last executing test programs: 10.564027241s ago: executing program 0 (id=1094): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006}]}) syz_usb_control_io(r0, &(0x7f00000008c0)={0x2c, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000940)={0x18, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000305"], 0x0, 0x0, 0x0}, 0x0) 8.151488014s ago: executing program 3 (id=1099): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f00000000c0), 0x4) syz_emit_ethernet(0x36, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe47) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_pidfd_open(0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000008113b0ffbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 7.124011456s ago: executing program 0 (id=1103): socket$nl_rdma(0x10, 0x3, 0x14) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r3 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r4 = dup3(r2, 0xffffffffffffffff, 0x0) fchdir(r4) r5 = inotify_init1(0x0) inotify_add_watch(r5, &(0x7f0000000040)='.\x00', 0x40000277) r6 = socket$inet_udp(0x2, 0x2, 0x0) close(r6) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r6, 0x0, 0x4ffe6, 0x0) 7.031155219s ago: executing program 0 (id=1104): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$PPPIOCDISCONN(r0, 0x7439) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0xc048aeca, &(0x7f0000000040)=ANY=[@ANYRES16=r1]) 6.970089819s ago: executing program 0 (id=1105): syz_usb_connect(0x0, 0x12c, &(0x7f00000011c0)={{0x12, 0x1, 0x0, 0xa5, 0x25, 0x58, 0x8, 0xf11, 0x1020, 0xa21b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x11a, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x8, 0x52, 0xf2, 0x0, [], [{{0x9, 0x5, 0xe, 0x4, 0x20, 0x8, 0xe, 0x78}}, {{0x9, 0x5, 0x3, 0x4, 0x10, 0x0, 0x9, 0x0, [@generic={0x43, 0x2, "16d2e213d13cac373996ef1c335dfe1e86ce1e9eb410618a20a71e286306b48c6f516b7b7eb0cf270d9aebf9eb7a0747dfa355db0467039ceae8e3fb54a638fa26"}]}}, {{0x9, 0x5, 0x80, 0x1, 0x0, 0x44, 0x7, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x81}, @generic={0xa3, 0x22, "cd8fb4be601c38eb627cac7523afc664680912d03939c7d50b244ed811702b73366280eb3e767220674666155b7f43240c0cc407ab59bf54e5b24ba810b0b5a21c6b69f74a846e9135913a032a27f1d1dc9c845aad8f9b5972f990441c29ad067623ccc283421451f174164e887af106604ec61bf187b1cd1447370fa8ab5832875765ee15e563c39e10a1b0d80613bfce91f266c62d93878e447d71df88fe04c9"}]}}]}}]}}]}}, &(0x7f0000000e80)={0x0, 0x0, 0x5, &(0x7f0000000b80)={0x5, 0xf, 0x5}, 0x1, [{0x0, 0x0}]}) 6.689706146s ago: executing program 3 (id=1106): clock_nanosleep(0x2, 0x0, &(0x7f0000000300)={0x0, 0x989680}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, 0x0, 0x0) connect$phonet_pipe(r1, &(0x7f0000000140)={0x23, 0xff, 0x0, 0xf0}, 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f00000001c0)={0x3, "421ae3753795259249214c944122ad063ff47d3bd7a8a45d6b00c78a019a37b2", 0xffffffffffffffff}) ppoll(&(0x7f0000000040)=[{r3}], 0x1, &(0x7f0000000140), 0x0, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000640), 0x3a0c0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ppoll(&(0x7f00000006c0)=[{}, {r4, 0x44b8}, {0xffffffffffffffff, 0x8048}, {0xffffffffffffffff, 0x1120}, {0xffffffffffffffff, 0xc02f}, {0xffffffffffffffff, 0xbc66a0fa5b6f9da4}, {0xffffffffffffffff, 0x8201}, {r5, 0x80}, {0xffffffffffffffff, 0x18ec}], 0x9, &(0x7f0000000740), &(0x7f00000007c0), 0x8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000005400), 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000043c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}], 0x1, 0x8c1) fstat(0xffffffffffffffff, &(0x7f0000000780)) statx(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', 0x4000, 0x10, &(0x7f0000000840)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) r7 = getpid() fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x0, r7}) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f00000001c0)=0x0) wait4(r8, 0x0, 0x0, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="02033e00420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @broadcast}, 0x14) 6.255708645s ago: executing program 3 (id=1109): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) (async, rerun: 64) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) (rerun: 64) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000001c0)=@security={'security\x00', 0x3a, 0x4, 0x338, 0xffffffff, 0x1a8, 0x0, 0x1a8, 0x90, 0xffffffff, 0x110, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@set={{0x40}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ip={@empty, @private, 0x0, 0x0, 'vlan0\x00', 'vlan0\x00'}, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) (async) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x6) (async, rerun: 64) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) (rerun: 64) lseek(r3, 0x0, 0x1) (async, rerun: 32) close(0x4) (rerun: 32) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r4, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) io_submit(r5, 0x1, &(0x7f0000000240)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="540000000002050500000000000000000000000004000290380002800c000280050001003a00000014000180080001016401010108000200ffffffff1400018008000100ac1e010108000200e000000204000180f236efd5bc9a48b2debc2e246b298a1107e6da0d6293f7a6f7b1bba926d83af46ca3bc3473e4a60e86358a5f9b97a234981fd92d0dffcb6dee4e"], 0x54}}, 0x0) (async) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x8001, 0x957, 0x1, 0x5, 0x2, {0x0, @in={{0x2, 0x4e23, @loopback}}, 0x3, 0x8, 0x1ff, 0x6, 0x1}}, &(0x7f0000000040)=0xb0) io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000000580)=[@ioring_restriction_sqe_flags_allowed={0x2, 0x18}, @ioring_restriction_sqe_flags_allowed={0x2, 0x19}, @ioring_restriction_register_op={0x0, 0x2}, @ioring_restriction_sqe_flags_required={0x3, 0x2}, @ioring_restriction_register_op={0x0, 0x16}, @ioring_restriction_register_op={0x0, 0x14}, @ioring_restriction_register_op={0x0, 0x4}, @ioring_restriction_sqe_op={0x1, 0x6}], 0x8) (async) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000340)={r7, @in={{0x2, 0x4e24, @local}}, 0x1000, 0x4, 0x5, 0x5, 0xd}, &(0x7f0000000140)=0x98) 6.092066757s ago: executing program 3 (id=1111): socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x83, 0x66, 0x7d, 0x10, 0x2040, 0x264, 0x4ed1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x90, 0xf1, 0x9c}}]}}]}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001940)={'wlan0\x00'}) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x1c}}, 0x0) 5.787459616s ago: executing program 4 (id=1113): r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) ioctl$CAPI_GET_PROFILE(r0, 0xc0104307, &(0x7f0000000040)=0x25) r2 = socket$tipc(0x1e, 0x4, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10) getsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000000c0), &(0x7f0000000140)=0x4) r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000004c0)={0x5, 0x0, [{0xd000, 0x8e, &(0x7f0000000280)=""/142}, {0x2, 0xcd, &(0x7f00000003c0)=""/205}, {0xd000, 0x2c, &(0x7f0000000100)=""/44}, {0x5000, 0xf8, &(0x7f00000005c0)=""/248}, {0x2, 0xe5, &(0x7f00000006c0)=""/229}]}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prlimit64(0x0, 0x0, &(0x7f0000000340)={0x8, 0xde}, 0x0) setitimer(0x1, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0) prlimit64(0x0, 0xf, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_buf(r5, 0x1, 0x30, 0xffffffffffffffff, &(0x7f0000000000)) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90224fc600b0002400c000400040082c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) write(0xffffffffffffffff, &(0x7f00000000c0)="8f2a", 0x2) syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) 5.610850905s ago: executing program 4 (id=1114): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@allocspi={0xf8, 0x16, 0x3b5bef62e1571d3d, 0x0, 0x0, {{{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in=@local}, {@in=@multicast2, 0x0, 0x33}, @in6=@empty}}}, 0xf8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@private, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xa}]}, 0x38}}, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) syz_emit_ethernet(0x48, &(0x7f0000000200)={@broadcast, @local, @void, {@llc_tr={0x11, {@snap={0xab, 0xab, "c861", "de4266", 0x9, "8385226aea0bb406efb2187006124f52f388f0d520afbcc0ec47bea70ed8e6e5a3044a8f0761defdb32b934a58883a4a38"}}}}}, 0x0) 5.411967468s ago: executing program 4 (id=1115): socket$nl_rdma(0x10, 0x3, 0x14) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r3 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) dup3(r2, r3, 0x0) fchdir(0xffffffffffffffff) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000040)='.\x00', 0x40000277) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r5, 0x0, 0x4ffe6, 0x0) 5.366738646s ago: executing program 4 (id=1116): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f00000000c0), 0x4) syz_emit_ethernet(0x36, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe47) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_pidfd_open(0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000008113b0ffbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 5.277347674s ago: executing program 0 (id=1117): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, 0x52, 0x1, 0x0, 0x0, {0x1c}, [@typed={0x8, 0x7, 0x0, 0x0, @fd}]}, 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e"], 0x0}, 0x90) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0) r5 = dup(r3) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@dellinkprop={0x34, 0x6d, 0x1, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'batadv0\x00'}]}, 0x34}}, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0}, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, &(0x7f0000000340)={0x0, 0x22, 0x90, {0x90, 0xf, "c7084db12196f252c0f4891ead42d44a6836ce8955452974c93dfbc4d5122a5547254ce3131b4ff898f53d0f0de668553860ef90eb8d3c46a00212983a5821e934fb4ec4cdcead681d6a1103d5f1ecd87c873871eed42246d282607a1829ec894315989ac11771e6a866b222337fddb4fa13c8633de5155c81a25ae1890dc436a9345e390052abfee380777c25c1"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x82c}}, &(0x7f0000000200)={0x0, 0x22, 0x2, {[@local=@item_012={0x1, 0x2, 0xc, "f2"}]}}, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8d0, 0x3, 0x1, {0x22, 0x9d9}}}}, &(0x7f0000001200)={0x2c, &(0x7f0000000400)={0x40, 0x17, 0xac, "d9016964f9a2daae35d8d7ec0e3809188e0b7cb76cb78fe18c947d1d1b671fd9ebdcfaf1e261b2698adc705bb43e368d1e12000ca40eadf6384770e9c522ce420df2f017dc1dca298d2f2fba82c445bf249d9bed6f39f67d22c948765ccd6bd7cb169200cc5f0da22dc81436c364559aa1cac4a2e9ada157e66de10a166a7012d4b7b4d10dec6db30d619aad3f79b27187e97a9b85e4c49207fddf5b4459fa2ffeccdb5fb6f3c4afbe7372d8"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0xe4}, &(0x7f0000000540)={0x20, 0x1, 0x7b, "01eeac241e75aa679f3d10eb9d2bae552f378a6c88969403d944c8075cc4c1468ffd0f25c420f7ad9729b0294ed72ead82ef612f51609ea9529110432a4bc9125eed4015ff7a79d15cfa058e4b31341a3b58a8102c31cf938e957f2427811200c862e98df44f5cc04576da827308b65b284c9f08ebb81504378bb7"}, &(0x7f0000000600)={0x20, 0x3, 0x1, 0x32}}) setfsuid(0x0) 4.342748288s ago: executing program 1 (id=1119): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[], [], 0x5c}) set_mempolicy(0x5, &(0x7f00000003c0)=0x3, 0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x11, 0x38}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000041c0)={0x0, &(0x7f00000020c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e"], 0x7c}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00004b1000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000640)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.423963776s ago: executing program 2 (id=1120): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000000, 0xe00, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000640)=ANY=[], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chown(&(0x7f0000000180)='./file0\x00', 0x0, 0xffffffffffffffff) listxattr(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) chmod(&(0x7f0000000640)='./file0\x00', 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000002085"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='tlb_flush\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x90) socket$inet(0x2, 0x3, 0x6) ioprio_set$pid(0x1, 0x0, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [], 0x6b}}) 3.27707655s ago: executing program 2 (id=1121): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000003c0), 0x0, 0x280400) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000400)={0x7fa78814, 0x7, 0x1, 0x8}) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, 0x0) syz_usb_connect(0x4, 0x3d7, &(0x7f00000011c0)={{0x12, 0x1, 0x300, 0xa5, 0x25, 0x58, 0x8, 0xf11, 0x1020, 0xa21b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3c5, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x81, 0x0, 0xd, 0x8, 0x52, 0xf2, 0x0, [], [{{0x9, 0x5, 0xe, 0x4, 0x20, 0x8, 0xe, 0x78}}, {{0x9, 0x5, 0x3, 0x4, 0x10, 0x3, 0x9, 0x0, [@generic={0x83, 0x2, "16d2e213d13cac373996ef1c335dfe1e86ce1e9eb410618a20a71e286306b48c6f516b7b7eb0cf270d9aebf9eb7a0747dfa355db0467039ceae8e3fb54a638fa2606a757f19bb64c816386648c675e1bf83787a7032ad73f063057f014a584e4d0ef2bc9c597e8bfbf5888eaafa3b44328d6166cc12e1b390306a0229b900ff9fa"}]}}, {{0x9, 0x5, 0x80, 0x1, 0x3ff, 0x44, 0x7, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x81}, @generic={0xa3, 0x22, "cd8fb4be601c38eb627cac7523afc664680912d03939c7d50b244ed811702b73366280eb3e767220674666155b7f43240c0cc407ab59bf54e5b24ba810b0b5a21c6b69f74a846e9135913a032a27f1d1dc9c845aad8f9b5972f990441c29ad067623ccc283421451f174164e887af106604ec61bf187b1cd1447370fa8ab5832875765ee15e563c39e10a1b0d80613bfce91f266c62d93878e447d71df88fe04c9"}]}}, {{0x9, 0x5, 0x5, 0x8, 0x10, 0x2, 0x4, 0xb3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x4}]}}, {{0x9, 0x5, 0x5, 0x0, 0x8, 0x5, 0x4, 0x3}}, {{0x9, 0x5, 0xf, 0x18, 0x400, 0x4, 0xc0, 0x3}}, {{0x9, 0x5, 0x8, 0xc, 0x3ff, 0x2, 0x9, 0xf5}}, {{0x9, 0x5, 0x7, 0x10, 0x10, 0x5, 0xe, 0xff, [@generic={0x68, 0x8, "6f06383bd768e75fa4cd7519c830aef578563d013f39d4af4fd0013250053254d34c403b1799edd247d01e91933c8ba7d3bf77c0ea7f67eb09038322e27f6f7d8303810bc45ece3d3c2ed7aa7976c7aae827900b3d299f5d1cafbbeb429cf8aea69db8d9e071"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x0, 0x6, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x6}]}}, {{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x7, 0xc, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x1}]}}, {{0x9, 0x5, 0x5, 0x8701413cb03a9205, 0x3ff, 0x1, 0x0, 0xc, [@generic={0x76, 0x8, "afce774ca2fe872e7eb432cd13d0b49a24c80230945d4bf51ef31cae058d2051e0c26fd635c20375ae186790aac43d96ecfa37851f4a064a218eebdf745ae05f50d278729c855bf44f0a62755dc70aaec126560f60f3af1784a7efbbcecce0cb3cc796d8263feeb6cecaf22f241f9f6feb030ee2"}]}}, {{0x9, 0x5, 0xe, 0x1, 0x40, 0x9, 0x3, 0x0, [@generic={0x5f, 0x30, "302ede45623a05dd33e5ce94dc754328653fc741278326a7602f26db0fab5207fb588ac82186e5d3af21d1cda1eb925d42db8b571632334f9dc8f6e7dc1c4d71049173cd1c256c024d45f9683650fee413f7b384a7f9ca532b6d094b83"}]}}, {{0x9, 0x5, 0x4, 0x3, 0x200, 0x81, 0x2, 0x0, [@generic={0xbf, 0x30, "c264d42535f2062b55d6b8b7bf291eb418852213be80f15dc3a78942ad23445b2270c017eb9765802a41aea12fb103f6cd2f936292174026ff4676e88f00ab41d44fe764dfeef43909c9f851a049cb419d30be77734d07acee4e319f2b57da4653eb6d860b438a88425c99150ebac6024e3a9a080bb7c1fa5062b299f1f558d81e8a36fb9a4ebf7182ede2d89caaa6b81343604d2be862aac09601a9abe23bea3adee98e36d203033ee831cefb402c0ef74148ae0dfdc7cdf40fe0daec"}]}}]}}]}}]}}, &(0x7f0000000e80)={0x0, 0x0, 0x5, &(0x7f0000000b80)={0x5, 0xf, 0x5}, 0x1, [{0x0, 0x0}]}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x48) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102372, 0x18fe4}], 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x90) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000040)={0x3a}, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0x1c, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a847", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_io_uring_setup(0x0, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000040)) r6 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt(r6, 0x0, 0x65, 0x0, 0x0) 2.996657074s ago: executing program 3 (id=1122): r0 = socket$inet6(0xa, 0x6, 0x0) listen(r0, 0x0) r1 = syz_io_uring_setup(0x2705, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000001440)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000001400)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, r0, 0x0}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x40040}}}}}}]}, 0x48}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@private2}}, {{@in6=@empty, 0x0, 0x32}, 0x0, @in6=@empty}}, 0xe8) r5 = io_uring_setup(0x7058, &(0x7f0000000040)) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0x18, 0x200000f0, r6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000740)=ANY=[@ANYBLOB="05000000000000007111b600000000008510000002000000850000007600000095000000000000009500a50500000000655d66311e294642ccabb40bad95c69ea74489bdcf48fb63990250be73a9e53e4bdba5ea074f460e7131293e6d"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) 2.994866462s ago: executing program 4 (id=1123): sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x228, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x20b, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x11, "0941a0e096d40b7d3b60bec79aa8aaa3f5"}, {0xdd, 0x1a, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd"}]}}]}, 0x228}}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000bd4d9640f0fff0ff78390102030109021b0001000000000904000001ab933b000905"], 0x0) 2.681921909s ago: executing program 3 (id=1124): r0 = socket(0x0, 0x800000003, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) r2 = dup2(r1, r1) getsockname$packet(r2, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) execve(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000140)='\x00', &(0x7f0000000180)='.^$\x00', &(0x7f00000001c0)='ramfs\x00', &(0x7f0000000200)='index=off'], &(0x7f0000000380)=[&(0x7f0000000280)='index=off', &(0x7f00000002c0)='\x00', &(0x7f0000000300)='j\x00']) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4d9, 0xa055, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x41}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r4, &(0x7f0000000380), 0x20000000}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r6}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) syz_usb_control_io(r3, &(0x7f0000000ac0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0xae, {0xae, 0x0, "3e064d8211725b8331276f4db437334e738fc7a24e7984a9f18e5b7455ba206b5071a2ba35720118f6472237f7b80e05848e65366389224e4444784286f3e57e4baa670e86168d62b58ef5f084d20f4e0e17b07cca1917e6b34089ef99aa47b16595750123bafa3744270c4a6381180f39e01a93c35f50cbafd5f289ad7b3726ebf9c6f64ad58e9c87bfe332161c2392219a2901f71264f01370a2392502014511f06338239c6695265c401b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}]}) r7 = socket(0x10, 0x3, 0x0) r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_TIOCOUTQ(r8, 0x891e, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x60, 0x2, {{0x0, [], 0x0, [], [0x0, 0xffff]}, [@TCA_MQPRIO_MODE={0x6, 0x4}]}}}]}, 0x90}}, 0x20000810) socket$can_raw(0x1d, 0x3, 0x1) 2.416741051s ago: executing program 1 (id=1125): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x2, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x4}]}}]}, 0x44}}, 0x0) 2.355993172s ago: executing program 1 (id=1126): socket$nl_rdma(0x10, 0x3, 0x14) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r3 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) dup3(r2, r3, 0x0) fchdir(0xffffffffffffffff) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000040)='.\x00', 0x40000277) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r5, 0x0, 0x4ffe6, 0x0) 2.267906946s ago: executing program 1 (id=1127): syz_emit_ethernet(0x52, &(0x7f0000001b80)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0xa, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @local, {[@cipso={0x86, 0xd, 0x0, [{0x0, 0x5, '\x00\x00\x00'}, {0x0, 0x2}]}, @rr={0x7, 0x7, 0x0, [@multicast1]}]}}}}}}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) io_uring_setup(0xfc2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10) connect$inet(r2, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$vivid(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000040)) dup(0xffffffffffffffff) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000080)=ANY=[], 0x5) socket$inet_udp(0x2, 0x2, 0x0) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r5 = add_key$user(&(0x7f0000000780), &(0x7f00000007c0)={'syz', 0x2}, &(0x7f0000000800)='c', 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r4, r5}, &(0x7f0000001400)=""/86, 0x56, &(0x7f00000000c0)={&(0x7f0000000100)={'crct10dif-generic\x00'}}) 2.224123315s ago: executing program 2 (id=1128): socket$alg(0x26, 0x5, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mknod$loop(0x0, 0x4, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000010c0)={0x0, 0x10, &(0x7f0000001040)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000001100)=0x10) openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000001540)='/sys/fs/smackfs/direct\x00', 0x2, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) 1.301864162s ago: executing program 2 (id=1129): socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @multicast1}}, 0x0, 0x0, 0x2, 0x0, "954f3b91f54aa78eb1ffb374125cd8327f0e152670040f301c1428c4a8511a8be8955942b32b934c23581ae7ac9b12d3215964a4d640754c467c41f36b02a24b627d26ed282dbd5b496e33585ea60e5e"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$hidraw(0x0, 0x0, 0x14a042) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000000), 0xd3, 0x4800) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x4030582a, 0x0) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042) write$hidraw(0xffffffffffffffff, &(0x7f0000003000), 0x0) ioctl$HIDIOCGRDESC(r0, 0x40305829, &(0x7f00000002c0)={0xd, "3a82000000130000000000009d"}) 1.079787848s ago: executing program 1 (id=1130): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00'}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000186800000000000090737c73267beee600000000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) accept(0xffffffffffffffff, &(0x7f00000000c0)=@can, 0x0) ioctl$TIOCL_PASTESEL(r5, 0x541c, &(0x7f0000000000)) 850.543897ms ago: executing program 0 (id=1131): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r1) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000001, 0x38011, r1, 0x1ef46000) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x8, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x18) setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) close(r6) socket$nl_route(0x10, 0x3, 0x0) r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) write$UHID_CREATE2(r8, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) getsockopt$llc_int(r7, 0x10c, 0x1, 0x0, &(0x7f0000000000)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005fff000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0092000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r5, &(0x7f0000000000)=ANY=[], 0xfffffecc) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x43}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) splice(r4, 0x0, r6, 0x0, 0x4ffe2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0xff41) fadvise64(r1, 0x0, 0x0, 0x4) 635.333939ms ago: executing program 4 (id=1132): socket$inet_udplite(0x2, 0x2, 0x88) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x83, 0x66, 0x7d, 0x10, 0x2040, 0x264, 0x4ed1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x90, 0xf1, 0x9c}}]}}]}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001940)={'wlan0\x00'}) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x1c}}, 0x0) 124.205003ms ago: executing program 2 (id=1133): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) set_mempolicy(0x900, 0x0, 0x0) 89.004974ms ago: executing program 1 (id=1134): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4600, 0x0) r2 = dup(r1) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000000020042, 0x0) r4 = dup(r3) sendfile(r4, r2, 0x0, 0x89ffc) getdents64(r2, &(0x7f0000000000)=""/95, 0x5f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r5, 0x800448f0, &(0x7f0000000080)={0x0, 0x0, "9c5952"}) 0s ago: executing program 2 (id=1135): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x0, 0x0, 0x3, 0x2, 0x1, 0x74}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'erspan0\x00', &(0x7f00000003c0)={'ip_vti0\x00', 0x0, 0x10, 0x7800, 0x3, 0x1, {{0x1e, 0x4, 0x0, 0x0, 0x78, 0x67, 0x0, 0x3f, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x20}, @private=0xa010102, {[@noop, @rr={0x7, 0x1b, 0x99, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2d}, @multicast2, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @generic={0x82, 0xb, "c15c43a4edbfedf077"}, @lsrr={0x83, 0xf, 0xbc, [@loopback, @remote, @broadcast]}, @timestamp_prespec={0x44, 0x2c, 0x6a, 0x3, 0xc, [{@dev={0xac, 0x14, 0x14, 0x2e}, 0x401}, {@empty, 0xd62e365e}, {@private=0xa010102, 0x5}, {@local, 0x88}, {@loopback, 0xf886}]}]}}}}}) creat(&(0x7f00000002c0)='./file0\x00', 0x8b) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000200)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x9, 0x3, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38) add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd) kernel console output (not intermixed with test programs): ice= 0.00 [ 242.933499][ T7402] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.667'. [ 242.943231][ T7402] netlink: zone id is out of range [ 242.948508][ T7402] netlink: del zone limit has 8 unknown bytes [ 242.955291][ T785] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.987220][ T785] usb 3-1: config 0 descriptor?? [ 243.001298][ T5133] usb 5-1: string descriptor 0 read error: -22 [ 243.007541][ T5133] usb 5-1: New USB device found, idVendor=0f11, idProduct=1020, bcdDevice=a2.1b [ 243.024615][ T5133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.042107][ T5133] usb 5-1: config 0 descriptor?? [ 243.065048][ T5133] ldusb 5-1:0.0: Interrupt in endpoint not found [ 243.301439][ T25] usb 5-1: USB disconnect, device number 23 [ 243.817554][ T7390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 243.826612][ T7390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 243.843690][ T785] hid (null): nested delimiters [ 243.853248][ T785] hid (null): report_id 24797 is invalid [ 243.865890][ T785] hid (null): unknown global tag 0xa5 [ 243.873724][ T785] hid (null): unknown global tag 0xd [ 243.882846][ T785] hid (null): unknown global tag 0xc [ 243.903551][ T785] hid-generic 0003:0158:0100.0017: unknown main item tag 0x1 [ 243.917989][ T785] hid-generic 0003:0158:0100.0017: unexpected long global item [ 243.934421][ T785] hid-generic 0003:0158:0100.0017: probe with driver hid-generic failed with error -22 [ 244.057256][ T25] usb 3-1: USB disconnect, device number 35 [ 244.457971][ T5219] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 244.727731][ T5219] usb 2-1: Using ep0 maxpacket: 16 [ 244.750464][ T5219] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 244.754741][ T7432] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.675'. [ 244.767934][ T5219] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 244.771970][ T7432] netlink: del zone limit has 8 unknown bytes [ 244.850570][ T5219] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.907927][ T5219] usb 2-1: config 0 descriptor?? [ 245.659258][ T7427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.682856][ T7427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 245.709136][ T5219] hid (null): nested delimiters [ 245.726052][ T5219] hid (null): report_id 24797 is invalid [ 245.769010][ T5219] hid (null): unknown global tag 0xa5 [ 245.788226][ T5219] hid (null): unknown global tag 0xd [ 245.817860][ T5219] hid (null): unknown global tag 0xc [ 245.844156][ T5219] hid-generic 0003:0158:0100.0018: unknown main item tag 0x1 [ 245.862015][ T5219] hid-generic 0003:0158:0100.0018: unexpected long global item [ 245.876609][ T5219] hid-generic 0003:0158:0100.0018: probe with driver hid-generic failed with error -22 [ 245.926300][ T5219] usb 2-1: USB disconnect, device number 27 [ 247.241328][ T7450] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.681'. [ 247.288090][ T7450] netlink: zone id is out of range [ 247.295050][ T7450] netlink: del zone limit has 8 unknown bytes [ 249.057763][ T784] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 249.275628][ T784] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.295431][ T784] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.306100][ T784] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 249.317668][ T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.340199][ T784] usb 2-1: config 0 descriptor?? [ 249.434723][ T5133] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 249.750100][ T7472] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.685'. [ 249.779363][ T7476] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.688'. [ 249.800440][ T7476] netlink: del zone limit has 8 unknown bytes [ 249.889448][ T5133] usb 4-1: Using ep0 maxpacket: 16 [ 249.977252][ T5133] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 249.978483][ T7472] netlink: zone id is out of range [ 250.006996][ T7472] netlink: del zone limit has 8 unknown bytes [ 250.057726][ T5133] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 250.066836][ T5133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.088441][ T5133] usb 4-1: config 0 descriptor?? [ 250.527969][ T785] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 250.665304][ T7473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.832409][ T7473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.974920][ T5133] hid (null): nested delimiters [ 250.991826][ T5133] hid (null): report_id 24797 is invalid [ 251.010439][ T785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 251.027553][ T784] usbhid 2-1:0.0: can't add hid device: -71 [ 251.036493][ T784] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 251.073768][ T5133] hid (null): unknown global tag 0xa5 [ 251.089155][ T5133] hid (null): unknown global tag 0xd [ 251.094634][ T784] usb 2-1: USB disconnect, device number 28 [ 251.100892][ T785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 251.116702][ T785] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 251.137848][ T5133] hid (null): unknown global tag 0xc [ 251.147124][ T5133] hid-generic 0003:0158:0100.0019: unknown main item tag 0x1 [ 251.171130][ T785] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.187471][ T5133] hid-generic 0003:0158:0100.0019: unexpected long global item [ 251.209120][ T785] usb 3-1: config 0 descriptor?? [ 251.226269][ T5133] hid-generic 0003:0158:0100.0019: probe with driver hid-generic failed with error -22 [ 251.494359][ T5133] usb 4-1: USB disconnect, device number 42 [ 251.557994][ T5219] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 251.788858][ T5219] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 251.798501][ T5219] usb 1-1: config 1 has no interface number 1 [ 251.804951][ T5219] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 251.816048][ T5219] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 251.863915][ T5219] usb 1-1: string descriptor 0 read error: -22 [ 251.874391][ T5219] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 251.883687][ T5219] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.900299][ T5219] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 251.908318][ T5219] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 251.930078][ T785] holtek_kbd 0003:04D9:A055.001A: item fetching failed at offset 3/5 [ 251.944195][ T785] holtek_kbd 0003:04D9:A055.001A: probe with driver holtek_kbd failed with error -22 [ 251.979852][ T7495] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.694'. [ 251.990265][ T7495] netlink: zone id is out of range [ 252.012351][ T7495] netlink: del zone limit has 8 unknown bytes [ 252.162133][ T5219] usb 1-1: USB disconnect, device number 25 [ 252.319543][ T25] usb 3-1: USB disconnect, device number 36 [ 252.693248][ T5134] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 252.899876][ T5134] usb 5-1: Using ep0 maxpacket: 16 [ 252.943673][ T5134] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 252.970018][ T5134] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 252.991627][ T5134] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.016634][ T5134] usb 5-1: config 0 descriptor?? [ 253.174187][ T7517] cgroup: No subsys list or none specified [ 253.397990][ T5219] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 253.547950][ T7505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.581232][ T7505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.625654][ T5219] usb 3-1: Using ep0 maxpacket: 32 [ 253.759826][ T5219] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.829113][ T5219] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.842597][ T5134] hid (null): nested delimiters [ 253.847563][ T5134] hid (null): report_id 24797 is invalid [ 253.867739][ T5219] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 253.877111][ T5219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.887979][ T5134] hid (null): unknown global tag 0xa5 [ 253.893419][ T5134] hid (null): unknown global tag 0xd [ 253.915586][ T5134] hid (null): unknown global tag 0xc [ 253.926571][ T5219] hub 3-1:4.0: USB hub found [ 253.934714][ T5134] hid-generic 0003:0158:0100.001B: unknown main item tag 0x1 [ 253.998897][ T7522] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.701'. [ 254.014977][ T7522] netlink: del zone limit has 8 unknown bytes [ 254.064064][ T5134] hid-generic 0003:0158:0100.001B: unexpected long global item [ 254.115016][ T5134] hid-generic 0003:0158:0100.001B: probe with driver hid-generic failed with error -22 [ 254.220753][ T5134] usb 5-1: USB disconnect, device number 24 [ 254.356375][ T5219] hub 3-1:4.0: 2 ports detected [ 255.247977][ T5134] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 255.439905][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.473424][ T5134] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.485083][ T5134] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 255.495501][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.504169][ T784] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 255.530363][ T5134] usb 2-1: config 0 descriptor?? [ 255.722018][ T5092] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 255.747983][ T784] usb 5-1: Using ep0 maxpacket: 16 [ 255.757386][ T784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 255.775346][ T784] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 255.784998][ T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.798515][ T784] usb 5-1: config 0 descriptor?? [ 255.846586][ T5219] hub 3-1:4.0: activate --> -90 [ 255.918645][ T5092] usb 4-1: Using ep0 maxpacket: 32 [ 255.932919][ T5092] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.944363][ T5092] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.954702][ T5092] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 255.964437][ T5092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.996222][ T5092] hub 4-1:4.0: USB hub found [ 256.012547][ T5134] holtek_kbd 0003:04D9:A055.001C: item fetching failed at offset 3/5 [ 256.040940][ T5134] holtek_kbd 0003:04D9:A055.001C: probe with driver holtek_kbd failed with error -22 [ 256.158768][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.165275][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.190886][ T5092] hub 4-1:4.0: 2 ports detected [ 256.260263][ T7538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.269724][ T7538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.293108][ T784] hid (null): nested delimiters [ 256.313431][ T784] hid (null): report_id 24797 is invalid [ 256.331135][ T784] hid (null): unknown global tag 0xa5 [ 256.338223][ T784] hid (null): unknown global tag 0xd [ 256.343698][ T784] hid (null): unknown global tag 0xc [ 256.355254][ T784] hid-generic 0003:0158:0100.001D: unknown main item tag 0x1 [ 256.363300][ T784] hid-generic 0003:0158:0100.001D: unexpected long global item [ 256.378314][ T784] hid-generic 0003:0158:0100.001D: probe with driver hid-generic failed with error -22 [ 256.515619][ T784] usb 5-1: USB disconnect, device number 25 [ 257.009148][ T5219] usb 3-1-port1: cannot reset (err = -71) [ 257.016411][ T784] usb 3-1: USB disconnect, device number 37 [ 257.030163][ T5219] usb 3-1-port1: Cannot enable. Maybe the USB cable is bad? [ 257.040752][ T5219] usb 3-1-port1: attempt power cycle [ 257.082643][ T5134] usb 2-1: USB disconnect, device number 29 [ 257.509236][ T5092] hub 4-1:4.0: activate --> -90 [ 257.617766][ T25] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 257.826889][ T25] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 257.836560][ T25] usb 1-1: config 1 has no interface number 1 [ 257.849999][ T25] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 257.877011][ T25] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 257.891581][ T25] usb 1-1: string descriptor 0 read error: -22 [ 257.924356][ T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 257.955284][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.994316][ T25] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 258.002207][ T25] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 258.308026][ T4479] Bluetooth: hci2: command 0x0406 tx timeout [ 258.908431][ T25] usb 1-1: USB disconnect, device number 26 [ 259.159637][ T785] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 259.177135][ T5092] usb 4-1-port1: cannot reset (err = -71) [ 259.184402][ T8] usb 4-1: USB disconnect, device number 43 [ 259.194802][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 259.195692][ T5092] usb 4-1-port1: Cannot enable. Maybe the USB cable is bad? [ 259.284853][ T7572] cgroup: No subsys list or none specified [ 259.746464][ T785] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 260.008514][ T5092] usb 4-1-port1: attempt power cycle [ 260.017706][ T785] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 260.049203][ T785] usb 2-1: config 0 has no interface number 0 [ 260.115727][ T785] usb 2-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 260.163573][ T785] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 260.263762][ T785] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.458105][ T25] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 260.567203][ T785] usb 2-1: config 0 descriptor?? [ 260.641807][ T785] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 260.657760][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 260.698152][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 260.785336][ T25] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 260.795143][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.811053][ T25] usb 3-1: config 0 descriptor?? [ 260.911775][ T51] usb 2-1: Failed to submit usb control message: -71 [ 260.912270][ T5219] usb 2-1: USB disconnect, device number 30 [ 260.937195][ T51] usb 2-1: unable to send the bmi data to the device: -71 [ 260.946611][ T51] usb 2-1: unable to get target info from device [ 260.966318][ T51] usb 2-1: could not get target info (-71) [ 260.973463][ T51] usb 2-1: could not probe fw (-71) [ 261.077979][ T785] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 261.147755][ T8] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 261.287520][ T7575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.438796][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 261.519410][ T7592] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.719'. [ 261.561219][ T7592] netlink: zone id is out of range [ 261.578947][ T7592] netlink: del zone limit has 8 unknown bytes [ 261.662435][ T785] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 261.748670][ T7575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.780144][ T8] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 261.797150][ T785] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 261.799840][ T25] hid (null): nested delimiters [ 261.816897][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.824458][ T25] hid (null): report_id 24797 is invalid [ 261.825477][ T785] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 261.841593][ T785] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.851529][ T8] usb 4-1: config 0 descriptor?? [ 261.867465][ T8] gspca_main: sunplus-2.14.0 probing 041e:400b [ 261.883504][ T25] hid (null): unknown global tag 0xa5 [ 261.896659][ T25] hid (null): unknown global tag 0xd [ 261.916704][ T25] hid (null): unknown global tag 0xc [ 261.943867][ T25] hid-generic 0003:0158:0100.001E: unknown main item tag 0x1 [ 261.960819][ T25] hid-generic 0003:0158:0100.001E: unexpected long global item [ 261.977730][ T25] hid-generic 0003:0158:0100.001E: probe with driver hid-generic failed with error -22 [ 262.020862][ T25] usb 3-1: USB disconnect, device number 42 [ 262.143145][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 262.143163][ T29] audit: type=1326 audit(1720978863.531:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83a175bd9 code=0x7ffc0000 [ 262.171732][ T785] usb 5-1: language id specifier not provided by device, defaulting to English [ 262.207842][ T29] audit: type=1326 audit(1720978863.531:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83a175bd9 code=0x7ffc0000 [ 262.277986][ T29] audit: type=1326 audit(1720978863.531:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb83a1757db code=0x7ffc0000 [ 262.336686][ T29] audit: type=1326 audit(1720978863.531:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb83a1757db code=0x7ffc0000 [ 262.399226][ T29] audit: type=1326 audit(1720978863.551:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb83a1a7bc5 code=0x7ffc0000 [ 262.477888][ T29] audit: type=1326 audit(1720978863.721:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83a175bd9 code=0x7ffc0000 [ 262.529737][ T25] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 262.534183][ T29] audit: type=1326 audit(1720978863.721:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb83a1757db code=0x7ffc0000 [ 262.577113][ T29] audit: type=1326 audit(1720978863.721:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb83a1757db code=0x7ffc0000 [ 262.612773][ T785] usb 5-1: USB disconnect, device number 26 [ 262.614302][ T29] audit: type=1326 audit(1720978863.721:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83a175bd9 code=0x7ffc0000 [ 262.648237][ T29] audit: type=1326 audit(1720978863.721:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7587 comm="syz.4.718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb83a175bd9 code=0x7ffc0000 [ 262.742508][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 262.749591][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 262.761538][ T25] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 262.771218][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.782286][ T25] usb 1-1: config 0 descriptor?? [ 262.797803][ T5162] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 262.997789][ T5162] usb 2-1: Using ep0 maxpacket: 32 [ 263.016320][ T5162] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.036791][ T5162] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.060260][ T5162] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 263.076568][ T5162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.098768][ T5162] hub 2-1:4.0: USB hub found [ 263.213784][ T7594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.222924][ T7594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.235822][ T25] hid (null): nested delimiters [ 263.242204][ T25] hid (null): report_id 24797 is invalid [ 263.250457][ T25] hid (null): unknown global tag 0xa5 [ 263.256295][ T25] hid (null): unknown global tag 0xd [ 263.261836][ T25] hid (null): unknown global tag 0xc [ 263.271285][ T25] hid-generic 0003:0158:0100.001F: unknown main item tag 0x1 [ 263.280311][ T25] hid-generic 0003:0158:0100.001F: unexpected long global item [ 263.288926][ T25] hid-generic 0003:0158:0100.001F: probe with driver hid-generic failed with error -22 [ 263.309624][ T5162] hub 2-1:4.0: 2 ports detected [ 263.443804][ T25] usb 1-1: USB disconnect, device number 27 [ 263.739542][ T8] gspca_sunplus: reg_w_riv err -71 [ 263.744832][ T8] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 263.790786][ T8] usb 4-1: USB disconnect, device number 48 [ 264.226607][ T7615] cgroup: No subsys list or none specified [ 265.399208][ T5162] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 265.515349][ T8] hub 2-1:4.0: activate --> -90 [ 265.591258][ T5162] usb 3-1: Using ep0 maxpacket: 32 [ 265.601711][ T5162] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.614033][ T5162] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.624578][ T5162] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 265.633784][ T5162] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.648434][ T5162] hub 3-1:4.0: USB hub found [ 265.807716][ T25] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 265.848975][ T5162] hub 3-1:4.0: 2 ports detected [ 266.011130][ T25] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 266.035751][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.046554][ T25] usb 4-1: config 0 has no interface number 0 [ 266.056355][ T25] usb 4-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 266.078282][ T25] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 266.087503][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.141996][ T25] usb 4-1: config 0 descriptor?? [ 266.222409][ T25] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 266.917436][ T2815] usb 4-1: Failed to submit usb control message: -71 [ 266.928143][ T25] usb 4-1: USB disconnect, device number 49 [ 266.966832][ T2815] usb 4-1: unable to send the bmi data to the device: -71 [ 266.989844][ T2815] usb 4-1: unable to get target info from device [ 267.018125][ T2815] usb 4-1: could not get target info (-71) [ 267.039972][ T7652] overlay: Unknown parameter '\' [ 267.046103][ T2815] usb 4-1: could not probe fw (-71) [ 267.141049][ T8] usb 2-1-port1: cannot reset (err = -71) [ 267.146876][ T8] usb 2-1-port1: Cannot enable. Maybe the USB cable is bad? [ 267.163096][ T5092] usb 2-1: USB disconnect, device number 31 [ 267.174487][ T8] usb 2-1-port1: attempt power cycle [ 267.840712][ T7663] cgroup: No subsys list or none specified [ 268.518737][ T5092] hub 3-1:4.0: hub_ext_port_status failed (err = -32) [ 268.556862][ T5219] usb 3-1: USB disconnect, device number 43 [ 268.557151][ T5092] usb 3-1: Failed to suspend device, error -19 [ 268.807850][ T784] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 268.928909][ T5134] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 269.037312][ T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.066615][ T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.170956][ T784] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 269.186727][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.204242][ T5134] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 269.303534][ T784] usb 4-1: config 0 descriptor?? [ 269.309418][ T5134] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 269.338499][ T5134] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 269.348104][ T5134] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.945196][ T7685] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.743'. [ 269.956900][ T7685] netlink: zone id is out of range [ 269.962697][ T7685] netlink: del zone limit has 8 unknown bytes [ 270.081982][ T5134] usb 5-1: language id specifier not provided by device, defaulting to English [ 270.398900][ T784] holtek_kbd 0003:04D9:A055.0020: item fetching failed at offset 3/5 [ 270.417211][ T784] holtek_kbd 0003:04D9:A055.0020: probe with driver holtek_kbd failed with error -22 [ 270.527935][ T5134] usb 5-1: USB disconnect, device number 27 [ 270.737167][ T5092] usb 4-1: USB disconnect, device number 50 [ 270.775444][ T7696] TCP: MD5 Hash failed for 172.20.20.187.0->255.255.255.255.20002 [RP.] L3 index 0 [ 270.992070][ T4479] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 271.004170][ T7705] FAULT_INJECTION: forcing a failure. [ 271.004170][ T7705] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 271.018403][ T7705] CPU: 1 PID: 7705 Comm: syz.2.749 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 271.028498][ T7705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 271.038587][ T7705] Call Trace: [ 271.041895][ T7705] [ 271.044889][ T7705] dump_stack_lvl+0x241/0x360 [ 271.049616][ T7705] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.054845][ T7705] ? __pfx__printk+0x10/0x10 [ 271.059468][ T7705] ? __pfx_lock_release+0x10/0x10 [ 271.064534][ T7705] should_fail_ex+0x3b0/0x4e0 [ 271.069261][ T7705] _copy_from_user+0x2f/0xe0 [ 271.073880][ T7705] __sys_bpf+0x1a4/0x810 [ 271.078154][ T7705] ? __pfx___sys_bpf+0x10/0x10 [ 271.083395][ T7705] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 271.089420][ T7705] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 271.095744][ T7705] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 271.102057][ T7705] ? __irq_exit_rcu+0x100/0x1c0 [ 271.106894][ T7705] __x64_sys_bpf+0x7c/0x90 [ 271.111299][ T7705] do_syscall_64+0xf3/0x230 [ 271.115788][ T7705] ? clear_bhb_loop+0x35/0x90 [ 271.120451][ T7705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.126357][ T7705] RIP: 0033:0x7f8c60b75bd9 [ 271.130766][ T7705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.150450][ T7705] RSP: 002b:00007f8c618b6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 271.158877][ T7705] RAX: ffffffffffffffda RBX: 00007f8c60d04038 RCX: 00007f8c60b75bd9 [ 271.166846][ T7705] RDX: 000000000000004c RSI: 0000000020000580 RDI: 000000000000000a [ 271.174805][ T7705] RBP: 00007f8c618b60a0 R08: 0000000000000000 R09: 0000000000000000 [ 271.182857][ T7705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.190845][ T7705] R13: 000000000000006e R14: 00007f8c60d04038 R15: 00007fffdc118198 [ 271.198998][ T7705] [ 271.202120][ C1] vkms_vblank_simulate: vblank timer overrun [ 271.251640][ T7702] delete_channel: no stack [ 271.263463][ T7702] delete_channel: no stack [ 271.322495][ T7708] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.750'. [ 271.343014][ T7708] netlink: zone id is out of range [ 271.353547][ T7708] netlink: del zone limit has 8 unknown bytes [ 272.067118][ T7722] netlink: 'syz.2.753': attribute type 10 has an invalid length. [ 272.111107][ T4479] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 272.161357][ T7722] bridge0: port 3(team0) entered disabled state [ 272.171925][ T4479] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 272.175412][ T7722] team0: left allmulticast mode [ 272.188361][ T7722] team_slave_0: left allmulticast mode [ 272.194219][ T7722] team_slave_1: left allmulticast mode [ 272.199800][ T7722] team0: left promiscuous mode [ 272.204634][ T7722] team_slave_0: left promiscuous mode [ 272.211253][ T7722] team_slave_1: left promiscuous mode [ 272.217211][ T7722] bridge0: port 3(team0) entered disabled state [ 272.325122][ T7722] batman_adv: batadv0: Adding interface: team0 [ 272.335032][ T7722] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.360609][ C1] vkms_vblank_simulate: vblank timer overrun [ 272.368570][ T7722] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 272.379910][ T7726] netlink: 'syz.2.753': attribute type 10 has an invalid length. [ 272.388711][ T7726] netlink: 2 bytes leftover after parsing attributes in process `syz.2.753'. [ 272.398018][ T7726] team0: entered promiscuous mode [ 272.403365][ T7726] team_slave_0: entered promiscuous mode [ 272.409690][ T7726] team_slave_1: entered promiscuous mode [ 272.469855][ T7726] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.585486][ T7726] batman_adv: batadv0: Interface activated: team0 [ 272.597888][ T7726] batman_adv: batadv0: Interface deactivated: team0 [ 272.645547][ T7726] batman_adv: batadv0: Removing interface: team0 [ 272.671228][ T7726] bridge0: port 3(team0) entered blocking state [ 272.696799][ T7726] bridge0: port 3(team0) entered disabled state [ 272.709314][ T7726] team0: entered allmulticast mode [ 272.713231][ T7748] FAULT_INJECTION: forcing a failure. [ 272.713231][ T7748] name failslab, interval 1, probability 0, space 0, times 1 [ 272.727376][ T7748] CPU: 0 PID: 7748 Comm: syz.1.761 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 272.737389][ T7748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 272.747639][ T7748] Call Trace: [ 272.750922][ T7748] [ 272.753841][ T7748] dump_stack_lvl+0x241/0x360 [ 272.758612][ T7748] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.763898][ T7748] ? __pfx__printk+0x10/0x10 [ 272.768485][ T7748] ? __pfx___might_resched+0x10/0x10 [ 272.773775][ T7748] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 272.779774][ T7748] should_fail_ex+0x3b0/0x4e0 [ 272.785331][ T7748] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 272.791671][ T7748] should_failslab+0x9/0x20 [ 272.797560][ T7748] __kmalloc_noprof+0xd8/0x400 [ 272.803226][ T7748] ? safesetid_security_capable+0xb2/0x1d0 [ 272.809306][ T7748] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 272.815404][ T7748] genl_rcv_msg+0x802/0xec0 [ 272.819913][ T7748] ? mark_lock+0x9a/0x350 [ 272.824249][ T7748] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.829287][ T7748] ? __pfx_lock_acquire+0x10/0x10 [ 272.834305][ T7748] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 272.839671][ T7748] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 272.844944][ T7748] ? __pfx_nl80211_post_doit+0x10/0x10 [ 272.850395][ T7748] ? __pfx___might_resched+0x10/0x10 [ 272.855708][ T7748] netlink_rcv_skb+0x1e3/0x430 [ 272.860478][ T7748] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.865515][ T7748] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 272.870824][ T7748] ? __netlink_deliver_tap+0x77e/0x7c0 [ 272.876286][ T7748] genl_rcv+0x28/0x40 [ 272.880263][ T7748] netlink_unicast+0x7ea/0x980 [ 272.885026][ T7748] ? __pfx_netlink_unicast+0x10/0x10 [ 272.890302][ T7748] ? __virt_addr_valid+0x183/0x530 [ 272.895412][ T7748] ? __check_object_size+0x49c/0x900 [ 272.900691][ T7748] ? bpf_lsm_netlink_send+0x9/0x10 [ 272.905795][ T7748] netlink_sendmsg+0x8db/0xcb0 [ 272.910751][ T7748] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.916201][ T7748] ? __import_iovec+0x536/0x820 [ 272.921041][ T7748] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 272.926309][ T7748] ? security_socket_sendmsg+0x87/0xb0 [ 272.931763][ T7748] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.937064][ T7748] __sock_sendmsg+0x221/0x270 [ 272.941746][ T7748] ____sys_sendmsg+0x525/0x7d0 [ 272.946517][ T7748] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.951837][ T7748] __sys_sendmsg+0x2b0/0x3a0 [ 272.956439][ T7748] ? __pfx___sys_sendmsg+0x10/0x10 [ 272.961551][ T7748] ? vfs_write+0x7c4/0xc90 [ 272.966012][ T7748] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 272.972361][ T7748] ? do_syscall_64+0x100/0x230 [ 272.977119][ T7748] ? do_syscall_64+0xb6/0x230 [ 272.981785][ T7748] do_syscall_64+0xf3/0x230 [ 272.986278][ T7748] ? clear_bhb_loop+0x35/0x90 [ 272.990959][ T7748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.996867][ T7748] RIP: 0033:0x7fce80175bd9 [ 273.001276][ T7748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.021227][ T7748] RSP: 002b:00007fce80f8f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.029643][ T7748] RAX: ffffffffffffffda RBX: 00007fce80303f60 RCX: 00007fce80175bd9 [ 273.037786][ T7748] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 273.045846][ T7748] RBP: 00007fce80f8f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 273.053817][ T7748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.061781][ T7748] R13: 000000000000000b R14: 00007fce80303f60 R15: 00007ffc76f74558 [ 273.069933][ T7748] [ 273.081574][ T7726] team_slave_0: entered allmulticast mode [ 273.097499][ T7726] team_slave_1: entered allmulticast mode [ 273.110690][ T7726] bridge0: port 3(team0) entered blocking state [ 273.117028][ T7726] bridge0: port 3(team0) entered forwarding state [ 273.239567][ T5092] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 273.263515][ T7753] IPv6: NLM_F_REPLACE set, but no existing node found! [ 273.282819][ T7753] FAULT_INJECTION: forcing a failure. [ 273.282819][ T7753] name failslab, interval 1, probability 0, space 0, times 0 [ 273.326444][ T7753] CPU: 0 PID: 7753 Comm: syz.1.763 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 273.336478][ T7753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 273.347614][ T7753] Call Trace: [ 273.351434][ T7753] [ 273.354397][ T7753] dump_stack_lvl+0x241/0x360 [ 273.359649][ T7753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.365075][ T7753] ? __pfx__printk+0x10/0x10 [ 273.369711][ T7753] should_fail_ex+0x3b0/0x4e0 [ 273.374415][ T7753] ? __alloc_skb+0x1c3/0x440 [ 273.379029][ T7753] should_failslab+0x9/0x20 [ 273.383561][ T7753] kmem_cache_alloc_node_noprof+0x71/0x320 [ 273.389481][ T7753] __alloc_skb+0x1c3/0x440 [ 273.393923][ T7753] ? __dev_queue_xmit+0x16c9/0x3d30 [ 273.399148][ T7753] ? __pfx___alloc_skb+0x10/0x10 [ 273.404117][ T7753] ? netlink_ack_tlv_len+0x6e/0x200 [ 273.409518][ T7753] netlink_ack+0x13f/0xa30 [ 273.413991][ T7753] netlink_rcv_skb+0x262/0x430 [ 273.418789][ T7753] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 273.424271][ T7753] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 273.429694][ T7753] ? netlink_deliver_tap+0x2e/0x1b0 [ 273.434924][ T7753] netlink_unicast+0x7ea/0x980 [ 273.439721][ T7753] ? __pfx_netlink_unicast+0x10/0x10 [ 273.445024][ T7753] ? __virt_addr_valid+0x183/0x530 [ 273.450410][ T7753] ? __check_object_size+0x49c/0x900 [ 273.455694][ T7753] ? bpf_lsm_netlink_send+0x9/0x10 [ 273.460894][ T7753] netlink_sendmsg+0x8db/0xcb0 [ 273.465709][ T7753] ? __pfx_netlink_sendmsg+0x10/0x10 [ 273.470996][ T7753] ? __import_iovec+0x536/0x820 [ 273.475933][ T7753] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 273.481216][ T7753] ? security_socket_sendmsg+0x87/0xb0 [ 273.486679][ T7753] ? __pfx_netlink_sendmsg+0x10/0x10 [ 273.492134][ T7753] __sock_sendmsg+0x221/0x270 [ 273.496817][ T7753] ____sys_sendmsg+0x525/0x7d0 [ 273.501780][ T7753] ? __pfx_____sys_sendmsg+0x10/0x10 [ 273.508638][ T7753] __sys_sendmsg+0x2b0/0x3a0 [ 273.516937][ T7753] ? __pfx___sys_sendmsg+0x10/0x10 [ 273.522054][ T7753] ? vfs_write+0x7c4/0xc90 [ 273.526502][ T7753] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 273.532828][ T7753] ? do_syscall_64+0x100/0x230 [ 273.537601][ T7753] ? do_syscall_64+0xb6/0x230 [ 273.542276][ T7753] do_syscall_64+0xf3/0x230 [ 273.546770][ T7753] ? clear_bhb_loop+0x35/0x90 [ 273.551437][ T7753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.557327][ T7753] RIP: 0033:0x7fce80175bd9 [ 273.561736][ T7753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.581770][ T7753] RSP: 002b:00007fce80f8f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.590876][ T7753] RAX: ffffffffffffffda RBX: 00007fce80303f60 RCX: 00007fce80175bd9 [ 273.599829][ T7753] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 273.608712][ T7753] RBP: 00007fce80f8f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 273.616856][ T7753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.625098][ T7753] R13: 000000000000000b R14: 00007fce80303f60 R15: 00007ffc76f74558 [ 273.633535][ T7753] [ 273.829601][ T5092] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 274.000598][ T5092] usb 4-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 274.116117][ T7764] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.766'. [ 274.129472][ T7764] netlink: zone id is out of range [ 274.136170][ T7764] netlink: del zone limit has 8 unknown bytes [ 274.273343][ T5092] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 274.317157][ T5092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.548682][ T5092] usb 4-1: language id specifier not provided by device, defaulting to English [ 274.968002][ T5092] usb 4-1: USB disconnect, device number 51 [ 275.439783][ T8] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 275.738508][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 275.771231][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 275.800328][ T8] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 275.812914][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.829259][ T8] usb 1-1: config 0 descriptor?? [ 275.873366][ T7790] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.774'. [ 275.906642][ T7790] netlink: zone id is out of range [ 275.916143][ T7790] netlink: del zone limit has 8 unknown bytes [ 276.294018][ T7786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.305558][ T7786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.308968][ T7809] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.779'. [ 276.383922][ T8] hid (null): nested delimiters [ 276.390041][ T7809] netlink: zone id is out of range [ 276.417442][ T7809] netlink: del zone limit has 8 unknown bytes [ 276.603610][ T8] hid (null): report_id 24797 is invalid [ 276.632522][ T7807] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 276.664532][ T8] hid (null): unknown global tag 0xa5 [ 276.675456][ T8] hid (null): unknown global tag 0xd [ 276.699581][ T8] hid (null): unknown global tag 0xc [ 276.715782][ T8] hid-generic 0003:0158:0100.0021: unknown main item tag 0x1 [ 276.726317][ T8] hid-generic 0003:0158:0100.0021: unexpected long global item [ 276.750533][ T8] hid-generic 0003:0158:0100.0021: probe with driver hid-generic failed with error -22 [ 276.778597][ T8] usb 1-1: USB disconnect, device number 28 [ 277.735788][ T25] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 277.980644][ T25] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 278.005246][ T4479] Bluetooth: hci4: command 0x0406 tx timeout [ 278.026775][ T25] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 278.115221][ T25] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 278.159350][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.328228][ T7842] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.790'. [ 278.338033][ T7842] netlink: zone id is out of range [ 278.343241][ T7842] netlink: del zone limit has 8 unknown bytes [ 278.494594][ T25] usb 1-1: language id specifier not provided by device, defaulting to English [ 278.686061][ T7853] IPv6: NLM_F_REPLACE set, but no existing node found! [ 278.925876][ T25] usb 1-1: USB disconnect, device number 29 [ 279.317906][ T785] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 279.508803][ T785] usb 2-1: Using ep0 maxpacket: 16 [ 279.571368][ T785] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 279.596561][ T785] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 279.606726][ T785] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.649973][ T785] usb 2-1: config 0 descriptor?? [ 279.932085][ T25] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 280.106928][ T7864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.128224][ T7864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.140155][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.156456][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.164984][ T785] hid (null): nested delimiters [ 280.166814][ T25] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 280.180881][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.188132][ T785] hid (null): report_id 24797 is invalid [ 280.211380][ T25] usb 1-1: config 0 descriptor?? [ 280.215949][ T785] hid (null): unknown global tag 0xa5 [ 280.244552][ T785] hid (null): unknown global tag 0xd [ 280.263188][ T785] hid (null): unknown global tag 0xc [ 280.475833][ T7889] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.804'. [ 280.487251][ T7889] netlink: zone id is out of range [ 280.493166][ T7889] netlink: del zone limit has 8 unknown bytes [ 280.837103][ T785] hid-generic 0003:0158:0100.0022: unknown main item tag 0x1 [ 280.866953][ T785] hid-generic 0003:0158:0100.0022: unexpected long global item [ 280.897467][ T785] hid-generic 0003:0158:0100.0022: probe with driver hid-generic failed with error -22 [ 280.931031][ T785] usb 2-1: USB disconnect, device number 36 [ 281.100381][ T25] holtek_kbd 0003:04D9:A055.0023: item fetching failed at offset 3/5 [ 281.136579][ T25] holtek_kbd 0003:04D9:A055.0023: probe with driver holtek_kbd failed with error -22 [ 281.454643][ T784] usb 1-1: USB disconnect, device number 30 [ 281.991006][ T7909] netlink: 4 bytes leftover after parsing attributes in process `syz.4.807'. [ 282.001271][ T7909] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 282.577705][ T784] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 282.792532][ T784] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 282.808492][ T784] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 282.835234][ T784] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 282.849288][ T784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.879029][ T25] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 283.080558][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 283.096879][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.116049][ T784] usb 1-1: language id specifier not provided by device, defaulting to English [ 283.132810][ T25] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 283.156410][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.193506][ T25] usb 2-1: config 0 descriptor?? [ 283.237111][ T25] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 283.495766][ T7933] overlay: Unknown parameter '\' [ 283.546199][ T784] usb 1-1: USB disconnect, device number 31 [ 283.649087][ T7919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.694563][ T7919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.958362][ T25] gspca_vc032x: reg_w err -110 [ 284.158583][ T25] vc032x 2-1:0.0: probe with driver vc032x failed with error -110 [ 284.627900][ T4479] Bluetooth: hci4: command 0x0406 tx timeout [ 284.798903][ T7955] overlay: Unknown parameter '\' [ 285.306037][ T7970] netlink: 'syz.4.827': attribute type 7 has an invalid length. [ 285.316713][ T7970] FAULT_INJECTION: forcing a failure. [ 285.316713][ T7970] name failslab, interval 1, probability 0, space 0, times 0 [ 285.334960][ T7970] CPU: 0 PID: 7970 Comm: syz.4.827 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 285.345077][ T7970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 285.355248][ T7970] Call Trace: [ 285.358568][ T7970] [ 285.362207][ T7970] dump_stack_lvl+0x241/0x360 [ 285.367007][ T7970] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.372323][ T7970] ? __pfx__printk+0x10/0x10 [ 285.376956][ T7970] ? nla_get_range_unsigned+0x2ec/0x490 [ 285.382542][ T7970] should_fail_ex+0x3b0/0x4e0 [ 285.387245][ T7970] ? __alloc_skb+0x1c3/0x440 [ 285.391860][ T7970] should_failslab+0x9/0x20 [ 285.396384][ T7970] kmem_cache_alloc_node_noprof+0x71/0x320 [ 285.402213][ T7970] __alloc_skb+0x1c3/0x440 [ 285.406656][ T7970] ? __pfx___alloc_skb+0x10/0x10 [ 285.411626][ T7970] ovs_dp_cmd_new+0x169/0xc10 [ 285.416335][ T7970] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 285.421556][ T7970] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 285.427908][ T7970] genl_rcv_msg+0xb14/0xec0 [ 285.432441][ T7970] ? mark_lock+0x9a/0x350 [ 285.436803][ T7970] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.441876][ T7970] ? __pfx_lock_acquire+0x10/0x10 [ 285.446921][ T7970] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 285.452121][ T7970] ? __pfx___might_resched+0x10/0x10 [ 285.457419][ T7970] netlink_rcv_skb+0x1e3/0x430 [ 285.462196][ T7970] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.467236][ T7970] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 285.472892][ T7970] ? __netlink_deliver_tap+0x77e/0x7c0 [ 285.478374][ T7970] genl_rcv+0x28/0x40 [ 285.482354][ T7970] netlink_unicast+0x7ea/0x980 [ 285.487135][ T7970] ? __pfx_netlink_unicast+0x10/0x10 [ 285.492425][ T7970] ? __virt_addr_valid+0x183/0x530 [ 285.497538][ T7970] ? __check_object_size+0x49c/0x900 [ 285.503252][ T7970] ? bpf_lsm_netlink_send+0x9/0x10 [ 285.508710][ T7970] netlink_sendmsg+0x8db/0xcb0 [ 285.513588][ T7970] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.519000][ T7970] ? __import_iovec+0x536/0x820 [ 285.524288][ T7970] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 285.531009][ T7970] ? security_socket_sendmsg+0x87/0xb0 [ 285.537915][ T7970] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.546238][ T7970] __sock_sendmsg+0x221/0x270 [ 285.550925][ T7970] ____sys_sendmsg+0x525/0x7d0 [ 285.555700][ T7970] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.560995][ T7970] __sys_sendmsg+0x2b0/0x3a0 [ 285.565781][ T7970] ? __pfx___sys_sendmsg+0x10/0x10 [ 285.570906][ T7970] ? vfs_write+0x7c4/0xc90 [ 285.575626][ T7970] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 285.582847][ T7970] ? do_syscall_64+0x100/0x230 [ 285.587709][ T7970] ? do_syscall_64+0xb6/0x230 [ 285.592419][ T7970] do_syscall_64+0xf3/0x230 [ 285.597000][ T7970] ? clear_bhb_loop+0x35/0x90 [ 285.602081][ T7970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.608245][ T7970] RIP: 0033:0x7fb83a175bd9 [ 285.612757][ T7970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.632360][ T7970] RSP: 002b:00007fb83aedd048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.640918][ T7970] RAX: ffffffffffffffda RBX: 00007fb83a303f60 RCX: 00007fb83a175bd9 [ 285.649077][ T7970] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 285.658793][ T7970] RBP: 00007fb83aedd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 285.669621][ T7970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.677594][ T7970] R13: 000000000000000b R14: 00007fb83a303f60 R15: 00007fffeeb8d348 [ 285.685587][ T7970] [ 285.877848][ T785] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 286.089407][ T785] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.119128][ T785] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.155963][ T785] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 286.177691][ T785] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.211420][ T785] usb 1-1: config 0 descriptor?? [ 286.225456][ T784] usb 2-1: USB disconnect, device number 37 [ 286.320781][ T7979] FAULT_INJECTION: forcing a failure. [ 286.320781][ T7979] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 286.357786][ T7979] CPU: 0 PID: 7979 Comm: syz.3.829 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 286.368085][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 286.378731][ T7979] Call Trace: [ 286.382113][ T7979] [ 286.385056][ T7979] dump_stack_lvl+0x241/0x360 [ 286.390244][ T7979] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.395470][ T7979] ? __pfx__printk+0x10/0x10 [ 286.400084][ T7979] ? __lock_acquire+0x1346/0x1fd0 [ 286.405159][ T7979] should_fail_ex+0x3b0/0x4e0 [ 286.409888][ T7979] prepare_alloc_pages+0x1da/0x5d0 [ 286.415035][ T7979] __alloc_pages_noprof+0x166/0x6c0 [ 286.420259][ T7979] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 286.426019][ T7979] alloc_pages_mpol_noprof+0x3e8/0x680 [ 286.431503][ T7979] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 286.437520][ T7979] vma_alloc_folio_noprof+0xf3/0x1f0 [ 286.442834][ T7979] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 286.448753][ T7979] ? do_raw_spin_unlock+0x13c/0x8b0 [ 286.453981][ T7979] folio_prealloc+0x31/0x170 [ 286.458593][ T7979] do_wp_page+0x11cc/0x52f0 [ 286.463128][ T7979] ? __pfx_do_wp_page+0x10/0x10 [ 286.468001][ T7979] ? __pfx_lock_acquire+0x10/0x10 [ 286.473045][ T7979] ? do_raw_spin_lock+0x14f/0x370 [ 286.478109][ T7979] handle_pte_fault+0x117e/0x7090 [ 286.483152][ T7979] ? cgroup_rstat_updated+0x13b/0xc60 [ 286.488541][ T7979] ? __pfx_validate_chain+0x10/0x10 [ 286.493761][ T7979] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 286.499513][ T7979] ? mark_lock+0x9a/0x350 [ 286.503966][ T7979] ? __pfx_handle_pte_fault+0x10/0x10 [ 286.509356][ T7979] ? __lock_acquire+0x1346/0x1fd0 [ 286.514442][ T7979] ? mt_find+0x226/0x850 [ 286.518799][ T7979] handle_mm_fault+0xfb0/0x19d0 [ 286.524509][ T7979] ? __pfx_handle_mm_fault+0x10/0x10 [ 286.532119][ T7979] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 286.539980][ T7979] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 286.545391][ T7979] exc_page_fault+0x2b9/0x8c0 [ 286.551098][ T7979] asm_exc_page_fault+0x26/0x30 [ 286.557034][ T7979] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 286.563843][ T7979] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 286.588623][ T7979] RSP: 0018:ffffc900133e7738 EFLAGS: 00050206 [ 286.594724][ T7979] RAX: ffff88805f660001 RBX: 00000000200105d0 RCX: 000000000000c5d0 [ 286.602723][ T7979] RDX: 0000000000000000 RSI: ffff88805f663ce8 RDI: 0000000020004000 [ 286.610714][ T7979] RBP: ffffc900133e78b8 R08: ffff88805f6702b7 R09: 1ffff1100bece056 [ 286.618708][ T7979] R10: dffffc0000000000 R11: ffffed100bece057 R12: dffffc0000000000 [ 286.626717][ T7979] R13: 1ffff9200267cefc R14: 00000000000101d0 R15: ffff88805f6600e8 [ 286.634743][ T7979] _copy_to_iter+0x4c0/0x1960 [ 286.639449][ T7979] ? __virt_addr_valid+0x183/0x530 [ 286.644602][ T7979] ? __pfx__copy_to_iter+0x10/0x10 [ 286.649732][ T7979] ? remove_wait_queue+0x33/0x130 [ 286.651570][ T7984] cgroup: No subsys list or none specified [ 286.654845][ T7979] ? __virt_addr_valid+0x183/0x530 [ 286.665762][ T7979] ? __virt_addr_valid+0x183/0x530 [ 286.670890][ T7979] ? __virt_addr_valid+0x45f/0x530 [ 286.676008][ T7979] ? __phys_addr_symbol+0x2f/0x70 [ 286.681025][ T7979] ? __check_object_size+0x49c/0x900 [ 286.686307][ T7979] __skb_datagram_iter+0x112/0x890 [ 286.691425][ T7979] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 286.697053][ T7979] ? __pfx_tipc_sk_anc_data_recv+0x10/0x10 [ 286.702856][ T7979] skb_copy_datagram_iter+0xd1/0x250 [ 286.708142][ T7979] tipc_recvstream+0x7a8/0xf80 [ 286.712910][ T7979] ? __pfx_tipc_recvstream+0x10/0x10 [ 286.718186][ T7979] ? iovec_from_user+0x1b0/0x240 [ 286.723121][ T7979] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 286.728394][ T7979] ? security_socket_recvmsg+0x90/0xb0 [ 286.733846][ T7979] ? __pfx_tipc_recvstream+0x10/0x10 [ 286.739122][ T7979] sock_recvmsg+0x22f/0x280 [ 286.743620][ T7979] ____sys_recvmsg+0x1db/0x470 [ 286.748387][ T7979] ? __pfx_____sys_recvmsg+0x10/0x10 [ 286.753684][ T7979] __sys_recvmsg+0x2f0/0x3e0 [ 286.758271][ T7979] ? __pfx___sys_recvmsg+0x10/0x10 [ 286.763397][ T7979] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 286.769717][ T7979] ? do_syscall_64+0x100/0x230 [ 286.774470][ T7979] ? do_syscall_64+0xb6/0x230 [ 286.779135][ T7979] do_syscall_64+0xf3/0x230 [ 286.783628][ T7979] ? clear_bhb_loop+0x35/0x90 [ 286.788559][ T7979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.794539][ T7979] RIP: 0033:0x7fc621d75bd9 [ 286.799098][ T7979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.820784][ T7979] RSP: 002b:00007fc622aa9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 286.829193][ T7979] RAX: ffffffffffffffda RBX: 00007fc621f03f60 RCX: 00007fc621d75bd9 [ 286.837153][ T7979] RDX: 0000000000001f00 RSI: 0000000020000500 RDI: 0000000000000003 [ 286.846438][ T7979] RBP: 00007fc622aa90a0 R08: 0000000000000000 R09: 0000000000000000 [ 286.854853][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.862825][ T7979] R13: 000000000000000b R14: 00007fc621f03f60 R15: 00007ffe75ac0258 [ 286.870806][ T7979] [ 286.888513][ T4479] Bluetooth: hci4: command 0x0406 tx timeout [ 287.583983][ T785] holtek_kbd 0003:04D9:A055.0024: item fetching failed at offset 3/5 [ 287.621775][ T785] holtek_kbd 0003:04D9:A055.0024: probe with driver holtek_kbd failed with error -22 [ 288.039657][ T8005] overlay: Unknown parameter '\' [ 288.057836][ T784] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 288.092594][ T5092] usb 1-1: USB disconnect, device number 32 [ 288.159994][ T8008] process 'syz.2.838' launched './file1' with NULL argv: empty string added [ 288.259863][ T784] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 288.270897][ T25] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 288.287718][ T784] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 288.297137][ T784] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 288.308642][ T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.489948][ T25] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 288.501949][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.519969][ T25] usb 4-1: config 0 descriptor?? [ 288.542658][ T784] usb 5-1: language id specifier not provided by device, defaulting to English [ 289.006589][ T784] usb 5-1: USB disconnect, device number 28 [ 289.472660][ T8021] overlay: Unknown parameter '\' [ 289.800829][ T784] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 289.893457][ T8002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 289.908180][ T8002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 289.979168][ T8002] set match dimension is over the limit! [ 290.000685][ T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 290.022807][ T25] asix 4-1:0.0: probe with driver asix failed with error -71 [ 290.030430][ T784] usb 2-1: Using ep0 maxpacket: 32 [ 290.047798][ T784] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.065390][ T25] usb 4-1: USB disconnect, device number 52 [ 290.080002][ T784] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.118886][ T784] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 290.150631][ T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.191728][ T784] hub 2-1:4.0: USB hub found [ 290.227946][ T5134] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 290.388352][ T784] hub 2-1:4.0: 2 ports detected [ 290.441904][ T5134] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x26, changing to 0x6 [ 290.455131][ T5134] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 290.484098][ T5134] usb 5-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 290.493554][ T5134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.501787][ T5134] usb 5-1: Product: syz [ 290.506211][ T5134] usb 5-1: Manufacturer: syz [ 290.510937][ T5134] usb 5-1: SerialNumber: syz [ 290.524167][ T5134] usb 5-1: config 0 descriptor?? [ 290.536965][ T5134] usbtest 5-1:0.0: couldn't get endpoints, -22 [ 290.549199][ T5134] usbtest 5-1:0.0: probe with driver usbtest failed with error -22 [ 290.768275][ T5134] usb 5-1: USB disconnect, device number 29 [ 290.979628][ T8039] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.844'. [ 291.003343][ T8039] netlink: del zone limit has 8 unknown bytes [ 291.725497][ T784] hub 2-1:4.0: activate --> -90 [ 291.838001][ T45] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 292.057709][ T45] usb 1-1: Using ep0 maxpacket: 16 [ 292.062830][ T785] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 292.072044][ T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 292.083299][ T45] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 292.092429][ T5134] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 292.100132][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.111344][ T45] usb 1-1: config 0 descriptor?? [ 292.167794][ T5092] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 292.243020][ T785] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 292.252982][ T785] usb 5-1: config 1 has no interface number 1 [ 292.259324][ T785] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 292.270722][ T5134] usb 4-1: device descriptor read/64, error -71 [ 292.272206][ T785] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 292.291562][ T785] usb 5-1: string descriptor 0 read error: -22 [ 292.297930][ T785] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 292.306981][ T785] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.334034][ T785] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 292.351140][ T785] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 292.361511][ T5092] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.376808][ T5092] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.389419][ T5092] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 292.400196][ T5092] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.413861][ T5092] usb 3-1: config 0 descriptor?? [ 292.549930][ T5134] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 292.561657][ T8042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.568146][ T785] usb 5-1: USB disconnect, device number 30 [ 292.574114][ T8042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.607281][ T45] hid (null): nested delimiters [ 292.619404][ T45] hid (null): report_id 24797 is invalid [ 292.648150][ T45] hid (null): unknown global tag 0xa5 [ 292.653639][ T45] hid (null): unknown global tag 0xd [ 292.659794][ T45] hid (null): unknown global tag 0xc [ 292.668743][ T45] hid-generic 0003:0158:0100.0025: unknown main item tag 0x1 [ 292.676374][ T45] hid-generic 0003:0158:0100.0025: unexpected long global item [ 292.685607][ T45] hid-generic 0003:0158:0100.0025: probe with driver hid-generic failed with error -22 [ 292.747964][ T5134] usb 4-1: device descriptor read/64, error -71 [ 292.792388][ T784] usb 2-1-port1: cannot reset (err = -71) [ 292.792867][ T8] usb 2-1: USB disconnect, device number 38 [ 292.800011][ T784] usb 2-1-port1: Cannot enable. Maybe the USB cable is bad? [ 292.820374][ T784] usb 2-1-port1: attempt power cycle [ 292.850478][ T5093] udevd[5093]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 292.875715][ T5134] usb usb4-port1: attempt power cycle [ 292.892077][ T45] usb 1-1: USB disconnect, device number 33 [ 292.933352][ T5092] holtek_kbd 0003:04D9:A055.0026: item fetching failed at offset 3/5 [ 292.949773][ T5092] holtek_kbd 0003:04D9:A055.0026: probe with driver holtek_kbd failed with error -22 [ 293.318138][ T5134] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 293.381331][ T5134] usb 4-1: device descriptor read/8, error -71 [ 293.609163][ T8] usb 3-1: USB disconnect, device number 44 [ 293.667751][ T5134] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 293.718650][ T5134] usb 4-1: device descriptor read/8, error -71 [ 293.848291][ T5134] usb usb4-port1: unable to enumerate USB device [ 293.854857][ T784] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 294.027775][ T5133] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 294.057989][ T784] usb 2-1: Using ep0 maxpacket: 32 [ 294.079074][ T784] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 294.097657][ T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.150148][ T784] usb 2-1: config 0 descriptor?? [ 294.159486][ T784] gspca_main: sunplus-2.14.0 probing 041e:400b [ 294.219093][ T5133] usb 1-1: config 1 has an invalid descriptor of length 24, skipping remainder of the config [ 294.237066][ T5133] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 294.255424][ T5133] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 294.271257][ T5133] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 294.297723][ T5133] usb 1-1: SerialNumber: syz [ 294.712363][ T5133] usb 1-1: 0:2 : does not exist [ 294.868645][ T784] gspca_sunplus: reg_w_riv err -110 [ 294.875314][ T784] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 295.040959][ T8077] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.860'. [ 295.066195][ T8077] netlink: del zone limit has 8 unknown bytes [ 295.167228][ T5133] usb 1-1: USB disconnect, device number 34 [ 295.268639][ T4479] Bluetooth: hci4: command 0x0406 tx timeout [ 295.588113][ T5133] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 295.737771][ T5131] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 295.777744][ T5133] usb 1-1: Using ep0 maxpacket: 16 [ 295.796623][ T5133] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 295.813809][ T5133] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.824339][ T5092] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 295.837698][ T5133] usb 1-1: Product: syz [ 295.841893][ T5133] usb 1-1: Manufacturer: syz [ 295.846502][ T5133] usb 1-1: SerialNumber: syz [ 295.863277][ T5133] usb 1-1: config 0 descriptor?? [ 295.882506][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 295.979888][ T5131] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 296.001603][ T5131] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 296.030180][ T5131] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 296.037894][ T5092] usb 4-1: Using ep0 maxpacket: 32 [ 296.040180][ T5131] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.053494][ T5092] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.077654][ T5092] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.087453][ T5092] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 296.123916][ T5092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.142575][ T5092] hub 4-1:4.0: USB hub found [ 296.347440][ T5092] hub 4-1:4.0: 2 ports detected [ 296.552985][ T5131] usb 5-1: language id specifier not provided by device, defaulting to English [ 297.375913][ T5133] usb 2-1: USB disconnect, device number 43 [ 297.481376][ T5131] usb 5-1: USB disconnect, device number 31 [ 298.035749][ T785] hub 4-1:4.0: activate --> -90 [ 298.798826][ T5133] usb 1-1: USB disconnect, device number 35 [ 298.853275][ T8122] mmap: syz.4.873 (8122): VmData 25841664 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data. [ 298.870930][ T8128] overlay: Unknown parameter '\' [ 299.088989][ T785] usb 4-1-port1: cannot reset (err = -71) [ 299.092684][ T5134] usb 4-1: USB disconnect, device number 57 [ 299.543465][ T785] usb 4-1-port1: Cannot enable. Maybe the USB cable is bad? [ 299.551480][ T785] usb 4-1-port1: attempt power cycle [ 299.854338][ T5092] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 300.057929][ T5092] usb 2-1: Using ep0 maxpacket: 32 [ 300.069551][ T5092] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 300.078901][ T5092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.098864][ T5092] usb 2-1: config 0 descriptor?? [ 300.112923][ T5092] gspca_main: sunplus-2.14.0 probing 041e:400b [ 301.910134][ T5092] gspca_sunplus: reg_w_riv err -71 [ 301.944180][ T5092] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 301.971071][ T5092] usb 2-1: USB disconnect, device number 44 [ 302.302997][ T8180] netlink: 'syz.0.890': attribute type 10 has an invalid length. [ 302.315286][ T8180] bridge0: port 3(team0) entered disabled state [ 302.322911][ T8180] team0: left allmulticast mode [ 302.328062][ T8180] team_slave_0: left allmulticast mode [ 302.333614][ T8180] team_slave_1: left allmulticast mode [ 302.339151][ T8180] team0: left promiscuous mode [ 302.344009][ T8180] team_slave_0: left promiscuous mode [ 302.349868][ T8180] team_slave_1: left promiscuous mode [ 302.357261][ T8180] bridge0: port 3(team0) entered disabled state [ 302.372138][ T8180] batman_adv: batadv0: Adding interface: team0 [ 302.378486][ T8180] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.404192][ T8180] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 302.416004][ T8181] netlink: 'syz.0.890': attribute type 10 has an invalid length. [ 302.423932][ T8181] netlink: 2 bytes leftover after parsing attributes in process `syz.0.890'. [ 302.433014][ T8181] team0: entered promiscuous mode [ 302.438182][ T8181] team_slave_0: entered promiscuous mode [ 302.444153][ T8181] team_slave_1: entered promiscuous mode [ 302.452781][ T8181] 8021q: adding VLAN 0 to HW filter on device team0 [ 302.461620][ T8181] batman_adv: batadv0: Interface activated: team0 [ 302.468585][ T8181] batman_adv: batadv0: Interface deactivated: team0 [ 302.475312][ T8181] batman_adv: batadv0: Removing interface: team0 [ 302.577887][ T4479] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 302.621911][ T4479] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 302.636846][ T8181] bridge0: port 3(team0) entered blocking state [ 302.651238][ T8181] bridge0: port 3(team0) entered disabled state [ 302.657861][ T8181] team0: entered allmulticast mode [ 302.664337][ T8181] team_slave_0: entered allmulticast mode [ 302.670312][ T8181] team_slave_1: entered allmulticast mode [ 302.679377][ T8181] bridge0: port 3(team0) entered blocking state [ 302.685845][ T8181] bridge0: port 3(team0) entered forwarding state [ 303.809432][ T5131] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 304.032267][ T5131] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 304.044246][ T5131] usb 4-1: config 1 has no interface number 1 [ 304.051733][ T5131] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 304.069014][ T5131] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 304.095333][ T5131] usb 4-1: string descriptor 0 read error: -22 [ 304.107575][ T5131] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 304.118071][ T5131] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.137352][ T5131] usb 4-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 304.147176][ T5131] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 304.197733][ T5133] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 304.212464][ T4479] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 304.212969][ T8219] netlink: 25 bytes leftover after parsing attributes in process `syz.1.903'. [ 304.366225][ T5131] usb 4-1: USB disconnect, device number 62 [ 304.377882][ T5133] usb 1-1: Using ep0 maxpacket: 8 [ 304.419071][ T5133] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 304.437265][ T5133] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 304.487782][ T5133] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 304.510962][ T5133] usb 1-1: string descriptor 0 read error: -22 [ 304.517441][ T5133] usb 1-1: New USB device found, idVendor=0f11, idProduct=1020, bcdDevice=a2.1b [ 304.553342][ T5133] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.595353][ T5133] usb 1-1: config 0 descriptor?? [ 304.610714][ T5133] ldusb 1-1:0.0: Interrupt in endpoint not found [ 304.638080][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 304.820290][ T5092] usb 1-1: USB disconnect, device number 36 [ 305.020013][ T8232] netlink: 'syz.4.908': attribute type 10 has an invalid length. [ 305.113242][ T8232] batman_adv: batadv0: Adding interface: team0 [ 305.120618][ T8232] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.147234][ T8232] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 305.530712][ T8232] netlink: 'syz.4.908': attribute type 10 has an invalid length. [ 305.541089][ T8232] netlink: 2 bytes leftover after parsing attributes in process `syz.4.908'. [ 305.550896][ T8232] team0: entered promiscuous mode [ 305.556612][ T8232] team_slave_0: entered promiscuous mode [ 305.565159][ T8232] team_slave_1: entered promiscuous mode [ 305.577267][ T8232] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.584758][ T8232] batman_adv: batadv0: Interface activated: team0 [ 305.592465][ T8232] batman_adv: batadv0: Interface deactivated: team0 [ 305.600021][ T8232] batman_adv: batadv0: Removing interface: team0 [ 305.922586][ T4479] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 305.999347][ T8232] bridge0: port 3(team0) entered blocking state [ 306.048561][ T8232] bridge0: port 3(team0) entered disabled state [ 306.055350][ T8232] team0: entered allmulticast mode [ 306.063388][ T8232] team_slave_0: entered allmulticast mode [ 306.071486][ T8232] team_slave_1: entered allmulticast mode [ 306.080936][ T8232] bridge0: port 3(team0) entered blocking state [ 306.087446][ T8232] bridge0: port 3(team0) entered forwarding state [ 306.103225][ T4479] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 306.670858][ T5219] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 306.916446][ T5219] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.964311][ T5219] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 306.971009][ T8262] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.915'. [ 306.993262][ T8262] netlink: zone id is out of range [ 307.000370][ T8262] netlink: del zone limit has 8 unknown bytes [ 307.218999][ T5219] usb 1-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.40 [ 307.228214][ T5219] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.236326][ T5219] usb 1-1: Product: syz [ 307.240753][ T5219] usb 1-1: Manufacturer: syz [ 307.251126][ T5219] usb 1-1: SerialNumber: syz [ 307.534609][ T8245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.570953][ T8245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.648378][ T5219] usbhid 1-1:1.0: can't add hid device: -22 [ 307.683505][ T5219] usbhid 1-1:1.0: probe with driver usbhid failed with error -22 [ 307.715755][ T5219] usb 1-1: USB disconnect, device number 37 [ 308.943651][ T8274] netlink: 203516 bytes leftover after parsing attributes in process `syz.4.918'. [ 308.953638][ T8274] netlink: del zone limit has 8 unknown bytes [ 309.377691][ T5092] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 309.567718][ T5092] usb 5-1: Using ep0 maxpacket: 16 [ 309.583022][ T5092] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 309.601753][ T5092] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.627795][ T5092] usb 5-1: Product: syz [ 309.690763][ T8312] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 309.691263][ T5092] usb 5-1: Manufacturer: syz [ 309.704108][ T8312] FAULT_INJECTION: forcing a failure. [ 309.704108][ T8312] name failslab, interval 1, probability 0, space 0, times 0 [ 309.704774][ T5092] usb 5-1: SerialNumber: syz [ 309.721880][ T8312] CPU: 1 PID: 8312 Comm: syz.2.927 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 309.730728][ T5092] usb 5-1: config 0 descriptor?? [ 309.731864][ T8312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 309.746865][ T8312] Call Trace: [ 309.750160][ T8312] [ 309.753101][ T8312] dump_stack_lvl+0x241/0x360 [ 309.758067][ T8312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.763280][ T8312] ? __pfx__printk+0x10/0x10 [ 309.767965][ T8312] should_fail_ex+0x3b0/0x4e0 [ 309.772642][ T8312] ? tomoyo_encode+0x26f/0x540 [ 309.777396][ T8312] should_failslab+0x9/0x20 [ 309.781909][ T8312] __kmalloc_noprof+0xd8/0x400 [ 309.786731][ T8312] tomoyo_encode+0x26f/0x540 [ 309.791339][ T8312] tomoyo_realpath_from_path+0x59e/0x5e0 [ 309.796993][ T8312] tomoyo_path_number_perm+0x23a/0x880 [ 309.802462][ T8312] ? tomoyo_path_number_perm+0x208/0x880 [ 309.808279][ T8312] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 309.814572][ T8312] ? __fget_files+0x29/0x470 [ 309.819171][ T8312] ? __fget_files+0x3f6/0x470 [ 309.823856][ T8312] ? __fget_files+0x29/0x470 [ 309.828455][ T8312] security_file_ioctl+0x75/0xb0 [ 309.833396][ T8312] __se_sys_ioctl+0x47/0x170 [ 309.838175][ T8312] do_syscall_64+0xf3/0x230 [ 309.842770][ T8312] ? clear_bhb_loop+0x35/0x90 [ 309.847437][ T8312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.853327][ T8312] RIP: 0033:0x7f8c60b75bd9 [ 309.857734][ T8312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.877330][ T8312] RSP: 002b:00007f8c618b6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.885736][ T8312] RAX: ffffffffffffffda RBX: 00007f8c60d04038 RCX: 00007f8c60b75bd9 [ 309.893871][ T8312] RDX: 0000000020000080 RSI: 0000000000003ba0 RDI: 0000000000000004 [ 309.901828][ T8312] RBP: 00007f8c618b60a0 R08: 0000000000000000 R09: 0000000000000000 [ 309.909793][ T8312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.917754][ T8312] R13: 000000000000006e R14: 00007f8c60d04038 R15: 00007fffdc118198 [ 309.925726][ T8312] [ 309.933440][ T8312] ERROR: Out of memory at tomoyo_realpath_from_path. [ 310.703067][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 310.919066][ T8323] syz_tun: entered promiscuous mode [ 310.943076][ T8323] vlan2: entered promiscuous mode [ 310.970964][ T8323] vlan2: entered allmulticast mode [ 311.007859][ T8323] syz_tun: entered allmulticast mode [ 311.029912][ T8323] syz_tun: left allmulticast mode [ 311.035321][ T8323] syz_tun: left promiscuous mode [ 312.275239][ T8344] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 313.158660][ T5219] usb 5-1: USB disconnect, device number 32 [ 313.410853][ T8359] FAULT_INJECTION: forcing a failure. [ 313.410853][ T8359] name failslab, interval 1, probability 0, space 0, times 0 [ 313.444942][ T8359] CPU: 1 PID: 8359 Comm: syz.1.942 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 313.454975][ T8359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 313.465028][ T8359] Call Trace: [ 313.468301][ T8359] [ 313.471315][ T8359] dump_stack_lvl+0x241/0x360 [ 313.476021][ T8359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.481492][ T8359] ? __pfx__printk+0x10/0x10 [ 313.486226][ T8359] ? __pfx___might_resched+0x10/0x10 [ 313.492047][ T8359] ? __debug_object_init+0x26c/0x400 [ 313.497623][ T8359] should_fail_ex+0x3b0/0x4e0 [ 313.502314][ T8359] ? can_rx_register+0x16b/0x720 [ 313.507248][ T8359] should_failslab+0x9/0x20 [ 313.511747][ T8359] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 313.517131][ T8359] can_rx_register+0x16b/0x720 [ 313.521906][ T8359] ? __pfx_bcm_rx_handler+0x10/0x10 [ 313.527106][ T8359] ? __hrtimer_init+0x170/0x250 [ 313.531956][ T8359] bcm_rx_setup+0xfe8/0x18f0 [ 313.536557][ T8359] bcm_sendmsg+0x2d5/0x7a0 [ 313.540975][ T8359] ? __pfx_bcm_sendmsg+0x10/0x10 [ 313.545904][ T8359] ? iovec_from_user+0x1b0/0x240 [ 313.550838][ T8359] ? __import_iovec+0x361/0x820 [ 313.555681][ T8359] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 313.560956][ T8359] ? security_socket_sendmsg+0x87/0xb0 [ 313.566411][ T8359] ? __pfx_bcm_sendmsg+0x10/0x10 [ 313.571340][ T8359] __sock_sendmsg+0x221/0x270 [ 313.576017][ T8359] ____sys_sendmsg+0x525/0x7d0 [ 313.580782][ T8359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 313.586073][ T8359] __sys_sendmmsg+0x3b2/0x740 [ 313.590752][ T8359] ? __pfx___sys_sendmmsg+0x10/0x10 [ 313.595970][ T8359] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 313.601875][ T8359] ? ksys_write+0x23e/0x2c0 [ 313.606391][ T8359] ? __pfx_lock_release+0x10/0x10 [ 313.611418][ T8359] ? vfs_write+0x7c4/0xc90 [ 313.615840][ T8359] ? __mutex_unlock_slowpath+0x21d/0x750 [ 313.621474][ T8359] ? __pfx_vfs_write+0x10/0x10 [ 313.626257][ T8359] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 313.632235][ T8359] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 313.638558][ T8359] ? do_syscall_64+0x100/0x230 [ 313.643318][ T8359] __x64_sys_sendmmsg+0xa0/0xb0 [ 313.648166][ T8359] do_syscall_64+0xf3/0x230 [ 313.652659][ T8359] ? clear_bhb_loop+0x35/0x90 [ 313.657326][ T8359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.663231][ T8359] RIP: 0033:0x7fce80175bd9 [ 313.667661][ T8359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.687279][ T8359] RSP: 002b:00007fce80f8f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 313.695963][ T8359] RAX: ffffffffffffffda RBX: 00007fce80303f60 RCX: 00007fce80175bd9 [ 313.703928][ T8359] RDX: 040000000000003a RSI: 0000000020001b00 RDI: 0000000000000003 [ 313.711893][ T8359] RBP: 00007fce80f8f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 313.719856][ T8359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.728089][ T8359] R13: 000000000000000b R14: 00007fce80303f60 R15: 00007ffc76f74558 [ 313.736080][ T8359] [ 313.739219][ C1] vkms_vblank_simulate: vblank timer overrun [ 314.148273][ T5219] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 314.400978][ T5219] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.412092][ T5219] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.447778][ T5219] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 314.456904][ T5219] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.505140][ T5219] usb 4-1: config 0 descriptor?? [ 314.578088][ T8368] syz_tun: entered promiscuous mode [ 314.599303][ T8368] vlan2: entered promiscuous mode [ 314.604597][ T8368] vlan2: entered allmulticast mode [ 314.628986][ T8368] syz_tun: entered allmulticast mode [ 314.657837][ T8368] syz_tun: left allmulticast mode [ 314.663100][ T8368] syz_tun: left promiscuous mode [ 315.184953][ T5219] holtek_kbd 0003:04D9:A055.0027: item fetching failed at offset 3/5 [ 315.421768][ T8357] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 315.432799][ T5219] holtek_kbd 0003:04D9:A055.0027: probe with driver holtek_kbd failed with error -22 [ 315.470095][ T8357] overlayfs: failed to set xattr on upper [ 315.669605][ T8357] overlayfs: ...falling back to redirect_dir=nofollow. [ 315.677172][ T8357] overlayfs: ...falling back to uuid=null. [ 315.857767][ T5092] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 315.998872][ T5133] usb 4-1: USB disconnect, device number 63 [ 316.044310][ T5092] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 316.061385][ T5092] usb 5-1: config 1 has no interface number 1 [ 316.072189][ T5092] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 316.099098][ T5092] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 316.132913][ T5092] usb 5-1: string descriptor 0 read error: -22 [ 316.156907][ T5092] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 316.180490][ T5092] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.226032][ T5092] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 316.239130][ T5092] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 316.471567][ T5092] usb 5-1: USB disconnect, device number 33 [ 316.744502][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.134635][ T8420] FAULT_INJECTION: forcing a failure. [ 317.134635][ T8420] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.181423][ T8420] CPU: 0 PID: 8420 Comm: syz.4.959 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 317.191456][ T8420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 317.203113][ T8420] Call Trace: [ 317.206427][ T8420] [ 317.209421][ T8420] dump_stack_lvl+0x241/0x360 [ 317.214330][ T8420] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.219568][ T8420] ? __pfx__printk+0x10/0x10 [ 317.224168][ T8420] ? __pfx_lock_release+0x10/0x10 [ 317.229193][ T8420] should_fail_ex+0x3b0/0x4e0 [ 317.233874][ T8420] _copy_from_user+0x2f/0xe0 [ 317.238461][ T8420] copy_msghdr_from_user+0xae/0x680 [ 317.243656][ T8420] ? __pfx___might_resched+0x10/0x10 [ 317.248938][ T8420] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 317.254738][ T8420] ? __might_fault+0xaa/0x120 [ 317.259474][ T8420] __sys_sendmmsg+0x374/0x740 [ 317.264191][ T8420] ? __pfx___sys_sendmmsg+0x10/0x10 [ 317.269494][ T8420] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 317.275390][ T8420] ? ksys_write+0x23e/0x2c0 [ 317.279891][ T8420] ? __pfx_lock_release+0x10/0x10 [ 317.284910][ T8420] ? vfs_write+0x7c4/0xc90 [ 317.289331][ T8420] ? __mutex_unlock_slowpath+0x21d/0x750 [ 317.294956][ T8420] ? __pfx_vfs_write+0x10/0x10 [ 317.299732][ T8420] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 317.305709][ T8420] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 317.312034][ T8420] ? do_syscall_64+0x100/0x230 [ 317.316793][ T8420] __x64_sys_sendmmsg+0xa0/0xb0 [ 317.321640][ T8420] do_syscall_64+0xf3/0x230 [ 317.326134][ T8420] ? clear_bhb_loop+0x35/0x90 [ 317.330802][ T8420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.336687][ T8420] RIP: 0033:0x7fb83a175bd9 [ 317.341092][ T8420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.360687][ T8420] RSP: 002b:00007fb83aedd048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 317.369090][ T8420] RAX: ffffffffffffffda RBX: 00007fb83a303f60 RCX: 00007fb83a175bd9 [ 317.377053][ T8420] RDX: 0000000000000300 RSI: 0000000020000740 RDI: 0000000000000003 [ 317.385019][ T8420] RBP: 00007fb83aedd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 317.392983][ T8420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.400944][ T8420] R13: 000000000000000b R14: 00007fb83a303f60 R15: 00007fffeeb8d348 [ 317.408918][ T8420] [ 317.571979][ T5092] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 317.605408][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.622289][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.786139][ T5092] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 318.035265][ T5092] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 318.117935][ T5092] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 318.164819][ T5092] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 318.221540][ T5092] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 318.277732][ T5092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.340027][ T5092] usb 2-1: config 0 descriptor?? [ 318.383158][ T8422] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 318.659645][ T5219] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 319.123346][ T5092] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0 [ 319.231404][ T5092] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0 [ 319.452066][ T5092] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0 [ 319.507958][ T5092] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0 [ 319.555372][ T5092] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0 [ 319.601680][ T5092] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0 [ 319.625401][ T5092] plantronics 0003:047F:FFFF.0028: No inputs registered, leaving [ 319.650572][ T5219] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 319.670199][ T5219] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 319.700466][ T5219] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 319.705002][ T5092] plantronics 0003:047F:FFFF.0028: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 319.730354][ T5219] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.779613][ T5092] usb 2-1: USB disconnect, device number 45 [ 319.780279][ T5219] usb 5-1: config 0 descriptor?? [ 320.306293][ T5219] holtek_kbd 0003:04D9:A055.0029: item fetching failed at offset 3/5 [ 320.324699][ T5219] holtek_kbd 0003:04D9:A055.0029: probe with driver holtek_kbd failed with error -22 [ 320.371849][ T5133] usb 4-1: new full-speed USB device number 64 using dummy_hcd [ 320.601647][ T5133] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 320.632498][ T5133] usb 4-1: config 1 has no interface number 1 [ 320.655716][ T5133] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 320.682387][ T5133] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 320.696837][ T8441] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 320.719775][ T5133] usb 4-1: string descriptor 0 read error: -22 [ 320.725701][ T8441] overlayfs: failed to set xattr on upper [ 320.730627][ T5133] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 320.741041][ T8441] overlayfs: ...falling back to redirect_dir=nofollow. [ 320.762340][ T5133] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.763320][ T8441] overlayfs: ...falling back to uuid=null. [ 320.801184][ T5133] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 320.824932][ T5133] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 321.344091][ T5133] usb 4-1: USB disconnect, device number 64 [ 321.426716][ T5219] usb 5-1: USB disconnect, device number 34 [ 321.668703][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 321.691328][ T8482] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.980'. [ 321.710657][ T8482] netlink: zone id is out of range [ 321.722176][ T8482] netlink: del zone limit has 8 unknown bytes [ 323.477002][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 323.477020][ T29] audit: type=1326 audit(1720978924.861:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.512247][ T8512] binder: 8510:8512 ioctl c0306201 0 returned -14 [ 323.550701][ T29] audit: type=1326 audit(1720978924.901:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.637230][ T29] audit: type=1326 audit(1720978924.901:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.713641][ T29] audit: type=1326 audit(1720978924.901:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.758119][ T785] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 323.799950][ T29] audit: type=1326 audit(1720978924.901:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.851909][ T29] audit: type=1326 audit(1720978924.901:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.920331][ T29] audit: type=1326 audit(1720978924.901:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 323.983787][ T29] audit: type=1326 audit(1720978924.901:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 324.045816][ T785] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 324.055690][ T785] usb 5-1: config 1 has no interface number 1 [ 324.067722][ T29] audit: type=1326 audit(1720978924.911:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 324.097703][ T785] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 324.139981][ T785] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 324.178868][ T29] audit: type=1326 audit(1720978924.911:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8510 comm="syz.3.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc621d75bd9 code=0x7ffc0000 [ 324.207841][ T785] usb 5-1: string descriptor 0 read error: -22 [ 324.214172][ T785] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 324.247640][ T785] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.300847][ T785] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 324.337745][ T785] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 324.546576][ T785] usb 5-1: USB disconnect, device number 35 [ 324.819708][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 325.217868][ T5134] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 325.570321][ T5134] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.583887][ T5134] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.602222][ T5134] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 325.612387][ T5134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.625275][ T5134] usb 4-1: config 0 descriptor?? [ 326.482205][ T8541] FAULT_INJECTION: forcing a failure. [ 326.482205][ T8541] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 326.497817][ T8541] CPU: 0 PID: 8541 Comm: syz.2.1001 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 326.507905][ T8541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 326.517964][ T8541] Call Trace: [ 326.521254][ T8541] [ 326.524196][ T8541] dump_stack_lvl+0x241/0x360 [ 326.528985][ T8541] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.534375][ T8541] ? __pfx__printk+0x10/0x10 [ 326.538971][ T8541] ? stack_depot_save_flags+0x29/0x830 [ 326.544427][ T8541] should_fail_ex+0x3b0/0x4e0 [ 326.549195][ T8541] prepare_alloc_pages+0x1da/0x5d0 [ 326.554314][ T8541] __alloc_pages_noprof+0x166/0x6c0 [ 326.559517][ T8541] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 326.565245][ T8541] ? lockdep_init_map_type+0xa1/0x910 [ 326.570610][ T8541] alloc_pages_mpol_noprof+0x3e8/0x680 [ 326.576068][ T8541] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 326.582042][ T8541] ? __init_waitqueue_head+0xae/0x150 [ 326.587404][ T8541] ? alloc_pages_noprof+0xef/0x170 [ 326.592528][ T8541] get_zeroed_page_noprof+0x17/0x40 [ 326.597745][ T8541] rds_cong_from_addr+0xce/0x380 [ 326.602689][ T8541] ? rds_cong_get_maps+0x1f/0xb0 [ 326.607642][ T8541] rds_cong_get_maps+0x28/0xb0 [ 326.612412][ T8541] __rds_conn_create+0x9d6/0x1ed0 [ 326.617434][ T8541] ? __rds_conn_create+0x2d1/0x1ed0 [ 326.622634][ T8541] ? __pfx___rds_conn_create+0x10/0x10 [ 326.628104][ T8541] rds_conn_create_outgoing+0x43/0x60 [ 326.633482][ T8541] rds_sendmsg+0x1251/0x2270 [ 326.638611][ T8541] ? __pfx_rds_sendmsg+0x10/0x10 [ 326.643722][ T8541] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 326.652744][ T8541] ? __pfx_lock_release+0x10/0x10 [ 326.658561][ T8541] ? iovec_from_user+0x61/0x240 [ 326.663535][ T8541] ? __import_iovec+0x361/0x820 [ 326.668411][ T8541] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 326.673715][ T8541] ? security_socket_sendmsg+0x87/0xb0 [ 326.679791][ T8541] ? __pfx_rds_sendmsg+0x10/0x10 [ 326.684740][ T8541] __sock_sendmsg+0x221/0x270 [ 326.689414][ T8541] ____sys_sendmsg+0x525/0x7d0 [ 326.694179][ T8541] ? __pfx_____sys_sendmsg+0x10/0x10 [ 326.699474][ T8541] __sys_sendmsg+0x2b0/0x3a0 [ 326.704060][ T8541] ? __pfx___sys_sendmsg+0x10/0x10 [ 326.709192][ T8541] ? __pfx___schedule+0x10/0x10 [ 326.714129][ T8541] ? trace_irq_disable+0x2c/0x120 [ 326.719161][ T8541] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 326.725500][ T8541] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 326.731844][ T8541] ? do_syscall_64+0xb6/0x230 [ 326.736519][ T8541] do_syscall_64+0xf3/0x230 [ 326.741018][ T8541] ? clear_bhb_loop+0x35/0x90 [ 326.745693][ T8541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.751592][ T8541] RIP: 0033:0x7f8c60b75bd9 [ 326.756009][ T8541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.775901][ T8541] RSP: 002b:00007f8c61895048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 326.784833][ T8541] RAX: ffffffffffffffda RBX: 00007f8c60d04110 RCX: 00007f8c60b75bd9 [ 326.792918][ T8541] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000009 [ 326.801056][ T8541] RBP: 00007f8c618950a0 R08: 0000000000000000 R09: 0000000000000000 [ 326.809025][ T8541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.816987][ T8541] R13: 000000000000006e R14: 00007f8c60d04110 R15: 00007fffdc118198 [ 326.824960][ T8541] [ 327.173897][ T5134] holtek_kbd 0003:04D9:A055.002A: item fetching failed at offset 3/5 [ 327.183124][ T5134] holtek_kbd 0003:04D9:A055.002A: probe with driver holtek_kbd failed with error -22 [ 328.066610][ T8524] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 328.088228][ T8524] overlayfs: failed to set xattr on upper [ 328.105351][ T8524] overlayfs: ...falling back to redirect_dir=nofollow. [ 328.137752][ T8524] overlayfs: ...falling back to uuid=null. [ 328.515025][ T5219] usb 4-1: USB disconnect, device number 65 [ 329.059686][ T5219] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 329.297854][ T5219] usb 5-1: Using ep0 maxpacket: 32 [ 329.313996][ T5133] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 329.346305][ T5219] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 329.355861][ T5219] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.598249][ T5133] usb 3-1: Using ep0 maxpacket: 16 [ 329.741589][ T5219] usb 5-1: config 0 descriptor?? [ 329.837297][ T5219] gspca_main: sunplus-2.14.0 probing 041e:400b [ 329.884354][ T5133] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 329.917758][ T5133] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 329.939800][ T5133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.989625][ T5133] usb 3-1: config 0 descriptor?? [ 330.440983][ T8567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.488251][ T8567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.510621][ T8578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1013'. [ 330.519410][ T5133] hid (null): nested delimiters [ 330.524627][ T5133] hid (null): report_id 24797 is invalid [ 330.539611][ T5133] hid (null): unknown global tag 0xa5 [ 330.545072][ T5133] hid (null): unknown global tag 0xd [ 330.551138][ T5133] hid (null): unknown global tag 0xc [ 330.569265][ T5133] hid-generic 0003:0158:0100.002B: unknown main item tag 0x1 [ 330.598695][ T8] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 330.607194][ T5133] hid-generic 0003:0158:0100.002B: unexpected long global item [ 330.629456][ T5133] hid-generic 0003:0158:0100.002B: probe with driver hid-generic failed with error -22 [ 330.742135][ T5133] usb 3-1: USB disconnect, device number 45 [ 330.807983][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 330.834325][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 330.867947][ T8] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 330.927683][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.951113][ T8] usb 4-1: config 0 descriptor?? [ 331.410067][ T8575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 331.443943][ T8575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.493703][ T8] hid (null): nested delimiters [ 331.527837][ T8] hid (null): report_id 24797 is invalid [ 331.596650][ T8] hid (null): report_id 2838798905 is invalid [ 331.647260][ T8] hid (null): unknown global tag 0xc [ 331.698076][ T8] hid (null): unknown global tag 0xa5 [ 331.723150][ T8] hid (null): unknown global tag 0xd [ 331.748923][ T5219] gspca_sunplus: reg_w_riv err -71 [ 331.751209][ T8] hid (null): unknown global tag 0xc [ 331.766298][ T5219] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 331.808688][ T8] hid-generic 0003:0158:0100.002C: unknown main item tag 0x1 [ 331.847769][ T5219] usb 5-1: USB disconnect, device number 36 [ 331.848661][ T8] hid-generic 0003:0158:0100.002C: unexpected long global item [ 331.945251][ T8] hid-generic 0003:0158:0100.002C: probe with driver hid-generic failed with error -22 [ 332.066290][ T8] usb 4-1: USB disconnect, device number 66 [ 333.118061][ T8609] FAULT_INJECTION: forcing a failure. [ 333.118061][ T8609] name failslab, interval 1, probability 0, space 0, times 0 [ 333.131303][ T8609] CPU: 1 PID: 8609 Comm: syz.4.1022 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 333.141386][ T8609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 333.151448][ T8609] Call Trace: [ 333.154732][ T8609] [ 333.157667][ T8609] dump_stack_lvl+0x241/0x360 [ 333.162368][ T8609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.167577][ T8609] ? __pfx__printk+0x10/0x10 [ 333.172185][ T8609] ? do_raw_spin_lock+0x14f/0x370 [ 333.177229][ T8609] should_fail_ex+0x3b0/0x4e0 [ 333.181931][ T8609] ? __inet_hash_connect+0xa2e/0x2170 [ 333.187321][ T8609] should_failslab+0x9/0x20 [ 333.191836][ T8609] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 333.197229][ T8609] __inet_hash_connect+0xa2e/0x2170 [ 333.202444][ T8609] ? __pfx___inet_check_established+0x10/0x10 [ 333.208541][ T8609] ? __pfx___inet_hash_connect+0x10/0x10 [ 333.214211][ T8609] ? inet_hash_connect+0xac/0x140 [ 333.219248][ T8609] tcp_v4_connect+0xd04/0x1ba0 [ 333.224046][ T8609] ? __pfx_tcp_v4_connect+0x10/0x10 [ 333.229262][ T8609] ? preempt_schedule_common+0x84/0xd0 [ 333.234731][ T8609] ? preempt_schedule+0xe1/0xf0 [ 333.239593][ T8609] __inet_stream_connect+0x262/0xf30 [ 333.244893][ T8609] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 333.251234][ T8609] ? preempt_schedule_thunk+0x1a/0x30 [ 333.256612][ T8609] ? mark_lock+0x9a/0x350 [ 333.260949][ T8609] ? __pfx___inet_stream_connect+0x10/0x10 [ 333.266766][ T8609] ? __local_bh_enable_ip+0x179/0x200 [ 333.272231][ T8609] ? inet_stream_connect+0x50/0xa0 [ 333.277349][ T8609] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 333.283091][ T8609] inet_stream_connect+0x65/0xa0 [ 333.288050][ T8609] kernel_connect+0x10b/0x160 [ 333.292747][ T8609] ? __pfx_kernel_connect+0x10/0x10 [ 333.297972][ T8609] ? smc_connect+0x1f2/0xde0 [ 333.302586][ T8609] smc_connect+0x72c/0xde0 [ 333.307109][ T8609] __sys_connect+0x2df/0x310 [ 333.311717][ T8609] ? __pfx___sys_connect+0x10/0x10 [ 333.316850][ T8609] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 333.323185][ T8609] ? do_syscall_64+0x100/0x230 [ 333.327962][ T8609] __x64_sys_connect+0x7a/0x90 [ 333.332738][ T8609] do_syscall_64+0xf3/0x230 [ 333.337333][ T8609] ? clear_bhb_loop+0x35/0x90 [ 333.342022][ T8609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.347935][ T8609] RIP: 0033:0x7fb83a175bd9 [ 333.352359][ T8609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.371972][ T8609] RSP: 002b:00007fb83ae9b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 333.380402][ T8609] RAX: ffffffffffffffda RBX: 00007fb83a304110 RCX: 00007fb83a175bd9 [ 333.388383][ T8609] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000005 [ 333.396363][ T8609] RBP: 00007fb83ae9b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 333.404349][ T8609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.412410][ T8609] R13: 000000000000006e R14: 00007fb83a304110 R15: 00007fffeeb8d348 [ 333.420380][ T8609] [ 334.362489][ T8632] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1029'. [ 335.395377][ T8646] netlink: 'syz.1.1035': attribute type 6 has an invalid length. [ 335.431158][ T784] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 335.469492][ T8648] capability: warning: `syz.1.1035' uses deprecated v2 capabilities in a way that may be insecure [ 335.631646][ T784] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 335.671669][ T784] usb 4-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 335.685401][ T784] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.699360][ T784] usb 4-1: Product: syz [ 335.703676][ T784] usb 4-1: Manufacturer: syz [ 335.708624][ T784] usb 4-1: SerialNumber: syz [ 335.715950][ T784] usb 4-1: config 0 descriptor?? [ 335.724731][ T784] usbtest 4-1:0.0: couldn't get endpoints, -22 [ 335.731394][ T784] usbtest 4-1:0.0: probe with driver usbtest failed with error -22 [ 335.932229][ T784] usb 4-1: USB disconnect, device number 67 [ 336.875668][ T8662] capability: warning: `syz.4.1039' uses 32-bit capabilities (legacy support in use) [ 337.183811][ T784] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 337.205555][ T8671] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1042'. [ 337.997743][ T784] usb 1-1: Using ep0 maxpacket: 32 [ 338.054904][ T784] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 338.072369][ T784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.095798][ T784] usb 1-1: config 0 descriptor?? [ 338.128439][ T784] gspca_main: sunplus-2.14.0 probing 041e:400b [ 338.513967][ T8665] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.1040'. [ 338.523778][ T8665] netlink: zone id is out of range [ 338.529077][ T8665] netlink: del zone limit has 8 unknown bytes [ 339.098981][ T8686] evm: overlay not supported [ 339.222539][ T8693] cgroup: No subsys list or none specified [ 339.426925][ T5133] IPVS: starting estimator thread 0... [ 339.547908][ T8695] IPVS: using max 22 ests per chain, 52800 per kthread [ 340.428567][ T784] gspca_sunplus: reg_w_riv err -110 [ 340.520738][ T784] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 340.603461][ T784] usb 1-1: USB disconnect, device number 38 [ 341.117130][ T8713] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.1052'. [ 341.129615][ T8713] netlink: zone id is out of range [ 341.135581][ T8713] netlink: del zone limit has 8 unknown bytes [ 341.291945][ T8710] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1053'. [ 341.357741][ T8] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 341.579512][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 341.610038][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 341.654616][ T8] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 341.681802][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.705627][ T8] usb 3-1: config 0 descriptor?? [ 342.119931][ T8704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.144637][ T8704] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.172639][ T8] hid (null): nested delimiters [ 342.194011][ T8] hid (null): report_id 24797 is invalid [ 342.235374][ T8] hid (null): unknown global tag 0xa5 [ 342.261815][ T8] hid (null): unknown global tag 0xd [ 342.272682][ T8] hid (null): unknown global tag 0xc [ 342.295201][ T8] hid-generic 0003:0158:0100.002D: unknown main item tag 0x1 [ 342.347329][ T8] hid-generic 0003:0158:0100.002D: unexpected long global item [ 342.365281][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 342.365302][ T29] audit: type=1326 audit(1720978943.731:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8732 comm="syz.0.1061" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb74e375bd9 code=0x0 [ 342.365724][ T8] hid-generic 0003:0158:0100.002D: probe with driver hid-generic failed with error -22 [ 342.418018][ T784] IPVS: starting estimator thread 0... [ 342.495277][ T8] usb 3-1: USB disconnect, device number 46 [ 342.537912][ T8735] IPVS: using max 21 ests per chain, 50400 per kthread [ 344.478136][ T784] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 344.567497][ T5133] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 344.692025][ T8760] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.1064'. [ 344.717661][ T784] usb 1-1: Using ep0 maxpacket: 32 [ 344.727234][ T8760] netlink: zone id is out of range [ 344.738564][ T8760] netlink: del zone limit has 8 unknown bytes [ 344.748069][ T784] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 344.766619][ T784] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.787792][ T5133] usb 3-1: Using ep0 maxpacket: 8 [ 344.794321][ T5133] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 344.806611][ T784] usb 1-1: config 0 descriptor?? [ 344.813890][ T5133] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 344.826899][ T784] gspca_main: sunplus-2.14.0 probing 041e:400b [ 344.847794][ T5133] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 344.896581][ T5133] usb 3-1: string descriptor 0 read error: -22 [ 344.904031][ T5133] usb 3-1: New USB device found, idVendor=0f11, idProduct=1020, bcdDevice=a2.1b [ 344.945792][ T5133] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.988504][ T5133] usb 3-1: config 0 descriptor?? [ 345.004995][ T5133] ldusb 3-1:0.0: Interrupt in endpoint not found [ 345.159444][ T5134] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 345.229559][ T45] usb 3-1: USB disconnect, device number 47 [ 345.374566][ T5134] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 345.395055][ T5134] usb 5-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 345.411987][ T5134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.422088][ T5134] usb 5-1: Product: syz [ 345.426494][ T5134] usb 5-1: Manufacturer: syz [ 345.432303][ T5134] usb 5-1: SerialNumber: syz [ 345.543935][ T5134] usb 5-1: config 0 descriptor?? [ 345.551749][ T784] gspca_sunplus: reg_w_riv err -110 [ 345.595667][ T784] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 345.688709][ T5134] usbtest 5-1:0.0: couldn't get endpoints, -22 [ 345.791401][ T5134] usbtest 5-1:0.0: probe with driver usbtest failed with error -22 [ 346.222602][ T784] usb 5-1: USB disconnect, device number 37 [ 346.587696][ T5134] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 346.638255][ T8787] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1077'. [ 346.887698][ T5134] usb 3-1: Using ep0 maxpacket: 16 [ 346.937678][ T5134] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 346.966596][ T5134] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 346.978239][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.997634][ T5134] usb 3-1: config 0 descriptor?? [ 347.429846][ T8783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.446585][ T8783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.462151][ T5134] hid (null): nested delimiters [ 347.508996][ T5134] hid (null): report_id 24797 is invalid [ 347.538416][ T5134] hid (null): unknown global tag 0xa5 [ 347.550049][ T5134] hid (null): unknown global tag 0xd [ 347.563895][ T5134] hid (null): unknown global tag 0xc [ 347.581142][ T5134] hid-generic 0003:0158:0100.002E: unknown main item tag 0x1 [ 347.589356][ T5134] hid-generic 0003:0158:0100.002E: unexpected long global item [ 347.600055][ T5134] hid-generic 0003:0158:0100.002E: probe with driver hid-generic failed with error -22 [ 347.674410][ T5133] usb 3-1: USB disconnect, device number 48 [ 348.135918][ T5134] usb 1-1: USB disconnect, device number 39 [ 349.237785][ T5219] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 349.657680][ T5219] usb 5-1: Using ep0 maxpacket: 8 [ 349.666715][ T5219] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 350.373228][ T8830] netlink: 'syz.3.1091': attribute type 46 has an invalid length. [ 350.402709][ T8830] netlink: 'syz.3.1091': attribute type 46 has an invalid length. [ 350.403885][ T5219] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 350.439807][ T5219] usb 5-1: string descriptor 0 read error: -22 [ 350.446179][ T5219] usb 5-1: New USB device found, idVendor=0f11, idProduct=1020, bcdDevice=a2.1b [ 350.463594][ T5219] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.471756][ T5134] usb 3-1: new full-speed USB device number 49 using dummy_hcd [ 350.498601][ T5219] usb 5-1: config 0 descriptor?? [ 350.517296][ T5219] ldusb 5-1:0.0: Interrupt in endpoint not found [ 350.669417][ T5134] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 350.682473][ T5134] usb 3-1: config 1 has no interface number 1 [ 350.689924][ T5134] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 350.700886][ T5134] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 350.725619][ T784] usb 5-1: USB disconnect, device number 38 [ 350.755638][ T5134] usb 3-1: string descriptor 0 read error: -22 [ 350.766272][ T5134] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 350.775620][ T5134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.802965][ T5134] usb 3-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 350.817034][ T5134] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 350.854653][ T8830] ip6tnl0: entered promiscuous mode [ 350.917923][ T5133] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 350.927851][ T5219] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 351.038149][ T5134] usb 3-1: USB disconnect, device number 49 [ 351.098287][ T5133] usb 2-1: Using ep0 maxpacket: 16 [ 351.110573][ T5133] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 351.119911][ T5133] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.128349][ T5133] usb 2-1: Product: syz [ 351.131398][ T5219] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 351.134097][ T5133] usb 2-1: Manufacturer: syz [ 351.149005][ T5133] usb 2-1: SerialNumber: syz [ 351.149394][ T5219] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 351.156551][ T5133] usb 2-1: config 0 descriptor?? [ 351.170111][ T5219] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 351.185069][ T5219] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.188847][ T8829] ip6tnl0: left promiscuous mode [ 351.646726][ T29] audit: type=1326 audit(1720978953.031:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8836 comm="syz.0.1094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb74e375bd9 code=0x0 [ 352.832061][ T8847] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.1096'. [ 352.850514][ T8847] netlink: zone id is out of range [ 352.858866][ T8847] netlink: del zone limit has 8 unknown bytes [ 353.309129][ T5133] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 353.510754][ T5133] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.523764][ T5133] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.536063][ T5133] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 353.547176][ T5133] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.586295][ T5133] usb 5-1: config 0 descriptor?? [ 353.798006][ T785] usb 2-1: USB disconnect, device number 46 [ 353.832172][ T8854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.849761][ T8854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.938417][ T8864] netlink: 'syz.1.1101': attribute type 1 has an invalid length. [ 353.946263][ T8864] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1101'. [ 354.043127][ T5219] usb 1-1: string descriptor 0 read error: -71 [ 354.063543][ T5219] usb 1-1: USB disconnect, device number 40 [ 354.400600][ T8869] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 1 (only 8 groups) [ 354.515849][ T8876] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1098'. [ 354.552767][ T8876] 0ª: renamed from bond_slave_0 (while UP) [ 354.629889][ T8876] 0ª: entered allmulticast mode [ 354.701783][ T5133] usb 5-1: string descriptor 0 read error: -71 [ 354.716870][ T5133] uclogic 0003:256C:006D.002F: failed retrieving string descriptor #200: -71 [ 354.727744][ T5219] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 354.865460][ T5133] uclogic 0003:256C:006D.002F: failed retrieving pen parameters: -71 [ 354.874543][ T5133] uclogic 0003:256C:006D.002F: failed probing pen v2 parameters: -71 [ 354.890095][ T5133] uclogic 0003:256C:006D.002F: failed probing parameters: -71 [ 354.907885][ T5133] uclogic 0003:256C:006D.002F: probe with driver uclogic failed with error -71 [ 354.925637][ T5133] usb 5-1: USB disconnect, device number 39 [ 354.938380][ T784] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 354.991399][ T5219] usb 1-1: Using ep0 maxpacket: 8 [ 355.009054][ T5219] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 355.031170][ T5219] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 355.034774][ T8887] x_tables: duplicate entry at hook 3 [ 355.052172][ T5219] usb 1-1: string descriptor 0 read error: -22 [ 355.062295][ T5219] usb 1-1: New USB device found, idVendor=0f11, idProduct=1020, bcdDevice=a2.1b [ 355.080124][ T5219] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.103378][ T5219] usb 1-1: config 0 descriptor?? [ 355.132752][ T5219] ldusb 1-1:0.0: Interrupt in endpoint not found [ 355.158587][ T784] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 355.158617][ T784] usb 2-1: config 1 has no interface number 1 [ 355.158656][ T784] usb 2-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 355.158676][ T784] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 355.159602][ T784] usb 2-1: string descriptor 0 read error: -22 [ 355.251067][ T784] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 355.251100][ T784] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.262930][ T784] usb 2-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 355.262952][ T784] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 355.352547][ T5133] usb 1-1: USB disconnect, device number 41 [ 355.417762][ T8] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 355.497975][ T784] usb 2-1: USB disconnect, device number 47 [ 355.528896][ T8898] netlink: 'syz.4.1113': attribute type 1 has an invalid length. [ 355.536708][ T8898] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1113'. [ 355.638488][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 355.648410][ T8] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 355.661295][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.676546][ T8] usb 4-1: Product: syz [ 355.691445][ T8] usb 4-1: Manufacturer: syz [ 355.696098][ T8] usb 4-1: SerialNumber: syz [ 355.722967][ T8] usb 4-1: config 0 descriptor?? [ 355.808766][ T5623] udevd[5623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 356.923250][ T8916] overlay: Unknown parameter '\' [ 356.948222][ T785] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 357.819995][ T785] usb 1-1: Using ep0 maxpacket: 32 [ 357.842495][ T785] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 357.931818][ T785] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.973422][ T785] usb 1-1: config 0 descriptor?? [ 357.994783][ T785] gspca_main: sunplus-2.14.0 probing 041e:400b [ 358.210932][ T45] usb 4-1: USB disconnect, device number 68 [ 358.597995][ T784] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 358.812933][ T784] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDD, changing to 0x8D [ 358.824620][ T784] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 358.838019][ T784] usb 5-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 358.847499][ T784] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.856285][ T784] usb 5-1: Product: syz [ 358.860845][ T784] usb 5-1: Manufacturer: syz [ 358.865558][ T784] usb 5-1: SerialNumber: syz [ 358.873567][ T784] usb 5-1: config 0 descriptor?? [ 358.888500][ T784] usbtest 5-1:0.0: couldn't get endpoints, -22 [ 358.894868][ T784] usbtest 5-1:0.0: probe with driver usbtest failed with error -22 [ 358.908588][ T45] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 359.097753][ T784] usb 5-1: USB disconnect, device number 40 [ 359.165995][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 359.668174][ T785] gspca_sunplus: reg_w_riv err -110 [ 359.905475][ T785] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 359.913484][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.913535][ T45] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 359.913557][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.949341][ T45] usb 4-1: config 0 descriptor?? [ 360.345140][ T784] usb 1-1: USB disconnect, device number 42 [ 361.149630][ T45] holtek_kbd 0003:04D9:A055.0030: item fetching failed at offset 3/5 [ 361.160546][ T45] holtek_kbd 0003:04D9:A055.0030: probe with driver holtek_kbd failed with error -22 [ 361.263547][ T5133] usb 4-1: USB disconnect, device number 69 [ 361.353398][ T8967] ================================================================== [ 361.361511][ T8967] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x39/0x250 [ 361.369870][ T8967] Read of size 8 at addr ffff88807dd70198 by task syz.1.1134/8967 [ 361.377730][ T8967] [ 361.380087][ T8967] CPU: 1 PID: 8967 Comm: syz.1.1134 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 361.390157][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 361.400223][ T8967] Call Trace: [ 361.403625][ T8967] [ 361.406576][ T8967] dump_stack_lvl+0x241/0x360 [ 361.411465][ T8967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 361.416697][ T8967] ? __pfx__printk+0x10/0x10 [ 361.421313][ T8967] ? _printk+0xd5/0x120 [ 361.425491][ T8967] ? __virt_addr_valid+0x183/0x530 [ 361.430621][ T8967] ? __virt_addr_valid+0x183/0x530 [ 361.435751][ T8967] print_report+0x169/0x550 [ 361.440277][ T8967] ? __virt_addr_valid+0x183/0x530 [ 361.445414][ T8967] ? __virt_addr_valid+0x183/0x530 [ 361.450545][ T8967] ? __virt_addr_valid+0x45f/0x530 [ 361.455683][ T8967] ? __phys_addr+0xba/0x170 [ 361.460209][ T8967] ? skb_release_head_state+0x39/0x250 [ 361.465789][ T8967] kasan_report+0x143/0x180 [ 361.470318][ T8967] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 361.476685][ T8967] ? skb_release_head_state+0x39/0x250 [ 361.482509][ T8967] skb_release_head_state+0x39/0x250 [ 361.487826][ T8967] ? __hci_req_sync+0x62f/0x950 [ 361.492692][ T8967] kfree_skb_reason+0x16d/0x3b0 [ 361.497563][ T8967] __hci_req_sync+0x62f/0x950 [ 361.502255][ T8967] ? __pfx___hci_req_sync+0x10/0x10 [ 361.507467][ T8967] ? trace_contention_end+0x3c/0x120 [ 361.512783][ T8967] ? __pfx___mutex_lock+0x10/0x10 [ 361.517843][ T8967] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 361.523857][ T8967] ? __pfx_hci_inq_req+0x10/0x10 [ 361.528798][ T8967] hci_req_sync+0xa9/0xd0 [ 361.533128][ T8967] hci_inquiry+0x3e1/0x7d0 [ 361.537538][ T8967] ? do_raw_spin_unlock+0x13c/0x8b0 [ 361.542755][ T8967] ? __pfx_hci_inquiry+0x10/0x10 [ 361.547780][ T8967] ? hci_sock_ioctl+0x55c/0xa40 [ 361.552640][ T8967] sock_do_ioctl+0x158/0x460 [ 361.557223][ T8967] ? __pfx_smack_log+0x10/0x10 [ 361.561986][ T8967] ? __pfx_sock_do_ioctl+0x10/0x10 [ 361.567091][ T8967] ? smk_tskacc+0x300/0x370 [ 361.571590][ T8967] ? smack_file_ioctl+0x2fa/0x3a0 [ 361.576615][ T8967] sock_ioctl+0x629/0x8e0 [ 361.580936][ T8967] ? __pfx_sock_ioctl+0x10/0x10 [ 361.585786][ T8967] ? __fget_files+0x3f6/0x470 [ 361.590458][ T8967] ? __fget_files+0x29/0x470 [ 361.595040][ T8967] ? bpf_lsm_file_ioctl+0x9/0x10 [ 361.600199][ T8967] ? security_file_ioctl+0x87/0xb0 [ 361.605325][ T8967] ? __pfx_sock_ioctl+0x10/0x10 [ 361.610192][ T8967] __se_sys_ioctl+0xfc/0x170 [ 361.614787][ T8967] do_syscall_64+0xf3/0x230 [ 361.619292][ T8967] ? clear_bhb_loop+0x35/0x90 [ 361.623968][ T8967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.629863][ T8967] RIP: 0033:0x7fce80175bd9 [ 361.634273][ T8967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.653878][ T8967] RSP: 002b:00007fce80f8f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 361.662379][ T8967] RAX: ffffffffffffffda RBX: 00007fce80303f60 RCX: 00007fce80175bd9 [ 361.670346][ T8967] RDX: 0000000020000080 RSI: 00000000800448f0 RDI: 000000000000000a [ 361.678306][ T8967] RBP: 00007fce801e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 361.686270][ T8967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.694754][ T8967] R13: 000000000000000b R14: 00007fce80303f60 R15: 00007ffc76f74558 [ 361.702727][ T8967] [ 361.705734][ T8967] [ 361.708058][ T8967] Allocated by task 4479: [ 361.712369][ T8967] kasan_save_track+0x3f/0x80 [ 361.717044][ T8967] __kasan_slab_alloc+0x66/0x80 [ 361.721881][ T8967] kmem_cache_alloc_noprof+0x135/0x2a0 [ 361.727330][ T8967] skb_clone+0x20c/0x390 [ 361.731568][ T8967] hci_cmd_work+0x29e/0x670 [ 361.736066][ T8967] process_scheduled_works+0xa2c/0x1830 [ 361.741603][ T8967] worker_thread+0x86d/0xd50 [ 361.746182][ T8967] kthread+0x2f0/0x390 [ 361.750245][ T8967] ret_from_fork+0x4b/0x80 [ 361.754695][ T8967] ret_from_fork_asm+0x1a/0x30 [ 361.759629][ T8967] [ 361.761970][ T8967] Freed by task 4479: [ 361.765933][ T8967] kasan_save_track+0x3f/0x80 [ 361.770604][ T8967] kasan_save_free_info+0x40/0x50 [ 361.776333][ T8967] poison_slab_object+0xe0/0x150 [ 361.781282][ T8967] __kasan_slab_free+0x37/0x60 [ 361.786054][ T8967] kmem_cache_free+0x145/0x350 [ 361.790817][ T8967] hci_cmd_work+0x273/0x670 [ 361.795441][ T8967] process_scheduled_works+0xa2c/0x1830 [ 361.800981][ T8967] worker_thread+0x86d/0xd50 [ 361.805561][ T8967] kthread+0x2f0/0x390 [ 361.809622][ T8967] ret_from_fork+0x4b/0x80 [ 361.814033][ T8967] ret_from_fork_asm+0x1a/0x30 [ 361.818802][ T8967] [ 361.821120][ T8967] The buggy address belongs to the object at ffff88807dd70140 [ 361.821120][ T8967] which belongs to the cache skbuff_head_cache of size 240 [ 361.835692][ T8967] The buggy address is located 88 bytes inside of [ 361.835692][ T8967] freed 240-byte region [ffff88807dd70140, ffff88807dd70230) [ 361.849397][ T8967] [ 361.851720][ T8967] The buggy address belongs to the physical page: [ 361.858126][ T8967] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7dd70 [ 361.866973][ T8967] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 361.874074][ T8967] page_type: 0xffffefff(slab) [ 361.878849][ T8967] raw: 00fff00000000000 ffff8880196a4780 dead000000000100 dead000000000122 [ 361.887422][ T8967] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 [ 361.896249][ T8967] page dumped because: kasan: bad access detected [ 361.903090][ T8967] page_owner tracks the page as allocated [ 361.908967][ T8967] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5228, tgid 5228 (syz.2.26), ts 73543882603, free_ts 73512844007 [ 361.930595][ T8967] post_alloc_hook+0x1f3/0x230 [ 361.935352][ T8967] get_page_from_freelist+0x2e4c/0x2f10 [ 361.940891][ T8967] __alloc_pages_noprof+0x256/0x6c0 [ 361.946080][ T8967] alloc_slab_page+0x5f/0x120 [ 361.950839][ T8967] allocate_slab+0x5a/0x2f0 [ 361.955341][ T8967] ___slab_alloc+0xcd1/0x14b0 [ 361.960022][ T8967] __slab_alloc+0x58/0xa0 [ 361.964346][ T8967] kmem_cache_alloc_node_noprof+0x1fe/0x320 [ 361.970232][ T8967] __alloc_skb+0x1c3/0x440 [ 361.974686][ T8967] __tcp_send_ack+0xa2/0x600 [ 361.979440][ T8967] tcp_rcv_established+0x107e/0x2020 [ 361.984719][ T8967] tcp_v4_do_rcv+0x965/0xc60 [ 361.989303][ T8967] tcp_v4_rcv+0x2d90/0x37b0 [ 361.993803][ T8967] ip_protocol_deliver_rcu+0x225/0x430 [ 361.999342][ T8967] ip_local_deliver_finish+0x33f/0x5f0 [ 362.004794][ T8967] NF_HOOK+0x3a4/0x450 [ 362.008855][ T8967] page last free pid 5229 tgid 5229 stack trace: [ 362.015164][ T8967] free_unref_page+0xd19/0xea0 [ 362.019918][ T8967] tlb_finish_mmu+0x11f/0x200 [ 362.024582][ T8967] exit_mmap+0x44f/0xc80 [ 362.028820][ T8967] __mmput+0x115/0x3c0 [ 362.032876][ T8967] exit_mm+0x220/0x310 [ 362.036935][ T8967] do_exit+0x9aa/0x27e0 [ 362.041083][ T8967] do_group_exit+0x207/0x2c0 [ 362.045664][ T8967] __x64_sys_exit_group+0x3f/0x40 [ 362.050681][ T8967] do_syscall_64+0xf3/0x230 [ 362.055180][ T8967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.061074][ T8967] [ 362.063384][ T8967] Memory state around the buggy address: [ 362.069007][ T8967] ffff88807dd70080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 362.078100][ T8967] ffff88807dd70100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 362.086237][ T8967] >ffff88807dd70180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 362.094284][ T8967] ^ [ 362.099212][ T8967] ffff88807dd70200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 362.107435][ T8967] ffff88807dd70280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 362.115483][ T8967] ================================================================== [ 362.127711][ T785] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 362.140653][ T8967] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 362.147881][ T8967] CPU: 0 PID: 8967 Comm: syz.1.1134 Not tainted 6.10.0-rc7-syzkaller-00266-g4d145e3f830b #0 [ 362.157967][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 362.168037][ T8967] Call Trace: [ 362.171310][ T8967] [ 362.174235][ T8967] dump_stack_lvl+0x241/0x360 [ 362.178916][ T8967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.184110][ T8967] ? __pfx__printk+0x10/0x10 [ 362.188695][ T8967] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 362.194669][ T8967] ? vscnprintf+0x5d/0x90 [ 362.198995][ T8967] panic+0x349/0x860 [ 362.202888][ T8967] ? check_panic_on_warn+0x21/0xb0 [ 362.207995][ T8967] ? __pfx_panic+0x10/0x10 [ 362.212408][ T8967] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 362.218379][ T8967] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 362.224698][ T8967] check_panic_on_warn+0x86/0xb0 [ 362.229629][ T8967] ? skb_release_head_state+0x39/0x250 [ 362.235080][ T8967] end_report+0x77/0x160 [ 362.239314][ T8967] kasan_report+0x154/0x180 [ 362.243806][ T8967] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 362.250130][ T8967] ? skb_release_head_state+0x39/0x250 [ 362.255588][ T8967] skb_release_head_state+0x39/0x250 [ 362.260870][ T8967] ? __hci_req_sync+0x62f/0x950 [ 362.265714][ T8967] kfree_skb_reason+0x16d/0x3b0 [ 362.270567][ T8967] __hci_req_sync+0x62f/0x950 [ 362.275239][ T8967] ? __pfx___hci_req_sync+0x10/0x10 [ 362.280426][ T8967] ? trace_contention_end+0x3c/0x120 [ 362.285712][ T8967] ? __pfx___mutex_lock+0x10/0x10 [ 362.290733][ T8967] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 362.296712][ T8967] ? __pfx_hci_inq_req+0x10/0x10 [ 362.301646][ T8967] hci_req_sync+0xa9/0xd0 [ 362.305970][ T8967] hci_inquiry+0x3e1/0x7d0 [ 362.310378][ T8967] ? do_raw_spin_unlock+0x13c/0x8b0 [ 362.315574][ T8967] ? __pfx_hci_inquiry+0x10/0x10 [ 362.320502][ T8967] ? hci_sock_ioctl+0x55c/0xa40 [ 362.325345][ T8967] sock_do_ioctl+0x158/0x460 [ 362.329926][ T8967] ? __pfx_smack_log+0x10/0x10 [ 362.334686][ T8967] ? __pfx_sock_do_ioctl+0x10/0x10 [ 362.339791][ T8967] ? smk_tskacc+0x300/0x370 [ 362.344290][ T8967] ? smack_file_ioctl+0x2fa/0x3a0 [ 362.349312][ T8967] sock_ioctl+0x629/0x8e0 [ 362.353634][ T8967] ? __pfx_sock_ioctl+0x10/0x10 [ 362.358481][ T8967] ? __fget_files+0x3f6/0x470 [ 362.363153][ T8967] ? __fget_files+0x29/0x470 [ 362.367748][ T8967] ? bpf_lsm_file_ioctl+0x9/0x10 [ 362.372690][ T8967] ? security_file_ioctl+0x87/0xb0 [ 362.377797][ T8967] ? __pfx_sock_ioctl+0x10/0x10 [ 362.382646][ T8967] __se_sys_ioctl+0xfc/0x170 [ 362.387233][ T8967] do_syscall_64+0xf3/0x230 [ 362.391735][ T8967] ? clear_bhb_loop+0x35/0x90 [ 362.396401][ T8967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.402933][ T8967] RIP: 0033:0x7fce80175bd9 [ 362.407348][ T8967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.427119][ T8967] RSP: 002b:00007fce80f8f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 362.435545][ T8967] RAX: ffffffffffffffda RBX: 00007fce80303f60 RCX: 00007fce80175bd9 [ 362.443524][ T8967] RDX: 0000000020000080 RSI: 00000000800448f0 RDI: 000000000000000a [ 362.451495][ T8967] RBP: 00007fce801e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 362.459461][ T8967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.467462][ T8967] R13: 000000000000000b R14: 00007fce80303f60 R15: 00007ffc76f74558 [ 362.475643][ T8967] [ 362.480567][ T8967] Kernel Offset: disabled [ 362.486576][ T8967] Rebooting in 86400 seconds..