `syz.2.296'. [ 234.695001][ T5926] ni6501 5-1:5.123: driver 'ni6501' failed to auto-configure device. [ 234.806328][ T5926] usb 5-1: USB disconnect, device number 8 [ 234.948850][ T7189] netlink: 'syz.0.299': attribute type 1 has an invalid length. [ 235.029182][ T7189] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 235.415260][ T5926] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 235.443563][ T7183] batadv_slave_1: entered promiscuous mode [ 235.465866][ T7204] syz.3.303 (7204): drop_caches: 2 [ 235.489421][ T7204] syz.3.303 (7204): drop_caches: 2 [ 235.494253][ T7183] netlink: 32 bytes leftover after parsing attributes in process `syz.4.298'. [ 235.743214][ T5926] usb 1-1: Using ep0 maxpacket: 16 [ 236.467251][ T5926] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 236.493853][ T5926] usb 1-1: config 0 has no interface number 0 [ 236.514025][ T5926] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 236.527129][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.556032][ T5926] usb 1-1: Product: syz [ 236.564272][ T5926] usb 1-1: Manufacturer: syz [ 236.580170][ T5926] usb 1-1: SerialNumber: syz [ 236.600754][ T5926] usb 1-1: config 0 descriptor?? [ 236.610651][ T7181] batadv_slave_1: left promiscuous mode [ 236.617109][ T5926] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 236.886952][ T7215] netlink: 'syz.1.307': attribute type 3 has an invalid length. [ 236.913381][ T7215] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.307'. [ 238.227788][ T5926] gspca_spca1528: reg_w err -110 [ 238.264216][ T5926] spca1528 1-1:0.1: probe with driver spca1528 failed with error -110 [ 239.002586][ T7222] [U] „ [ 239.175391][ T43] usb 1-1: USB disconnect, device number 9 [ 240.558827][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 240.842186][ T7239] syz.1.314 (7239): drop_caches: 2 [ 240.853871][ T10] usb 5-1: device descriptor read/64, error -71 [ 240.882921][ T7239] syz.1.314 (7239): drop_caches: 2 [ 241.909571][ T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 242.103467][ T10] usb 5-1: device descriptor read/64, error -71 [ 242.264845][ T10] usb usb5-port1: attempt power cycle [ 242.513665][ T5903] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 242.784825][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 242.860718][ T5903] usb 1-1: Using ep0 maxpacket: 8 [ 243.071461][ T5903] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.343123][ T5903] usb 1-1: config 1 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 243.728206][ T5903] usb 1-1: config 1 interface 0 has no altsetting 0 [ 243.787590][ T10] usb 5-1: device descriptor read/8, error -71 [ 243.937972][ T5903] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 244.166091][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.339684][ T5903] usb 1-1: Product: â ‰ [ 244.425955][ T5903] usb 1-1: Manufacturer: Е [ 244.519373][ T5903] usb 1-1: SerialNumber: syz [ 245.223985][ T5903] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 245.281479][ T5903] usb 1-1: USB disconnect, device number 10 [ 245.504207][ T7268] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 246.404573][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.325'. [ 247.154339][ T7277] netlink: 'syz.4.325': attribute type 4 has an invalid length. [ 247.162832][ T7277] netlink: 152 bytes leftover after parsing attributes in process `syz.4.325'. [ 247.175670][ T7277] wlan1: mtu less than device minimum [ 249.339881][ T7300] ptrace attach of "./syz-executor exec"[7307] was attempted by "./syz-executor exec"[7300] [ 250.995396][ T7324] tipc: Started in network mode [ 251.013472][ T7324] tipc: Node identity ac14140f, cluster identity 4711 [ 251.020855][ T7324] tipc: New replicast peer: 172.20.20.54 [ 251.056797][ T7324] tipc: Enabled bearer , priority 10 [ 251.304034][ T5903] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 252.064077][ T5932] tipc: Node number set to 2886997007 [ 252.243360][ T5903] usb 2-1: Using ep0 maxpacket: 8 [ 252.256711][ T5903] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 252.277175][ T5167] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 252.303671][ T7333] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.339'. [ 252.353462][ T5903] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 252.603968][ T5167] usb 3-1: Using ep0 maxpacket: 8 [ 252.610006][ T5903] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 252.674365][ T5167] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 252.691163][ T5167] usb 3-1: config 0 has no interface number 0 [ 252.694411][ T5903] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 252.707499][ T5167] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 253.287667][ T7344] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 253.297113][ T7344] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 253.307391][ T7344] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 253.319164][ T5903] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 253.380392][ T1209] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 253.388338][ T5167] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 253.438206][ T5167] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 253.450346][ T5167] usb 3-1: config 0 interface 2 altsetting 0 has an endpoint descriptor with address 0x5F, changing to 0xF [ 253.475443][ T5167] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0xF has invalid maxpacket 28271, setting to 1024 [ 253.495492][ T5167] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 254.088246][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.272694][ T5167] usb 3-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d5.82 [ 254.282159][ T5167] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.290573][ T5167] usb 3-1: Product: syz [ 254.380081][ T5167] usb 3-1: Manufacturer: syz [ 254.387819][ T5167] usb 3-1: SerialNumber: syz [ 254.416808][ T5167] usb 3-1: config 0 descriptor?? [ 254.513585][ T5903] usb 2-1: can't set config #16, error -71 [ 254.536154][ T1209] usb 5-1: config 6 has an invalid interface number: 14 but max is 0 [ 254.568883][ T5903] usb 2-1: USB disconnect, device number 8 [ 254.583545][ T1209] usb 5-1: config 6 has no interface number 0 [ 254.614148][ T1209] usb 5-1: config 6 interface 14 altsetting 218 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 254.662610][ T1209] usb 5-1: config 6 interface 14 has no altsetting 0 [ 254.689318][ T1209] usb 5-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=6f.50 [ 254.836479][ T5167] usb 3-1: can't set config #0, error -71 [ 255.218064][ T5167] usb 3-1: USB disconnect, device number 5 [ 255.224615][ T1209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.264845][ T1209] usb 5-1: Product: syz [ 255.269118][ T1209] usb 5-1: Manufacturer: syz [ 255.289188][ T1209] usb 5-1: SerialNumber: syz [ 256.127117][ T1209] usb 5-1: can't set config #6, error -71 [ 256.156932][ T1209] usb 5-1: USB disconnect, device number 13 [ 256.633459][ T7363] 9pnet_virtio: no channels available for device 127.0.0.1 [ 257.560636][ T7375] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 258.011264][ T7380] netlink: 384 bytes leftover after parsing attributes in process `syz.2.350'. [ 258.022773][ T7380] netlink: 'syz.2.350': attribute type 2 has an invalid length. [ 258.809244][ T7391] syz.0.352 (7391): drop_caches: 2 [ 259.828514][ T7391] syz.0.352 (7391): drop_caches: 2 [ 260.254016][ T7401] netlink: 12 bytes leftover after parsing attributes in process `syz.4.356'. [ 260.783416][ T1209] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 260.977013][ T1209] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 261.010573][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.017171][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.027225][ T1209] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 261.063588][ T1209] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 261.095408][ T1209] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 261.126281][ T1209] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 261.196908][ T1209] usb 3-1: Manufacturer: syz [ 261.634380][ T1209] usb 3-1: config 0 descriptor?? [ 261.706425][ T1209] igorplugusb 3-1:0.0: incorrect number of endpoints [ 262.066196][ T7415] syz.4.360 (7415): drop_caches: 2 [ 262.089607][ T7415] syz.4.360 (7415): drop_caches: 2 [ 267.423164][ T24] usb 3-1: USB disconnect, device number 6 [ 268.140113][ T7438] netlink: 24 bytes leftover after parsing attributes in process `syz.4.364'. [ 272.019158][ T7458] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 274.662768][ T7482] process 'syz.4.377' launched './file2' with NULL argv: empty string added [ 276.609012][ T7497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.380'. [ 278.793582][ T5903] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 279.601301][ T5903] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 279.610153][ T5903] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.633202][ T5903] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 279.655512][ T5903] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 279.667233][ T5903] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 279.694142][ T5903] usb 5-1: Manufacturer: syz [ 279.702799][ T5903] usb 5-1: config 0 descriptor?? [ 279.727741][ T5903] igorplugusb 5-1:0.0: incorrect number of endpoints [ 279.833636][ T7512] IPVS: Error joining to the multicast group [ 280.977979][ T7521] sysfs: Unknown parameter 'tS' [ 281.962195][ T7528] netdevsim netdevsim2: Firmware load for './cgroup/../file0' refused, path contains '..' component [ 282.201911][ T7530] syzkaller1: entered promiscuous mode [ 282.215749][ T7530] syzkaller1: entered allmulticast mode [ 282.239692][ T7530] dlm: no locking on control device [ 282.250011][ T7530] netlink: 24 bytes leftover after parsing attributes in process `syz.1.390'. [ 283.627204][ T10] usb 5-1: USB disconnect, device number 14 [ 283.636010][ T7538] xt_CT: You must specify a L4 protocol and not use inversions on it [ 286.186672][ T7554] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 286.521677][ T7568] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.400'. [ 287.282384][ T7575] netlink: 'syz.4.404': attribute type 1 has an invalid length. [ 288.275242][ T7586] sysfs: Unknown parameter 'tS' [ 288.997774][ T7575] 8021q: adding VLAN 0 to HW filter on device bond1 [ 290.124322][ T7595] netlink: 36 bytes leftover after parsing attributes in process `syz.2.406'. [ 290.283614][ T43] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 290.881327][ T43] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 291.511939][ T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.553376][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 291.830545][ T43] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 291.843402][ T43] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 291.873508][ T43] usb 5-1: Manufacturer: syz [ 291.921476][ T43] usb 5-1: config 0 descriptor?? [ 291.942221][ T43] igorplugusb 5-1:0.0: incorrect number of endpoints [ 292.674537][ T7615] netlink: 'syz.0.412': attribute type 10 has an invalid length. [ 293.964399][ T7615] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 297.341568][ T5903] usb 5-1: USB disconnect, device number 15 [ 298.543365][ T1209] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 298.846538][ T1209] usb 1-1: unable to get BOS descriptor or descriptor too short [ 298.857684][ T1209] usb 1-1: not running at top speed; connect to a high speed hub [ 298.905055][ T1209] usb 1-1: config 3 has an invalid interface number: 153 but max is 0 [ 298.938193][ T7644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.418'. [ 298.947250][ T7644] netlink: 12 bytes leftover after parsing attributes in process `syz.3.418'. [ 299.636090][ T1209] usb 1-1: config 3 has no interface number 0 [ 299.679878][ T1209] usb 1-1: config 3 interface 153 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 299.759435][ T1209] usb 1-1: config 3 interface 153 has no altsetting 0 [ 300.086744][ T1209] usb 1-1: New USB device found, idVendor=0711, idProduct=0920, bcdDevice=d5.b6 [ 300.096850][ T1209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.116356][ T1209] usb 1-1: Product: syz [ 300.120592][ T1209] usb 1-1: Manufacturer: syz [ 300.135500][ T1209] usb 1-1: SerialNumber: syz [ 300.155927][ T7635] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 300.385999][ T7635] pimreg: tun_chr_ioctl cmd 1074812118 [ 300.402340][ T7635] block nbd0: not configured, cannot reconfigure [ 300.528250][ T1209] sisusb 1-1:3.153: Invalid USB2VGA device [ 300.576867][ T1209] sisusb 1-1:3.153: probe with driver sisusb failed with error -22 [ 300.618645][ T1209] usb 1-1: USB disconnect, device number 11 [ 302.643387][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 303.262633][ T7682] netlink: 8 bytes leftover after parsing attributes in process `syz.1.430'. [ 303.829097][ T7683] netlink: 16 bytes leftover after parsing attributes in process `syz.4.431'. [ 303.855646][ T10] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 303.905924][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 303.954170][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 304.049546][ T10] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 304.059747][ T7692] netlink: 4 bytes leftover after parsing attributes in process `syz.3.432'. [ 304.074094][ T10] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 304.102243][ T10] usb 3-1: Manufacturer: syz [ 304.147446][ T10] usb 3-1: config 0 descriptor?? [ 304.169737][ T10] igorplugusb 3-1:0.0: incorrect number of endpoints [ 304.283893][ T5919] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 304.466113][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.480231][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.500225][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 304.559305][ T5919] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 304.600314][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.631089][ T5919] usb 2-1: config 0 descriptor?? [ 304.740799][ T7697] batadv_slave_1: entered promiscuous mode [ 304.963065][ T7697] netlink: 32 bytes leftover after parsing attributes in process `syz.4.435'. [ 304.993868][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 305.463119][ T7696] batadv_slave_1: left promiscuous mode [ 305.569200][ T5919] usbhid 2-1:0.0: can't add hid device: -71 [ 305.576134][ T5919] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 305.600979][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 305.608365][ T5919] usb 2-1: USB disconnect, device number 9 [ 305.642153][ T10] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 305.680775][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.707398][ T10] usb 1-1: Product: syz [ 305.720006][ T10] usb 1-1: Manufacturer: syz [ 305.746708][ T10] usb 1-1: SerialNumber: syz [ 305.806124][ T10] usb 1-1: config 0 descriptor?? [ 305.829249][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 306.103376][ T5919] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 306.273367][ T5919] usb 2-1: Using ep0 maxpacket: 32 [ 306.321352][ T10] gspca_se401: Wrong descriptor type [ 306.341706][ T5919] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 306.352191][ T5919] usb 2-1: config 0 has no interface number 0 [ 306.367508][ T5919] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 306.376748][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.385218][ T5919] usb 2-1: Product: syz [ 307.134075][ T5919] usb 2-1: Manufacturer: syz [ 307.147976][ T5919] usb 2-1: SerialNumber: syz [ 307.178465][ T5919] usb 2-1: config 0 descriptor?? [ 307.215600][ T5919] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 307.241186][ T5919] usb 2-1: selecting invalid altsetting 1 [ 307.257903][ T5919] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 307.261365][ T5926] usb 3-1: USB disconnect, device number 7 [ 307.302429][ T7723] syz.4.441 (7723): drop_caches: 2 [ 307.312144][ T7723] syz.4.441 (7723): drop_caches: 2 [ 307.350626][ T5919] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 307.387105][ T5919] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 307.442359][ T5919] usb 2-1: media controller created [ 308.843058][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 309.076018][ T5919] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 309.297397][ T5919] zl10353_read_register: readreg error (reg=127, ret==-71) [ 309.353756][ T5919] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 309.403577][ T5919] usb 2-1: USB disconnect, device number 10 [ 309.554998][ T24] usb 1-1: USB disconnect, device number 12 [ 310.504977][ T7751] binder: BINDER_SET_CONTEXT_MGR already set [ 310.521406][ T7751] binder: 7748:7751 ioctl 4018620d 2000000002c0 returned -16 [ 311.148278][ T7758] 9p: Unknown access argument 18446744073709551615: -34 [ 311.243798][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 311.246067][ T5844] Bluetooth: hci5: command 0x1003 tx timeout [ 311.622516][ T7765] syz.2.453 (7765): drop_caches: 2 [ 311.639475][ T7774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.455'. [ 311.695570][ T7765] syz.2.453 (7765): drop_caches: 2 [ 315.034536][ T7790] netlink: 36 bytes leftover after parsing attributes in process `syz.3.460'. [ 315.774553][ T7792] netlink: 'syz.2.461': attribute type 10 has an invalid length. [ 316.432430][ T7792] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 316.912608][ T7805] ptrace attach of "./syz-executor exec"[5841] was attempted by " [ 317.389810][ T7792] syz.2.461 (7792) used greatest stack depth: 19712 bytes left [ 320.320094][ T7825] syz.2.471 (7825): drop_caches: 2 [ 320.411171][ T7825] syz.2.471 (7825): drop_caches: 2 [ 322.437961][ T7852] __vm_enough_memory: pid: 7852, comm: syz.0.477, bytes: 4503599627366400 not enough memory for the allocation [ 322.459104][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.468357][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.838282][ T7864] netlink: 36 bytes leftover after parsing attributes in process `syz.2.481'. [ 323.798607][ T7871] sysfs: Unknown parameter 'tS' [ 324.523409][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 324.589720][ T7881] syz.4.486 (7881): drop_caches: 2 [ 324.595653][ T7881] syz.4.486 (7881): drop_caches: 2 [ 324.630681][ T7883] netlink: 4 bytes leftover after parsing attributes in process `syz.0.483'. [ 324.933447][ T10] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 325.687276][ T10] usb 3-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 325.802471][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.173558][ T10] usb 3-1: Product: syz [ 326.287684][ T10] usb 3-1: Manufacturer: syz [ 326.309027][ T10] usb 3-1: SerialNumber: syz [ 326.505391][ T10] usb 3-1: config 0 descriptor?? [ 327.233366][ T10] comedi comedi5: This driver needs USB 2.0 to operate. Aborting... [ 327.241963][ T10] usbduxfast 3-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 327.502403][ T5919] usb 3-1: USB disconnect, device number 8 [ 329.263761][ T7916] FAULT_INJECTION: forcing a failure. [ 329.263761][ T7916] name failslab, interval 1, probability 0, space 0, times 0 [ 329.373423][ T7916] CPU: 0 UID: 0 PID: 7916 Comm: syz.3.495 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 329.373444][ T7916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 329.373457][ T7916] Call Trace: [ 329.373464][ T7916] [ 329.373471][ T7916] dump_stack_lvl+0x189/0x250 [ 329.373494][ T7916] ? __pfx____ratelimit+0x10/0x10 [ 329.373511][ T7916] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.373528][ T7916] ? __pfx__printk+0x10/0x10 [ 329.373553][ T7916] ? __pfx___might_resched+0x10/0x10 [ 329.373569][ T7916] ? fs_reclaim_acquire+0x7d/0x100 [ 329.373591][ T7916] should_fail_ex+0x414/0x560 [ 329.373611][ T7916] should_failslab+0xa8/0x100 [ 329.373629][ T7916] __kmalloc_cache_noprof+0x70/0x3d0 [ 329.373644][ T7916] ? sctp_datamsg_from_user+0x88/0xef0 [ 329.373666][ T7916] sctp_datamsg_from_user+0x88/0xef0 [ 329.373685][ T7916] ? __sk_mem_raise_allocated+0xaa9/0x1240 [ 329.373709][ T7916] ? __sk_mem_schedule+0x7f/0xf0 [ 329.373729][ T7916] sctp_sendmsg_to_asoc+0x1003/0x1810 [ 329.373758][ T7916] ? __lock_acquire+0xab9/0xd20 [ 329.373784][ T7916] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 329.373807][ T7916] ? __local_bh_enable_ip+0x12d/0x1c0 [ 329.373823][ T7916] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 329.373842][ T7916] ? sctp_sendmsg_check_sflags+0x18d/0x2e0 [ 329.373889][ T7916] sctp_sendmsg+0x1941/0x2810 [ 329.373919][ T7916] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 329.373939][ T7916] ? __pfx_sctp_sendmsg+0x10/0x10 [ 329.373976][ T7916] ? sock_rps_record_flow+0x19/0x410 [ 329.373996][ T7916] ? inet_sendmsg+0x2f4/0x370 [ 329.374012][ T7916] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 329.374031][ T7916] __sock_sendmsg+0x19c/0x270 [ 329.374051][ T7916] sock_write_iter+0x258/0x330 [ 329.374070][ T7916] ? __pfx_sock_write_iter+0x10/0x10 [ 329.374096][ T7916] ? __lock_acquire+0xab9/0xd20 [ 329.374116][ T7916] do_iter_readv_writev+0x56b/0x7f0 [ 329.374136][ T7916] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 329.374155][ T7916] ? bpf_lsm_file_permission+0x9/0x20 [ 329.374172][ T7916] ? security_file_permission+0x75/0x290 [ 329.374191][ T7916] ? rw_verify_area+0x258/0x650 [ 329.374218][ T7916] vfs_writev+0x31a/0x960 [ 329.374240][ T7916] ? __lock_acquire+0xab9/0xd20 [ 329.374256][ T7916] ? __pfx_vfs_writev+0x10/0x10 [ 329.374286][ T7916] ? __fget_files+0x2a/0x420 [ 329.374306][ T7916] ? __fget_files+0x3a0/0x420 [ 329.374323][ T7916] ? __fget_files+0x2a/0x420 [ 329.374346][ T7916] do_writev+0x14d/0x2d0 [ 329.374367][ T7916] ? __pfx_do_writev+0x10/0x10 [ 329.374384][ T7916] ? rcu_is_watching+0x15/0xb0 [ 329.374405][ T7916] ? do_syscall_64+0xbe/0x3b0 [ 329.374425][ T7916] do_syscall_64+0xfa/0x3b0 [ 329.374446][ T7916] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.374462][ T7916] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.374477][ T7916] ? clear_bhb_loop+0x60/0xb0 [ 329.374495][ T7916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.374510][ T7916] RIP: 0033:0x7fb26fb8ebe9 [ 329.374526][ T7916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.374539][ T7916] RSP: 002b:00007fb2709d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 329.374560][ T7916] RAX: ffffffffffffffda RBX: 00007fb26fdb5fa0 RCX: 00007fb26fb8ebe9 [ 329.374571][ T7916] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003 [ 329.374581][ T7916] RBP: 00007fb2709d2090 R08: 0000000000000000 R09: 0000000000000000 [ 329.374590][ T7916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 329.374599][ T7916] R13: 00007fb26fdb6038 R14: 00007fb26fdb5fa0 R15: 00007ffdfe031898 [ 329.374622][ T7916] [ 329.736728][ C0] vkms_vblank_simulate: vblank timer overrun [ 330.292110][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 330.315715][ T7928] sysfs: Unknown parameter 'tS' [ 330.826602][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 131, changing to 11 [ 330.922725][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16903, setting to 1024 [ 330.934141][ T7930] ======================================================= [ 330.934141][ T7930] WARNING: The mand mount option has been deprecated and [ 330.934141][ T7930] and is ignored by this kernel. Remove the mand [ 330.934141][ T7930] option from the mount to silence this warning. [ 330.934141][ T7930] ======================================================= [ 331.063377][ T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 331.076775][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.120839][ T10] usb 3-1: config 0 descriptor?? [ 331.846017][ T7944] FAULT_INJECTION: forcing a failure. [ 331.846017][ T7944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.892564][ T7944] CPU: 0 UID: 0 PID: 7944 Comm: syz.1.503 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 331.892596][ T7944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 331.892612][ T7944] Call Trace: [ 331.892621][ T7944] [ 331.892631][ T7944] dump_stack_lvl+0x189/0x250 [ 331.892662][ T7944] ? __pfx____ratelimit+0x10/0x10 [ 331.892685][ T7944] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.892709][ T7944] ? __pfx__printk+0x10/0x10 [ 331.892737][ T7944] ? __might_fault+0xb0/0x130 [ 331.892771][ T7944] should_fail_ex+0x414/0x560 [ 331.892799][ T7944] _copy_from_user+0x2d/0xb0 [ 331.892830][ T7944] ___sys_sendmsg+0x158/0x2a0 [ 331.892867][ T7944] ? __pfx____sys_sendmsg+0x10/0x10 [ 331.892941][ T7944] ? __fget_files+0x2a/0x420 [ 331.892964][ T7944] ? __fget_files+0x3a0/0x420 [ 331.893000][ T7944] __x64_sys_sendmsg+0x19b/0x260 [ 331.893036][ T7944] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 331.893080][ T7944] ? __pfx_ksys_write+0x10/0x10 [ 331.893098][ T7944] ? rcu_is_watching+0x15/0xb0 [ 331.893128][ T7944] ? do_syscall_64+0xbe/0x3b0 [ 331.893156][ T7944] do_syscall_64+0xfa/0x3b0 [ 331.893179][ T7944] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.893202][ T7944] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.893223][ T7944] ? clear_bhb_loop+0x60/0xb0 [ 331.893248][ T7944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.893269][ T7944] RIP: 0033:0x7fcd77f8ebe9 [ 331.893288][ T7944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.893306][ T7944] RSP: 002b:00007fcd761f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 331.893328][ T7944] RAX: ffffffffffffffda RBX: 00007fcd781b5fa0 RCX: 00007fcd77f8ebe9 [ 331.893343][ T7944] RDX: 0000000000000040 RSI: 0000200000000040 RDI: 0000000000000003 [ 331.893356][ T7944] RBP: 00007fcd761f6090 R08: 0000000000000000 R09: 0000000000000000 [ 331.893369][ T7944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.893382][ T7944] R13: 00007fcd781b6038 R14: 00007fcd781b5fa0 R15: 00007ffd5f6319d8 [ 331.893424][ T7944] [ 332.435344][ T7946] syz.3.504 (7946): drop_caches: 2 [ 332.444922][ T7946] syz.3.504 (7946): drop_caches: 2 [ 333.794688][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 333.800778][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 334.027873][ T10] usb 3-1: USB disconnect, device number 9 [ 334.341997][ T7965] input: syz0 as /devices/virtual/input/input6 [ 335.055111][ T7972] lo: entered allmulticast mode [ 335.569850][ T7967] lo: left allmulticast mode [ 336.170395][ T7978] mmap: syz.3.512 (7978) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 336.748673][ T7977] Can't find ip_set type ha [ 337.313107][ T7986] syz_tun: entered allmulticast mode [ 338.132049][ T7991] netlink: 36 bytes leftover after parsing attributes in process `syz.4.514'. [ 338.803558][ T7982] syz_tun: left allmulticast mode [ 339.795360][ T7995] binder: BINDER_SET_CONTEXT_MGR already set [ 339.851134][ T7995] binder: 7994:7995 ioctl 4018620d 2000000002c0 returned -16 [ 340.183550][ T8009] netlink: 4 bytes leftover after parsing attributes in process `syz.0.518'. [ 341.959342][ T8030] binder: BINDER_SET_CONTEXT_MGR already set [ 341.986868][ T8030] binder: 8026:8030 ioctl 4018620d 2000000002c0 returned -16 [ 342.221553][ T8040] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 342.230199][ T8040] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 342.239020][ T8040] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 343.441134][ T8029] batadv_slave_1: entered promiscuous mode [ 343.655004][ T8029] netlink: 32 bytes leftover after parsing attributes in process `syz.2.525'. [ 344.700249][ T8056] netlink: 'syz.0.532': attribute type 10 has an invalid length. [ 345.563008][ T8028] batadv_slave_1: left promiscuous mode [ 346.798322][ T8075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.534'. [ 348.929046][ T8093] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 348.937760][ T8093] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 348.947676][ T8093] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 350.522260][ T8102] netlink: 'syz.2.545': attribute type 10 has an invalid length. [ 351.398951][ T8110] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.546' sets config #0 [ 356.579522][ T8136] syz.3.554 (8136): drop_caches: 2 [ 356.593849][ T8136] syz.3.554 (8136): drop_caches: 2 [ 356.826002][ T8139] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 356.835080][ T8139] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 356.844173][ T8139] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 357.477002][ T8145] syz.1.556 (8145): drop_caches: 2 [ 357.501864][ T8145] syz.1.556 (8145): drop_caches: 2 [ 358.414814][ T8162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.561'. [ 358.536626][ T8155] batadv_slave_1: entered promiscuous mode [ 358.694134][ T8155] netlink: 32 bytes leftover after parsing attributes in process `syz.0.560'. [ 358.986165][ T8153] batadv_slave_1: left promiscuous mode [ 363.914246][ T8190] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 363.922837][ T8190] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 363.931622][ T8190] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 364.119382][ T8194] syz.3.567 (8194): drop_caches: 2 [ 364.309731][ T8194] syz.3.567 (8194): drop_caches: 2 [ 366.348466][ T8204] syz.0.572 (8204): drop_caches: 2 [ 366.396166][ T8204] syz.0.572 (8204): drop_caches: 2 [ 369.766594][ T8236] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 369.775417][ T8236] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 369.784624][ T8236] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 372.510977][ T8247] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.584' sets config #0 [ 372.769540][ T8249] syz.3.585 (8249): drop_caches: 2 [ 372.859971][ T8249] syz.3.585 (8249): drop_caches: 2 [ 375.352497][ T8281] netlink: 'syz.1.595': attribute type 10 has an invalid length. [ 375.372897][ T8277] binder: BINDER_SET_CONTEXT_MGR already set [ 375.379359][ T8277] binder: 8271:8277 ioctl 4018620d 2000000002c0 returned -16 [ 375.424053][ T8281] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 377.439845][ T8287] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 377.450459][ T8287] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 377.459919][ T8287] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 378.626208][ T8309] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.602' sets config #0 [ 378.961265][ T8311] sysfs: Unknown parameter 'tS' [ 382.109722][ T8331] netlink: 'syz.0.609': attribute type 10 has an invalid length. [ 382.378004][ T8343] binder: BINDER_SET_CONTEXT_MGR already set [ 382.485733][ T8343] binder: 8333:8343 ioctl 4018620d 2000000002c0 returned -16 [ 382.663676][ T8347] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 382.673112][ T8347] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 382.685735][ T8347] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 383.891824][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.898324][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.245353][ T8361] sysfs: Unknown parameter 'tS' [ 385.597253][ T8376] syz.0.622 (8376): drop_caches: 2 [ 385.639762][ T8376] syz.0.622 (8376): drop_caches: 2 [ 385.875091][ T8383] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.621' sets config #0 [ 387.284287][ T8396] netlink: 'syz.2.625': attribute type 10 has an invalid length. [ 387.300575][ T8398] syz.1.626 (8398): drop_caches: 2 [ 387.306612][ T8398] syz.1.626 (8398): drop_caches: 2 [ 388.296042][ T8410] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 388.304379][ T8410] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 388.312895][ T8410] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 388.400932][ T8415] sysfs: Unknown parameter 'tS' [ 389.475525][ T8420] binder: BINDER_SET_CONTEXT_MGR already set [ 389.481590][ T8420] binder: 8416:8420 ioctl 4018620d 2000000002c0 returned -16 [ 389.718740][ T8426] syz.1.635 (8426): drop_caches: 2 [ 389.744378][ T8426] syz.1.635 (8426): drop_caches: 2 [ 390.071251][ T8436] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.637' sets config #0 [ 392.332252][ T8447] syz.0.641 (8447): drop_caches: 2 [ 393.082579][ T8447] syz.0.641 (8447): drop_caches: 2 [ 394.873682][ T8472] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 394.882144][ T8472] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 394.891543][ T8472] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 395.408496][ T8474] binder: BINDER_SET_CONTEXT_MGR already set [ 395.426206][ T8474] binder: 8467:8474 ioctl 4018620d 2000000002c0 returned -16 [ 398.039108][ T8484] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.653' sets config #0 [ 400.424548][ T8500] syz.0.656 (8500): drop_caches: 2 [ 400.450057][ T8500] syz.0.656 (8500): drop_caches: 2 [ 402.568337][ T8516] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 402.585009][ T8524] binder: BINDER_SET_CONTEXT_MGR already set [ 402.591111][ T8524] binder: 8518:8524 ioctl 4018620d 2000000002c0 returned -16 [ 402.711064][ T8516] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 402.762333][ T8516] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 404.728880][ T8535] syz.2.667 (8535): drop_caches: 2 [ 404.739310][ T8535] syz.2.667 (8535): drop_caches: 2 [ 404.873486][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 405.237902][ T8541] sysfs: Unknown parameter 'tS' [ 405.240782][ T24] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 405.796597][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.905786][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 406.031462][ T24] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 406.109867][ T24] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 406.158785][ T24] usb 4-1: Manufacturer: syz [ 406.209777][ T24] usb 4-1: config 0 descriptor?? [ 406.250588][ T24] igorplugusb 4-1:0.0: incorrect number of endpoints [ 406.367426][ T24] usb 4-1: USB disconnect, device number 7 [ 407.255187][ T8554] syz.2.673 (8554): drop_caches: 2 [ 407.272202][ T8554] syz.2.673 (8554): drop_caches: 2 [ 408.047650][ T8566] netlink: 'syz.2.676': attribute type 10 has an invalid length. [ 410.942392][ T8590] sysfs: Unknown parameter 'tS' [ 411.233342][ T1209] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 411.385617][ T1209] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 411.394313][ T1209] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 411.434110][ T1209] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 411.468913][ T1209] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 411.483256][ T1209] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 411.509367][ T1209] usb 4-1: Manufacturer: syz [ 411.540145][ T1209] usb 4-1: config 0 descriptor?? [ 411.571832][ T1209] igorplugusb 4-1:0.0: incorrect number of endpoints [ 414.540516][ T8612] syz.4.687 (8612): drop_caches: 2 [ 414.550208][ T8612] syz.4.687 (8612): drop_caches: 2 [ 414.755535][ T5932] usb 4-1: USB disconnect, device number 8 [ 414.844171][ T8616] netlink: 'syz.0.689': attribute type 10 has an invalid length. [ 416.935037][ T8622] batadv_slave_1: entered promiscuous mode [ 417.105148][ T8621] batadv_slave_1: left promiscuous mode [ 417.111840][ T8640] syz.1.695 (8640): drop_caches: 2 [ 417.169355][ T8640] syz.1.695 (8640): drop_caches: 2 [ 421.683882][ T8660] syz.2.700 (8660): drop_caches: 2 [ 421.692225][ T8660] syz.2.700 (8660): drop_caches: 2 [ 422.463435][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 422.543581][ T8671] netlink: 'syz.2.703': attribute type 10 has an invalid length. [ 422.767830][ T8678] binder: BINDER_SET_CONTEXT_MGR already set [ 422.782791][ T8678] binder: 8673:8678 ioctl 4018620d 2000000002c0 returned -16 [ 422.792483][ T10] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 423.502659][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 423.514334][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 423.532139][ T10] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 423.553424][ T10] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 423.562025][ T10] usb 2-1: Manufacturer: syz [ 423.578724][ T10] usb 2-1: config 0 descriptor?? [ 423.596046][ T10] igorplugusb 2-1:0.0: incorrect number of endpoints [ 424.762528][ T8681] batadv_slave_1: entered promiscuous mode [ 425.157862][ T8680] batadv_slave_1: left promiscuous mode [ 426.623979][ T8713] syz.2.714 (8713): drop_caches: 2 [ 426.639816][ T8713] syz.2.714 (8713): drop_caches: 2 [ 426.920570][ T8716] syz.3.716 (8716): drop_caches: 2 [ 426.944780][ T10] usb 2-1: USB disconnect, device number 11 [ 426.967261][ T8716] syz.3.716 (8716): drop_caches: 2 [ 427.843998][ T8726] netlink: 'syz.1.718': attribute type 10 has an invalid length. [ 428.306336][ T8727] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 428.317504][ T8727] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 428.327699][ T8727] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 428.759539][ T8734] sysfs: Unknown parameter 'tS' [ 431.572878][ T8757] batadv_slave_1: entered promiscuous mode [ 431.794488][ T8745] batadv_slave_1: left promiscuous mode [ 431.829001][ T8761] syz.0.727 (8761): drop_caches: 2 [ 431.878895][ T8761] syz.0.727 (8761): drop_caches: 2 [ 432.237050][ T8768] netlink: 'syz.0.730': attribute type 10 has an invalid length. [ 432.453444][ T43] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 432.760042][ T8771] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 432.768009][ T43] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 432.781596][ T8771] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 432.791133][ T8771] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 433.001156][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.040182][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 433.085547][ T43] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 433.097247][ T43] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 433.113321][ T43] usb 2-1: Manufacturer: syz [ 433.127925][ T43] usb 2-1: config 0 descriptor?? [ 433.144094][ T43] igorplugusb 2-1:0.0: incorrect number of endpoints [ 435.717360][ T8787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.734'. [ 438.698799][ T43] usb 2-1: USB disconnect, device number 12 [ 440.614529][ T8826] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 440.623268][ T8826] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 440.640554][ T8826] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 441.094647][ T8828] 9pnet_fd: Insufficient options for proto=fd [ 442.733300][ T8846] sysfs: Unknown parameter 'tS' [ 443.298752][ T8851] netlink: 'syz.2.753': attribute type 10 has an invalid length. [ 443.926463][ T43] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 444.589159][ T43] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 444.620506][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.649631][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 444.748187][ T43] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 444.756181][ T8864] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 444.768164][ T8864] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 444.772314][ T43] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 444.785522][ T43] usb 3-1: Manufacturer: syz [ 444.790652][ T8864] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 444.874927][ T43] usb 3-1: config 0 descriptor?? [ 445.058656][ T43] igorplugusb 3-1:0.0: incorrect number of endpoints [ 445.364030][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.370463][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 448.070703][ T8891] netlink: 'syz.1.765': attribute type 10 has an invalid length. [ 448.102505][ T9] usb 3-1: USB disconnect, device number 10 [ 454.264125][ T8921] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 454.272991][ T8921] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 454.281973][ T8921] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 455.256370][ T8936] syz.4.774 (8936): drop_caches: 2 [ 455.323335][ T8936] syz.4.774 (8936): drop_caches: 2 [ 456.643707][ T8364] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 456.967921][ T8364] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 457.022293][ T8364] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.050226][ T8364] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 457.226804][ T8364] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 457.673865][ T8364] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 457.702060][ T8364] usb 3-1: Manufacturer: syz [ 457.900800][ T8364] usb 3-1: config 0 descriptor?? [ 458.019980][ T8364] igorplugusb 3-1:0.0: incorrect number of endpoints [ 460.344730][ T8967] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 460.355648][ T8967] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 460.399117][ T8967] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 461.373764][ T9] usb 3-1: USB disconnect, device number 11 [ 462.539098][ T8991] syz.3.790 (8991): drop_caches: 2 [ 462.562193][ T8991] syz.3.790 (8991): drop_caches: 2 [ 468.824000][ T9030] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 468.834012][ T9030] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 468.842747][ T9030] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 470.013250][ T5919] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 470.177587][ T9049] sysfs: Unknown parameter 'tS' [ 470.208700][ T5919] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 470.255657][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 470.335300][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 470.643460][ T5919] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 470.661824][ T5919] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 470.680753][ T5919] usb 2-1: Manufacturer: syz [ 470.689400][ T5919] usb 2-1: config 0 descriptor?? [ 470.703136][ T5919] igorplugusb 2-1:0.0: incorrect number of endpoints [ 470.735551][ T9053] syz.3.807 (9053): drop_caches: 2 [ 470.746823][ T9053] syz.3.807 (9053): drop_caches: 2 [ 471.405430][ T9058] 9pnet_fd: Insufficient options for proto=fd [ 476.197347][ T43] usb 2-1: USB disconnect, device number 13 [ 479.013360][ T9087] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.813' sets config #0 [ 479.241714][ T9089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.814'. [ 479.717045][ T9092] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.815' sets config #0 [ 480.855669][ T9113] sysfs: Unknown parameter 'tS' [ 481.538419][ T9119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.823'. [ 481.962584][ T9120] syz.1.824 (9120): drop_caches: 2 [ 481.991366][ T9120] syz.1.824 (9120): drop_caches: 2 [ 482.143126][ T9126] 9pnet_fd: Insufficient options for proto=fd [ 482.193281][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 482.314319][ T9130] 9pnet_fd: Insufficient options for proto=fd [ 482.357243][ T9] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 482.378731][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 482.416946][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 482.549655][ T9] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 482.578205][ T9] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 482.615331][ T9] usb 4-1: Manufacturer: syz [ 482.653087][ T9] usb 4-1: config 0 descriptor?? [ 482.825801][ T9] igorplugusb 4-1:0.0: incorrect number of endpoints [ 488.048921][ T10] usb 4-1: USB disconnect, device number 9 [ 488.633123][ T9161] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.834' sets config #0 [ 489.804689][ T9165] Can't find ip_set type ha [ 490.082588][ T9168] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 490.094507][ T9168] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 490.103993][ T9168] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 490.402797][ T9172] 9pnet_fd: Insufficient options for proto=fd [ 490.442933][ T9173] syz.4.838 (9173): drop_caches: 2 [ 490.481367][ T9173] syz.4.838 (9173): drop_caches: 2 [ 493.916676][ T9208] netlink: 'syz.1.849': attribute type 10 has an invalid length. [ 493.928183][ T9213] 9pnet_fd: Insufficient options for proto=fd [ 494.333661][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 495.106594][ T9] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 495.132277][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.583007][ T9221] syz.4.855 (9221): drop_caches: 2 [ 495.593029][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 495.611235][ T9221] syz.4.855 (9221): drop_caches: 2 [ 495.617688][ T9] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 495.712039][ T9] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 495.900189][ T9235] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 495.908957][ T9235] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 495.918217][ T9235] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 496.104626][ T9232] syz.1.856 (9232): drop_caches: 2 [ 496.112287][ T9] usb 1-1: Manufacturer: syz [ 496.143973][ T9232] syz.1.856 (9232): drop_caches: 2 [ 496.515710][ T9] usb 1-1: config 0 descriptor?? [ 496.764905][ T9] igorplugusb 1-1:0.0: incorrect number of endpoints [ 498.937332][ T9262] netlink: 'syz.2.864': attribute type 10 has an invalid length. [ 498.981106][ T9] usb 1-1: USB disconnect, device number 13 [ 503.199742][ T9289] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 503.209302][ T9289] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 503.219316][ T9289] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 506.768118][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.132053][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.314252][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 507.765363][ T9] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 507.894243][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 508.524295][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 508.632520][ T9] usb 4-1: string descriptor 0 read error: -71 [ 508.641928][ T9] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 508.651568][ T9] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 508.673642][ T9] usb 4-1: config 0 descriptor?? [ 508.680485][ T9] usb 4-1: can't set config #0, error -71 [ 508.696818][ T9] usb 4-1: USB disconnect, device number 10 [ 508.732666][ T9317] netlink: 'syz.1.880': attribute type 10 has an invalid length. [ 509.700306][ T9326] Can't find ip_set type ha [ 511.637465][ T9345] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 511.646187][ T9345] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 511.654840][ T9345] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 513.378672][ T9368] Trying to write to read-only block-device nullb0 [ 513.424789][ T9372] netlink: 'syz.2.894': attribute type 10 has an invalid length. [ 513.499473][ T9375] batman_adv: batadv0: Adding interface: dummy0 [ 513.506139][ T9375] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.531689][ T9375] batman_adv: batadv0: Interface activated: dummy0 [ 519.131226][ T5919] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 519.345766][ T5919] usb 1-1: Using ep0 maxpacket: 32 [ 519.396636][ T5919] usb 1-1: unable to get BOS descriptor or descriptor too short [ 519.418008][ T5919] usb 1-1: config 2 has an invalid interface number: 189 but max is 0 [ 519.452470][ T5919] usb 1-1: config 2 has no interface number 0 [ 519.507328][ T5919] usb 1-1: config 2 interface 189 has no altsetting 0 [ 519.695162][ T9407] netlink: 20 bytes leftover after parsing attributes in process `syz.2.902'. [ 519.703109][ T5919] usb 1-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52 [ 519.821499][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.141153][ T5919] usb 1-1: Product: syz [ 520.151282][ T5919] usb 1-1: Manufacturer: syz [ 520.201734][ T5919] usb 1-1: SerialNumber: syz [ 520.298491][ T9395] syz.1.900 (9395): drop_caches: 2 [ 520.505529][ T9395] syz.1.900 (9395): drop_caches: 2 [ 522.771120][ T5919] usb 1-1: unknown interface protocol 0x3b, assuming v1 [ 522.803767][ T5919] usb 1-1: cannot find UAC_HEADER [ 523.031385][ T5919] snd-usb-audio 1-1:2.189: probe with driver snd-usb-audio failed with error -22 [ 523.087337][ T5919] usb 1-1: USB disconnect, device number 14 [ 523.693433][ T9432] Can't find ip_set type ha [ 524.219444][ T8981] udevd[8981]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.189/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 524.716007][ T9450] netlink: 'syz.3.913': attribute type 10 has an invalid length. [ 525.290414][ T9456] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.912' sets config #0 [ 526.772894][ T9468] binder: BINDER_SET_CONTEXT_MGR already set [ 526.822079][ T9468] binder: 9464:9468 ioctl 4018620d 2000000002c0 returned -16 [ 529.259306][ T9493] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.928' sets config #1869768577 [ 532.799236][ T9504] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.931' sets config #0 [ 533.162390][ T9521] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 533.166630][ T9523] binder: BINDER_SET_CONTEXT_MGR already set [ 533.204507][ T9523] binder: 9514:9523 ioctl 4018620d 2000000002c0 returned -16 [ 533.586779][ T9521] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 533.757795][ T9528] netlink: 12 bytes leftover after parsing attributes in process `syz.1.937'. [ 533.977032][ T9534] 9pnet_fd: Insufficient options for proto=fd [ 534.427582][ T9530] netlink: 'syz.2.938': attribute type 1 has an invalid length. [ 534.550686][ T9530] netlink: 15 bytes leftover after parsing attributes in process `syz.2.938'. [ 540.497530][ T9570] binder: BINDER_SET_CONTEXT_MGR already set [ 540.506770][ T9570] binder: 9565:9570 ioctl 4018620d 2000000002c0 returned -16 [ 540.818039][ T9574] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 544.251187][ T9589] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 544.261218][ T9589] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 544.261357][ T9589] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 546.088975][ T9595] FAULT_INJECTION: forcing a failure. [ 546.088975][ T9595] name failslab, interval 1, probability 0, space 0, times 0 [ 546.129509][ T9595] CPU: 1 UID: 0 PID: 9595 Comm: syz.2.957 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 546.129537][ T9595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 546.129554][ T9595] Call Trace: [ 546.129565][ T9595] [ 546.129575][ T9595] dump_stack_lvl+0x189/0x250 [ 546.129603][ T9595] ? irqentry_exit+0x74/0x90 [ 546.129626][ T9595] ? __pfx_dump_stack_lvl+0x10/0x10 [ 546.129667][ T9595] should_fail_ex+0x414/0x560 [ 546.129694][ T9595] should_failslab+0xa8/0x100 [ 546.129718][ T9595] __kmalloc_cache_noprof+0x70/0x3d0 [ 546.129738][ T9595] ? sctp_datamsg_from_user+0x88/0xef0 [ 546.129759][ T9595] ? sctp_transport_put+0xd2/0x160 [ 546.129789][ T9595] sctp_datamsg_from_user+0x88/0xef0 [ 546.129813][ T9595] ? rhltable_lookup+0x6a7/0x780 [ 546.129839][ T9595] ? __pfx_sctp_hash_cmp+0x10/0x10 [ 546.129858][ T9595] ? __pfx_rhltable_lookup+0x10/0x10 [ 546.129876][ T9595] ? __genradix_ptr+0x1e1/0x220 [ 546.129908][ T9595] sctp_sendmsg_to_asoc+0x1003/0x1810 [ 546.129954][ T9595] ? __pfx_sctp_hash_key+0x10/0x10 [ 546.129982][ T9595] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 546.130014][ T9595] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 546.130045][ T9595] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 546.130072][ T9595] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 546.130100][ T9595] ? sctp_sendmsg_check_sflags+0x18d/0x2e0 [ 546.130135][ T9595] sctp_sendmsg+0x1941/0x2810 [ 546.130179][ T9595] ? __pfx_sctp_sendmsg+0x10/0x10 [ 546.130228][ T9595] ? __lock_acquire+0xab9/0xd20 [ 546.130265][ T9595] ? sock_rps_record_flow+0x19/0x410 [ 546.130291][ T9595] ? inet_sendmsg+0x2f4/0x370 [ 546.130312][ T9595] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 546.130335][ T9595] __sock_sendmsg+0x19c/0x270 [ 546.130363][ T9595] __sys_sendto+0x3bd/0x520 [ 546.130394][ T9595] ? __pfx___sys_sendto+0x10/0x10 [ 546.130419][ T9595] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 546.130455][ T9595] ? __fget_files+0x3a0/0x420 [ 546.130489][ T9595] ? ksys_write+0x22a/0x250 [ 546.130510][ T9595] ? __pfx_ksys_write+0x10/0x10 [ 546.130526][ T9595] ? rcu_is_watching+0x15/0xb0 [ 546.130554][ T9595] __x64_sys_sendto+0xde/0x100 [ 546.130586][ T9595] do_syscall_64+0xfa/0x3b0 [ 546.130624][ T9595] ? lockdep_hardirqs_on+0x9c/0x150 [ 546.130646][ T9595] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.130667][ T9595] ? clear_bhb_loop+0x60/0xb0 [ 546.130694][ T9595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.130725][ T9595] RIP: 0033:0x7f2bde18ebe9 [ 546.130742][ T9595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.130760][ T9595] RSP: 002b:00007f2bdf069038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 546.130788][ T9595] RAX: ffffffffffffffda RBX: 00007f2bde3b6090 RCX: 00007f2bde18ebe9 [ 546.130803][ T9595] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004 [ 546.130815][ T9595] RBP: 00007f2bdf069090 R08: 0000200000000100 R09: 000000000000001c [ 546.130828][ T9595] R10: 0000000000044004 R11: 0000000000000246 R12: 0000000000000001 [ 546.130840][ T9595] R13: 00007f2bde3b6128 R14: 00007f2bde3b6090 R15: 00007ffca32b2238 [ 546.130890][ T9595] [ 547.017955][ T9] IPVS: starting estimator thread 0... [ 547.145259][ T9607] IPVS: using max 38 ests per chain, 91200 per kthread [ 548.975699][ T1209] IPVS: starting estimator thread 0... [ 549.073437][ T9622] IPVS: using max 23 ests per chain, 55200 per kthread [ 549.553881][ T9628] binder: BINDER_SET_CONTEXT_MGR already set [ 549.559949][ T9628] binder: 9626:9628 ioctl 4018620d 2000000002c0 returned -16 [ 549.605469][ T9632] FAULT_INJECTION: forcing a failure. [ 549.605469][ T9632] name failslab, interval 1, probability 0, space 0, times 0 [ 549.632335][ T9632] CPU: 0 UID: 0 PID: 9632 Comm: syz.1.969 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 549.632366][ T9632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 549.632380][ T9632] Call Trace: [ 549.632389][ T9632] [ 549.632399][ T9632] dump_stack_lvl+0x189/0x250 [ 549.632428][ T9632] ? __pfx____ratelimit+0x10/0x10 [ 549.632451][ T9632] ? __pfx_dump_stack_lvl+0x10/0x10 [ 549.632476][ T9632] ? __pfx__printk+0x10/0x10 [ 549.632521][ T9632] should_fail_ex+0x414/0x560 [ 549.632551][ T9632] should_failslab+0xa8/0x100 [ 549.632576][ T9632] kmem_cache_alloc_noprof+0x73/0x3c0 [ 549.632597][ T9632] ? skb_clone+0x212/0x3a0 [ 549.632624][ T9632] skb_clone+0x212/0x3a0 [ 549.632650][ T9632] __netlink_deliver_tap+0x404/0x850 [ 549.632695][ T9632] ? netlink_deliver_tap+0x2e/0x1b0 [ 549.632727][ T9632] netlink_deliver_tap+0x19c/0x1b0 [ 549.632759][ T9632] netlink_sendskb+0x68/0x140 [ 549.632795][ T9632] netlink_rcv_skb+0x28c/0x470 [ 549.632826][ T9632] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 549.632854][ T9632] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 549.632897][ T9632] ? bpf_lsm_capable+0x9/0x20 [ 549.632928][ T9632] ? security_capable+0x7e/0x2e0 [ 549.632964][ T9632] nfnetlink_rcv+0x26a/0x2520 [ 549.632992][ T9632] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 549.633020][ T9632] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 549.633044][ T9632] ? __dev_queue_xmit+0x27e/0x3a70 [ 549.633067][ T9632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.633101][ T9632] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 549.633125][ T9632] ? __pfx___dev_queue_xmit+0x10/0x10 [ 549.633161][ T9632] ? ref_tracker_free+0x63a/0x7d0 [ 549.633184][ T9632] ? __copy_skb_header+0xa7/0x550 [ 549.633205][ T9632] ? __pfx_ref_tracker_free+0x10/0x10 [ 549.633227][ T9632] ? __skb_clone+0x63/0x7a0 [ 549.633258][ T9632] ? __skb_clone+0x483/0x7a0 [ 549.633287][ T9632] ? skb_clone+0x246/0x3a0 [ 549.633310][ T9632] ? __netlink_deliver_tap+0x807/0x850 [ 549.633341][ T9632] ? netlink_deliver_tap+0x2e/0x1b0 [ 549.633379][ T9632] ? netlink_deliver_tap+0x2e/0x1b0 [ 549.633407][ T9632] ? netlink_deliver_tap+0x2e/0x1b0 [ 549.633441][ T9632] netlink_unicast+0x75c/0x8e0 [ 549.633470][ T9632] netlink_sendmsg+0x805/0xb30 [ 549.633502][ T9632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.633531][ T9632] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 549.633546][ T9632] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.633569][ T9632] __sock_sendmsg+0x21c/0x270 [ 549.633590][ T9632] ____sys_sendmsg+0x505/0x830 [ 549.633618][ T9632] ? __pfx_____sys_sendmsg+0x10/0x10 [ 549.633650][ T9632] ? import_iovec+0x74/0xa0 [ 549.633674][ T9632] ___sys_sendmsg+0x21f/0x2a0 [ 549.633700][ T9632] ? __pfx____sys_sendmsg+0x10/0x10 [ 549.633752][ T9632] ? __fget_files+0x2a/0x420 [ 549.633769][ T9632] ? __fget_files+0x3a0/0x420 [ 549.633794][ T9632] __x64_sys_sendmsg+0x19b/0x260 [ 549.633821][ T9632] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 549.633852][ T9632] ? __pfx_ksys_write+0x10/0x10 [ 549.633865][ T9632] ? rcu_is_watching+0x15/0xb0 [ 549.633886][ T9632] ? do_syscall_64+0xbe/0x3b0 [ 549.633906][ T9632] do_syscall_64+0xfa/0x3b0 [ 549.633922][ T9632] ? lockdep_hardirqs_on+0x9c/0x150 [ 549.633938][ T9632] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.633954][ T9632] ? clear_bhb_loop+0x60/0xb0 [ 549.633973][ T9632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.633988][ T9632] RIP: 0033:0x7fcd77f8ebe9 [ 549.634001][ T9632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.634014][ T9632] RSP: 002b:00007fcd761f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.634031][ T9632] RAX: ffffffffffffffda RBX: 00007fcd781b5fa0 RCX: 00007fcd77f8ebe9 [ 549.634043][ T9632] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 549.634053][ T9632] RBP: 00007fcd761f6090 R08: 0000000000000000 R09: 0000000000000000 [ 549.634062][ T9632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 549.634071][ T9632] R13: 00007fcd781b6038 R14: 00007fcd781b5fa0 R15: 00007ffd5f6319d8 [ 549.634095][ T9632] [ 550.027162][ C0] vkms_vblank_simulate: vblank timer overrun [ 551.850698][ T9643] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 552.197852][ T9652] syz.0.973 (9652): drop_caches: 2 [ 552.213492][ T9652] syz.0.973 (9652): drop_caches: 2 [ 552.369678][ T9657] netlink: 'syz.3.975': attribute type 8 has an invalid length. [ 554.033254][ T1209] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 554.214035][ T9669] Invalid source name [ 554.242893][ T1209] usb 2-1: Using ep0 maxpacket: 8 [ 554.256093][ T9669] UBIFS error (pid: 9669): cannot open "/dev/sg0", error -22 [ 554.271612][ T9669] netlink: 'syz.3.977': attribute type 3 has an invalid length. [ 554.272974][ T1209] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 554.413117][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.433205][ T1209] usb 2-1: Product: syz [ 554.437444][ T1209] usb 2-1: Manufacturer: syz [ 554.442086][ T1209] usb 2-1: SerialNumber: syz [ 554.504672][ T1209] usb 2-1: config 0 descriptor?? [ 554.516657][ T1209] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 554.553723][ T1209] dvb-usb: bulk message failed: -22 (2/0) [ 554.559847][ T1209] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 554.603658][ T1209] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 554.650553][ T1209] usb 2-1: media controller created [ 554.774005][ T1209] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 554.866667][ T1209] dvb-usb: bulk message failed: -22 (1/0) [ 554.885337][ T1209] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 554.907232][ T9688] binder: 9686:9688 ioctl c0306201 200000000240 returned -11 [ 554.930326][ T1209] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 555.062334][ T1209] dvb-usb: schedule remote query interval to 50 msecs. [ 555.132057][ T1209] dvb-usb: bulk message failed: -22 (2/0) [ 555.186262][ T5903] dvb-usb: bulk message failed: -22 (1/0) [ 555.192627][ T1209] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 555.235233][ T5903] dvb-usb: error while querying for an remote control event. [ 555.363765][ T1209] usb 2-1: USB disconnect, device number 14 [ 556.015981][ T1209] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 557.520116][ T9711] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 557.531771][ T9711] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 557.542498][ T9711] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 558.469688][ T9718] binder: 9717:9718 ioctl c0306201 200000000240 returned -11 [ 558.894369][ T9727] FAULT_INJECTION: forcing a failure. [ 558.894369][ T9727] name failslab, interval 1, probability 0, space 0, times 0 [ 558.907919][ T9727] CPU: 0 UID: 0 PID: 9727 Comm: syz.0.998 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 558.907947][ T9727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 558.907960][ T9727] Call Trace: [ 558.907969][ T9727] [ 558.907978][ T9727] dump_stack_lvl+0x189/0x250 [ 558.908008][ T9727] ? __pfx____ratelimit+0x10/0x10 [ 558.908032][ T9727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 558.908056][ T9727] ? __pfx__printk+0x10/0x10 [ 558.908087][ T9727] ? __pfx___might_resched+0x10/0x10 [ 558.908111][ T9727] ? fs_reclaim_acquire+0x7d/0x100 [ 558.908142][ T9727] should_fail_ex+0x414/0x560 [ 558.908171][ T9727] should_failslab+0xa8/0x100 [ 558.908197][ T9727] __kmalloc_noprof+0xcb/0x4f0 [ 558.908217][ T9727] ? tomoyo_encode+0x28b/0x550 [ 558.908250][ T9727] tomoyo_encode+0x28b/0x550 [ 558.908284][ T9727] tomoyo_realpath_from_path+0x58d/0x5d0 [ 558.908315][ T9727] ? tomoyo_domain+0xda/0x130 [ 558.908350][ T9727] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 558.908373][ T9727] tomoyo_path_number_perm+0x1e8/0x5a0 [ 558.908400][ T9727] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 558.908444][ T9727] ? __lock_acquire+0xab9/0xd20 [ 558.908495][ T9727] ? __fget_files+0x2a/0x420 [ 558.908523][ T9727] ? __fget_files+0x2a/0x420 [ 558.908546][ T9727] ? __fget_files+0x3a0/0x420 [ 558.908569][ T9727] ? __fget_files+0x2a/0x420 [ 558.908602][ T9727] security_file_ioctl+0xcb/0x2d0 [ 558.908630][ T9727] __se_sys_ioctl+0x47/0x170 [ 558.908666][ T9727] do_syscall_64+0xfa/0x3b0 [ 558.908689][ T9727] ? lockdep_hardirqs_on+0x9c/0x150 [ 558.908712][ T9727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.908734][ T9727] ? clear_bhb_loop+0x60/0xb0 [ 558.908762][ T9727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.908783][ T9727] RIP: 0033:0x7f6d6eb8ebe9 [ 558.908802][ T9727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.908821][ T9727] RSP: 002b:00007f6d6f941038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 558.908843][ T9727] RAX: ffffffffffffffda RBX: 00007f6d6edb5fa0 RCX: 00007f6d6eb8ebe9 [ 558.908859][ T9727] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 558.908873][ T9727] RBP: 00007f6d6f941090 R08: 0000000000000000 R09: 0000000000000000 [ 558.908886][ T9727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 558.908899][ T9727] R13: 00007f6d6edb6038 R14: 00007f6d6edb5fa0 R15: 00007ffc76849058 [ 558.908935][ T9727] [ 558.908980][ T9727] ERROR: Out of memory at tomoyo_realpath_from_path. [ 559.493748][ T9735] devtmpfs: Too few inodes for current use [ 560.519402][ T9742] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 560.718093][ T9753] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1004'. [ 560.998474][ T9758] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 561.826010][ T9769] binder: 9766:9769 ioctl c0306201 200000000240 returned -11 [ 562.019865][ T9775] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 562.119540][ T9778] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1010'. [ 562.262133][ T9782] comedi comedi3: mpc624: I/O port conflict (0x4f27,16) [ 567.633269][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 567.778685][ T9827] netlink: 'syz.1.1027': attribute type 3 has an invalid length. [ 567.803724][ T10] usb 4-1: config 0 has an invalid interface number: 83 but max is 0 [ 567.826411][ T10] usb 4-1: config 0 has no interface number 0 [ 567.843470][ T10] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 567.852583][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.881785][ T10] usb 4-1: config 0 descriptor?? [ 567.902808][ T10] ttusbir 4-1:0.83: cannot find expected altsetting [ 568.252221][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.258674][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.279605][ T10] usb 4-1: USB disconnect, device number 11 [ 568.317999][ T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 569.683226][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 569.691951][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 569.733513][ T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 569.742635][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.229451][ T24] usb 5-1: config 0 descriptor?? [ 570.251501][ T9844] Can't find ip_set type ha [ 570.309066][ T24] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input10 [ 570.622242][ T24] usb 5-1: USB disconnect, device number 16 [ 570.628288][ T5191] bcm5974 5-1:0.0: could not read from device [ 571.413062][ T5191] bcm5974 5-1:0.0: could not read from device [ 571.890257][ T8927] udevd[8927]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 578.312980][ T9903] Can't find ip_set type ha [ 578.408132][ T9891] could not allocate digest TFM handle sha1-neon [ 578.744255][ T9914] sysfs: Unknown parameter 'tS' [ 578.877766][ T9918] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1048'. [ 579.282918][ T9927] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 581.055897][ T9939] syz.4.1054 (9939): drop_caches: 2 [ 581.061795][ T9939] syz.4.1054 (9939): drop_caches: 2 [ 581.083471][ T5919] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 581.243496][ T5919] usb 3-1: Using ep0 maxpacket: 8 [ 581.260566][ T5919] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 581.329363][ T5919] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 581.468545][ T5919] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 581.584296][ T5919] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 581.690514][ T5919] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 581.720805][ T9945] use of bytesused == 0 is deprecated and will be removed in the future, [ 581.733472][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.740020][ T9945] use the actual size instead. [ 581.987304][ T5919] usb 3-1: GET_CAPABILITIES returned 0 [ 582.214685][ T5919] usbtmc 3-1:16.0: can't read capabilities [ 583.489556][ T30] audit: type=1326 audit(1755602140.789:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9957 comm="syz.3.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb26fb8ebe9 code=0x7ffc0000 [ 583.567945][ T9961] FAULT_INJECTION: forcing a failure. [ 583.567945][ T9961] name failslab, interval 1, probability 0, space 0, times 0 [ 583.599031][ T9961] CPU: 0 UID: 0 PID: 9961 Comm: syz.4.1059 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 583.599063][ T9961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 583.599078][ T9961] Call Trace: [ 583.599087][ T9961] [ 583.599096][ T9961] dump_stack_lvl+0x189/0x250 [ 583.599126][ T9961] ? __pfx____ratelimit+0x10/0x10 [ 583.599150][ T9961] ? __pfx_dump_stack_lvl+0x10/0x10 [ 583.599175][ T9961] ? __pfx__printk+0x10/0x10 [ 583.599206][ T9961] ? __pfx___might_resched+0x10/0x10 [ 583.599231][ T9961] ? fs_reclaim_acquire+0x7d/0x100 [ 583.599263][ T9961] should_fail_ex+0x414/0x560 [ 583.599292][ T9961] should_failslab+0xa8/0x100 [ 583.599318][ T9961] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 583.599341][ T9961] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 583.599361][ T9961] ? v9fs_session_init+0xaf/0x19a0 [ 583.599389][ T9961] ? legacy_get_tree+0xfd/0x1a0 [ 583.599413][ T9961] ? vfs_get_tree+0x92/0x2b0 [ 583.599438][ T9961] kstrdup+0x42/0x100 [ 583.599468][ T9961] v9fs_session_init+0xaf/0x19a0 [ 583.599528][ T9961] ? __pfx_v9fs_session_init+0x10/0x10 [ 583.599565][ T9961] ? v9fs_mount+0xb2/0xa10 [ 583.599587][ T9961] ? __kasan_kmalloc+0x93/0xb0 [ 583.599611][ T9961] ? v9fs_mount+0xb2/0xa10 [ 583.599636][ T9961] v9fs_mount+0xc8/0xa10 [ 583.599658][ T9961] ? __kasan_kmalloc+0x93/0xb0 [ 583.599680][ T9961] ? __pfx_v9fs_mount+0x10/0x10 [ 583.599702][ T9961] ? rcu_is_watching+0x15/0xb0 [ 583.599726][ T9961] ? cap_capable+0x11f/0x460 [ 583.599752][ T9961] legacy_get_tree+0xfd/0x1a0 [ 583.599776][ T9961] ? __pfx_v9fs_mount+0x10/0x10 [ 583.599800][ T9961] vfs_get_tree+0x92/0x2b0 [ 583.599825][ T9961] do_new_mount+0x24a/0xa40 [ 583.599859][ T9961] __se_sys_mount+0x317/0x410 [ 583.599896][ T9961] ? __pfx___se_sys_mount+0x10/0x10 [ 583.599919][ T9961] ? rcu_is_watching+0x15/0xb0 [ 583.599948][ T9961] ? do_syscall_64+0xbe/0x3b0 [ 583.599971][ T9961] ? __x64_sys_mount+0x20/0xc0 [ 583.599998][ T9961] do_syscall_64+0xfa/0x3b0 [ 583.600021][ T9961] ? lockdep_hardirqs_on+0x9c/0x150 [ 583.600044][ T9961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.600066][ T9961] ? clear_bhb_loop+0x60/0xb0 [ 583.600093][ T9961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.600114][ T9961] RIP: 0033:0x7f5a63b8ebe9 [ 583.600133][ T9961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.600152][ T9961] RSP: 002b:00007f5a61df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 583.600175][ T9961] RAX: ffffffffffffffda RBX: 00007f5a63db5fa0 RCX: 00007f5a63b8ebe9 [ 583.600190][ T9961] RDX: 0000200000000100 RSI: 0000200000000140 RDI: 0000000000000000 [ 583.600205][ T9961] RBP: 00007f5a61df6090 R08: 00002000000000c0 R09: 0000000000000000 [ 583.600219][ T9961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 583.600232][ T9961] R13: 00007f5a63db6038 R14: 00007f5a63db5fa0 R15: 00007ffe157e30f8 [ 583.600266][ T9961] [ 583.612594][ T30] audit: type=1326 audit(1755602140.819:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9957 comm="syz.3.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7fb26fb8ebe9 code=0x7ffc0000 [ 583.880831][ T9967] comedi comedi3: pcl726: I/O port conflict (0x4f27,16) [ 583.963675][ T1209] usb 3-1: USB disconnect, device number 12 [ 584.093391][ T30] audit: type=1326 audit(1755602140.819:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9957 comm="syz.3.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb26fb8ebe9 code=0x7ffc0000 [ 584.119872][ T30] audit: type=1326 audit(1755602140.819:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9957 comm="syz.3.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb26fb8ebe9 code=0x7ffc0000 [ 584.146993][ T30] audit: type=1326 audit(1755602140.819:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9957 comm="syz.3.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb26fb8ebe9 code=0x7ffc0000 [ 586.227702][ T9983] Can't find ip_set type ha [ 586.917372][ T1209] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 587.124861][ T1209] usb 1-1: Using ep0 maxpacket: 16 [ 587.178337][ T1209] usb 1-1: unable to get BOS descriptor or descriptor too short [ 587.194801][ T1209] usb 1-1: config 0 has no interfaces? [ 587.208802][ T1209] usb 1-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 587.229804][ T1209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.285549][ T1209] usb 1-1: Product: syz [ 587.325154][ T1209] usb 1-1: Manufacturer: syz [ 587.384242][ T1209] usb 1-1: SerialNumber: syz [ 587.758157][ T1209] usb 1-1: config 0 descriptor?? [ 588.255106][ T5903] usb 1-1: USB disconnect, device number 15 [ 594.265921][T10033] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1077' sets config #0 [ 595.157800][T10036] Can't find ip_set type ha [ 596.866584][T10062] 9pnet_fd: Insufficient options for proto=fd [ 600.793435][T10087] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 601.174145][T10087] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 601.184464][T10087] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 601.194991][T10087] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 601.247908][T10112] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1096' sets config #0 [ 601.522891][T10087] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 601.532481][T10087] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 601.546744][T10087] usb 5-1: Product: syz [ 601.550974][T10087] usb 5-1: Manufacturer: syz [ 601.556866][T10087] usb 5-1: SerialNumber: syz [ 601.952757][T10087] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 601.967912][T10118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1101'. [ 602.059173][T10123] [U] „ [ 602.745931][ T43] usb 5-1: USB disconnect, device number 17 [ 603.155907][ T43] usblp0: removed [ 603.443082][T10128] FAULT_INJECTION: forcing a failure. [ 603.443082][T10128] name failslab, interval 1, probability 0, space 0, times 0 [ 603.476251][T10128] CPU: 0 UID: 0 PID: 10128 Comm: syz.3.1102 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 603.476282][T10128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 603.476296][T10128] Call Trace: [ 603.476305][T10128] [ 603.476314][T10128] dump_stack_lvl+0x189/0x250 [ 603.476344][T10128] ? __pfx____ratelimit+0x10/0x10 [ 603.476367][T10128] ? __pfx_dump_stack_lvl+0x10/0x10 [ 603.476391][T10128] ? __pfx__printk+0x10/0x10 [ 603.476422][T10128] ? __pfx___might_resched+0x10/0x10 [ 603.476446][T10128] ? fs_reclaim_acquire+0x7d/0x100 [ 603.476484][T10128] should_fail_ex+0x414/0x560 [ 603.476513][T10128] should_failslab+0xa8/0x100 [ 603.476538][T10128] __kmalloc_noprof+0xcb/0x4f0 [ 603.476559][T10128] ? alloc_pipe_info+0x1fd/0x4d0 [ 603.476587][T10128] alloc_pipe_info+0x1fd/0x4d0 [ 603.476612][T10128] splice_direct_to_actor+0xa5d/0xcc0 [ 603.476638][T10128] ? __lock_acquire+0xab9/0xd20 [ 603.476672][T10128] ? __lock_acquire+0xab9/0xd20 [ 603.476692][T10128] ? __pfx_direct_splice_actor+0x10/0x10 [ 603.476715][T10128] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 603.476750][T10128] do_splice_direct+0x181/0x270 [ 603.476776][T10128] ? __pfx_do_splice_direct+0x10/0x10 [ 603.476800][T10128] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 603.476832][T10128] ? rw_verify_area+0x258/0x650 [ 603.476870][T10128] do_sendfile+0x4da/0x7e0 [ 603.476907][T10128] ? __pfx_do_sendfile+0x10/0x10 [ 603.476949][T10128] __se_sys_sendfile64+0xd9/0x190 [ 603.476977][T10128] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 603.477000][T10128] ? rcu_is_watching+0x15/0xb0 [ 603.477030][T10128] ? do_syscall_64+0xbe/0x3b0 [ 603.477058][T10128] do_syscall_64+0xfa/0x3b0 [ 603.477081][T10128] ? lockdep_hardirqs_on+0x9c/0x150 [ 603.477104][T10128] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.477125][T10128] ? clear_bhb_loop+0x60/0xb0 [ 603.477152][T10128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.477173][T10128] RIP: 0033:0x7fb26fb8ebe9 [ 603.477192][T10128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.477211][T10128] RSP: 002b:00007fb2709d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 603.477235][T10128] RAX: ffffffffffffffda RBX: 00007fb26fdb5fa0 RCX: 00007fb26fb8ebe9 [ 603.477251][T10128] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 603.477266][T10128] RBP: 00007fb2709d2090 R08: 0000000000000000 R09: 0000000000000000 [ 603.477279][T10128] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 603.477292][T10128] R13: 00007fb26fdb6038 R14: 00007fb26fdb5fa0 R15: 00007ffdfe031898 [ 603.477326][T10128] [ 604.578156][T10136] kvm: user requested TSC rate below hardware speed [ 607.940869][T10158] binder: BINDER_SET_CONTEXT_MGR already set [ 607.999233][T10158] binder: 10149:10158 ioctl 4018620d 2000000002c0 returned -16 [ 608.286746][T10165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1113'. [ 609.478630][T10175] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1115'. [ 609.527742][T10178] binder: 10177:10178 ioctl 4018620d 0 returned -22 [ 609.542608][T10178] binder: 10177:10178 ioctl c0306201 200000000240 returned -11 [ 610.524540][T10189] program syz.3.1118 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 611.668412][T10205] bond0: Unable to set down delay as MII monitoring is disabled [ 612.748833][T10216] capability: warning: `syz.1.1125' uses 32-bit capabilities (legacy support in use) [ 614.663498][T10227] syz.3.1128 (10227): drop_caches: 2 [ 614.730362][T10227] syz.3.1128 (10227): drop_caches: 2 [ 620.311658][T10269] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1137' sets config #0 [ 620.478366][T10278] Invalid logical block size (535) [ 620.524255][T10276] syz.2.1142 (10276): drop_caches: 2 [ 620.632378][T10276] syz.2.1142 (10276): drop_caches: 2 [ 621.326112][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1144'. [ 621.764643][T10297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1145'. [ 622.226461][T10301] openvswitch: netlink: Missing key (keys=40, expected=80) [ 625.073228][T10087] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 625.637183][T10087] usb 2-1: config 0 has an invalid interface number: 122 but max is 0 [ 625.648277][T10087] usb 2-1: config 0 has no interface number 0 [ 625.656274][T10087] usb 2-1: config 0 interface 122 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 625.715979][T10087] usb 2-1: New USB device found, idVendor=0f11, idProduct=1020, bcdDevice=90.16 [ 625.735329][T10087] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.770926][T10087] usb 2-1: Product: syz [ 625.791779][T10087] usb 2-1: Manufacturer: syz [ 625.797571][T10087] usb 2-1: SerialNumber: syz [ 625.814564][T10087] usb 2-1: config 0 descriptor?? [ 625.836308][T10319] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 625.856268][T10087] ldusb 2-1:0.122: Interrupt in endpoint not found [ 626.017457][T10328] batadv_slave_1: entered promiscuous mode [ 626.660237][T10327] batadv_slave_1: left promiscuous mode [ 626.998927][T10342] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1159'. [ 627.042361][T10342] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1159'. [ 627.144741][T10346] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1159'. [ 627.273479][T10349] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0 [ 627.290309][T10349] binder: 10348:10349 ioctl 4018620d 200000000040 returned -1 [ 627.481180][ T10] usb 2-1: USB disconnect, device number 15 [ 628.080573][T10362] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1165'. [ 629.434580][T10373] batadv_slave_1: entered promiscuous mode [ 630.279990][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.289388][T10371] batadv_slave_1: left promiscuous mode [ 630.326280][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.546940][T10382] Can't find ip_set type ha [ 631.834358][ T8364] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 632.008048][ T8364] usb 2-1: unable to get BOS descriptor or descriptor too short [ 632.032331][ T8364] usb 2-1: config 6 has an invalid interface number: 158 but max is 0 [ 632.067494][ T8364] usb 2-1: config 6 has no interface number 0 [ 632.097676][ T8364] usb 2-1: config 6 interface 158 has no altsetting 0 [ 632.132207][ T8364] usb 2-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29 [ 632.160247][ T8364] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.169747][ T8364] usb 2-1: Product: syz [ 632.174767][ T8364] usb 2-1: Manufacturer: syz [ 632.179516][ T8364] usb 2-1: SerialNumber: syz [ 633.418870][T10417] Bluetooth: MGMT ver 1.23 [ 633.634736][T10423] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1185'. [ 634.129587][ T8364] rtsx_usb 2-1:6.158: probe with driver rtsx_usb failed with error -71 [ 634.626163][ T8364] usb 2-1: USB disconnect, device number 16 [ 635.893171][T10448] Can't find ip_set type ha [ 638.865543][T10478] Can't find ip_set type ha [ 639.093698][T10467] syz.1.1197 (10467): drop_caches: 2 [ 639.289740][T10467] syz.1.1197 (10467): drop_caches: 2 [ 643.944662][ T8364] kernel write not supported for file /846/clear_refs (pid: 8364 comm: kworker/1:7) [ 644.417338][T10524] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1210' sets config #0 [ 644.700076][T10538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1213'. [ 646.110378][T10548] xt_CT: No such helper "pptp" [ 646.174223][T10548] kvm: user requested TSC rate below hardware speed [ 646.288934][T10560] fuseblk: Unknown parameter 'PmXwfd0x0000000000000004' [ 648.731214][T10576] Can't find ip_set type ha [ 649.359457][T10588] IPVS: set_ctl: invalid protocol: 47 172.20.20.16:20000 [ 652.402489][T10607] xt_CT: No such helper "pptp" [ 652.464427][T10607] kvm: user requested TSC rate below hardware speed [ 652.763265][ T10] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 652.853914][T10624] binder: 10623:10624 ioctl c0306201 200000000240 returned -11 [ 652.939767][ T10] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 653.014174][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.659123][T10628] Can't find ip_set type ha [ 653.663659][ T10] usb 3-1: config 0 descriptor?? [ 653.667046][ T10] cp210x 3-1:0.0: cp210x converter detected [ 654.358919][ T10] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 654.385751][ T10] cp210x 3-1:0.0: querying part number failed [ 654.426016][ T10] usb 3-1: cp210x converter now attached to ttyUSB0 [ 655.637263][ T8364] usb 3-1: USB disconnect, device number 13 [ 655.700115][ T8364] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 655.733829][ T8364] cp210x 3-1:0.0: device disconnected [ 656.009990][T10654] xt_CT: No such helper "pptp" [ 656.091679][T10654] kvm: user requested TSC rate below hardware speed [ 661.189776][T10682] binder: 10681:10682 ioctl c0306201 200000000240 returned -11 [ 663.225929][T10708] Can't find ip_set type ha [ 663.842502][T10717] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1261'. [ 664.785773][T10723] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1262'. [ 664.893331][ T24] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 665.353408][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 665.364150][ T24] usb 2-1: config 0 has an invalid interface number: 247 but max is 0 [ 665.374048][ T24] usb 2-1: config 0 has no interface number 0 [ 665.387730][ T24] usb 2-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 665.408095][ T24] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 665.417476][ T24] usb 2-1: Product: syz [ 665.421963][ T24] usb 2-1: Manufacturer: syz [ 665.454801][ T24] usb 2-1: config 0 descriptor?? [ 666.280228][T10736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1266'. [ 666.781443][T10087] usb 2-1: USB disconnect, device number 17 [ 670.094002][T10848] block nbd0: NBD_DISCONNECT [ 670.101608][T10848] block nbd0: Disconnected due to user request. [ 670.109961][T10848] block nbd0: shutting down sockets [ 670.775194][T10862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 670.829549][T10861] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1318'. [ 670.876169][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.882977][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.889689][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.896170][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.902734][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.909232][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.915793][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.922229][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.928823][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.935292][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.941812][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.948272][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.954841][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.961304][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.967829][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.974268][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.980815][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 670.987265][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 670.993789][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.000210][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.006773][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.013232][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.019741][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.026233][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.032754][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.039199][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.045744][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.052263][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.058834][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.065282][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.071814][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.078259][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.084822][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.091256][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.097884][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.104330][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.110853][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.117313][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.123877][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.130312][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.136872][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.143526][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.150097][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.156584][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.163134][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.169574][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.176704][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.183198][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.189749][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.196202][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.202685][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.209150][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.215720][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.222173][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.228703][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.235239][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.241815][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.248257][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.254860][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.261280][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.267784][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.274240][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.280734][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.287173][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.293682][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.300126][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.306634][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.313182][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.319694][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.326157][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.332642][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.339091][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.345608][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.352029][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.358541][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.364988][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.371489][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.377930][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.384448][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.390873][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.397382][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.403833][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.410319][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.416763][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.423300][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.429737][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.436248][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.442671][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.449182][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.455711][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.462322][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.468765][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.475270][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.481703][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.488318][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.494761][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.501246][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.507707][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.514231][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.520654][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.527161][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.533621][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.540100][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.546581][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.553141][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.559627][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.566161][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.572776][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.579298][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.585743][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.592266][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.598795][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.605306][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.611747][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.618285][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.624738][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.631247][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.637720][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.644234][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.650657][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.657203][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.663647][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.670138][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.676595][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.683196][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.689618][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.696133][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.702554][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.709080][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.715550][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.722062][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.728541][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.735073][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.741528][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.748055][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.754497][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.761005][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.767623][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.774132][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.780554][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.787075][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.793555][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.800080][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.806541][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.813040][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.819558][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.826089][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.832515][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.839028][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.845475][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.851967][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.858509][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.865034][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.871466][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.878001][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.884445][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.890987][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.897433][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.903960][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.910404][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.916935][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.923406][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.929911][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.936352][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.942844][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.949318][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.955854][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.962291][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.968806][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.975270][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.981767][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 671.988227][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 671.994741][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 672.001196][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 672.433229][ T8364] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 672.847889][T10879] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 673.522114][T10878] : entered promiscuous mode [ 673.543290][ T8364] usb 2-1: Using ep0 maxpacket: 8 [ 673.558905][ T8364] usb 2-1: config 0 has no interfaces? [ 673.575882][ T8364] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 673.593869][ T8364] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.610329][ T8364] usb 2-1: Product: syz [ 673.620147][ T8364] usb 2-1: Manufacturer: syz [ 673.643313][ T8364] usb 2-1: SerialNumber: syz [ 673.684903][ T8364] usb 2-1: config 0 descriptor?? [ 673.959335][T10087] usb 2-1: USB disconnect, device number 18 [ 674.637266][T10902] 9pnet_virtio: no channels available for device syz [ 675.774058][T10927] openvswitch: netlink: VXLAN extension message has 12 unknown bytes. [ 678.193845][T10958] 9pnet_virtio: no channels available for device syz [ 678.941214][T10947] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 678.947788][T10947] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 678.960714][T10947] vhci_hcd vhci_hcd.0: Device attached [ 678.980286][T10959] vhci_hcd: connection closed [ 678.995892][ T6860] vhci_hcd: stop threads [ 679.023072][ T6860] vhci_hcd: release socket [ 679.027870][ T6860] vhci_hcd: disconnect device [ 681.214875][T10986] evm: overlay not supported [ 681.331761][T10996] tipc: Enabled bearer , priority 0 [ 681.340690][T10996] syzkaller0: entered promiscuous mode [ 681.350077][T10996] syzkaller0: entered allmulticast mode [ 681.701531][T11001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1353'. [ 682.516815][T11003] tipc: Resetting bearer [ 682.559478][T10994] tipc: Resetting bearer [ 682.651413][T10994] tipc: Disabling bearer [ 683.093204][ T8364] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 683.163428][T10087] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 683.403254][T10087] usb 1-1: Using ep0 maxpacket: 16 [ 683.438563][ T8364] usb 4-1: Using ep0 maxpacket: 8 [ 683.449712][T10087] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 683.535701][T10087] usb 1-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 683.624447][T10087] usb 1-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 683.744757][T10087] usb 1-1: config 1 interface 0 has no altsetting 0 [ 683.826350][T10087] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 683.902356][T10087] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.989663][T10087] usb 1-1: Product: syz [ 684.038764][T10087] usb 1-1: Manufacturer: syz [ 684.092313][T10087] usb 1-1: SerialNumber: syz [ 684.732043][T10087] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 684.900507][ T8364] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 686.533171][ T8364] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 686.573269][ T8364] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 686.603502][ T8364] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 686.626927][ T8364] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 686.640617][ T8364] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.655953][ T8364] usb 4-1: can't set config #16, error -71 [ 686.663834][ T8364] usb 4-1: USB disconnect, device number 12 [ 686.733414][T10087] usb 1-1: USB disconnect, device number 16 [ 686.763825][T10087] usblp0: removed [ 689.206430][T11060] input: syz1 as /devices/virtual/input/input11 [ 689.323247][ T5919] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 690.343210][ T5919] usb 5-1: Using ep0 maxpacket: 16 [ 690.641395][ T5919] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 690.672295][ T5919] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 690.724593][ T5919] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 690.971189][ T5919] usb 5-1: config 1 interface 0 has no altsetting 0 [ 691.045707][ T5919] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 691.089494][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.096147][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.247320][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.257140][T11061] Bluetooth: hci4: command 0x0406 tx timeout [ 691.443267][ T5919] usb 5-1: Product: syz [ 691.473188][ T5919] usb 5-1: Manufacturer: syz [ 691.477874][ T5919] usb 5-1: SerialNumber: syz [ 692.275181][ T5919] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 692.445326][ T5919] usb 5-1: USB disconnect, device number 18 [ 692.524272][ T5919] usblp0: removed [ 693.747386][T11137] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1386'. [ 693.913982][T11137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1386'. [ 697.086010][T11146] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer. [ 697.383337][T11156] 9pnet_virtio: no channels available for device syz [ 698.608083][T11164] bond0: (slave bond_slave_0): Releasing backup interface [ 698.684290][T11164] bond0: (slave bond_slave_1): Releasing backup interface [ 699.297517][T11164] team0: Port device team_slave_0 removed [ 699.313341][T11179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 699.452930][T11164] team0: Port device team_slave_1 removed [ 699.591290][T11164] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.618134][T11164] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.622509][T11179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 699.697223][T11164] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.729021][T11164] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.946603][T11164] bond0: (slave wlan1): Releasing backup interface [ 705.573276][ T5919] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 705.714972][T11215] tipc: Started in network mode [ 705.720106][T11215] tipc: Node identity a6482949c277, cluster identity 4711 [ 705.758965][T11215] tipc: Enabled bearer , priority 0 [ 705.766401][ T5919] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 705.787653][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 705.803007][T11218] syzkaller0: entered promiscuous mode [ 705.813231][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 705.813814][T11220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1406'. [ 705.859331][T11218] syzkaller0: entered allmulticast mode [ 705.882159][ T5919] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 705.987258][ T5919] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 706.053148][ T5919] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 706.080812][ T5919] usb 2-1: Manufacturer: syz [ 706.106873][ T5919] usb 2-1: config 0 descriptor?? [ 706.164073][T11218] tipc: Resetting bearer [ 706.223522][T11211] tipc: Resetting bearer [ 706.330292][T11211] tipc: Disabling bearer [ 706.836932][ T24] tipc: Node number set to 1681860937 [ 706.862837][ T5919] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 706.961408][ T5919] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 707.123781][T11236] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1409'. [ 707.370502][T11236] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 707.379815][T11236] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 707.388636][T11236] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 707.397468][T11236] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 707.986065][ T5926] usb 2-1: USB disconnect, device number 19 [ 708.342279][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 708.511978][ T24] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 709.413618][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 709.543923][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 709.570732][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 709.596756][ T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 709.614180][ T24] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 709.622795][ T24] usb 5-1: Manufacturer: syz [ 709.686813][ T24] usb 5-1: config 0 descriptor?? [ 709.869236][T11264] netlink: 'syz.1.1417': attribute type 10 has an invalid length. [ 710.004187][T11267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1417'. [ 710.004430][T11264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 710.092549][T11264] team0: Port device bond0 added [ 710.259989][ T24] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 710.430959][ T24] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 710.562767][T11264] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.737375][ T24] usb 5-1: USB disconnect, device number 19 [ 710.870647][T11270] fido_id[11270]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 711.162456][T11264] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.693224][ T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 712.618029][T11285] block device autoloading is deprecated and will be removed. [ 712.653615][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 712.687735][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 712.841603][T11264] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.864828][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 712.950384][T11289] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1425'. [ 712.959886][T11289] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1425'. [ 713.053845][ T24] Process accounting resumed [ 713.544461][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 713.753940][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 713.819031][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 713.866321][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.979459][T11264] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.148152][ T10] usb 1-1: GET_CAPABILITIES returned 0 [ 714.185311][ T10] usbtmc 1-1:16.0: can't read capabilities [ 714.389394][ T5919] usb 1-1: USB disconnect, device number 17 [ 714.418952][T11264] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.466318][T11264] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.628265][T11264] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 714.769900][T11264] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 715.210801][T11313] block nbd3: NBD_DISCONNECT [ 715.362900][T11313] block nbd3: Disconnected due to user request. [ 715.370424][T11313] block nbd3: shutting down sockets [ 716.863327][T11327] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1437'. [ 720.106788][T11360] : entered promiscuous mode [ 721.364292][T11355] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 721.370894][T11355] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 721.458420][T11355] vhci_hcd vhci_hcd.0: Device attached [ 721.513014][T11356] vhci_hcd: connection closed [ 721.570311][ T12] vhci_hcd: stop threads [ 721.613158][ T12] vhci_hcd: release socket [ 721.641582][ T12] vhci_hcd: disconnect device [ 727.083816][T11399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1461'. [ 727.221295][T11404] tc_dump_action: action bad kind [ 728.740481][T11419] syzkaller1: entered promiscuous mode [ 728.807267][T11419] syzkaller1: entered allmulticast mode [ 729.188784][T11431] overlayfs: failed to get inode (-116) [ 729.207457][T11431] overlayfs: failed to look up (bus) for ino (-116) [ 731.407399][T11446] ubi31: attaching mtd0 [ 731.442694][T11446] ubi31: scanning is finished [ 731.448049][T11446] ubi31: empty MTD device detected [ 735.177410][T11469] 9pnet_virtio: no channels available for device syz [ 735.462135][T11446] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 735.534879][T11446] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 735.618423][T11446] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 735.635133][T11446] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 735.653186][T11446] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 735.660090][T11446] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 735.704346][T11446] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2931763300 [ 735.763476][T11446] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 735.790948][T11472] ubi31: background thread "ubi_bgt31d" started, PID 11472 [ 737.683243][T11497] netlink: 'syz.2.1492': attribute type 10 has an invalid length. [ 737.744451][T11495] block nbd1: NBD_DISCONNECT [ 739.913259][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 740.086075][ T10] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 740.097630][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 740.109225][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 740.119923][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 740.135536][ T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 740.146743][ T10] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 740.155560][ T10] usb 4-1: Manufacturer: syz [ 740.163708][ T10] usb 4-1: config 0 descriptor?? [ 740.191086][T11525] comedi comedi0: c6xdigio: I/O port conflict (0x4f2b,3) [ 740.484708][T11525] ================================================================== [ 740.492828][T11525] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x3d/0x70 [ 740.500819][T11525] Read of size 8 at addr ffff88803285a030 by task syz.0.1501/11525 [ 740.508745][T11525] [ 740.511093][T11525] CPU: 0 UID: 0 PID: 11525 Comm: syz.0.1501 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 740.511116][T11525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 740.511128][T11525] Call Trace: [ 740.511136][T11525] [ 740.511144][T11525] dump_stack_lvl+0x189/0x250 [ 740.511169][T11525] ? __virt_addr_valid+0x1c8/0x5c0 [ 740.511191][T11525] ? rcu_is_watching+0x15/0xb0 [ 740.511209][T11525] ? __kasan_check_byte+0x12/0x40 [ 740.511234][T11525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 740.511253][T11525] ? rcu_is_watching+0x15/0xb0 [ 740.511271][T11525] ? lock_release+0x4b/0x3e0 [ 740.511290][T11525] ? __virt_addr_valid+0x1c8/0x5c0 [ 740.511311][T11525] ? __virt_addr_valid+0x4a5/0x5c0 [ 740.511333][T11525] print_report+0xca/0x240 [ 740.511360][T11525] ? sysfs_remove_file_ns+0x3d/0x70 [ 740.511377][T11525] kasan_report+0x118/0x150 [ 740.511396][T11525] ? sysfs_remove_file_ns+0x3d/0x70 [ 740.511416][T11525] sysfs_remove_file_ns+0x3d/0x70 [ 740.511434][T11525] bus_remove_driver+0x198/0x2f0 [ 740.511458][T11525] comedi_device_detach+0x134/0x720 [ 740.511480][T11525] ? comedi_request_region+0x16c/0x180 [ 740.511505][T11525] comedi_device_attach+0x568/0x670 [ 740.511529][T11525] comedi_unlocked_ioctl+0x686/0xfc0 [ 740.511550][T11525] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 740.511574][T11525] ? __pfx_smack_log+0x10/0x10 [ 740.511599][T11525] ? smk_access+0x14c/0x4e0 [ 740.511626][T11525] ? smk_tskacc+0x2fc/0x370 [ 740.511651][T11525] ? smack_file_ioctl+0x24a/0x340 [ 740.511669][T11525] ? __pfx_smack_file_ioctl+0x10/0x10 [ 740.511689][T11525] ? __fget_files+0x2a/0x420 [ 740.511708][T11525] ? __fget_files+0x3a0/0x420 [ 740.511727][T11525] ? __fget_files+0x2a/0x420 [ 740.511746][T11525] ? bpf_lsm_file_ioctl+0x9/0x20 [ 740.511767][T11525] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 740.511783][T11525] __se_sys_ioctl+0xfc/0x170 [ 740.511810][T11525] do_syscall_64+0xfa/0x3b0 [ 740.511830][T11525] ? lockdep_hardirqs_on+0x9c/0x150 [ 740.511849][T11525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.511866][T11525] ? clear_bhb_loop+0x60/0xb0 [ 740.511887][T11525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.511904][T11525] RIP: 0033:0x7f6d6eb8ebe9 [ 740.511920][T11525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.511936][T11525] RSP: 002b:00007f6d6f920038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 740.511956][T11525] RAX: ffffffffffffffda RBX: 00007f6d6edb6090 RCX: 00007f6d6eb8ebe9 [ 740.511969][T11525] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000006 [ 740.511983][T11525] RBP: 00007f6d6ec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 740.511994][T11525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 740.512005][T11525] R13: 00007f6d6edb6128 R14: 00007f6d6edb6090 R15: 00007ffc76849058 [ 740.512025][T11525] [ 740.512031][T11525] [ 740.797495][T11525] Allocated by task 11143: [ 740.801927][T11525] kasan_save_track+0x3e/0x80 [ 740.806643][T11525] __kasan_kmalloc+0x93/0xb0 [ 740.812030][T11525] __kmalloc_noprof+0x27a/0x4f0 [ 740.816899][T11525] io_cache_alloc_new+0x40/0x100 [ 740.821861][T11525] __io_prep_rw+0x23f/0xd80 [ 740.826397][T11525] io_prep_rwv+0x8c/0x3d0 [ 740.830740][T11525] io_submit_sqes+0x90c/0x1c50 [ 740.835539][T11525] __se_sys_io_uring_enter+0x2df/0x2b20 [ 740.841188][T11525] do_syscall_64+0xfa/0x3b0 [ 740.845722][T11525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.851631][T11525] [ 740.853969][T11525] Freed by task 11143: [ 740.858044][T11525] kasan_save_track+0x3e/0x80 [ 740.863100][T11525] kasan_save_free_info+0x46/0x50 [ 740.868147][T11525] __kasan_slab_free+0x62/0x70 [ 740.872930][T11525] kfree+0x18e/0x440 [ 740.876852][T11525] io_clean_op+0x386/0x400 [ 740.881292][T11525] __io_submit_flush_completions+0xc20/0xe40 [ 740.887296][T11525] ctx_flush_and_put+0xec/0x150 [ 740.892203][T11525] io_handle_tw_list+0x2bc/0x4c0 [ 740.897170][T11525] tctx_task_work_run+0x99/0x370 [ 740.902129][T11525] tctx_task_work+0x3f/0x90 [ 740.906673][T11525] task_work_run+0x1d1/0x260 [ 740.911282][T11525] get_signal+0x11c5/0x1310 [ 740.915798][T11525] arch_do_signal_or_restart+0x9a/0x750 [ 740.921452][T11525] exit_to_user_mode_loop+0x75/0x110 [ 740.926753][T11525] do_syscall_64+0x2bd/0x3b0 [ 740.931364][T11525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.937287][T11525] [ 740.939620][T11525] The buggy address belongs to the object at ffff88803285a000 [ 740.939620][T11525] which belongs to the cache kmalloc-256 of size 256 [ 740.953685][T11525] The buggy address is located 48 bytes inside of [ 740.953685][T11525] freed 256-byte region [ffff88803285a000, ffff88803285a100) [ 740.967408][T11525] [ 740.969743][T11525] The buggy address belongs to the physical page: [ 740.976179][T11525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803285a000 pfn:0x3285a [ 740.986361][T11525] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 740.994893][T11525] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 741.003433][T11525] page_type: f5(slab) [ 741.007444][T11525] raw: 00fff00000000240 ffff88801a441b40 ffffea00009fe310 ffffea00008f4710 [ 741.016051][T11525] raw: ffff88803285a000 000000000010000c 00000000f5000000 0000000000000000 [ 741.024738][T11525] head: 00fff00000000240 ffff88801a441b40 ffffea00009fe310 ffffea00008f4710 [ 741.033513][T11525] head: ffff88803285a000 000000000010000c 00000000f5000000 0000000000000000 [ 741.042198][T11525] head: 00fff00000000001 ffffea0000ca1681 00000000ffffffff 00000000ffffffff [ 741.050896][T11525] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 741.059588][T11525] page dumped because: kasan: bad access detected [ 741.066014][T11525] page_owner tracks the page as allocated [ 741.071747][T11525] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5828, tgid 5828 (kworker/1:3), ts 95475303833, free_ts 95414218885 [ 741.091163][T11525] post_alloc_hook+0x240/0x2a0 [ 741.095958][T11525] get_page_from_freelist+0x21d5/0x22b0 [ 741.101523][T11525] __alloc_frozen_pages_noprof+0x181/0x370 [ 741.107343][T11525] alloc_pages_mpol+0x232/0x4a0 [ 741.112204][T11525] allocate_slab+0x8a/0x3b0 [ 741.116729][T11525] ___slab_alloc+0xbfc/0x1480 [ 741.121509][T11525] __kmalloc_cache_noprof+0x296/0x3d0 [ 741.127241][T11525] br_multicast_new_group+0x13d/0x4b0 [ 741.132635][T11525] __br_multicast_add_group+0x285/0xa30 [ 741.138202][T11525] br_multicast_rcv+0x3a5f/0x74b0 [ 741.143243][T11525] br_dev_xmit+0xaf7/0x1840 [ 741.147771][T11525] dev_hard_start_xmit+0x2d7/0x830 [ 741.152892][T11525] __dev_queue_xmit+0x1adf/0x3a70 [ 741.157943][T11525] ip6_finish_output2+0x11bc/0x16a0 [ 741.163167][T11525] NF_HOOK+0x9e/0x380 [ 741.167172][T11525] mld_sendpack+0x800/0xd80 [ 741.171693][T11525] page last free pid 23 tgid 23 stack trace: [ 741.177686][T11525] __free_frozen_pages+0xc65/0xe60 [ 741.182813][T11525] rcu_core+0xca5/0x1710 [ 741.187080][T11525] handle_softirqs+0x283/0x870 [ 741.191948][T11525] run_ksoftirqd+0x9b/0x100 [ 741.196466][T11525] smpboot_thread_fn+0x53f/0xa60 [ 741.201420][T11525] kthread+0x70e/0x8a0 [ 741.205505][T11525] ret_from_fork+0x3fc/0x770 [ 741.210113][T11525] ret_from_fork_asm+0x1a/0x30 [ 741.214899][T11525] [ 741.217233][T11525] Memory state around the buggy address: [ 741.222872][T11525] ffff888032859f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 741.230947][T11525] ffff888032859f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 741.239019][T11525] >ffff88803285a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 741.247087][T11525] ^ [ 741.252724][T11525] ffff88803285a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 741.260810][T11525] ffff88803285a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 741.268882][T11525] ================================================================== [ 741.517458][T11525] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 741.524716][T11525] CPU: 0 UID: 0 PID: 11525 Comm: syz.0.1501 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 741.534723][T11525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 741.544811][T11525] Call Trace: [ 741.548119][T11525] [ 741.551077][T11525] dump_stack_lvl+0x99/0x250 [ 741.555705][T11525] ? __asan_memcpy+0x40/0x70 [ 741.560349][T11525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 741.565680][T11525] ? __pfx__printk+0x10/0x10 [ 741.570324][T11525] panic+0x2db/0x790 [ 741.574250][T11525] ? __pfx_preempt_schedule+0x10/0x10 [ 741.579836][T11525] ? __pfx_panic+0x10/0x10 [ 741.584264][T11525] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 741.590177][T11525] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 741.596521][T11525] ? sysfs_remove_file_ns+0x3d/0x70 [ 741.601729][T11525] check_panic_on_warn+0x89/0xb0 [ 741.606680][T11525] ? sysfs_remove_file_ns+0x3d/0x70 [ 741.611882][T11525] end_report+0x78/0x160 [ 741.616136][T11525] kasan_report+0x129/0x150 [ 741.620652][T11525] ? sysfs_remove_file_ns+0x3d/0x70 [ 741.625862][T11525] sysfs_remove_file_ns+0x3d/0x70 [ 741.630893][T11525] bus_remove_driver+0x198/0x2f0 [ 741.635864][T11525] comedi_device_detach+0x134/0x720 [ 741.641069][T11525] ? comedi_request_region+0x16c/0x180 [ 741.646543][T11525] comedi_device_attach+0x568/0x670 [ 741.651757][T11525] comedi_unlocked_ioctl+0x686/0xfc0 [ 741.657052][T11525] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 741.662875][T11525] ? __pfx_smack_log+0x10/0x10 [ 741.667696][T11525] ? smk_access+0x14c/0x4e0 [ 741.672304][T11525] ? smk_tskacc+0x2fc/0x370 [ 741.676826][T11525] ? smack_file_ioctl+0x24a/0x340 [ 741.681859][T11525] ? __pfx_smack_file_ioctl+0x10/0x10 [ 741.687240][T11525] ? __fget_files+0x2a/0x420 [ 741.691834][T11525] ? __fget_files+0x3a0/0x420 [ 741.696516][T11525] ? __fget_files+0x2a/0x420 [ 741.701114][T11525] ? bpf_lsm_file_ioctl+0x9/0x20 [ 741.706071][T11525] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 741.711880][T11525] __se_sys_ioctl+0xfc/0x170 [ 741.716486][T11525] do_syscall_64+0xfa/0x3b0 [ 741.721002][T11525] ? lockdep_hardirqs_on+0x9c/0x150 [ 741.726208][T11525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.732285][T11525] ? clear_bhb_loop+0x60/0xb0 [ 741.737060][T11525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.743044][T11525] RIP: 0033:0x7f6d6eb8ebe9 [ 741.747475][T11525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 741.767100][T11525] RSP: 002b:00007f6d6f920038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 741.775534][T11525] RAX: ffffffffffffffda RBX: 00007f6d6edb6090 RCX: 00007f6d6eb8ebe9 [ 741.783520][T11525] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000006 [ 741.791520][T11525] RBP: 00007f6d6ec11e19 R08: 0000000000000000 R09: 0000000000000000 [ 741.799508][T11525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 741.807488][T11525] R13: 00007f6d6edb6128 R14: 00007f6d6edb6090 R15: 00007ffc76849058 [ 741.815490][T11525] [ 741.818866][T11525] Kernel Offset: disabled [ 741.823212][T11525] Rebooting in 86400 seconds..