last executing test programs: 36.434529595s ago: executing program 2 (id=480): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, 0x0, 0x9cdc2384056b48b8) r1 = socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0xae, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r1, &(0x7f0000000200)={0x11, 0xf6, r3, 0x1, 0x55, 0x6, @multicast}, 0x14) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e1406020000ffc30e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 36.020190897s ago: executing program 2 (id=482): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) ioctl$int_in(r0, 0x5452, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000002800), 0x20000, 0x0) modify_ldt$write(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) syz_open_procfs(0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x3c, r2, 0xd55319eec59dfa33, 0xfff7fffd, 0x25dfdbfc, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x5, 0x75}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'caif0\x00'}, @mon_options]}, 0x3c}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000)) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x10000, 0x6, 0x4, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c02000019000100000000000000000000000000000000200000ffff00000000ac14144400000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084010500ff010000000000000000000000000001000004d2330000000a00000000000000000000000000000000000000013500000100"], 0x23c}}, 0x4000) 35.644945874s ago: executing program 4 (id=486): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000b4321f00000000000a00632018000000", @ANYRES32, @ANYBLOB="0000000004000400b7060000140000007b03000000000000850000002f000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x2, 0x1000, &(0x7f0000001e40)=""/4096, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 35.644461999s ago: executing program 3 (id=487): socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/179, 0xb3}], 0x1) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) 35.39238401s ago: executing program 4 (id=488): r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x2d2}, &(0x7f0000000140)=0x0, &(0x7f00000001c0)) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0x6, 0x0, 0x0, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) (fail_nth: 46) 35.038189753s ago: executing program 1 (id=490): socket$alg(0x26, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket(0x2a, 0x803, 0x7) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000001400000060ec970012302c00fe8000000000000000000000000000aaff0200"/52], 0xfdef) 34.860251659s ago: executing program 4 (id=491): r0 = socket$l2tp(0x2, 0x2, 0x73) syz_clone(0x2200800, &(0x7f0000000140)="52df306f9076fc5fea0cbd3e0e341ee075df69325423b7b0ee045577cf901ae5db238478e75aebcced427dbf84fceaf7576b0b48c2b176b49286ccabbca6e7338ba18927979bbb2bf5a95b95ef8111718547ae3a521824c3fb5d70467096c617da845e856595d35377f151", 0x6b, &(0x7f0000000080), &(0x7f00000001c0), &(0x7f0000000200)="78dffb7721441ff37d8a3a8db2629253725f9dc2845a08e0353ef934048f46683cc0f8d3401d7ea6ec1d0682b21177583b707643feadd8f3205151314787267bd6158ff3a74983f6d59c071dccac64212ab3dbb01ced4a7d77af56bd70cb9f257d57e0584eff0143ae8938795a8f08b42274260d09a88ce558469a2822bc838534e4c9b3117417d698649ce145c8fd0125c294b1c2bb90e7997651f1df72ba8eda39d4e404076ab124036db17558b5e5d84725cbb627303c00ba1541b55cc549cbde177caa3048a8e0462eba7a840c55ae4ade2fc598a4") socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r0, &(0x7f0000001c40)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e22, @remote}, 0xf3, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000000)="b2", 0x1}], 0x2}}, {{&(0x7f0000000600)=@llc={0x1a, 0x305, 0x6, 0x4, 0x4, 0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x0, &(0x7f0000000780)=[{&(0x7f0000000680)="06b8dd972aedf6a53895bb5a15fdc96e8fc67d9ab5184a3df1ec5830224752eb63c3e02de90a55612fa960d06222ca0ea75acbfa0cad57c8213433944f455835ae3e35444b49534dcc8e1ecb251e72b30de30cb882da9cce26a41e0cf185ce55fb2f019c8ed2ca72d22ae81c5c9304df6ec45f31d768d6acfa2fbe41171cf23926ea5e2c84c82605bf44675889320e3bdafae1d448cf9cce1854454bb1a29e49d98c65abf19a43ff0a2137"}, {&(0x7f0000000740)="6585e37a8543fd1739eba7971708b2ffda256a5e0f"}], 0x0, &(0x7f0000001cc0)=ANY=[@ANYBLOB="0000000000000000190100000400000044c905f387725463c3cff9613654284cf548f65cfd47224c26ff5308507db6166d85a28dc2c39e035e0efaf9bb523b0c1a515f6bacaed6785315695ef917b6edfbfa15da2b1f8bdbc4d59293b7a651e32a59135e866f9181f94c7e8a2b32762c1c1b862aeabdde8d1dc57c1ea0ea63e4b05390dd443e3f4c76074e4b2f24c9c7f273e433111e680126c4b43b60393065eb9bc94671f91ea2a4f138cfdfe9a843c0c558c7dfb74e1d57271db728ea939238a7ebbe4400000000000000000000001801000004000000302fdfb54169fc8f4df7583bebdde057b8036680e937406d82f43be7a61a391a7e6122b61122dcb2ec7384d8fa9b6c71a7ebef97e49d9300ea1cbc5f2cde240d579aea6d12671adc165ffeabfb085d9ea1289f03a4efd6f653ba9591e4902362ea8d63ae73a5e08ef0b71d4fa0cd949fc598d933e860feb7455918201eace5e74954c539e62250e185ad2412f0f4cab474548ebd6ed8b7e72fb0c3e5b20000000000000000000000010000000d000000b143350cbfd9e995a92f9d11ad80666740b7cfc5543b18db782ecca6d11b98e28de4f736dda65e1c61dbd949b4235b3bc17daaf0ffaeffa0b3138363e676d3c700000000000000002900000008000000290e61afedb94ae7c6cf455f8d4455428665761721a9875ed1b6b413c8e87a822d81cf88c8b46b690b49cfea99da939f34a78d564c5f08c290e2d61cd6a9502b94883b0bf80f7f786447bffa9d4810c19c91135bd518070ef586173c51911fc0ef2d57ce7365486e3985f6e931e771c56e1cf83422a8f559df6b71f5cf5485d163b994dd67af051da2321a52d89cddd2c5da7f77076a44343d8b7cbc44e4410159bad8a1ecd15fab38bda5389300000000000000000000003a00000003000000e7180dff97fcd3d74fdaadf4ce5abd4801c1eb232d5f8c226bf33c140b8e6161fb090ad26f8c774625dda21f2431024087fcad23d8a174f68dfb642578f9eecf7924fcd32a0713ff3a8314e4dfc3525164be316fc9a4f6d4ba6b079b7e746ad8ead229b3f5b21e219980c5b2ec1e6ff4b6829a7ea687ad1c8ba19582f54d7cf0cca33caeba856220059953493248852f00000000000000001801000005000000933216c6a863f7d9f7a289065403801e6d9cdbb40f84d30ab46d8071d4025929e61b6abd845917664ea2344df2aea55c66b716e3ddfffaa48c7331763be2859547c9da33de183d9f8cfac38c74b6626e80612326a4601baf8913deceae13c0d4b4b74bcf0ba7401a44dabb5a6a80f0e8c9ee417622cca8316282893786c27f8d82be12da98a28e80c3f3f8665554533bcc50e8798119b6f0b9b8e13d800c00f201aade265278f178d84df502b4fcd31c0ca7aab2b42bc6b0afa558a68ae22b704e20759587717e0b595f4d2672cb188802e6b521a8b02765ccd12a4ded4052e14bceac54eced5f41ddc3e989f6d555b9de310efa9bbca2eaae5b3976a46880ca1cf98111ea2a59c29640b2db9a3e4592934c7cfe8d77a856673cf7cb8db97a973f16243985c638e7d39de7039e55d2e2f29a87d4c9ce2801ff2836d482993bfca9c6bfd974bfd5167a36c45c0ac41e908e5649539725d7383cd40a852806cabd449968321b2b7758011b339fbedb6a8f481900ba09909d294c2b4b81c88679240b71e49a568d3d9e01b6075a9a3f575cf432c3307ccabde1595fd0cb2b30d3cb4236951cb70d9673359df9e2963ae4a1dfd2098a5e101e2a0b93b5d203c7cf6fa3ed3791cac22b5eac837ca78037d6f9ca0b6877567294ac6be582b919aee023176348b02bb38296f243174f2b905f77134d0f34509a1038e252ba77845bfacdb3cd00871e978fccf1c15a73f9b84d608e6f4be6cf1c9a23668d146c47a2dac407fe2567d0b62b9e09865e914c536b67b6af0bdbbc2045de6f80b973a434d8c82f6f8a5377057de28761483b6ed5e36e442ff5a786ade56cf8a9a7f440ed6ab2c3a51df1b68fffcfdac5db5e88a825385a1f4d78b6ef352bc5818d08a1180550abb2d7841320f6ebcc80793d2f6ee3e0db2255c19a5031ca12322c433d20d59e26cf65a248b96a49db1dec45818e9f542c655c397dd3bd1f87136ca8f6570f98592ba115319f2a6204c7ed1f53f3b0985de464595d73f38de136ba036a00c559b7dde50119e4f2579f634cd80d6deaac74ffddcacae2a33c4fd481985c2b836021f17461ac4112e986d8546f73577707745d7fb4b3e4473f714a67e45524299b800304d2574e28f383b4b386385f2adcabbc20cd17f81cf76f33d34cd19f35b6366303f7c81c6122a25809b049f9edb6f93e6926101af02b3dc0d8eca4eea00067c640dfd2e06f7cacaa8542328680fefe3fa3aa695fe5670bd19169170240654f7e59d33fefd708c9ad842b5d73faf8eb3386a0523c22f5140255fbd76b6a8ca69bfbc9817067ac00d68f37085cb163f46f22fdc720f2a61de5a2144c4c4be4ed95977864f52bbe3bbbb22a8460e757b259e5aba5b7c8768e4f48b5a6cd18bb09427fbae69b11f444e9905542c15db98b7b0d61ccd6c64cb7702e7809e1382ce3091c94d76056d8da49b618d240cd62322b7cd371cb6b1d7c3bab583642c61af4acee4a76de43f4c2eef2e81c2b1df4a6e97a5a44ecfa93d9056dcd3518834240f36d4b809a8e0e3b8783ffdc3017480445975492d95544745ccf8e0b43c6a083f9c687bd9fe6e2ed9833d1a5f24e2e6fb3ac10fb6d03d609c116cce50c4a87fc24a6736194feefed6963debc836af6145b5a16f384ce468982202960353b2a677587fea5d01fa9575c3ec3d1bad9aebb9b43827767dc5f55a7cbd025720e75081261d98dc6efcc6cf9432bbd7185a6043a0e4e689a20f040c8c354438ab0920989def9cb9bbb95f7078d782389adf3dd5e031a0b18652327702cce76185f8389f11d561b361fa169a3b5b006a8356592404399679480ddec46f1ac70e1d9268dd440ae729c2e6fe5695bfe4ce6da24ff58064cbd6a6b242a7df15ce8e184d5d18cea943f374499f725dd7b3a20c5f7411dbd372e23d7dee2bd20df2a6090383a78a74495a4c2db1cc9cb43e5824a3bfe03ae796c05de582c557d88f6cf8dce317385045e2460868abc484f2b0fe9f5431cf1be6b7d8c6e23c1b5347ef13aa05a1852223355a7709f933369224dec3569d19b971895fb5d6a2f49e3b271ba4174fc7b1562e6e3890adaeafd56a5710db4acbcca38732dfb9efe625b2efdd6d4255d0e4d3d3fa2ea9dc4f421c73e829bc690293035ee91cf974d0364e38d16548fd927858a72c566fab6a8352b287b54f3abefe4770ddd3d860bb801fd528c23fb29b8a78e9253bc989f71760d57388c7f737fe67d3a13bcbf2e1e01cc65a1e3677f12ede8cf5faf0dbbd2341e469b1050dfeeb66b0583fc0a269de65d734ca8005db2949884fcb12799d5f220f8c2c264b64b190f01c23e17c7220185ac9d3fe8ed4d2558affaa0471f3e99b414c334b7accecaf158b73a8cf8897e67af5129e9b1687259fa8cc8f5a6c09264953a3ee5f16ce4fb89991ccc6f213eade9ee6f2e2f585936ff78e9f59d01efd5009f29f4210d778366bdec4a21a7cf0aa12c6d315b1f1d5f36621b6501dd1edf98f3ea2f7f7402d20b852b6dbeed54570368ea114d8fcf015597e92bd610d41ebd3cd2f0d25b9eec66d11a0dc586cda7399d846654857cab66da4a37c936757382f9915e0a782142af8393855bf3b400beea42155d6c4a8138d00bc44ca6428b79587e426b991d054ef386203a8a484c7dc924016d360aec8ba6eda0c0d7a48f93d9dee843f71a291961e9f8194645d4f91e5096a565bdb53d70a7a772c66fe760d19d98ee3a0b8fc4d4241e397c267b39e995c1a1410e0136f2af5f6a74c49e2da69347a6e8969630d96e851686ebf2f5ce74b78c360289bd65b6e697b206c0f824ed73dda9c55f1558a53f7226f8be63cfd09d79266c9be3ec48a99370d3dff4967089231a8b9aeca485dc1a355b1019384e0382a2a8577a7b24bfa02810a24338d1bbade5a765fdb2011875b9c245d8feb1cf6be8bd85cff0dcf5f8c3dc7318475131221ebdefd96278499925647249571eee6c58b560e4992057797cbbf2825ab0d33f8ea23813086758c7b08acfa2cee7586af02390cab4ee3cc96fb570c8d2bdd0f052ad18c9c82df858c1d4f71cb6d508a1eb85ac7cd5fa886a8f549d0c859dc3168be3f8c9fa2fd6c67492d48844381caadb22daee74e2dff06d9a6d16493a75af57ac138532fcd5fd50d138ead5a7f1f93b811a92e200085b08a7e3b5b7322b03a546034bfc7c7e089838b35e370cdac102017459b69fc47d0cdb0c8298867d6b4418c5531e79403211d882311d7f21f295748626b49a2c9dad9af04a581d4070679e31f1964793e0ded5f991b3670113071ca7dde6a79f1a648ec3e402f3d3dce36b2342bc3afd9dc7cd7d9f8679ad50407ef451f4c77926b804fc6634879e636e2ac1e51006df45ced3bf5b6c6bfe620f8ff7d0fc343d699cce470c75bebab309dd8a62e5c2b3c29717ef0e4d3811556dfd14f213fff72fce3557f0ad14df80c32d35300f5a557c1f9012874f9bfb30610d1cc8d5bf7c7c08000c2d0786a4b6c8e070ce74941d6939ba18363b4ba7abba4437ba73d3bcaca2e06512c9beeae814649a7c7bdb1a4fa1dca101064ed790c05b8474f2a4ee4477809885fbcffb14cc91c5497ed4d840a38814f6175928be79464eb7027de3b5f7af0528c465260a882ba45f953ab0b388a08fbebe10aa7672f05b96a77cdf46e79fcd1e7e0900000000000000251ac61223f292b59f6df9487e4f108b65ce6d70a6c21410109dc8dcdb6a98d7d1e2af82c91d35b43709400bc6a53d0acfa607567017f72d2719e30a748ca9d215a9f72ce1a746bd442aa2718fad7a3edbba779f0a30365f7e5b30135cd7766b5c991c94417eaf0e9c8137362312ce5167d4d23712136c3823db89d29a2024302e872c06d8a2db155ff194d959ab24bcb05e8d1faa82eaf40b3bfa59d20d00e86b2c7e8199fc1be7d160d66ec0e070760445aaa33ee9279fc9656374b9257fa4c86a62d74b09dcbe187ad637a77f392b5ec546db119e5e318d09806b8dcb81b4d87b3487309adbcfb65f618ca3be87609e95b95a6c5547f1ea134fbd763b58122585787e9afd052b58e846ac4dc0e79e47a227a11fa58a19330bb1110ed26d8acb98df45f2d7df943202333c63021f33036e8f4972137652f4a771de3cb73b859eb085dc4f02ca5f2e3b2000b1527351712f0e85f0c6a93990210d0d94d269b53b7882451daab6b00dcf9cae07aecb3de583522191a7b236acffef62f70922d530ada2a6f76d80d83685ea19ca6a1d586e9723fb4ee41899cf13fa7264bb91e76f73f5a40eb8d0220561a8f76dc521ffdf9bfab3d989aa30c7512303a4f1f0cbcc80643ab5c539c29afac6709082fa3e20457363e478116362ce43b7a775f4ce48c7fe00f347d9a9d838c3c4a2483e5471841e14ec42639aba9f73c5271f3a627aed3695fb6d5b96c97bd4ab41ea2efc016afcf8161ff9d5266db4d871963ebc778846afb616bde342f284f760c5d5eb6d818f8f4b1b9c45bb3d8a5fe1c29859e3b7f62fd831d286fc6b1a613ad35eb864e59724aa6e80f1a3d9148731b0d5996c37423277837c48a68a6a8c5ca55dcf83a8e8280732bac64dd5ac77199f859d1f94051b3ec65ce940ec0bb5073414f27c370313bdee9ba7f11a8f5fa6743d320265c405a294a25cc37184891fdef96ca1e713ffd545184f7e367405cee4307e99fc303b32889846b1ff8847167242579f9fb8764d21fe5c9e24cd6091b5b228c54d4c4c05bf8d7054f7a89c63cc31a52dd6e7a883dd3ce5e5d29296d2a330aa80f006b711072a35fb900e34a697963ea72490757f230d25fb2cef8dd0c08ef76764414801f3de1150fda45c58abc29c81bd63574e14474aedc25d12c3e17aad66a208c02a26eb53a41cc92e1d682336ef9c1162852022bd994c28909d92e5843ddc633222b099d9d9ea856147194f1c3b94d962d8029caf53579c785ec92f296763eedb00e7c6ecc881120f7938d2890bafde782eb5195191b1cb486c43b9b2a301145315884ecae3121a41b119c6ae6211ebb4cc4bce337ed07e195b899434e5232c30a98bf5251e1ae57bb49a211501eb1dc1e3e4be4446a0617f50394872054245afe4cdf934e2883e97caae0d21c0e9489b311d585c844e690c58f4b3a119227af561530042478ecaff5bf3a210467aa3df41bc37f1871e94b225966362bf0c5f463ab8e6a81fc19c800fcaffaf3ddac725c1125640e094b54bd24c7a0b647fbd569f28be2083b087005b0236eb3284b6f4028ec0a5f218e2f04d58ca9d2425320dd0e1b6eb386df76a7bcc8fe7ee3ad57a521b86c0468ec2f7f886d5c6a482438f7895e6dea1d84ffc3e33b49daaf7f339f69d2c812953e0f3d21192b64002deb7a9013b15bdac13051bcbfb1e983a26bec19679f1a3f7994cf287b232e6a4436238489474bde85ddbbeb85818ddce4c3362645243fbcb92ff1b3a3841aa06065c883fceff31515669b4642bc5aa0856039e7f75eb4f72e7e40c08e1108685eeeb2fd37a1cce08d789eb516155892c22503a79a37f78bb9499e38c723c0c76b6d567d902e8f00f65aa2568ee02027782ad68381584ccec212e35c2f3c4fc8a26cde54e83aa378831181804f2a7e14b284034db0da4f3154759a38cacb6db383cc8fc2dc3bb36004c8888e49772c2b59ab230dd06b11827fbc72a09c4f64b2f82d76d302dd6bdeaeb1aa3bb23578308d991a4c0dfd3a1feeb12ddb8e01b3fb2b71d5fe1f0d19ef382fe5bf5488153526464d7ccbed562e53cb198014f39fafb6c496f5b6f53db00000000000000000b01000048000000d4f7e7cc5a61bba4eee1bf7bcba94ddaa33bd2b6f6e1e337eec343f0887f3511a1915fb0fc99c3ad6d17cec6be5b6c8bec4959fd6ab399fed2b643217139bb37fd07f8ed4d2133127f064679b55dccdb309fc1995e374834058e73272a3799ba261e48895200000036fdffffffffffff08010000060000007a616df70c0a84ecdd42e3b3ae452558eb3dab07f8a195890dcca60bc95c418994341d5433be15a24d469cf3317f177d84331f4bdacab3721feb47567e21fbd56b17852673b5a80b9229b902d1125543eac3700e6b7236bd661dc687d6405f79ba63e063842800000000000000000000190100000500000086e3e980e3cf5626936ca6856035458db8f743594fb77e27e83d73d075bf65f58ea88baf09ed7c1d0205deed5196b6a520b005"]}}], 0x1, 0x0) r1 = signalfd(r0, &(0x7f0000000300)={[0x8]}, 0x8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000240001000000000000000000000000000600030000eb"], 0x1c}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x0, 0x29, 0x65, &(0x7f0000000340)="b0dba4fe92b7abd9c9de4badbb9c2a356474c026b402717ba8fe188f0743fbb4b421c9a82db2b70b22", &(0x7f0000000380)=""/101, 0x6, 0x0, 0xfa, 0x3b, &(0x7f0000000400)="70210aa3edf55b23d651f9e6fc0c05c7f72aee346bc1eab90b35e022e514351a2bdc6e6b21af40168ae7b1792b408810e715bf381df173820ae6431c7eaf3e29e5a32e1a387ebadde25364db78a96e25538f0cf44d67e3df8bc9583b5841df677c5d7365acbc7d20543d558796d096e7772b41d3bafbe9cb9319b33ea0e7c7ca1b3597a5e81641c67c57078e11c3975d507c00d32cdd5a1b534790c4bb390ceddc4a2d3e015b95e6b3247348bae6db6b36922a83c483eb82a55db2d2025bec1b643d4ae59ecf09dca2065dd72e1db04c6927193da8894407d1608e18b5301cce22d291b4ed63c3941688f622a7f27faab1ec69d213096052b9b9", &(0x7f0000000500)="ed7565d499ea97c30fd0fdf4b1e95d5e990f1c7c82928feb9c30ae3bfb15f5446d52755ebd42c9b8c946504fde88571336a5259c5fb4e74b1d2762", 0x6, 0x0, 0xabf}, 0x50) 34.68610989s ago: executing program 4 (id=492): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) io_uring_setup(0x1de0, &(0x7f0000000a00)={0x0, 0x7069, 0x8}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, 0x0, 0x0) r1 = userfaultfd(0x1) r2 = syz_open_dev$vim2m(&(0x7f0000000640), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0cc5605, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101) r4 = dup(r3) r5 = fsopen(&(0x7f0000000180)='hfs\x00', 0x1) r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) mmap(&(0x7f00003c8000/0x3000)=nil, 0x3000, 0x2000005, 0x10, r1, 0x56ec6000) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0) ioctl$LOOP_CHANGE_FD(r6, 0x4c00, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r4) sendfile(r6, r6, 0x0, 0x24002de8) ioctl$LOOP_SET_STATUS(r6, 0x4c02, 0x0) ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r6) syz_usb_connect$uac1(0x0, 0xa5, &(0x7f0000000a00)=ANY=[@ANYBLOB="12010000000000106b1dff014000010203010902930003010000000904000000010100000a2401000000020102132406000006060000000000000000000000000924030006030000000924060303010500b709240300000300041106240504"], 0x0) r7 = openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000004c0)={0x0, 0xa, 0x2, 0x0, 0x40}) connect$inet6(r6, &(0x7f0000000100)={0x2, 0x4e25, 0x6, @private2, 0x20002}, 0x1c) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) write$sndseq(r8, &(0x7f0000000240)=[{0xe, 0x81, 0x0, 0xfd, @time={0x5, 0x5}, {0x10, 0x49}, {0xe}, @raw8={"1f000e000000010000000003"}}], 0x1c) 34.592287229s ago: executing program 1 (id=493): ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000600)={{0x0, 0x0, 0x4, 0xffffffff, 'syz0\x00', 0x1}, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'}) close_range(r1, 0xffffffffffffffff, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0x42, 0x4, 0x3c8, 0xffffffff, 0x188, 0xc8, 0xc8, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74000002, 0xa0, 0xc8, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@cluster={{0x30}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ip={@rand_addr, @multicast2, 0x1000000, 0x0, 'bridge0\x00', 'wg1\x00'}, 0x287, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@connlabel={{0x28}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x168, 0x1a8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0xde, 0x0, 'syz1\x00'}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) 34.300432142s ago: executing program 1 (id=494): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000002780)={0x0, 0x2}) (async) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000001180)=0x2000000) (async) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) (async) ioctl$SNDCTL_DSP_GETOPTR(r1, 0x5008, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000100)) (async) syz_usb_connect$uac1(0x5, 0xa2, &(0x7f0000000040)=ANY=[@ANYRESDEC=r1, @ANYRES8=r1, @ANYRES32=r0], 0x0) 32.80859425s ago: executing program 0 (id=495): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000feffffff000103000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000008b7030000000000008500000005000000bf09000000000000a5090100ffffff809500000000000000ad980000000000005e080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 32.727663829s ago: executing program 4 (id=496): r0 = syz_open_procfs(0x0, &(0x7f0000002440)='statm\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$vivid(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000280)={0x9, @pix={0xffff, 0x3, 0x33524742, 0x7, 0x10001, 0x7, 0x7, 0x80, 0x1, 0x7, 0x1, 0x1}}) read$FUSE(r0, 0x0, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x4, 0x7ffc1ffb}]}) r2 = getpid() r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) writev(0xffffffffffffffff, &(0x7f00000002c0), 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x48, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x20000000) clock_gettime(0x0, 0x0) utimensat(r3, 0x0, &(0x7f0000000380)={{0x77359400}}, 0x0) rt_tgsigqueueinfo(r2, 0x0, 0x5, &(0x7f0000000140)={0x2, 0xffffffff}) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) rt_tgsigqueueinfo(r2, 0x0, 0x1b, &(0x7f0000000280)={0xc, 0x0, 0x4}) 32.447318037s ago: executing program 0 (id=497): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(0x0, 0x3) write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0x78) sendfile(r1, r2, &(0x7f00000001c0), 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) fcntl$addseals(r2, 0x409, 0x8) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r4, 0xffffffffffffffff, 0x0) 32.442018245s ago: executing program 3 (id=498): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc00000000deffffff000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) 32.328211062s ago: executing program 2 (id=499): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x2, 0x80805, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) socket(0x1, 0x803, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x2, 0x1, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = socket$packet(0x11, 0x3, 0x300) pipe(&(0x7f0000000000)) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x88a8ffffffffffff) 32.048025765s ago: executing program 3 (id=500): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000840)={0x14, 0x1, 0x3, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8000}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4080) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfb, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f00000000c0)={0x800000, 0x80, 0xffffffbc, 0x7, 0x0, 0x55a}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f00000001c0)={0x800080, 0x85c, 0x7, 0x3, 0x43, 0x558}) add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000004001000090000000b00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000032a6eb412a45ee2e0700484ac6edd8588cee7ae4982aa1ff9151468827a9775bbd3c48551044b518684580556ca644d04384b1c5c4f5bc2614242b500c430ef84dfacaadec9274dfc81f4bbd7432cd1bb673899152d43b2b4d520b91333a5920d056f708360ec0d037c074a574abc2513b4981"], 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r3}, 0x38) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) (async) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFQNL_MSG_VERDICT(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000840)={0x14, 0x1, 0x3, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8000}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x4080) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) (async) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfb, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) (async) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f00000000c0)={0x800000, 0x80, 0xffffffbc, 0x7, 0x0, 0x55a}) (async) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f00000001c0)={0x800080, 0x85c, 0x7, 0x3, 0x43, 0x558}) (async) add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffd) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0500000004001000090000000b00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000032a6eb412a45ee2e0700484ac6edd8588cee7ae4982aa1ff9151468827a9775bbd3c48551044b518684580556ca644d04384b1c5c4f5bc2614242b500c430ef84dfacaadec9274dfc81f4bbd7432cd1bb673899152d43b2b4d520b91333a5920d056f708360ec0d037c074a574abc2513b4981"], 0x50) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r3}, 0x38) (async) 31.980069035s ago: executing program 2 (id=501): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8002e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1, 0x0, 0x0, 0x60}, 0x0) 31.789717505s ago: executing program 3 (id=502): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0xf2ff) 31.724356861s ago: executing program 2 (id=503): socket$alg(0x26, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket(0x2a, 0x803, 0x7) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000001400000060ec970012302c00fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xfdef) 31.530826634s ago: executing program 2 (id=504): r0 = socket(0x28, 0x1, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000010000100000000000a03000000000000000000010000090900010073797a300000000050000000000000000100100008000a400000000009cab84d60797a3000000000080005400000001e0c00098008000140000060000900020073797a32000000000800034000000023140000001000010000000000000000000000000a"], 0x98}}, 0x0) (async) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) (async) mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil) (async) mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) (async) munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f000060f000/0x4000)=nil, 0x4000) (async) madvise(&(0x7f0000492000/0x2000)=nil, 0x2000, 0x12) munmap(&(0x7f0000893000/0x4000)=nil, 0x4000) mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil) (async) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mlock(&(0x7f0000002000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) ioctl$KDMKTONE(r4, 0x4b30, 0x8) (async) r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) write$binfmt_misc(r6, &(0x7f0000000040), 0xe09) (async) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x400000002, 0x0, 0x0, 0x0, 0x0, 0x1c, "dff0a2ab78fc979f394095ab85c200001ea800f0f0260700000000000000001700000000000000000000000000080000000000000000000000270e00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 31.470834882s ago: executing program 0 (id=505): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$usbfs(0x0, 0x76, 0x101301) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4f23, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x200000b}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000002100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x18, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) socket$nl_generic(0x10, 0x3, 0x10) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0xffffffffffffffda, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, 0x0, 0x80101, 0x0) sendmsg$inet(r0, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df1b0e9c676d1ab5", 0x5c9}, {&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a04e80dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5aca3964f", 0xe5}, {&(0x7f0000000cc0)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435ae156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd58c572f714f6852063afc8358fb33ccb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1c", 0xdc}, {&(0x7f0000000b00)="f2a0f0f863621a483b19e7ecfce0d34e53fbf295927214684f4d69e973ac2fa5fd0ddf47c314ac0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93227bbe5a4a93e14eb44aacf27f9060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a0552c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60066994e2cb401c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a2", 0x14f}, {&(0x7f0000000940)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f37900c5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990aa5d0e74a125971357630b6f3eb4fb4064c42c2b2519a1c77824df6f0653fb116149fcb5c7e46fce32b1de7f511951d4b1ae47781250afdb11680684c1d2854810a90dbe10016823346663fdf1df6200a0dc3cafe8ec225fda", 0xfe}, {&(0x7f0000000800)="3a0846cacd7448e2015cc9a09c5f5608265e1e0fe02aa9077d7ddd960ba112fe1c64f57cba71e7ad8bbdc06a3299398e39498fc459bc1745e3d21a7ca987a4f4b774fe331d20dab2e846a721ff43b0491dc4cb32e16330e0d7d520f4887da0d6f356f8ef230b9b237409", 0x6a}, {&(0x7f0000000300)="77729a", 0x3}], 0x7, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x30}, 0x0) 31.192448796s ago: executing program 0 (id=506): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x2a, 0x2, 0x3) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100001040b00000000000000ff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) 30.758726917s ago: executing program 1 (id=507): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, 0x0, 0x9cdc2384056b48b8) r1 = socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0xae, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r1, &(0x7f0000000200)={0x11, 0xf6, r3, 0x1, 0x55, 0x6, @multicast}, 0x14) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e1406020000ffef0e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 30.667523765s ago: executing program 3 (id=508): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc00000000fff50000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) 30.624804911s ago: executing program 0 (id=509): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x4000000000000001, 0x0) (async) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000180)="441f080100000000ff0000003d07cc61eeaa9d11685b19962f9c98e6a8d3816491ee54be46fe", 0x26) connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e22, @empty}, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) socket(0x10, 0x3, 0x0) (async) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="0a00000000c96700000ab718af103f5dd75fa6b7dbe900"/32], 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00'}) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) (async) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x5, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x400000, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x9, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x3, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x6, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffa, 0x0, 0x5, 0x1c, 0x920000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0x5, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x2, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff343f, 0xfff]}, 0x45c) (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x5, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x400000, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x9, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x3, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x6, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d6, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffa, 0x0, 0x5, 0x1c, 0x920000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0x5, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x2, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff343f, 0xfff]}, 0x45c) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8240, 0x0) socket$inet6(0xa, 0x2, 0x0) (async) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0xc201}) (async) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0xc201}) write$tun(r6, &(0x7f00000004c0)=ANY=[@ANYBLOB="000089060100000000003dddc0ff4500003c0000008490783fffffffe000000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a4000000907800130a0300050a00000000000000000004d588000000"], 0x4a) setsockopt$inet6_udp_int(r5, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x4048844) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) (async) close_range(r3, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3f40, &(0x7f00000001c0)={0x0, 0x4, 0x1000}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) (async) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="c2a1c8a71372f3b1d929915a2924c3dc123328b883e797ff7719ce7165d09f5c1f192c5d55869caadb50e9470d0665be4b864c3ee2068889b7bf1d24c64b15ad395ff9abf46d92ee4436a4cd7a99f858c9ef799612bda96294b26bb0ec447db56aa63362a7c5152bfb14a3a1dcabd12aa922caa3413e68e738b921c2df023e"}], 0x4, 0x0, 0x0, 0x408c4}}], 0x1, 0x6001010) 30.018797488s ago: executing program 3 (id=510): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000000)={0x0, 0x3f00, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c"}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, 0x8001) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000140), 0x8) sched_setattr(0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r6 = io_uring_setup(0x1530, &(0x7f0000000480)={0x0, 0xd498, 0x800, 0x8000002, 0x1d4}) r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$nci(r7, 0x0, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$nci(r7, 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0xd) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) write$binfmt_aout(r8, &(0x7f0000000000)=ANY=[], 0xff2e) close_range(r6, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 29.576082332s ago: executing program 1 (id=511): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x1}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1500}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) 29.283073711s ago: executing program 4 (id=512): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000001c0)={0x24d, 0x10, 0x0, 0xf0, 0x3f, 0x183, 0x1, 0x0, {}, {0xfffffffd, 0x3fffff}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1000000, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x1}) 24.385447147s ago: executing program 1 (id=513): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a280100000b0a1ffeffff000021000000010000000900010073797a30"], 0x150}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 23.066107363s ago: executing program 0 (id=514): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)='f', 0x1}], 0x1}}], 0x2, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0585605, &(0x7f0000000080)={0x0, 0x1, @start={0xff, 0x1}}) shutdown(r1, 0x1) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000200), 0x4) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000240)={'sit0\x00', 0x0, 0x40, 0x40, 0x3, 0x1, {{0x28, 0x4, 0x1, 0x22, 0xa0, 0x65, 0x0, 0xfc, 0x4, 0x0, @broadcast, @remote, {[@generic={0x88, 0x5, "fa1078"}, @generic={0x82, 0x11, "28e65784110b55f9cf20459de18774"}, @noop, @end, @timestamp={0x44, 0x10, 0x54, 0x0, 0xc, [0x446, 0xffff, 0x7]}, @cipso={0x86, 0x4e, 0xffffffffffffffff, [{0x6, 0xb, "4505d1f25170ef5559"}, {0x7, 0xe, "c4ba75adbde7c8436ef6bbbe"}, {0x5, 0x4, "a059"}, {0x6, 0x12, "8cefe34cdf5ba1e2cbe397e6b3664f9f"}, {0x2, 0x2}, {0x5, 0x2}, {0x1, 0x11, "a1801946220c9d8aadee6002ded353"}, {0x7, 0x4, "8c20"}]}, @noop, @lsrr={0x83, 0x13, 0x94, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @broadcast, @rand_addr=0x64010101]}]}}}}}) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@dellink={0x4c, 0x11, 0x800, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x4828, 0x2008}, [@IFLA_BROADCAST={0xa, 0x2, @remote}, @IFLA_LINKMODE={0x5, 0x11, 0x2b}, @IFLA_PROMISCUITY={0x8, 0x1e, 0x1000}, @IFLA_OPERSTATE={0x5}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x884) 0s ago: executing program 32 (id=504): r0 = socket(0x28, 0x1, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000010000100000000000a03000000000000000000010000090900010073797a300000000050000000000000000100100008000a400000000009cab84d60797a3000000000080005400000001e0c00098008000140000060000900020073797a32000000000800034000000023140000001000010000000000000000000000000a"], 0x98}}, 0x0) (async) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) (async) mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil) (async) mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) (async) munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f000060f000/0x4000)=nil, 0x4000) (async) madvise(&(0x7f0000492000/0x2000)=nil, 0x2000, 0x12) munmap(&(0x7f0000893000/0x4000)=nil, 0x4000) mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil) (async) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mlock(&(0x7f0000002000/0x1000)=nil, 0x1000) (async) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) ioctl$KDMKTONE(r4, 0x4b30, 0x8) (async) r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) write$binfmt_misc(r6, &(0x7f0000000040), 0xe09) (async) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x400000002, 0x0, 0x0, 0x0, 0x0, 0x1c, "dff0a2ab78fc979f394095ab85c200001ea800f0f0260700000000000000001700000000000000000000000000080000000000000000000000270e00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) kernel console output (not intermixed with test programs): 3][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 99.326448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.381769][ T980] vhci_hcd: vhci_device speed not set [ 99.398033][ T5960] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(16) [ 99.405065][ T5960] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 99.473219][ T5975] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16'. [ 99.483731][ T980] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 99.563762][ T5960] vhci_hcd vhci_hcd.0: Device attached [ 99.578055][ T5976] Zero length message leads to an empty skb [ 99.599135][ T5970] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(21) [ 99.605778][ T5970] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 99.749376][ T5970] vhci_hcd vhci_hcd.0: Device attached [ 99.764761][ T5960] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 99.903522][ T5960] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 99.913760][ T5960] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 100.015382][ T5970] vhci_hcd vhci_hcd.0: pdev(4) rhport(7) sockfd(29) [ 100.022066][ T5970] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 100.147433][ T5983] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 100.204679][ T5970] vhci_hcd vhci_hcd.0: Device attached [ 100.425207][ T5983] IPVS: length: 24 != 36888 [ 100.442786][ T5964] vhci_hcd: connection reset by peer [ 100.480112][ T5977] vhci_hcd: connection closed [ 100.481233][ T36] vhci_hcd: stop threads [ 100.491140][ T5968] vhci_hcd: connection closed [ 100.492958][ T5973] vhci_hcd: connection closed [ 100.527148][ T36] vhci_hcd: release socket [ 100.659571][ T5979] vhci_hcd: connection closed [ 100.664847][ T36] vhci_hcd: disconnect device [ 100.778816][ T36] vhci_hcd: stop threads [ 100.786962][ T36] vhci_hcd: release socket [ 100.795345][ T36] vhci_hcd: disconnect device [ 100.803368][ T36] vhci_hcd: stop threads [ 100.819995][ T36] vhci_hcd: release socket [ 100.855873][ T5986] fuse: Unknown parameter '000000000000000000000140x000000000000000a' [ 100.875032][ T36] vhci_hcd: disconnect device [ 100.896730][ T36] vhci_hcd: stop threads [ 100.908672][ T36] vhci_hcd: release socket [ 100.915271][ T36] vhci_hcd: disconnect device [ 100.930049][ T36] vhci_hcd: stop threads [ 101.040915][ T36] vhci_hcd: release socket [ 101.072450][ T36] vhci_hcd: disconnect device [ 102.157245][ T5891] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.874811][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 102.904832][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 102.922787][ T5891] usb 2-1: can't read configurations, error -61 [ 103.204980][ T5891] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 103.405872][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 103.440337][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 103.465491][ T5891] usb 2-1: can't read configurations, error -61 [ 103.485869][ T5891] usb usb2-port1: attempt power cycle [ 103.661013][ T6018] IPv4: Oversized IP packet from 127.202.26.0 [ 104.056989][ T5891] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 104.184703][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 104.192350][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 104.235158][ T5891] usb 2-1: can't read configurations, error -61 [ 104.573898][ T5891] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 104.644759][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 104.654721][ T980] vhci_hcd: vhci_device speed not set [ 104.669228][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 104.699826][ T5891] usb 2-1: can't read configurations, error -61 [ 104.737520][ T5891] usb usb2-port1: unable to enumerate USB device [ 105.063727][ T6025] netlink: 'syz.3.27': attribute type 10 has an invalid length. [ 105.211200][ T6030] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 105.993320][ T6036] netlink: 16 bytes leftover after parsing attributes in process `syz.4.31'. [ 106.078126][ T881] usb usb42-port1: attempt power cycle [ 106.744393][ T881] usb usb42-port1: unable to enumerate USB device [ 107.280141][ T30] audit: type=1800 audit(1749029878.043:2): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.37" name="bus" dev="tmpfs" ino=55 res=0 errno=0 [ 107.306915][ T6061] FAULT_INJECTION: forcing a failure. [ 107.306915][ T6061] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 107.437735][ T6061] CPU: 0 UID: 0 PID: 6061 Comm: syz.4.37 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 107.437759][ T6061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.437773][ T6061] Call Trace: [ 107.437780][ T6061] [ 107.437787][ T6061] dump_stack_lvl+0x189/0x250 [ 107.437822][ T6061] ? __pfx____ratelimit+0x10/0x10 [ 107.437845][ T6061] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.437869][ T6061] ? __pfx__printk+0x10/0x10 [ 107.437887][ T6061] ? fs_reclaim_acquire+0x7d/0x100 [ 107.437912][ T6061] should_fail_ex+0x414/0x560 [ 107.437939][ T6061] prepare_alloc_pages+0x213/0x610 [ 107.437964][ T6061] __alloc_frozen_pages_noprof+0x123/0x370 [ 107.437987][ T6061] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 107.438010][ T6061] ? __pfx_css_rstat_updated+0x10/0x10 [ 107.438035][ T6061] ? policy_nodemask+0x27c/0x720 [ 107.438055][ T6061] alloc_pages_mpol+0x232/0x4a0 [ 107.438076][ T6061] folio_alloc_mpol_noprof+0x39/0x70 [ 107.438093][ T6061] shmem_alloc_and_add_folio+0x447/0xf60 [ 107.438111][ T6061] ? filemap_get_entry+0xad/0x2f0 [ 107.438129][ T6061] ? filemap_get_entry+0xad/0x2f0 [ 107.438145][ T6061] ? filemap_get_entry+0xad/0x2f0 [ 107.438166][ T6061] ? shmem_huge_global_enabled+0x174/0x3a0 [ 107.438188][ T6061] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 107.438206][ T6061] ? shmem_allowable_huge_orders+0x19c/0x420 [ 107.438233][ T6061] shmem_get_folio_gfp+0x59d/0x1660 [ 107.438270][ T6061] shmem_fault+0x179/0x390 [ 107.438292][ T6061] __do_fault+0x135/0x390 [ 107.438311][ T6061] __handle_mm_fault+0x198b/0x5620 [ 107.438340][ T6061] ? __pfx___handle_mm_fault+0x10/0x10 [ 107.438364][ T6061] ? follow_page_pte+0x8d6/0x14b0 [ 107.438385][ T6061] handle_mm_fault+0x40a/0x8e0 [ 107.438407][ T6061] __get_user_pages+0x1af4/0x30b0 [ 107.438456][ T6061] ? __pfx___get_user_pages+0x10/0x10 [ 107.438478][ T6061] ? __gup_longterm_locked+0x1005/0x15b0 [ 107.438501][ T6061] ? down_read_killable+0x1d1/0x350 [ 107.438519][ T6061] __gup_longterm_locked+0x118a/0x15b0 [ 107.438560][ T6061] pin_user_pages_remote+0xd4/0x120 [ 107.438585][ T6061] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 107.438612][ T6061] ? down_read+0x1ad/0x2e0 [ 107.438627][ T6061] process_vm_rw+0x59e/0xb40 [ 107.438640][ T6061] ? get_pid_task+0x20/0x1f0 [ 107.438667][ T6061] ? __pfx_process_vm_rw+0x10/0x10 [ 107.438679][ T6061] ? rcu_read_lock_any_held+0xb3/0x120 [ 107.438721][ T6061] ? __pfx_vfs_write+0x10/0x10 [ 107.438753][ T6061] ? ksys_write+0x22a/0x250 [ 107.438768][ T6061] ? __pfx_ksys_write+0x10/0x10 [ 107.438780][ T6061] ? rcu_is_watching+0x15/0xb0 [ 107.438796][ T6061] __x64_sys_process_vm_writev+0xe0/0x100 [ 107.438815][ T6061] do_syscall_64+0xfa/0x3b0 [ 107.438837][ T6061] ? lockdep_hardirqs_on+0x9c/0x150 [ 107.438858][ T6061] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.438873][ T6061] ? clear_bhb_loop+0x60/0xb0 [ 107.438891][ T6061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.438905][ T6061] RIP: 0033:0x7f21f338e969 [ 107.438923][ T6061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.438935][ T6061] RSP: 002b:00007f21f4258038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 107.438952][ T6061] RAX: ffffffffffffffda RBX: 00007f21f35b5fa0 RCX: 00007f21f338e969 [ 107.438963][ T6061] RDX: 000000000000002b RSI: 0000200000c22000 RDI: 000000000000001d [ 107.438972][ T6061] RBP: 00007f21f4258090 R08: 0000000000000001 R09: 0000000000000000 [ 107.438981][ T6061] R10: 0000200000c22fa0 R11: 0000000000000246 R12: 0000000000000002 [ 107.438990][ T6061] R13: 0000000000000000 R14: 00007f21f35b5fa0 R15: 00007f21f36dfa28 [ 107.439012][ T6061] [ 108.441750][ T881] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 108.679860][ T881] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 108.703511][ T881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.761255][ T881] usb 3-1: config 0 descriptor?? [ 108.798016][ T881] cp210x 3-1:0.0: cp210x converter detected [ 108.867238][ T6081] FAULT_INJECTION: forcing a failure. [ 108.867238][ T6081] name failslab, interval 1, probability 0, space 0, times 1 [ 108.948058][ T6081] CPU: 0 UID: 0 PID: 6081 Comm: syz.0.43 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 108.948088][ T6081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.948101][ T6081] Call Trace: [ 108.948113][ T6081] [ 108.948122][ T6081] dump_stack_lvl+0x189/0x250 [ 108.948161][ T6081] ? __pfx____ratelimit+0x10/0x10 [ 108.948192][ T6081] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.948225][ T6081] ? __pfx__printk+0x10/0x10 [ 108.948262][ T6081] should_fail_ex+0x414/0x560 [ 108.948301][ T6081] should_failslab+0xa8/0x100 [ 108.948337][ T6081] __kmalloc_cache_noprof+0x70/0x3d0 [ 108.948359][ T6081] ? sctp_add_bind_addr+0x8c/0x370 [ 108.948384][ T6081] sctp_add_bind_addr+0x8c/0x370 [ 108.948410][ T6081] sctp_copy_local_addr_list+0x30b/0x4e0 [ 108.948448][ T6081] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 108.948483][ T6081] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 108.948519][ T6081] ? sctp_v6_is_any+0x64/0x80 [ 108.948543][ T6081] ? sctp_copy_one_addr+0x93/0x360 [ 108.948567][ T6081] sctp_bind_addr_copy+0xb3/0x3c0 [ 108.948603][ T6081] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 108.948639][ T6081] sctp_connect_new_asoc+0x2e0/0x690 [ 108.948669][ T6081] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 108.948694][ T6081] ? __local_bh_enable_ip+0x12d/0x1c0 [ 108.948736][ T6081] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 108.948767][ T6081] ? security_sctp_bind_connect+0x7e/0x2e0 [ 108.948798][ T6081] sctp_sendmsg+0x155c/0x2810 [ 108.948837][ T6081] ? __pfx_sctp_sendmsg+0x10/0x10 [ 108.948867][ T6081] ? aa_sk_perm+0x81e/0x950 [ 108.948902][ T6081] ? __pfx_aa_sk_perm+0x10/0x10 [ 108.948936][ T6081] ? sock_rps_record_flow+0x19/0x410 [ 108.948974][ T6081] ? inet_sendmsg+0x2f4/0x370 [ 108.949010][ T6081] __sock_sendmsg+0x19c/0x270 [ 108.949047][ T6081] __sys_sendto+0x3bd/0x520 [ 108.949074][ T6081] ? __pfx___sys_sendto+0x10/0x10 [ 108.949094][ T6081] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 108.949142][ T6081] ? __fget_files+0x3a0/0x420 [ 108.949179][ T6081] ? ksys_write+0x22a/0x250 [ 108.949202][ T6081] ? __pfx_ksys_write+0x10/0x10 [ 108.949220][ T6081] ? rcu_is_watching+0x15/0xb0 [ 108.949245][ T6081] __x64_sys_sendto+0xde/0x100 [ 108.949273][ T6081] do_syscall_64+0xfa/0x3b0 [ 108.949304][ T6081] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.949341][ T6081] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.949362][ T6081] ? clear_bhb_loop+0x60/0xb0 [ 108.949389][ T6081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.949409][ T6081] RIP: 0033:0x7f4bc5d8e969 [ 108.949428][ T6081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.949446][ T6081] RSP: 002b:00007f4bc6c93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 108.949469][ T6081] RAX: ffffffffffffffda RBX: 00007f4bc5fb5fa0 RCX: 00007f4bc5d8e969 [ 108.949485][ T6081] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 108.949498][ T6081] RBP: 00007f4bc6c93090 R08: 0000200000000080 R09: 000000000000001c [ 108.949512][ T6081] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 108.949524][ T6081] R13: 0000000000000000 R14: 00007f4bc5fb5fa0 R15: 00007f4bc60dfa28 [ 108.949557][ T6081] [ 109.414086][ T881] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 109.421736][ T881] cp210x 3-1:0.0: querying part number failed [ 109.475863][ T881] usb 3-1: cp210x converter now attached to ttyUSB0 [ 109.530183][ T6089] xt_recent: Unsupported userspace flags (000000de) [ 109.576912][ T6067] binder: BINDER_SET_CONTEXT_MGR already set [ 109.586335][ T6067] binder: 6066:6067 ioctl 4018620d 200000000040 returned -16 [ 109.596683][ T6090] binder: 6066:6090 ioctl c0306201 2000000003c0 returned -14 [ 109.739313][ T43] usb 3-1: USB disconnect, device number 2 [ 109.778447][ T6084] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 109.792235][ T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 109.833340][ T43] cp210x 3-1:0.0: device disconnected [ 109.889324][ T6100] netlink: 'syz.2.49': attribute type 10 has an invalid length. [ 109.928444][ T6100] team0: Device hsr_slave_0 failed to register rx_handler [ 110.483887][ T43] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 110.594596][ T6116] netlink: 'syz.1.56': attribute type 10 has an invalid length. [ 110.624048][ T5891] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 110.645035][ T43] usb 1-1: too many configurations: 255, using maximum allowed: 8 [ 110.656800][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 110.714920][ T43] usb 1-1: can't read configurations, error -61 [ 110.833908][ T5891] usb 3-1: Using ep0 maxpacket: 8 [ 110.859201][ T5891] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 110.863941][ T43] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 110.904038][ T5891] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 110.918102][ T5891] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 110.938963][ T5891] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 110.953464][ T5891] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 110.962809][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.039353][ T43] usb 1-1: too many configurations: 255, using maximum allowed: 8 [ 111.051629][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 111.070040][ T43] usb 1-1: can't read configurations, error -61 [ 111.077990][ T43] usb usb1-port1: attempt power cycle [ 111.188293][ T5891] usb 3-1: GET_CAPABILITIES returned 0 [ 111.194022][ T5891] usbtmc 3-1:16.0: can't read capabilities [ 111.450118][ T43] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 111.510540][ T43] usb 1-1: too many configurations: 255, using maximum allowed: 8 [ 111.522695][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 111.541181][ C0] usbtmc 3-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 111.543504][ T43] usb 1-1: can't read configurations, error -61 [ 111.578446][ T6109] usbtmc 3-1:16.0: Unable to send data, error -71 [ 111.703977][ T43] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 111.747302][ T43] usb 1-1: too many configurations: 255, using maximum allowed: 8 [ 111.765844][ T43] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 111.773505][ T43] usb 1-1: can't read configurations, error -61 [ 111.813625][ T43] usb usb1-port1: unable to enumerate USB device [ 112.231442][ T6144] dummy0: entered promiscuous mode [ 112.237790][ T6144] macsec1: entered promiscuous mode [ 112.243375][ T6144] macsec1: entered allmulticast mode [ 112.249015][ T6144] dummy0: entered allmulticast mode [ 112.258969][ T6144] dummy0: left allmulticast mode [ 112.264604][ T6144] dummy0: left promiscuous mode [ 112.384438][ T5891] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 112.563889][ T5891] usb 2-1: Using ep0 maxpacket: 32 [ 112.572234][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 112.584823][ T5891] usb 2-1: can't read configurations, error -61 [ 112.724244][ T5891] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 112.925909][ T5891] usb 2-1: Using ep0 maxpacket: 32 [ 112.980888][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 112.988953][ T5891] usb 2-1: can't read configurations, error -61 [ 113.012848][ T5891] usb usb2-port1: attempt power cycle [ 113.338691][ T6159] loop8: detected capacity change from 0 to 1 [ 113.342385][ T10] usb 3-1: USB disconnect, device number 3 [ 113.363563][ T5890] Dev loop8: unable to read RDB block 1 [ 113.383900][ T5890] loop8: unable to read partition table [ 113.392410][ T5890] loop8: partition table beyond EOD, truncated [ 113.416492][ T5891] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 113.442211][ T6159] Dev loop8: unable to read RDB block 1 [ 113.454820][ T6159] loop8: unable to read partition table [ 113.462346][ T5891] usb 2-1: Using ep0 maxpacket: 32 [ 113.480141][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 113.495877][ T6159] loop8: partition table beyond EOD, truncated [ 113.502238][ T5891] usb 2-1: can't read configurations, error -61 [ 113.538595][ T6159] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 113.654231][ T5891] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 113.685792][ T5891] usb 2-1: Using ep0 maxpacket: 32 [ 113.723743][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 113.740178][ T5891] usb 2-1: can't read configurations, error -61 [ 113.780483][ T5891] usb usb2-port1: unable to enumerate USB device [ 113.870173][ T6170] netlink: 'syz.3.76': attribute type 10 has an invalid length. [ 114.076489][ T5891] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 114.153741][ T6175] syz.2.78 uses obsolete (PF_INET,SOCK_PACKET) [ 114.273876][ T5891] usb 5-1: Using ep0 maxpacket: 8 [ 114.300594][ T5891] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 114.322990][ T5891] usb 5-1: config 16 has 0 interfaces, different from the descriptor's value: 1 [ 114.342873][ T5891] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 114.378113][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.595861][ T6166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.605713][ T6166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.639817][ T6191] IPVS: set_ctl: invalid protocol: 3 172.20.20.45:20000 [ 114.845416][ T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 115.030258][ T43] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 115.040411][ T43] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 115.053654][ T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 115.068133][ T6209] netlink: 'syz.2.87': attribute type 10 has an invalid length. [ 115.079569][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 115.091433][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 115.103373][ T6209] team0: Device hsr_slave_0 failed to register rx_handler [ 115.119639][ T43] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 115.132331][ T43] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 115.161365][ T43] usb 4-1: Product: syz [ 115.168197][ T43] usb 4-1: Manufacturer: syz [ 115.200884][ T43] cdc_wdm 4-1:1.0: skipping garbage [ 115.210311][ T43] cdc_wdm 4-1:1.0: skipping garbage [ 115.264495][ T43] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 115.291473][ T43] cdc_wdm 4-1:1.0: Unknown control protocol [ 115.339900][ T30] audit: type=1800 audit(1749029886.103:3): pid=6215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.90" name="bus" dev="tmpfs" ino=90 res=0 errno=0 [ 115.353695][ T6215] FAULT_INJECTION: forcing a failure. [ 115.353695][ T6215] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 115.392710][ T6215] CPU: 0 UID: 0 PID: 6215 Comm: syz.1.90 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 115.392751][ T6215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.392765][ T6215] Call Trace: [ 115.392774][ T6215] [ 115.392783][ T6215] dump_stack_lvl+0x189/0x250 [ 115.392821][ T6215] ? __pfx____ratelimit+0x10/0x10 [ 115.392865][ T6215] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.392920][ T6215] ? __pfx__printk+0x10/0x10 [ 115.392946][ T6215] ? fs_reclaim_acquire+0x7d/0x100 [ 115.392984][ T6215] should_fail_ex+0x414/0x560 [ 115.393024][ T6215] prepare_alloc_pages+0x213/0x610 [ 115.393059][ T6215] __alloc_frozen_pages_noprof+0x123/0x370 [ 115.393092][ T6215] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 115.393125][ T6215] ? __pfx_css_rstat_updated+0x10/0x10 [ 115.393161][ T6215] ? policy_nodemask+0x27c/0x720 [ 115.393191][ T6215] alloc_pages_mpol+0x232/0x4a0 [ 115.393221][ T6215] folio_alloc_mpol_noprof+0x39/0x70 [ 115.393248][ T6215] shmem_alloc_and_add_folio+0x447/0xf60 [ 115.393275][ T6215] ? filemap_get_entry+0xad/0x2f0 [ 115.393306][ T6215] ? filemap_get_entry+0xad/0x2f0 [ 115.393329][ T6215] ? filemap_get_entry+0xad/0x2f0 [ 115.393369][ T6215] ? shmem_huge_global_enabled+0x174/0x3a0 [ 115.393401][ T6215] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 115.393428][ T6215] ? shmem_allowable_huge_orders+0x19c/0x420 [ 115.393468][ T6215] shmem_get_folio_gfp+0x59d/0x1660 [ 115.393522][ T6215] shmem_fault+0x179/0x390 [ 115.393554][ T6215] __do_fault+0x135/0x390 [ 115.393583][ T6215] __handle_mm_fault+0x198b/0x5620 [ 115.393626][ T6215] ? __pfx___handle_mm_fault+0x10/0x10 [ 115.393662][ T6215] ? follow_page_pte+0x8d6/0x14b0 [ 115.393694][ T6215] handle_mm_fault+0x40a/0x8e0 [ 115.393727][ T6215] __get_user_pages+0x1af4/0x30b0 [ 115.393794][ T6215] ? __pfx___get_user_pages+0x10/0x10 [ 115.393825][ T6215] ? __gup_longterm_locked+0x1005/0x15b0 [ 115.393865][ T6215] ? down_read_killable+0x1d1/0x350 [ 115.393893][ T6215] __gup_longterm_locked+0x118a/0x15b0 [ 115.393955][ T6215] pin_user_pages_remote+0xd4/0x120 [ 115.393992][ T6215] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 115.394031][ T6215] ? down_read+0x1ad/0x2e0 [ 115.394053][ T6215] process_vm_rw+0x59e/0xb40 [ 115.394072][ T6215] ? get_pid_task+0x20/0x1f0 [ 115.394113][ T6215] ? __pfx_process_vm_rw+0x10/0x10 [ 115.394131][ T6215] ? rcu_read_lock_any_held+0xb3/0x120 [ 115.394186][ T6215] ? __pfx_vfs_write+0x10/0x10 [ 115.394230][ T6215] ? ksys_write+0x22a/0x250 [ 115.394253][ T6215] ? __pfx_ksys_write+0x10/0x10 [ 115.394271][ T6215] ? rcu_is_watching+0x15/0xb0 [ 115.394295][ T6215] __x64_sys_process_vm_writev+0xe0/0x100 [ 115.394323][ T6215] do_syscall_64+0xfa/0x3b0 [ 115.394354][ T6215] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.394383][ T6215] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.394404][ T6215] ? clear_bhb_loop+0x60/0xb0 [ 115.394430][ T6215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.394450][ T6215] RIP: 0033:0x7f2cc298e969 [ 115.394469][ T6215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.394487][ T6215] RSP: 002b:00007f2cc3743038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 115.394510][ T6215] RAX: ffffffffffffffda RBX: 00007f2cc2bb5fa0 RCX: 00007f2cc298e969 [ 115.394525][ T6215] RDX: 000000000000002b RSI: 0000200000c22000 RDI: 0000000000000025 [ 115.394538][ T6215] RBP: 00007f2cc3743090 R08: 0000000000000001 R09: 0000000000000000 [ 115.394551][ T6215] R10: 0000200000c22fa0 R11: 0000000000000246 R12: 0000000000000002 [ 115.394564][ T6215] R13: 0000000000000000 R14: 00007f2cc2bb5fa0 R15: 00007f2cc2cdfa28 [ 115.394597][ T6215] [ 115.751945][ C0] vkms_vblank_simulate: vblank timer overrun [ 116.446564][ T6232] FAULT_INJECTION: forcing a failure. [ 116.446564][ T6232] name failslab, interval 1, probability 0, space 0, times 0 [ 116.459739][ T6232] CPU: 1 UID: 0 PID: 6232 Comm: syz.1.96 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 116.459760][ T6232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.459769][ T6232] Call Trace: [ 116.459775][ T6232] [ 116.459782][ T6232] dump_stack_lvl+0x189/0x250 [ 116.459811][ T6232] ? __pfx____ratelimit+0x10/0x10 [ 116.459833][ T6232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.459859][ T6232] ? __pfx__printk+0x10/0x10 [ 116.459886][ T6232] should_fail_ex+0x414/0x560 [ 116.459914][ T6232] should_failslab+0xa8/0x100 [ 116.459932][ T6232] __kmalloc_cache_noprof+0x70/0x3d0 [ 116.459948][ T6232] ? sctp_add_bind_addr+0x8c/0x370 [ 116.459965][ T6232] sctp_add_bind_addr+0x8c/0x370 [ 116.459982][ T6232] sctp_copy_local_addr_list+0x30b/0x4e0 [ 116.460009][ T6232] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 116.460049][ T6232] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 116.460076][ T6232] ? sctp_v6_is_any+0x64/0x80 [ 116.460093][ T6232] ? sctp_copy_one_addr+0x93/0x360 [ 116.460109][ T6232] sctp_bind_addr_copy+0xb3/0x3c0 [ 116.460134][ T6232] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 116.460159][ T6232] sctp_connect_new_asoc+0x2e0/0x690 [ 116.460180][ T6232] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 116.460198][ T6232] ? __local_bh_enable_ip+0x12d/0x1c0 [ 116.460227][ T6232] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 116.460250][ T6232] ? security_sctp_bind_connect+0x7e/0x2e0 [ 116.460272][ T6232] sctp_sendmsg+0x155c/0x2810 [ 116.460299][ T6232] ? __pfx_sctp_sendmsg+0x10/0x10 [ 116.460320][ T6232] ? aa_sk_perm+0x81e/0x950 [ 116.460345][ T6232] ? __pfx_aa_sk_perm+0x10/0x10 [ 116.460369][ T6232] ? sock_rps_record_flow+0x19/0x410 [ 116.460395][ T6232] ? inet_sendmsg+0x2f4/0x370 [ 116.460429][ T6232] __sock_sendmsg+0x19c/0x270 [ 116.460465][ T6232] __sys_sendto+0x3bd/0x520 [ 116.460486][ T6232] ? __pfx___sys_sendto+0x10/0x10 [ 116.460500][ T6232] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 116.460532][ T6232] ? __fget_files+0x3a0/0x420 [ 116.460558][ T6232] ? ksys_write+0x22a/0x250 [ 116.460574][ T6232] ? __pfx_ksys_write+0x10/0x10 [ 116.460592][ T6232] ? rcu_is_watching+0x15/0xb0 [ 116.460617][ T6232] __x64_sys_sendto+0xde/0x100 [ 116.460645][ T6232] do_syscall_64+0xfa/0x3b0 [ 116.460676][ T6232] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.460706][ T6232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.460724][ T6232] ? clear_bhb_loop+0x60/0xb0 [ 116.460769][ T6232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.460790][ T6232] RIP: 0033:0x7f2cc298e969 [ 116.460808][ T6232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.460822][ T6232] RSP: 002b:00007f2cc3743038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 116.460838][ T6232] RAX: ffffffffffffffda RBX: 00007f2cc2bb5fa0 RCX: 00007f2cc298e969 [ 116.460849][ T6232] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 116.460858][ T6232] RBP: 00007f2cc3743090 R08: 0000200000000080 R09: 000000000000001c [ 116.460868][ T6232] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 116.460877][ T6232] R13: 0000000000000000 R14: 00007f2cc2bb5fa0 R15: 00007f2cc2cdfa28 [ 116.460899][ T6232] [ 116.524340][ T5891] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 116.636550][ T6234] xt_recent: Unsupported userspace flags (000000de) [ 116.824055][ T5891] usb 1-1: Using ep0 maxpacket: 16 [ 116.831831][ T5891] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 116.841679][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.963517][ T5891] usb 1-1: config 0 descriptor?? [ 116.991550][ T10] usb 5-1: USB disconnect, device number 2 [ 117.017535][ T5891] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 117.242243][ T6243] batadv0: entered promiscuous mode [ 117.249468][ T6243] vlan2: entered promiscuous mode [ 117.605454][ T10] usb 4-1: USB disconnect, device number 3 [ 117.724226][ T980] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 117.850379][ T6266] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 117.945403][ T980] usb 3-1: Using ep0 maxpacket: 8 [ 117.962201][ T980] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 117.974863][ T980] usb 3-1: config 0 has no interface number 0 [ 117.981176][ T980] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 117.992489][ T980] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 118.014290][ T6268] fuse: Unknown parameter '000000000000000000000140x000000000000000a' [ 118.024690][ T980] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 118.139737][ T980] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 118.202535][ T980] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 118.227742][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.304640][ T980] usb 3-1: config 0 descriptor?? [ 118.347544][ T980] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 118.647985][ T10] usb 3-1: USB disconnect, device number 4 [ 118.681494][ T10] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 119.039049][ T6230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.063139][ T6230] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.640622][ T6284] dummy0: entered promiscuous mode [ 119.679841][ T6284] macsec1: entered promiscuous mode [ 119.700620][ T6284] macsec1: entered allmulticast mode [ 119.733158][ T980] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 119.762755][ T6284] dummy0: entered allmulticast mode [ 119.814174][ T5891] gspca_sonixj: reg_w1 err -110 [ 119.819218][ T5891] sonixj 1-1:0.0: probe with driver sonixj failed with error -110 [ 119.852473][ T6284] dummy0: left allmulticast mode [ 119.893082][ T980] usb 5-1: device descriptor read/64, error -71 [ 119.910623][ T6284] dummy0: left promiscuous mode [ 120.185532][ T980] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 120.451724][ T5891] usb 1-1: USB disconnect, device number 6 [ 120.494109][ T980] usb 5-1: device descriptor read/64, error -71 [ 120.638857][ T980] usb usb5-port1: attempt power cycle [ 120.655514][ T6297] netlink: 20 bytes leftover after parsing attributes in process `syz.3.118'. [ 120.695760][ T6297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.118'. [ 120.995769][ T881] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 121.004359][ T980] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 121.034725][ T980] usb 5-1: device descriptor read/8, error -71 [ 121.109487][ T6307] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 121.164027][ T881] usb 1-1: device descriptor read/64, error -71 [ 121.284467][ T980] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 121.305296][ T980] usb 5-1: device descriptor read/8, error -71 [ 121.391061][ T6314] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 121.409294][ T881] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 121.417770][ T980] usb usb5-port1: unable to enumerate USB device [ 121.583910][ T881] usb 1-1: device descriptor read/64, error -71 [ 121.695245][ T881] usb usb1-port1: attempt power cycle [ 121.852904][ T6318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.127'. [ 121.862814][ T6318] netlink: 16 bytes leftover after parsing attributes in process `syz.2.127'. [ 121.992497][ T6321] netlink: 'syz.1.128': attribute type 10 has an invalid length. [ 122.019310][ T6321] team0: Device hsr_slave_0 failed to register rx_handler [ 122.033352][ T6322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.127'. [ 122.044153][ T881] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 122.074944][ T881] usb 1-1: device descriptor read/8, error -71 [ 122.101887][ T6323] input: syz0 as /devices/virtual/input/input6 [ 122.213036][ T6322] batadv0: entered promiscuous mode [ 122.249522][ T6322] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 122.324496][ T881] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 122.364792][ T881] usb 1-1: device descriptor read/8, error -71 [ 122.495095][ T881] usb usb1-port1: unable to enumerate USB device [ 122.997482][ T6342] netlink: 8 bytes leftover after parsing attributes in process `syz.3.132'. [ 123.294566][ T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 123.328247][ T6353] FAULT_INJECTION: forcing a failure. [ 123.328247][ T6353] name failslab, interval 1, probability 0, space 0, times 0 [ 123.365615][ T6353] CPU: 0 UID: 0 PID: 6353 Comm: syz.3.136 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 123.365646][ T6353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.365659][ T6353] Call Trace: [ 123.365667][ T6353] [ 123.365677][ T6353] dump_stack_lvl+0x189/0x250 [ 123.365717][ T6353] ? __pfx____ratelimit+0x10/0x10 [ 123.365748][ T6353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.365781][ T6353] ? __pfx__printk+0x10/0x10 [ 123.365821][ T6353] should_fail_ex+0x414/0x560 [ 123.365859][ T6353] should_failslab+0xa8/0x100 [ 123.365886][ T6353] __kmalloc_cache_noprof+0x70/0x3d0 [ 123.365909][ T6353] ? sctp_add_bind_addr+0x8c/0x370 [ 123.365934][ T6353] sctp_add_bind_addr+0x8c/0x370 [ 123.365960][ T6353] sctp_copy_local_addr_list+0x30b/0x4e0 [ 123.365999][ T6353] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 123.366033][ T6353] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 123.366070][ T6353] ? sctp_v6_is_any+0x64/0x80 [ 123.366095][ T6353] ? sctp_copy_one_addr+0x93/0x360 [ 123.366119][ T6353] sctp_bind_addr_copy+0xb3/0x3c0 [ 123.366155][ T6353] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 123.366190][ T6353] sctp_connect_new_asoc+0x2e0/0x690 [ 123.366221][ T6353] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 123.366246][ T6353] ? __local_bh_enable_ip+0x12d/0x1c0 [ 123.366295][ T6353] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 123.366326][ T6353] ? security_sctp_bind_connect+0x7e/0x2e0 [ 123.366358][ T6353] sctp_sendmsg+0x155c/0x2810 [ 123.366398][ T6353] ? __pfx_sctp_sendmsg+0x10/0x10 [ 123.366428][ T6353] ? aa_sk_perm+0x81e/0x950 [ 123.366463][ T6353] ? __pfx_aa_sk_perm+0x10/0x10 [ 123.366497][ T6353] ? sock_rps_record_flow+0x19/0x410 [ 123.366534][ T6353] ? inet_sendmsg+0x2f4/0x370 [ 123.366572][ T6353] __sock_sendmsg+0x19c/0x270 [ 123.366609][ T6353] __sys_sendto+0x3bd/0x520 [ 123.366636][ T6353] ? __pfx___sys_sendto+0x10/0x10 [ 123.366656][ T6353] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 123.366704][ T6353] ? __fget_files+0x3a0/0x420 [ 123.366742][ T6353] ? ksys_write+0x22a/0x250 [ 123.366766][ T6353] ? __pfx_ksys_write+0x10/0x10 [ 123.366783][ T6353] ? rcu_is_watching+0x15/0xb0 [ 123.366809][ T6353] __x64_sys_sendto+0xde/0x100 [ 123.366837][ T6353] do_syscall_64+0xfa/0x3b0 [ 123.366868][ T6353] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.366898][ T6353] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.366919][ T6353] ? clear_bhb_loop+0x60/0xb0 [ 123.366945][ T6353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.366966][ T6353] RIP: 0033:0x7f54fa58e969 [ 123.366986][ T6353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.367010][ T6353] RSP: 002b:00007f54fb4a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 123.367032][ T6353] RAX: ffffffffffffffda RBX: 00007f54fa7b5fa0 RCX: 00007f54fa58e969 [ 123.367047][ T6353] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 123.367060][ T6353] RBP: 00007f54fb4a3090 R08: 0000200000000080 R09: 000000000000001c [ 123.367074][ T6353] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 123.367086][ T6353] R13: 0000000000000000 R14: 00007f54fa7b5fa0 R15: 00007f54fa8dfa28 [ 123.367119][ T6353] [ 123.450660][ T6356] xt_recent: Unsupported userspace flags (000000de) [ 123.451951][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.474630][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 123.478738][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.497132][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.501584][ C0] hrtimer: interrupt took 127801401 ns [ 123.727875][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.728214][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 123.884207][ T5891] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 123.893341][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=01ff, bcdDevice= 0.40 [ 123.930099][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.022790][ T24] usb 5-1: Product: syz [ 124.035017][ T24] usb 5-1: Manufacturer: syz [ 124.039669][ T24] usb 5-1: SerialNumber: syz [ 124.053988][ T5891] usb 3-1: Using ep0 maxpacket: 32 [ 124.078911][ T5891] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 124.117853][ T5891] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 124.180513][ T5891] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 124.200396][ T6367] netlink: 88 bytes leftover after parsing attributes in process `syz.0.143'. [ 124.209688][ T5891] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 124.232706][ T5891] usb 3-1: config 0 interface 0 has no altsetting 0 [ 124.267107][ T5891] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 124.285140][ T5891] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 124.334273][ T5891] usb 3-1: Product: syz [ 124.351520][ T5891] usb 3-1: Manufacturer: syz [ 124.392009][ T5891] usb 3-1: SerialNumber: syz [ 124.453917][ T5891] usb 3-1: config 0 descriptor?? [ 124.564763][ T5891] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 124.583976][ T5891] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 124.610335][ T6375] random: crng reseeded on system resumption [ 124.629758][ T6341] hfs: unable to load iocharset "io#harset" [ 124.666885][ T24] usb 5-1: 0:2 : does not exist [ 124.757487][ T24] usb 5-1: USB disconnect, device number 7 [ 124.836066][ T6363] ALSA: seq fatal error: cannot create timer (-22) [ 124.878072][ T5890] udevd[5890]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 125.241980][ T6387] fuse: Bad value for 'rootmode' [ 125.257169][ T6384] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 125.391084][ T5891] usb 3-1: USB disconnect, device number 5 [ 125.391127][ C1] ldusb 3-1:0.0: usb_submit_urb failed (-19) [ 125.423968][ T6380] ldusb 3-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 125.456638][ T5891] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 126.148620][ T6423] fuse: Unknown parameter 'use00000000000000000000' [ 126.295640][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 126.439788][ T6435] random: crng reseeded on system resumption [ 126.523902][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 126.540530][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.652042][ T10] usb 2-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 126.662823][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.689249][ T10] usb 2-1: config 0 descriptor?? [ 126.985448][ T6451] capability: warning: `syz.2.170' uses deprecated v2 capabilities in a way that may be insecure [ 127.024992][ T6449] dummy0: entered promiscuous mode [ 127.033317][ T6449] macsec1: entered promiscuous mode [ 127.091494][ T6449] macsec1: entered allmulticast mode [ 127.104906][ T6449] dummy0: entered allmulticast mode [ 127.123583][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 127.132911][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 127.226567][ T6449] dummy0: left allmulticast mode [ 127.258854][ T6449] dummy0: left promiscuous mode [ 127.512702][ T6456] netlink: 20 bytes leftover after parsing attributes in process `syz.0.172'. [ 127.715790][ T10] usb 2-1: USB disconnect, device number 11 [ 127.725477][ T6456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.172'. [ 127.852775][ T6460] fuse: Unknown parameter 'use00000000000000000000' [ 128.051698][ T6465] loop8: detected capacity change from 0 to 1 [ 128.063281][ T6464] netlink: 12 bytes leftover after parsing attributes in process `syz.0.175'. [ 128.074252][ T6465] Dev loop8: unable to read RDB block 1 [ 128.079948][ T6465] loop8: unable to read partition table [ 128.107776][ T6465] loop8: partition table beyond EOD, truncated [ 128.131902][ T6465] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 128.314453][ T6473] fuse: Unknown parameter 'user_G048zid' [ 128.374348][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.3.181'. [ 128.406564][ T6478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.181'. [ 128.484434][ T6484] netlink: 'syz.2.182': attribute type 10 has an invalid length. [ 128.528402][ T6482] binder: BINDER_SET_CONTEXT_MGR already set [ 128.534712][ T6482] binder: 6480:6482 ioctl 4018620d 200000000040 returned -16 [ 128.938678][ T6494] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 129.144245][ T5893] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 129.347669][ T5893] usb 2-1: config 1 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.360278][ T5893] usb 2-1: config 1 interface 0 has no altsetting 0 [ 129.371821][ T5893] usb 2-1: New USB device found, idVendor=047f, idProduct=c056, bcdDevice= 0.40 [ 129.393159][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.426815][ T5893] usb 2-1: Product: syz [ 129.440229][ T5893] usb 2-1: Manufacturer: Й [ 129.448872][ T5893] usb 2-1: SerialNumber: syz [ 129.701926][ T6499] fuse: Unknown parameter 'use00000000000000000000' [ 129.759097][ T5893] usbhid 2-1:1.0: can't add hid device: -71 [ 129.818168][ T5893] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 129.877542][ T5893] usb 2-1: USB disconnect, device number 12 [ 130.706274][ T5905] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 130.866351][ T5905] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 130.875919][ T5905] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.922561][ T5905] usb 4-1: config 0 has no interface number 0 [ 130.959304][ T5905] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 130.969038][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.983954][ T5905] usb 4-1: Product: syz [ 130.994274][ T5905] usb 4-1: Manufacturer: syz [ 131.003444][ T5905] usb 4-1: SerialNumber: syz [ 131.029735][ T5905] usb 4-1: config 0 descriptor?? [ 131.294783][ T6511] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 131.371161][ T5905] usb 4-1: USB disconnect, device number 4 [ 131.521372][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.187'. [ 131.538589][ T6517] openvswitch: netlink: Unknown nsh attribute 0 [ 131.636788][ T6517] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 131.830386][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.194'. [ 131.871228][ T6528] netlink: 12 bytes leftover after parsing attributes in process `syz.4.194'. [ 131.892982][ T6530] FAULT_INJECTION: forcing a failure. [ 131.892982][ T6530] name failslab, interval 1, probability 0, space 0, times 0 [ 131.956773][ T6528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.194'. [ 132.022646][ T6530] CPU: 1 UID: 0 PID: 6530 Comm: syz.2.195 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 132.022669][ T6530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.022678][ T6530] Call Trace: [ 132.022684][ T6530] [ 132.022691][ T6530] dump_stack_lvl+0x189/0x250 [ 132.022719][ T6530] ? __pfx____ratelimit+0x10/0x10 [ 132.022741][ T6530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.022764][ T6530] ? __pfx__printk+0x10/0x10 [ 132.022790][ T6530] should_fail_ex+0x414/0x560 [ 132.022817][ T6530] should_failslab+0xa8/0x100 [ 132.022835][ T6530] __kmalloc_cache_noprof+0x70/0x3d0 [ 132.022850][ T6530] ? sctp_add_bind_addr+0x8c/0x370 [ 132.022867][ T6530] sctp_add_bind_addr+0x8c/0x370 [ 132.022885][ T6530] sctp_copy_local_addr_list+0x30b/0x4e0 [ 132.022919][ T6530] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 132.022943][ T6530] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 132.022969][ T6530] ? sctp_v6_is_any+0x64/0x80 [ 132.022986][ T6530] ? sctp_copy_one_addr+0x93/0x360 [ 132.023003][ T6530] sctp_bind_addr_copy+0xb3/0x3c0 [ 132.023028][ T6530] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 132.023052][ T6530] sctp_connect_new_asoc+0x2e0/0x690 [ 132.023073][ T6530] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 132.023090][ T6530] ? __local_bh_enable_ip+0x12d/0x1c0 [ 132.023119][ T6530] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 132.023142][ T6530] ? security_sctp_bind_connect+0x7e/0x2e0 [ 132.023164][ T6530] sctp_sendmsg+0x155c/0x2810 [ 132.023191][ T6530] ? __pfx_sctp_sendmsg+0x10/0x10 [ 132.023211][ T6530] ? aa_sk_perm+0x81e/0x950 [ 132.023236][ T6530] ? __pfx_aa_sk_perm+0x10/0x10 [ 132.023259][ T6530] ? sock_rps_record_flow+0x19/0x410 [ 132.023285][ T6530] ? inet_sendmsg+0x2f4/0x370 [ 132.023312][ T6530] __sock_sendmsg+0x19c/0x270 [ 132.023339][ T6530] __sys_sendto+0x3bd/0x520 [ 132.023357][ T6530] ? __pfx___sys_sendto+0x10/0x10 [ 132.023371][ T6530] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 132.023405][ T6530] ? __fget_files+0x3a0/0x420 [ 132.023430][ T6530] ? ksys_write+0x22a/0x250 [ 132.023447][ T6530] ? __pfx_ksys_write+0x10/0x10 [ 132.023459][ T6530] ? rcu_is_watching+0x15/0xb0 [ 132.023476][ T6530] __x64_sys_sendto+0xde/0x100 [ 132.023495][ T6530] do_syscall_64+0xfa/0x3b0 [ 132.023517][ T6530] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.023537][ T6530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.023552][ T6530] ? clear_bhb_loop+0x60/0xb0 [ 132.023570][ T6530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.023584][ T6530] RIP: 0033:0x7f185bd8e969 [ 132.023597][ T6530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.023610][ T6530] RSP: 002b:00007f185cc72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 132.023626][ T6530] RAX: ffffffffffffffda RBX: 00007f185bfb5fa0 RCX: 00007f185bd8e969 [ 132.023637][ T6530] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 132.023646][ T6530] RBP: 00007f185cc72090 R08: 0000200000000080 R09: 000000000000001c [ 132.023656][ T6530] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 132.023664][ T6530] R13: 0000000000000000 R14: 00007f185bfb5fa0 R15: 00007f185c0dfa28 [ 132.023690][ T6530] [ 132.603917][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 132.786004][ T6538] fuse: Unknown parameter 'user_i00000000000000000000' [ 132.801192][ T10] usb 4-1: config 129 has an invalid interface number: 201 but max is 0 [ 132.810736][ T10] usb 4-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 132.844197][ T10] usb 4-1: config 129 has no interface number 0 [ 132.858647][ T10] usb 4-1: config 129 interface 201 altsetting 1 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 132.901790][ T10] usb 4-1: config 129 interface 201 altsetting 1 endpoint 0x8C has invalid wMaxPacketSize 0 [ 132.939482][ T10] usb 4-1: config 129 interface 201 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 132.970292][ T10] usb 4-1: config 129 interface 201 has no altsetting 0 [ 132.987792][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.001339][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.059783][ T10] usb 4-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 133.103900][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.111970][ T10] usb 4-1: Product: syz [ 133.158553][ T10] usb 4-1: Manufacturer: syz [ 133.163232][ T10] usb 4-1: SerialNumber: syz [ 133.443668][ T10] radioshark 4-1:129.201: Invalid radioSHARK device [ 133.468497][ T10] radioshark 4-1:129.201: probe with driver radioshark failed with error -22 [ 133.483635][ T10] usbhid 4-1:129.201: couldn't find an input interrupt endpoint [ 133.553368][ T10] usb 4-1: USB disconnect, device number 5 [ 133.971556][ T6568] 8021q: VLANs not supported on caif0 [ 134.259174][ T6579] fuse: Unknown parameter 'user_i00000000000000000000' [ 134.545264][ T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 134.734340][ T24] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 134.754532][ T6589] netlink: 'syz.2.213': attribute type 23 has an invalid length. [ 134.824274][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.857915][ T24] usb 4-1: config 0 descriptor?? [ 135.193940][ T43] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 135.378276][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.389522][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.431330][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 135.500564][ T43] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.541033][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.570953][ T43] usb 2-1: config 0 descriptor?? [ 135.744161][ T881] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 135.976399][ T881] usb 5-1: config 156 has an invalid interface number: 58 but max is 3 [ 135.991237][ T881] usb 5-1: config 156 has an invalid interface number: 223 but max is 3 [ 136.008169][ T881] usb 5-1: config 156 has an invalid descriptor of length 1, skipping remainder of the config [ 136.028519][ T881] usb 5-1: config 156 has 3 interfaces, different from the descriptor's value: 4 [ 136.029234][ T43] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 136.038607][ T881] usb 5-1: config 156 has no interface number 0 [ 136.094642][ T881] usb 5-1: config 156 has no interface number 1 [ 136.100971][ T881] usb 5-1: config 156 has no interface number 2 [ 136.144012][ T5891] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 136.167100][ T881] usb 5-1: config 156 interface 58 altsetting 3 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 136.211334][ T43] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 136.211637][ T881] usb 5-1: config 156 interface 58 altsetting 3 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 136.300864][ T43] usb 2-1: USB disconnect, device number 13 [ 136.315501][ T881] usb 5-1: config 156 interface 58 altsetting 3 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 136.348183][ T5891] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 136.358463][ T24] pegasus 4-1:0.0: can't reset MAC [ 136.358879][ T24] pegasus 4-1:0.0: probe with driver pegasus failed with error -5 [ 136.383913][ T881] usb 5-1: config 156 interface 58 altsetting 3 has a duplicate endpoint with address 0x8, skipping [ 136.400667][ T24] usb 4-1: USB disconnect, device number 6 [ 136.433924][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 136.463892][ T881] usb 5-1: config 156 interface 3 altsetting 5 endpoint 0xF has an invalid bInterval 250, changing to 7 [ 136.508398][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 136.528417][ T881] usb 5-1: config 156 interface 3 altsetting 5 endpoint 0xA has an invalid bInterval 245, changing to 11 [ 136.555714][ T6620] netlink: 20 bytes leftover after parsing attributes in process `syz.2.225'. [ 136.565098][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 136.584019][ T881] usb 5-1: config 156 interface 3 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 136.604980][ T6620] netlink: 12 bytes leftover after parsing attributes in process `syz.2.225'. [ 136.623405][ T5891] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 136.644434][ T881] usb 5-1: config 156 interface 3 altsetting 5 has a duplicate endpoint with address 0xF, skipping [ 136.679036][ T5891] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 136.724090][ T6616] fido_id[6616]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 136.742484][ T881] usb 5-1: config 156 interface 3 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 136.849110][ T5891] usb 1-1: Manufacturer: syz [ 137.025375][ T881] usb 5-1: config 156 interface 3 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 137.037908][ T5891] usb 1-1: config 0 descriptor?? [ 137.068215][ T881] usb 5-1: config 156 interface 3 altsetting 5 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 137.085357][ T881] usb 5-1: config 156 interface 3 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 137.318491][ T881] usb 5-1: config 156 interface 3 altsetting 5 endpoint 0x6 has an invalid bInterval 224, changing to 7 [ 137.339866][ T881] usb 5-1: config 156 interface 3 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 137.351118][ T6626] fuse: Unknown parameter 'user_i00000000000000000000' [ 137.359393][ T881] usb 5-1: config 156 interface 3 altsetting 5 has a duplicate endpoint with address 0x3, skipping [ 137.370486][ T881] usb 5-1: config 156 interface 3 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 137.382274][ T881] usb 5-1: config 156 interface 223 altsetting 232 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 137.396164][ T881] usb 5-1: config 156 interface 58 has no altsetting 0 [ 137.404809][ T881] usb 5-1: config 156 interface 3 has no altsetting 0 [ 137.411640][ T881] usb 5-1: config 156 interface 223 has no altsetting 0 [ 137.422355][ T881] usb 5-1: Dual-Role OTG device on HNP port [ 137.431264][ T881] usb 5-1: New USB device found, idVendor=1e0f, idProduct=28fa, bcdDevice=c5.f7 [ 137.440725][ T881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.449737][ T881] usb 5-1: Product: Ћ [ 137.454195][ T881] usb 5-1: Manufacturer: 釡锔쵯❀瀡許䊜娾௾ﰚ὚渻빟鉸゙磽࿣ె㇥獈뒩쁟≽䴘ↄ༘╅된딴ꢿ㏙宾ᔁ谀쐵붪ᛌ⃅➦他ἂ神ᔅൖ汜荿폷寫冻즢ਪ▥᭩䂓ꭿ耮&ٷ虍璚覩适ఛꛗ⯄△᩾散닩Ӷ몄藪ᅅꋻ렔꫸Ă屝ɔ蟦鑚駨髤齟桦삕䷒큌ⶣ뼻䆕훙䇟‼尿篟◳췥ᝎ଱翧蒦ഐ [ 137.488826][ T881] usb 5-1: SerialNumber: ф [ 137.605227][ T5891] rc_core: IR keymap rc-hauppauge not found [ 137.611282][ T5891] Registered IR keymap rc-empty [ 137.618003][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 137.664147][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 137.730907][ T5891] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 137.756708][ T5891] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8 [ 137.817470][ T6634] loop8: detected capacity change from 0 to 1 [ 137.828084][ T6241] Dev loop8: unable to read RDB block 1 [ 137.833743][ T6241] loop8: unable to read partition table [ 137.841814][ T6241] loop8: partition table beyond EOD, truncated [ 137.849693][ T6634] Dev loop8: unable to read RDB block 1 [ 137.864059][ T6634] loop8: unable to read partition table [ 137.880078][ T6634] loop8: partition table beyond EOD, truncated [ 137.887423][ T6634] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 137.894281][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 137.924804][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 137.974081][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.016136][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.056682][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.094804][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.144822][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.164630][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.179287][ T6642] netlink: 'syz.3.233': attribute type 10 has an invalid length. [ 138.187566][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.224094][ T5891] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 138.272827][ T5891] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 138.323745][ T5891] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 138.360101][ T5891] usb 1-1: USB disconnect, device number 11 [ 138.464061][ T980] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 138.669863][ T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.681984][ T6650] random: crng reseeded on system resumption [ 138.691295][ T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.738843][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 138.750202][ T980] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 138.802722][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.857068][ T980] usb 3-1: config 0 descriptor?? [ 138.946298][ T881] usb 5-1: USB disconnect, device number 8 [ 138.976363][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 138.985616][ T10] usb 4-1: config 9 has an invalid interface number: 209 but max is 2 [ 138.994319][ T10] usb 4-1: config 9 has an invalid interface number: 254 but max is 2 [ 139.002846][ T10] usb 4-1: config 9 has an invalid interface number: 8 but max is 2 [ 139.012124][ T10] usb 4-1: config 9 has no interface number 0 [ 139.018461][ T10] usb 4-1: config 9 has no interface number 1 [ 139.024852][ T10] usb 4-1: config 9 has no interface number 2 [ 139.031121][ T10] usb 4-1: config 9 interface 209 has no altsetting 0 [ 139.078305][ T10] usb 4-1: config 9 interface 254 has no altsetting 0 [ 139.097947][ T10] usb 4-1: config 9 interface 8 has no altsetting 0 [ 139.123601][ T10] usb 4-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=d1.2a [ 139.137863][ T10] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 139.148715][ T10] usb 4-1: Product: syz [ 139.152975][ T10] usb 4-1: Manufacturer: syz [ 139.162096][ T10] usb 4-1: SerialNumber: syz [ 139.182657][ T6653] xt_CONNSECMARK: invalid mode: 0 [ 139.468422][ T10] usb 4-1: USB disconnect, device number 7 [ 139.542919][ T6663] fuse: Unknown parameter 'user_id00000000000000000000' [ 139.590298][ T980] usbhid 3-1:0.0: can't add hid device: -71 [ 139.627382][ T980] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 139.659386][ T980] usb 3-1: USB disconnect, device number 6 [ 139.706974][ T6665] xt_recent: Unsupported userspace flags (000000de) [ 139.831448][ T30] audit: type=1326 audit(1749029910.593:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6668 comm="syz.0.243" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4bc5d8e969 code=0x0 [ 140.440788][ T6691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.251'. [ 140.454221][ T6691] netlink: 12 bytes leftover after parsing attributes in process `syz.3.251'. [ 140.494542][ T6691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.251'. [ 140.524171][ T980] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 140.556661][ T6693] fuse: Unknown parameter 'user_id00000000000000000000' [ 140.682449][ T6697] FAULT_INJECTION: forcing a failure. [ 140.682449][ T6697] name failslab, interval 1, probability 0, space 0, times 0 [ 140.705240][ T980] usb 2-1: device descriptor read/64, error -71 [ 140.705891][ T6695] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 140.723908][ T6697] CPU: 0 UID: 0 PID: 6697 Comm: syz.2.254 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 140.723937][ T6697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.723950][ T6697] Call Trace: [ 140.723958][ T6697] [ 140.723967][ T6697] dump_stack_lvl+0x189/0x250 [ 140.724006][ T6697] ? __pfx____ratelimit+0x10/0x10 [ 140.724038][ T6697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.724072][ T6697] ? __pfx__printk+0x10/0x10 [ 140.724112][ T6697] should_fail_ex+0x414/0x560 [ 140.724150][ T6697] should_failslab+0xa8/0x100 [ 140.724177][ T6697] __kmalloc_cache_noprof+0x70/0x3d0 [ 140.724199][ T6697] ? sctp_add_bind_addr+0x8c/0x370 [ 140.724232][ T6697] sctp_add_bind_addr+0x8c/0x370 [ 140.724258][ T6697] sctp_copy_local_addr_list+0x30b/0x4e0 [ 140.724298][ T6697] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 140.724333][ T6697] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 140.724367][ T6697] ? sctp_v6_is_any+0x64/0x80 [ 140.724390][ T6697] ? sctp_copy_one_addr+0x93/0x360 [ 140.724414][ T6697] sctp_bind_addr_copy+0xb3/0x3c0 [ 140.724449][ T6697] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 140.724484][ T6697] sctp_connect_new_asoc+0x2e0/0x690 [ 140.724514][ T6697] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 140.724538][ T6697] ? __local_bh_enable_ip+0x12d/0x1c0 [ 140.724577][ T6697] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 140.724607][ T6697] ? security_sctp_bind_connect+0x7e/0x2e0 [ 140.724638][ T6697] sctp_sendmsg+0x155c/0x2810 [ 140.724678][ T6697] ? __pfx_sctp_sendmsg+0x10/0x10 [ 140.724707][ T6697] ? aa_sk_perm+0x81e/0x950 [ 140.724743][ T6697] ? __pfx_aa_sk_perm+0x10/0x10 [ 140.724777][ T6697] ? sock_rps_record_flow+0x19/0x410 [ 140.724813][ T6697] ? inet_sendmsg+0x2f4/0x370 [ 140.724850][ T6697] __sock_sendmsg+0x19c/0x270 [ 140.724886][ T6697] __sys_sendto+0x3bd/0x520 [ 140.724913][ T6697] ? __pfx___sys_sendto+0x10/0x10 [ 140.724932][ T6697] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 140.724979][ T6697] ? __fget_files+0x3a0/0x420 [ 140.725015][ T6697] ? ksys_write+0x22a/0x250 [ 140.725032][ T6697] ? __pfx_ksys_write+0x10/0x10 [ 140.725044][ T6697] ? rcu_is_watching+0x15/0xb0 [ 140.725061][ T6697] __x64_sys_sendto+0xde/0x100 [ 140.725080][ T6697] do_syscall_64+0xfa/0x3b0 [ 140.725102][ T6697] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.725122][ T6697] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.725137][ T6697] ? clear_bhb_loop+0x60/0xb0 [ 140.725155][ T6697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.725169][ T6697] RIP: 0033:0x7f185bd8e969 [ 140.725182][ T6697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.725194][ T6697] RSP: 002b:00007f185cc72038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 140.725217][ T6697] RAX: ffffffffffffffda RBX: 00007f185bfb5fa0 RCX: 00007f185bd8e969 [ 140.725228][ T6697] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 140.725237][ T6697] RBP: 00007f185cc72090 R08: 0000200000000080 R09: 000000000000001c [ 140.725247][ T6697] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 140.725255][ T6697] R13: 0000000000000000 R14: 00007f185bfb5fa0 R15: 00007f185c0dfa28 [ 140.725278][ T6697] [ 141.120056][ T6699] kvm: pic: non byte read [ 141.126348][ T6699] kvm: pic: level sensitive irq not supported [ 141.126450][ T6699] kvm: pic: non byte read [ 141.137569][ T6699] kvm: pic: level sensitive irq not supported [ 141.137642][ T6699] kvm: pic: non byte read [ 141.148728][ T6699] kvm: pic: level sensitive irq not supported [ 141.148805][ T6699] kvm: pic: non byte read [ 141.165453][ T6699] kvm: pic: level sensitive irq not supported [ 141.165606][ T6699] kvm: pic: non byte read [ 141.176708][ T6699] kvm: pic: level sensitive irq not supported [ 141.176784][ T6699] kvm: pic: non byte read [ 141.187720][ T6699] kvm: pic: level sensitive irq not supported [ 141.187796][ T6699] kvm: pic: non byte read [ 141.200843][ T6699] kvm: pic: level sensitive irq not supported [ 141.200936][ T6699] kvm: pic: non byte read [ 141.203981][ T980] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 141.207485][ T6699] kvm: pic: level sensitive irq not supported [ 141.219856][ T6699] kvm: pic: non byte read [ 141.231194][ T6699] kvm: pic: level sensitive irq not supported [ 141.231300][ T6699] kvm: pic: non byte read [ 141.242571][ T6699] kvm: pic: level sensitive irq not supported [ 141.334870][ T980] usb 2-1: device descriptor read/64, error -71 [ 141.524357][ T980] usb usb2-port1: attempt power cycle [ 141.666552][ T6717] random: crng reseeded on system resumption [ 141.863917][ T980] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 141.915241][ T980] usb 2-1: device descriptor read/8, error -71 [ 142.148326][ T6732] fuse: Unknown parameter 'user_id00000000000000000000' [ 142.164051][ T980] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 142.204779][ T980] usb 2-1: device descriptor read/8, error -71 [ 142.315986][ T980] usb usb2-port1: unable to enumerate USB device [ 142.494361][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 142.538944][ T6744] netlink: 'syz.2.270': attribute type 10 has an invalid length. [ 142.547047][ T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 142.560292][ T6744] team0: Device hsr_slave_0 failed to register rx_handler [ 142.692520][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 142.714607][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 142.722237][ T10] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 142.736687][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.742869][ T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.745250][ T10] usb 5-1: Product: syz [ 142.759652][ T10] usb 5-1: Manufacturer: syz [ 142.765088][ T10] usb 5-1: SerialNumber: syz [ 142.772938][ T10] usb 5-1: config 0 descriptor?? [ 142.781168][ T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.794564][ T10] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 142.798916][ T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=01ff, bcdDevice= 0.40 [ 142.811018][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.822243][ T43] usb 4-1: Product: syz [ 142.829348][ T43] usb 4-1: Manufacturer: syz [ 142.833985][ T5900] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 142.841997][ T43] usb 4-1: SerialNumber: syz [ 142.937348][ T6752] 8021q: VLANs not supported on caif0 [ 142.995582][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 143.032968][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.048059][ T5900] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 143.069318][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 143.083632][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 143.098509][ T5900] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 143.123438][ T5900] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 143.174512][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 143.202327][ T5900] usb 1-1: Product: syz [ 143.223647][ T5900] usb 1-1: Manufacturer: syz [ 143.242100][ T5900] usb 1-1: SerialNumber: syz [ 143.264275][ T5900] usb 1-1: config 0 descriptor?? [ 143.300462][ T6737] hfs: unable to load iocharset "io#harset" [ 143.319068][ T43] usb 4-1: 0:2 : does not exist [ 143.398500][ T43] usb 4-1: USB disconnect, device number 8 [ 143.489429][ T5900] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 143.522446][ T5900] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 143.564512][ T5916] udevd[5916]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.795289][ T6765] fuse: Bad value for 'fd' [ 143.933453][ T6772] netlink: 'syz.2.280': attribute type 10 has an invalid length. [ 143.956946][ T6774] netlink: 92 bytes leftover after parsing attributes in process `syz.0.271'. [ 144.032567][ T6771] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 144.095898][ T5900] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 144.108119][ T6772] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 144.111256][ T5900] radio-si470x 1-1:0.0: si470x_get_scratch: si470x_get_report returned -110 [ 144.129505][ T5900] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 144.132902][ T6772] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 144.154590][ T6772] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 144.232162][ T6778] random: crng reseeded on system resumption [ 144.399793][ T10] usb 5-1: USB disconnect, device number 9 [ 144.448033][ T5891] usb 1-1: USB disconnect, device number 12 [ 144.885978][ T43] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 144.930416][ T30] audit: type=1800 audit(1749029915.693:5): pid=6795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.289" name="bus" dev="tmpfs" ino=391 res=0 errno=0 [ 144.989833][ T6795] FAULT_INJECTION: forcing a failure. [ 144.989833][ T6795] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 145.044068][ T43] usb 2-1: device descriptor read/64, error -71 [ 145.095020][ T6795] CPU: 1 UID: 0 PID: 6795 Comm: syz.2.289 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 145.095050][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 145.095063][ T6795] Call Trace: [ 145.095071][ T6795] [ 145.095080][ T6795] dump_stack_lvl+0x189/0x250 [ 145.095118][ T6795] ? __pfx____ratelimit+0x10/0x10 [ 145.095149][ T6795] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.095182][ T6795] ? __pfx__printk+0x10/0x10 [ 145.095207][ T6795] ? fs_reclaim_acquire+0x7d/0x100 [ 145.095242][ T6795] should_fail_ex+0x414/0x560 [ 145.095280][ T6795] prepare_alloc_pages+0x213/0x610 [ 145.095315][ T6795] __alloc_frozen_pages_noprof+0x123/0x370 [ 145.095348][ T6795] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 145.095380][ T6795] ? __pfx_css_rstat_updated+0x10/0x10 [ 145.095415][ T6795] ? policy_nodemask+0x27c/0x720 [ 145.095444][ T6795] alloc_pages_mpol+0x232/0x4a0 [ 145.095473][ T6795] folio_alloc_mpol_noprof+0x39/0x70 [ 145.095498][ T6795] shmem_alloc_and_add_folio+0x447/0xf60 [ 145.095524][ T6795] ? filemap_get_entry+0xad/0x2f0 [ 145.095549][ T6795] ? filemap_get_entry+0xad/0x2f0 [ 145.095572][ T6795] ? filemap_get_entry+0xad/0x2f0 [ 145.095601][ T6795] ? shmem_huge_global_enabled+0x174/0x3a0 [ 145.095632][ T6795] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 145.095658][ T6795] ? shmem_allowable_huge_orders+0x19c/0x420 [ 145.095696][ T6795] shmem_get_folio_gfp+0x59d/0x1660 [ 145.095749][ T6795] shmem_fault+0x179/0x390 [ 145.095780][ T6795] __do_fault+0x135/0x390 [ 145.095807][ T6795] __handle_mm_fault+0x198b/0x5620 [ 145.095849][ T6795] ? __pfx___handle_mm_fault+0x10/0x10 [ 145.095893][ T6795] ? follow_page_pte+0x8d6/0x14b0 [ 145.095923][ T6795] handle_mm_fault+0x40a/0x8e0 [ 145.095955][ T6795] __get_user_pages+0x1af4/0x30b0 [ 145.096025][ T6795] ? __pfx___get_user_pages+0x10/0x10 [ 145.096055][ T6795] ? __gup_longterm_locked+0x1005/0x15b0 [ 145.096087][ T6795] ? down_read_killable+0x1d1/0x350 [ 145.096114][ T6795] __gup_longterm_locked+0x118a/0x15b0 [ 145.096174][ T6795] pin_user_pages_remote+0xd4/0x120 [ 145.096218][ T6795] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 145.096257][ T6795] ? down_read+0x1ad/0x2e0 [ 145.096279][ T6795] process_vm_rw+0x59e/0xb40 [ 145.096298][ T6795] ? get_pid_task+0x20/0x1f0 [ 145.096338][ T6795] ? __pfx_process_vm_rw+0x10/0x10 [ 145.096355][ T6795] ? rcu_read_lock_any_held+0xb3/0x120 [ 145.096410][ T6795] ? __pfx_vfs_write+0x10/0x10 [ 145.096455][ T6795] ? ksys_write+0x22a/0x250 [ 145.096478][ T6795] ? __pfx_ksys_write+0x10/0x10 [ 145.096495][ T6795] ? rcu_is_watching+0x15/0xb0 [ 145.096519][ T6795] __x64_sys_process_vm_writev+0xe0/0x100 [ 145.096546][ T6795] do_syscall_64+0xfa/0x3b0 [ 145.096576][ T6795] ? lockdep_hardirqs_on+0x9c/0x150 [ 145.096605][ T6795] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.096626][ T6795] ? clear_bhb_loop+0x60/0xb0 [ 145.096652][ T6795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.096672][ T6795] RIP: 0033:0x7f185bd8e969 [ 145.096690][ T6795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.096707][ T6795] RSP: 002b:00007f185cc72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 145.096729][ T6795] RAX: ffffffffffffffda RBX: 00007f185bfb5fa0 RCX: 00007f185bd8e969 [ 145.096745][ T6795] RDX: 000000000000002b RSI: 0000200000c22000 RDI: 00000000000000d8 [ 145.096758][ T6795] RBP: 00007f185cc72090 R08: 0000000000000001 R09: 0000000000000000 [ 145.096771][ T6795] R10: 0000200000c22fa0 R11: 0000000000000246 R12: 0000000000000002 [ 145.096784][ T6795] R13: 0000000000000000 R14: 00007f185bfb5fa0 R15: 00007f185c0dfa28 [ 145.096817][ T6795] [ 145.462122][ T6800] netlink: 20 bytes leftover after parsing attributes in process `syz.3.291'. [ 145.471746][ T6800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.291'. [ 145.695260][ T43] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 145.823935][ T43] usb 2-1: device descriptor read/64, error -71 [ 145.873893][ T5891] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 145.934133][ T43] usb usb2-port1: attempt power cycle [ 146.037988][ T5891] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 146.092862][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.101953][ T5891] usb 1-1: Product: syz [ 146.107861][ T5891] usb 1-1: Manufacturer: syz [ 146.114044][ T5891] usb 1-1: SerialNumber: syz [ 146.145753][ T5891] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 146.253182][ T10] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 146.294473][ T43] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 146.324755][ T43] usb 2-1: device descriptor read/8, error -71 [ 146.470854][ T6802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.542773][ T6802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.564095][ T6823] loop8: detected capacity change from 0 to 1 [ 146.584326][ T43] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 146.599583][ T6823] Dev loop8: unable to read RDB block 1 [ 146.610073][ T6823] loop8: unable to read partition table [ 146.624879][ T5893] usb 1-1: USB disconnect, device number 13 [ 146.641442][ T43] usb 2-1: device descriptor read/8, error -71 [ 146.648343][ T6823] loop8: partition table beyond EOD, truncated [ 146.664063][ T6823] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 146.768568][ T43] usb usb2-port1: unable to enumerate USB device [ 146.923958][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 146.992766][ T6830] random: crng reseeded on system resumption [ 147.134142][ T881] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 147.154072][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 147.167269][ T24] usb 3-1: config 0 has an invalid interface number: 186 but max is 0 [ 147.186271][ T24] usb 3-1: config 0 has no interface number 0 [ 147.192450][ T24] usb 3-1: config 0 interface 186 has no altsetting 0 [ 147.212689][ T24] usb 3-1: New USB device found, idVendor=12d1, idProduct=addf, bcdDevice=b2.7d [ 147.225588][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.237911][ T24] usb 3-1: Product: syz [ 147.242127][ T24] usb 3-1: Manufacturer: syz [ 147.246897][ T24] usb 3-1: SerialNumber: syz [ 147.255051][ T24] usb 3-1: config 0 descriptor?? [ 147.283912][ T881] usb 5-1: Using ep0 maxpacket: 16 [ 147.299835][ T881] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 147.309151][ T881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.319027][ T881] usb 5-1: Product: syz [ 147.323354][ T881] usb 5-1: Manufacturer: syz [ 147.328490][ T881] usb 5-1: SerialNumber: syz [ 147.346138][ T881] r8152-cfgselector 5-1: Unknown version 0x0000 [ 147.352460][ T881] r8152-cfgselector 5-1: config 0 descriptor?? [ 147.380381][ T10] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 147.413611][ T10] ath9k_htc: Failed to initialize the device [ 147.441719][ T5893] usb 1-1: ath9k_htc: USB layer deinitialized [ 147.483727][ T24] option 3-1:0.186: GSM modem (1-port) converter detected [ 147.529286][ T24] usb 3-1: USB disconnect, device number 7 [ 147.553081][ T24] option 3-1:0.186: device disconnected [ 147.579197][ T881] r8152-cfgselector 5-1: Needed 2 retries to read version [ 147.598178][ T881] r8152-cfgselector 5-1: Unknown version 0x0000 [ 147.606521][ T881] r8152-cfgselector 5-1: bad CDC descriptors [ 147.794209][ T10] r8152-cfgselector 5-1: USB disconnect, device number 10 [ 148.048588][ T6848] xt_recent: Unsupported userspace flags (000000de) [ 148.188023][ T6855] FAULT_INJECTION: forcing a failure. [ 148.188023][ T6855] name failslab, interval 1, probability 0, space 0, times 0 [ 148.201834][ T6854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.313'. [ 148.213412][ T6854] netlink: 12 bytes leftover after parsing attributes in process `syz.0.313'. [ 148.217374][ T6855] CPU: 0 UID: 0 PID: 6855 Comm: syz.3.314 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 148.217406][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.217421][ T6855] Call Trace: [ 148.217431][ T6855] [ 148.217441][ T6855] dump_stack_lvl+0x189/0x250 [ 148.217486][ T6855] ? __pfx____ratelimit+0x10/0x10 [ 148.217522][ T6855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.217560][ T6855] ? __pfx__printk+0x10/0x10 [ 148.217604][ T6855] should_fail_ex+0x414/0x560 [ 148.217648][ T6855] should_failslab+0xa8/0x100 [ 148.217686][ T6855] __kmalloc_cache_noprof+0x70/0x3d0 [ 148.217712][ T6855] ? sctp_add_bind_addr+0x8c/0x370 [ 148.217742][ T6855] sctp_add_bind_addr+0x8c/0x370 [ 148.217771][ T6855] sctp_copy_local_addr_list+0x30b/0x4e0 [ 148.217817][ T6855] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 148.217857][ T6855] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 148.217898][ T6855] ? sctp_v6_is_any+0x64/0x80 [ 148.217925][ T6855] ? sctp_copy_one_addr+0x93/0x360 [ 148.217953][ T6855] sctp_bind_addr_copy+0xb3/0x3c0 [ 148.217993][ T6855] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 148.218031][ T6855] sctp_connect_new_asoc+0x2e0/0x690 [ 148.218066][ T6855] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 148.218093][ T6855] ? __local_bh_enable_ip+0x12d/0x1c0 [ 148.218139][ T6855] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 148.218174][ T6855] ? security_sctp_bind_connect+0x7e/0x2e0 [ 148.218209][ T6855] sctp_sendmsg+0x155c/0x2810 [ 148.218253][ T6855] ? __pfx_sctp_sendmsg+0x10/0x10 [ 148.218285][ T6855] ? aa_sk_perm+0x81e/0x950 [ 148.218326][ T6855] ? __pfx_aa_sk_perm+0x10/0x10 [ 148.218363][ T6855] ? sock_rps_record_flow+0x19/0x410 [ 148.218404][ T6855] ? inet_sendmsg+0x2f4/0x370 [ 148.218446][ T6855] __sock_sendmsg+0x19c/0x270 [ 148.218488][ T6855] __sys_sendto+0x3bd/0x520 [ 148.218518][ T6855] ? __pfx___sys_sendto+0x10/0x10 [ 148.218540][ T6855] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 148.218594][ T6855] ? __fget_files+0x3a0/0x420 [ 148.218636][ T6855] ? ksys_write+0x22a/0x250 [ 148.218670][ T6855] ? __pfx_ksys_write+0x10/0x10 [ 148.218690][ T6855] ? rcu_is_watching+0x15/0xb0 [ 148.218719][ T6855] __x64_sys_sendto+0xde/0x100 [ 148.218751][ T6855] do_syscall_64+0xfa/0x3b0 [ 148.218786][ T6855] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.218820][ T6855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.218843][ T6855] ? clear_bhb_loop+0x60/0xb0 [ 148.218874][ T6855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.218896][ T6855] RIP: 0033:0x7f54fa58e969 [ 148.218918][ T6855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.218938][ T6855] RSP: 002b:00007f54fb4a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 148.218964][ T6855] RAX: ffffffffffffffda RBX: 00007f54fa7b5fa0 RCX: 00007f54fa58e969 [ 148.218982][ T6855] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 148.218996][ T6855] RBP: 00007f54fb4a3090 R08: 0000200000000080 R09: 000000000000001c [ 148.219012][ T6855] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 148.219027][ T6855] R13: 0000000000000000 R14: 00007f54fa7b5fa0 R15: 00007f54fa8dfa28 [ 148.219064][ T6855] [ 148.324325][ T6857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.313'. [ 148.424181][ T6858] netlink: 16 bytes leftover after parsing attributes in process `syz.2.315'. [ 148.690546][ T6862] random: crng reseeded on system resumption [ 148.837584][ T6867] process 'syz.4.318' launched './file0' with NULL argv: empty string added [ 149.346533][ T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 149.516548][ T10] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 149.550176][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.581278][ T10] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 149.600284][ T10] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 149.628350][ T10] usb 2-1: Manufacturer: syz [ 149.655881][ T10] usb 2-1: config 0 descriptor?? [ 149.754597][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 149.833896][ T10] rc_core: IR keymap rc-hauppauge not found [ 149.839995][ T10] Registered IR keymap rc-empty [ 149.847806][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 149.862172][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input9 [ 149.891420][ C0] igorplugusb 2-1:0.0: Error: urb status = -32 [ 149.908260][ T5893] usb 2-1: USB disconnect, device number 22 [ 149.917162][ T24] usb 3-1: device descriptor read/64, error -71 [ 150.086111][ T6893] fuse: Bad value for 'fd' [ 150.183955][ T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 150.335372][ T24] usb 3-1: device descriptor read/64, error -71 [ 150.464712][ T24] usb usb3-port1: attempt power cycle [ 150.740349][ T6916] random: crng reseeded on system resumption [ 150.823876][ T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 150.856524][ T24] usb 3-1: device descriptor read/8, error -71 [ 150.863877][ T5893] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 151.013990][ T5893] usb 4-1: Using ep0 maxpacket: 16 [ 151.037111][ T5893] usb 4-1: config 10 has an invalid interface number: 53 but max is 2 [ 151.051536][ T5893] usb 4-1: config 10 contains an unexpected descriptor of type 0x1, skipping [ 151.066561][ T5893] usb 4-1: config 10 has an invalid interface number: 170 but max is 2 [ 151.077131][ T5893] usb 4-1: config 10 contains an unexpected descriptor of type 0x2, skipping [ 151.088301][ T5893] usb 4-1: config 10 has an invalid interface number: 99 but max is 2 [ 151.098269][ T5893] usb 4-1: config 10 has no interface number 0 [ 151.107081][ T5893] usb 4-1: config 10 has no interface number 1 [ 151.113603][ T5893] usb 4-1: config 10 has no interface number 2 [ 151.120037][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 151.140739][ T5893] usb 4-1: config 10 interface 53 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 151.165429][ T24] usb 3-1: device descriptor read/8, error -71 [ 151.176287][ T5893] usb 4-1: config 10 interface 53 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 151.198051][ T5893] usb 4-1: config 10 interface 53 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 7 [ 151.205017][ T6922] 8021q: VLANs not supported on caif0 [ 151.212774][ T5893] usb 4-1: config 10 interface 53 altsetting 0 endpoint 0x6 has invalid maxpacket 8815, setting to 1024 [ 151.233501][ T5893] usb 4-1: config 10 interface 53 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 151.250727][ T5893] usb 4-1: config 10 interface 170 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 151.262076][ T5893] usb 4-1: config 10 interface 170 altsetting 0 has an endpoint descriptor with address 0x75, changing to 0x5 [ 151.277709][ T5893] usb 4-1: config 10 interface 170 altsetting 0 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 151.296827][ T24] usb usb3-port1: unable to enumerate USB device [ 151.304518][ T5893] usb 4-1: config 10 interface 170 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 151.318988][ T5893] usb 4-1: config 10 interface 170 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 151.340108][ T5893] usb 4-1: config 10 interface 170 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 151.352115][ T5893] usb 4-1: config 10 interface 99 altsetting 128 bulk endpoint 0xC has invalid maxpacket 1024 [ 151.370884][ T5893] usb 4-1: config 10 interface 99 altsetting 128 has a duplicate endpoint with address 0xE, skipping [ 151.382924][ T5893] usb 4-1: config 10 interface 99 altsetting 128 has an invalid descriptor for endpoint zero, skipping [ 151.398996][ T5893] usb 4-1: config 10 interface 99 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 151.410218][ T5893] usb 4-1: config 10 interface 99 altsetting 128 has a duplicate endpoint with address 0xF, skipping [ 151.425330][ T5893] usb 4-1: config 10 interface 99 altsetting 128 has a duplicate endpoint with address 0xE, skipping [ 151.440591][ T5893] usb 4-1: config 10 interface 99 has no altsetting 0 [ 151.453136][ T5893] usb 4-1: Dual-Role OTG device on HNP port [ 151.462074][ T5893] usb 4-1: New USB device found, idVendor=16d8, idProduct=6006, bcdDevice=37.22 [ 151.473029][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.500028][ T5893] usb 4-1: Product: ≞詫힥䊇닝〪嵤ऄ龄뷚ḫ으 [ 151.520431][ T5893] usb 4-1: Manufacturer: 蒥ꮋ瓩 [ 151.545899][ T5893] usb 4-1: SerialNumber: syz [ 151.784713][ T6928] netlink: 8 bytes leftover after parsing attributes in process `syz.4.342'. [ 151.811113][ T6928] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 152.010084][ T5893] option 4-1:10.53: GSM modem (1-port) converter detected [ 152.142255][ T5893] option 4-1:10.170: GSM modem (1-port) converter detected [ 152.218393][ T5893] option 4-1:10.99: GSM modem (1-port) converter detected [ 152.240761][ T6939] loop6: detected capacity change from 0 to 524287999 [ 152.274313][ T5893] usb 4-1: USB disconnect, device number 9 [ 152.314820][ T5916] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 152.325711][ T5893] option 4-1:10.53: device disconnected [ 152.381502][ T5893] option 4-1:10.170: device disconnected [ 152.392060][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 152.401152][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 152.421083][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 152.462444][ T5893] option 4-1:10.99: device disconnected [ 152.695135][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 152.704338][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 152.713264][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 152.803912][ T5893] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 152.978254][ T5893] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 153.001136][ T5893] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.030891][ T5893] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 153.084185][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 153.102182][ T5893] usb 4-1: config 1 has no interface number 0 [ 153.108653][ T5893] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 153.130040][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 153.140650][ T6964] random: crng reseeded on system resumption [ 153.188085][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.347'. [ 153.249438][ T5893] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 153.267295][ T5893] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 153.278126][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.286758][ T5893] usb 4-1: Product: syz [ 153.291093][ T5893] usb 4-1: Manufacturer: syz [ 153.296719][ T5893] usb 4-1: SerialNumber: syz [ 153.665887][ T5893] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 153.697272][ T5893] usb 4-1: USB disconnect, device number 10 [ 153.904031][ T5891] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 154.066125][ T5891] usb 5-1: Using ep0 maxpacket: 32 [ 154.088079][ T5891] usb 5-1: config 0 has an invalid descriptor of length 242, skipping remainder of the config [ 154.142232][ T6974] block device autoloading is deprecated and will be removed. [ 154.158548][ T6974] syz.1.355: attempt to access beyond end of device [ 154.158548][ T6974] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 154.227250][ T5891] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 154.274448][ T5891] usb 5-1: New USB device found, idVendor=0403, idProduct=603c, bcdDevice= 0.00 [ 154.283978][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.296909][ T5891] usb 5-1: config 0 descriptor?? [ 154.346740][ T5891] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 154.791345][ T6992] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 154.798908][ T6992] IPv6: NLM_F_CREATE should be set when creating new route [ 154.837161][ T6992] lo: entered allmulticast mode [ 154.848138][ T6992] tunl0: entered allmulticast mode [ 154.857762][ T6992] gre0: entered allmulticast mode [ 154.952695][ T6992] gretap0: entered allmulticast mode [ 155.059970][ T6992] erspan0: entered allmulticast mode [ 155.100265][ T6992] ip_vti0: entered allmulticast mode [ 155.122760][ T6992] ip6_vti0: entered allmulticast mode [ 155.123964][ T982] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 155.164984][ T6992] sit0: entered allmulticast mode [ 155.187845][ T6992] ip6tnl0: entered allmulticast mode [ 155.242834][ T6992] ip6gre0: entered allmulticast mode [ 155.333050][ T982] usb 3-1: config 0 has no interfaces? [ 155.364714][ T982] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 155.390504][ T6992] syz_tun: entered allmulticast mode [ 155.403028][ T982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.403735][ T6992] ip6gretap0: entered allmulticast mode [ 155.420823][ T982] usb 3-1: Product: syz [ 155.442397][ T6992] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.451383][ T6992] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.465416][ T982] usb 3-1: Manufacturer: syz [ 155.470102][ T982] usb 3-1: SerialNumber: syz [ 155.478204][ T982] usb 3-1: config 0 descriptor?? [ 155.490484][ T6992] bridge0: entered allmulticast mode [ 155.504259][ T6992] vcan0: entered allmulticast mode [ 155.513270][ T6992] bond0: entered allmulticast mode [ 155.518954][ T6992] bond_slave_0: entered allmulticast mode [ 155.527905][ T6992] bond_slave_1: entered allmulticast mode [ 155.543025][ T6992] team0: entered allmulticast mode [ 155.548811][ T6992] team_slave_0: entered allmulticast mode [ 155.559346][ T6992] team_slave_1: entered allmulticast mode [ 155.571724][ T6992] dummy0: entered allmulticast mode [ 155.609204][ T6992] nlmon0: entered allmulticast mode [ 155.622214][ T6992] caif0: entered allmulticast mode [ 155.640330][ T6992] batadv0: entered allmulticast mode [ 155.663370][ T6992] vxcan0: entered allmulticast mode [ 156.580415][ T6992] vxcan1: entered allmulticast mode [ 156.590703][ T6992] veth0: entered allmulticast mode [ 156.600885][ T6992] veth1: entered allmulticast mode [ 156.618129][ T6992] wg0: entered allmulticast mode [ 156.630840][ T6992] wg1: entered allmulticast mode [ 156.668135][ T43] usb 5-1: USB disconnect, device number 11 [ 156.748136][ T6992] wg2: entered allmulticast mode [ 156.762595][ T6992] veth0_to_bridge: entered allmulticast mode [ 156.792160][ T6992] veth1_to_bridge: entered allmulticast mode [ 156.808011][ T6992] veth0_to_bond: entered allmulticast mode [ 156.824295][ T6992] veth1_to_bond: entered allmulticast mode [ 156.836903][ T6992] veth0_to_team: entered allmulticast mode [ 156.847672][ T6992] veth1_to_team: entered allmulticast mode [ 156.866732][ T6992] veth0_to_batadv: entered allmulticast mode [ 156.880732][ T6992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.889009][ T6992] batadv_slave_0: entered allmulticast mode [ 156.903527][ T6992] veth1_to_batadv: entered allmulticast mode [ 156.915053][ T6992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 156.922989][ T6992] batadv_slave_1: entered allmulticast mode [ 156.934954][ T6992] xfrm0: entered allmulticast mode [ 156.943121][ T6992] veth0_to_hsr: entered allmulticast mode [ 156.955490][ T6992] hsr_slave_0: entered allmulticast mode [ 156.968383][ T6992] veth1_to_hsr: entered allmulticast mode [ 156.978777][ T6992] hsr_slave_1: entered allmulticast mode [ 156.988532][ T6992] hsr0: entered allmulticast mode [ 156.998263][ T6992] veth1_virt_wifi: entered allmulticast mode [ 157.011984][ T6992] veth0_virt_wifi: entered allmulticast mode [ 157.020872][ T6992] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 157.030977][ T6992] veth1_vlan: entered allmulticast mode [ 157.042580][ T6992] veth0_vlan: entered allmulticast mode [ 157.059401][ T6992] vlan0: entered allmulticast mode [ 157.068660][ T6992] vlan1: entered allmulticast mode [ 157.076468][ T6992] macvlan0: entered allmulticast mode [ 157.086270][ T6992] macvlan1: entered allmulticast mode [ 157.096232][ T6992] ipvlan0: entered allmulticast mode [ 157.101691][ T6992] ipvlan1: entered allmulticast mode [ 157.109137][ T6992] veth1_macvtap: entered allmulticast mode [ 157.123277][ T6992] veth0_macvtap: entered allmulticast mode [ 157.138792][ T6992] macvtap0: entered allmulticast mode [ 157.148052][ T6992] macsec0: entered allmulticast mode [ 157.160644][ T6992] geneve0: entered allmulticast mode [ 157.171060][ T6992] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.180800][ T6992] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.190503][ T6992] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.200477][ T6992] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.209988][ T6992] geneve1: entered allmulticast mode [ 157.221057][ T6992] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 157.237915][ T6992] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 157.248075][ T6992] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 157.259075][ T6992] netdevsim netdevsim3 netdevsim3: entered allmulticast mode [ 157.288817][ T6992] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 157.310444][ T6992] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 157.320678][ T6992] bridge1: entered allmulticast mode [ 157.331842][ T6992] vlan2: entered allmulticast mode [ 157.826917][ T7017] netlink: 'syz.3.368': attribute type 10 has an invalid length. [ 157.842713][ T7018] loop8: detected capacity change from 0 to 1 [ 157.858446][ T881] usb 3-1: USB disconnect, device number 12 [ 157.877326][ T7017] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.891580][ T7018] Dev loop8: unable to read RDB block 1 [ 157.912882][ T7017] bond0: (slave team0): Enslaving as an active interface with an up link [ 157.922971][ T7018] loop8: unable to read partition table [ 157.933300][ T7018] loop8: partition table beyond EOD, truncated [ 157.941573][ T7018] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 157.974015][ T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 158.175504][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 158.205196][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 158.217795][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.227737][ T10] usb 1-1: Product: syz [ 158.231928][ T10] usb 1-1: Manufacturer: syz [ 158.240481][ T7023] random: crng reseeded on system resumption [ 158.246706][ T10] usb 1-1: SerialNumber: syz [ 158.254902][ T10] usb 1-1: config 0 descriptor?? [ 158.585392][ T7031] __nla_validate_parse: 2 callbacks suppressed [ 158.585427][ T7031] netlink: 20 bytes leftover after parsing attributes in process `syz.0.366'. [ 158.602963][ T7031] netlink: 32 bytes leftover after parsing attributes in process `syz.0.366'. [ 158.676308][ T7039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.374'. [ 158.703042][ T7041] netlink: 'syz.0.375': attribute type 10 has an invalid length. [ 158.977534][ T10] usb 1-1: USB disconnect, device number 14 [ 159.056512][ T6241] udevd[6241]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 159.593390][ T7055] xt_CONNSECMARK: invalid mode: 0 [ 159.630411][ T7061] 8021q: VLANs not supported on nlmon0 [ 159.649634][ T7061] netlink: 'syz.3.385': attribute type 10 has an invalid length. [ 159.658478][ T7061] veth0_to_bond: left allmulticast mode [ 159.672792][ T7061] veth0_to_bond: entered allmulticast mode [ 159.681602][ T7061] team0: Port device veth0_to_bond added [ 159.844390][ T7064] xt_recent: Unsupported userspace flags (000000de) [ 159.949881][ T7066] random: crng reseeded on system resumption [ 160.101729][ T7073] FAULT_INJECTION: forcing a failure. [ 160.101729][ T7073] name failslab, interval 1, probability 0, space 0, times 0 [ 160.118480][ T7073] CPU: 0 UID: 0 PID: 7073 Comm: syz.3.390 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 160.118512][ T7073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.118526][ T7073] Call Trace: [ 160.118535][ T7073] [ 160.118543][ T7073] dump_stack_lvl+0x189/0x250 [ 160.118582][ T7073] ? __pfx____ratelimit+0x10/0x10 [ 160.118614][ T7073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.118648][ T7073] ? __pfx__printk+0x10/0x10 [ 160.118686][ T7073] should_fail_ex+0x414/0x560 [ 160.118726][ T7073] should_failslab+0xa8/0x100 [ 160.118752][ T7073] __kmalloc_cache_noprof+0x70/0x3d0 [ 160.118774][ T7073] ? sctp_add_bind_addr+0x8c/0x370 [ 160.118799][ T7073] sctp_add_bind_addr+0x8c/0x370 [ 160.118825][ T7073] sctp_copy_local_addr_list+0x30b/0x4e0 [ 160.118862][ T7073] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 160.118897][ T7073] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 160.118934][ T7073] ? sctp_v6_is_any+0x64/0x80 [ 160.118959][ T7073] ? sctp_copy_one_addr+0x93/0x360 [ 160.118983][ T7073] sctp_bind_addr_copy+0xb3/0x3c0 [ 160.119018][ T7073] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 160.119053][ T7073] sctp_connect_new_asoc+0x2e0/0x690 [ 160.119083][ T7073] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 160.119108][ T7073] ? __local_bh_enable_ip+0x12d/0x1c0 [ 160.119149][ T7073] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 160.119179][ T7073] ? security_sctp_bind_connect+0x7e/0x2e0 [ 160.119217][ T7073] sctp_sendmsg+0x155c/0x2810 [ 160.119255][ T7073] ? __pfx_sctp_sendmsg+0x10/0x10 [ 160.119284][ T7073] ? aa_sk_perm+0x81e/0x950 [ 160.119317][ T7073] ? __pfx_aa_sk_perm+0x10/0x10 [ 160.119355][ T7073] ? sock_rps_record_flow+0x19/0x410 [ 160.119392][ T7073] ? inet_sendmsg+0x2f4/0x370 [ 160.119428][ T7073] __sock_sendmsg+0x19c/0x270 [ 160.119487][ T7073] __sys_sendto+0x3bd/0x520 [ 160.119514][ T7073] ? __pfx___sys_sendto+0x10/0x10 [ 160.119534][ T7073] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 160.119582][ T7073] ? __fget_files+0x3a0/0x420 [ 160.119620][ T7073] ? ksys_write+0x22a/0x250 [ 160.119644][ T7073] ? __pfx_ksys_write+0x10/0x10 [ 160.119661][ T7073] ? rcu_is_watching+0x15/0xb0 [ 160.119688][ T7073] __x64_sys_sendto+0xde/0x100 [ 160.119716][ T7073] do_syscall_64+0xfa/0x3b0 [ 160.119749][ T7073] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.119779][ T7073] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.119801][ T7073] ? clear_bhb_loop+0x60/0xb0 [ 160.119827][ T7073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.119848][ T7073] RIP: 0033:0x7f54fa58e969 [ 160.119867][ T7073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.119886][ T7073] RSP: 002b:00007f54fb4a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 160.119910][ T7073] RAX: ffffffffffffffda RBX: 00007f54fa7b5fa0 RCX: 00007f54fa58e969 [ 160.119925][ T7073] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003 [ 160.119939][ T7073] RBP: 00007f54fb4a3090 R08: 0000200000000080 R09: 000000000000001c [ 160.119953][ T7073] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002 [ 160.119966][ T7073] R13: 0000000000000000 R14: 00007f54fa7b5fa0 R15: 00007f54fa8dfa28 [ 160.120000][ T7073] [ 160.455914][ T7076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.391'. [ 160.485432][ T7076] netlink: 12 bytes leftover after parsing attributes in process `syz.4.391'. [ 160.549050][ T7076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.391'. [ 160.628926][ T7078] xt_addrtype: ipv6 does not support BROADCAST matching [ 160.687694][ T7080] netlink: 16 bytes leftover after parsing attributes in process `syz.4.394'. [ 161.400280][ T7110] tipc: Started in network mode [ 161.410555][ T7110] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 161.422531][ T7110] tipc: Enabled bearer , priority 14 [ 161.511324][ T7114] netlink: 8 bytes leftover after parsing attributes in process `syz.4.405'. [ 161.550304][ T7119] netlink: 8 bytes leftover after parsing attributes in process `syz.2.408'. [ 161.572267][ T7114] netlink: 8 bytes leftover after parsing attributes in process `syz.4.405'. [ 161.577300][ T7119] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 161.597790][ T7119] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 161.776472][ T7126] random: crng reseeded on system resumption [ 162.024499][ T7136] 8021q: VLANs not supported on caif0 [ 162.126335][ T7141] FAULT_INJECTION: forcing a failure. [ 162.126335][ T7141] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 162.141024][ T7141] CPU: 1 UID: 0 PID: 7141 Comm: syz.2.413 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 162.141055][ T7141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.141068][ T7141] Call Trace: [ 162.141077][ T7141] [ 162.141086][ T7141] dump_stack_lvl+0x189/0x250 [ 162.141125][ T7141] ? __pfx____ratelimit+0x10/0x10 [ 162.141156][ T7141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.141189][ T7141] ? __pfx__printk+0x10/0x10 [ 162.141227][ T7141] should_fail_ex+0x414/0x560 [ 162.141264][ T7141] strncpy_from_user+0x36/0x290 [ 162.141299][ T7141] getname_flags+0xf3/0x540 [ 162.141329][ T7141] __x64_sys_execve+0x7a/0xb0 [ 162.141351][ T7141] do_syscall_64+0xfa/0x3b0 [ 162.141381][ T7141] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.141412][ T7141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.141433][ T7141] ? clear_bhb_loop+0x60/0xb0 [ 162.141459][ T7141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.141480][ T7141] RIP: 0033:0x7f185bd8e969 [ 162.141499][ T7141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.141518][ T7141] RSP: 002b:00007f185cc51038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 162.141541][ T7141] RAX: ffffffffffffffda RBX: 00007f185bfb6080 RCX: 00007f185bd8e969 [ 162.141556][ T7141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 162.141570][ T7141] RBP: 00007f185cc51090 R08: 0000000000000000 R09: 0000000000000000 [ 162.141583][ T7141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.141595][ T7141] R13: 0000000000000000 R14: 00007f185bfb6080 R15: 00007f185c0dfa28 [ 162.141636][ T7141] [ 162.312020][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.447188][ T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 162.467292][ T24] tipc: Node number set to 10136234 [ 162.607803][ T10] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 162.633261][ T10] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 162.658223][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.703124][ T10] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 162.784791][ T881] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 162.973892][ T881] usb 4-1: Using ep0 maxpacket: 32 [ 163.016135][ T881] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 163.046374][ T881] usb 4-1: config 0 interface 0 has no altsetting 0 [ 163.053066][ T881] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 163.066549][ T881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.086648][ T881] usb 4-1: config 0 descriptor?? [ 163.537762][ T7178] random: crng reseeded on system resumption [ 163.577669][ T7174] vim2m vim2m.0: vidioc_s_fmt queue busy [ 163.707457][ T7183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.716481][ T7183] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.726281][ T881] usbhid 4-1:0.0: can't add hid device: -71 [ 163.732357][ T881] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 163.765244][ T881] usb 4-1: USB disconnect, device number 11 [ 163.776323][ T10] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32 [ 163.804070][ T10] stv0680 2-1:4.0: STV(e): camera ping failed!! [ 163.840657][ T10] stv0680 2-1:4.0: last error: 0, command = 0x0 [ 164.303914][ T881] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 164.468527][ T881] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 164.479023][ T7202] netlink: 'syz.4.438': attribute type 10 has an invalid length. [ 164.482800][ T881] usb 3-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00 [ 164.501538][ T881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.523910][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 164.597943][ T7206] loop8: detected capacity change from 0 to 1 [ 164.608555][ T5890] Dev loop8: unable to read RDB block 1 [ 164.615130][ T5890] loop8: unable to read partition table [ 164.621532][ T5890] loop8: partition table beyond EOD, truncated [ 164.633571][ T7206] Dev loop8: unable to read RDB block 1 [ 164.641270][ T7206] loop8: unable to read partition table [ 164.647326][ T7206] loop8: partition table beyond EOD, truncated [ 164.660088][ T7206] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 164.701443][ T10] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 164.723874][ T10] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 164.744579][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 164.755409][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 164.769743][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 164.786087][ T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 164.795799][ T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 164.804297][ T10] usb 1-1: Product: syz [ 164.810842][ T10] usb 1-1: Manufacturer: syz [ 164.829786][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 164.845104][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 164.857764][ T10] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 164.864506][ T10] cdc_wdm 1-1:1.0: Unknown control protocol [ 165.340031][ T43] usb 2-1: USB disconnect, device number 23 [ 165.635508][ T10] usb 1-1: USB disconnect, device number 15 [ 166.212139][ T7232] netlink: 'syz.0.447': attribute type 10 has an invalid length. [ 166.280768][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 166.394309][ T7235] random: crng reseeded on system resumption [ 166.435700][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 166.598481][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 166.608762][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 166.620226][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=01ff, bcdDevice= 0.40 [ 166.629349][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.639162][ T24] usb 5-1: Product: syz [ 166.643394][ T24] usb 5-1: Manufacturer: syz [ 166.648210][ T24] usb 5-1: SerialNumber: syz [ 166.843545][ T7238] netlink: 264 bytes leftover after parsing attributes in process `syz.0.448'. [ 166.943071][ T7227] hfs: unable to load iocharset "io#harset" [ 166.962185][ T24] usb 5-1: 0:2 : does not exist [ 167.086531][ T24] usb 5-1: USB disconnect, device number 12 [ 167.131677][ T10] usb 3-1: USB disconnect, device number 13 [ 167.190050][ T5890] udevd[5890]: setting mode of /dev/snd/controlC3 to 020660 failed: No such file or directory [ 167.267222][ T5890] udevd[5890]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory [ 167.724230][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 167.746795][ T7254] xt_recent: Unsupported userspace flags (000000de) [ 167.887729][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 167.900925][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 167.911989][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 167.926962][ T10] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 167.943589][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 167.962533][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.971033][ T10] usb 4-1: Product: syz [ 167.975754][ T10] usb 4-1: Manufacturer: syz [ 167.980642][ T10] usb 4-1: SerialNumber: syz [ 168.195479][ T7250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.223400][ T7250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.256766][ T7263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.313579][ T7250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.364421][ T7263] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.378758][ T7250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.443044][ T10] cdc_ncm 4-1:1.0: skipping garbage [ 168.500968][ T10] cdc_ncm 4-1:1.0: skipping garbage [ 168.519140][ T10] cdc_ncm 4-1:1.0: skipping garbage [ 168.544047][ T10] cdc_ncm 4-1:1.0: invalid descriptor buffer length [ 168.553653][ T10] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 168.574073][ T10] cdc_ncm 4-1:1.0: bind() failure [ 169.155659][ T10] usb 4-1: USB disconnect, device number 12 [ 169.276419][ T7280] random: crng reseeded on system resumption [ 169.656337][ T980] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 169.873931][ T980] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 169.891671][ T980] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 169.908332][ T980] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 169.931732][ T980] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 169.956560][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.980044][ T980] usb 1-1: Product: syz [ 170.002459][ T980] usb 1-1: Manufacturer: syz [ 170.015878][ T980] usb 1-1: SerialNumber: syz [ 170.034664][ T980] hub 1-1:1.0: bad descriptor, ignoring hub [ 170.041254][ T980] hub 1-1:1.0: probe with driver hub failed with error -5 [ 170.253693][ T980] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 170.440677][ T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 170.703887][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 170.749326][ T980] usb 1-1: USB disconnect, device number 16 [ 170.778774][ T24] usb 5-1: config 252 has an invalid interface number: 32 but max is 0 [ 170.790064][ T24] usb 5-1: config 252 has no interface number 0 [ 170.797627][ T980] usblp0: removed [ 170.802909][ T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 170.813847][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.827508][ T7310] FAULT_INJECTION: forcing a failure. [ 170.827508][ T7310] name failslab, interval 1, probability 0, space 0, times 0 [ 170.842686][ T24] pvrusb2: Hardware description: Terratec Grabster AV400 [ 170.851223][ T7310] CPU: 1 UID: 0 PID: 7310 Comm: syz.1.473 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 170.851253][ T7310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.851266][ T7310] Call Trace: [ 170.851275][ T7310] [ 170.851284][ T7310] dump_stack_lvl+0x189/0x250 [ 170.851323][ T7310] ? __pfx____ratelimit+0x10/0x10 [ 170.851354][ T7310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.851387][ T7310] ? __pfx__printk+0x10/0x10 [ 170.851417][ T7310] ? __pfx___might_resched+0x10/0x10 [ 170.851435][ T7310] ? fs_reclaim_acquire+0x7d/0x100 [ 170.851466][ T7310] should_fail_ex+0x414/0x560 [ 170.851509][ T7310] should_failslab+0xa8/0x100 [ 170.851534][ T7310] kmem_cache_alloc_noprof+0x73/0x3c0 [ 170.851555][ T7310] ? alloc_empty_file+0x55/0x1d0 [ 170.851589][ T7310] alloc_empty_file+0x55/0x1d0 [ 170.851617][ T7310] path_openat+0x107/0x3830 [ 170.851685][ T7310] ? is_bpf_text_address+0x26/0x2b0 [ 170.851709][ T7310] ? kernel_text_address+0xa5/0xe0 [ 170.851737][ T7310] ? __pfx_path_openat+0x10/0x10 [ 170.851767][ T7310] ? unwind_get_return_address+0x4d/0x90 [ 170.851800][ T7310] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 170.851824][ T7310] ? arch_stack_walk+0xfc/0x150 [ 170.851861][ T7310] do_filp_open+0x1fa/0x410 [ 170.851890][ T7310] ? stack_depot_save_flags+0x40/0x900 [ 170.851927][ T7310] ? __pfx_do_filp_open+0x10/0x10 [ 170.851990][ T7310] ? do_open_execat+0x93/0x450 [ 170.852027][ T7310] do_open_execat+0x135/0x450 [ 170.852059][ T7310] ? __pfx_do_open_execat+0x10/0x10 [ 170.852107][ T7310] alloc_bprm+0x28/0x5b0 [ 170.852131][ T7310] do_execveat_common+0x1b3/0x6a0 [ 170.852165][ T7310] __x64_sys_execve+0x94/0xb0 [ 170.852187][ T7310] do_syscall_64+0xfa/0x3b0 [ 170.852218][ T7310] ? lockdep_hardirqs_on+0x9c/0x150 [ 170.852248][ T7310] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.852270][ T7310] ? clear_bhb_loop+0x60/0xb0 [ 170.852295][ T7310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.852316][ T7310] RIP: 0033:0x7f2cc298e969 [ 170.852335][ T7310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.852354][ T7310] RSP: 002b:00007f2cc3722038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 170.852376][ T7310] RAX: ffffffffffffffda RBX: 00007f2cc2bb6080 RCX: 00007f2cc298e969 [ 170.852392][ T7310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 170.852406][ T7310] RBP: 00007f2cc3722090 R08: 0000000000000000 R09: 0000000000000000 [ 170.852419][ T7310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.852432][ T7310] R13: 0000000000000000 R14: 00007f2cc2bb6080 R15: 00007f2cc2cdfa28 [ 170.852464][ T7310] [ 170.852853][ T24] pvrusb2: ********** [ 171.133146][ T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 171.143581][ T24] pvrusb2: Important functionality might not be entirely working. [ 171.151852][ T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 171.163431][ T24] pvrusb2: ********** [ 171.174612][ T2350] pvrusb2: Invalid write control endpoint [ 171.364226][ T980] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 171.376826][ T7294] pvrusb2: Invalid write control endpoint [ 171.392494][ T2350] pvrusb2: Invalid write control endpoint [ 171.400313][ T2350] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 171.413832][ T43] usb 5-1: USB disconnect, device number 13 [ 171.425676][ T2350] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 171.435243][ T2350] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 171.446127][ T2350] pvrusb2: Device being rendered inoperable [ 171.457835][ T2350] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 171.465775][ T2350] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 171.479770][ T2350] pvrusb2: Attached sub-driver cx25840 [ 171.485998][ T2350] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 171.500455][ T2350] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 171.559821][ T980] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 171.569938][ T980] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 171.580614][ T980] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 171.639089][ T980] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 171.648607][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.666878][ T980] usb 1-1: Product: syz [ 171.675471][ T980] usb 1-1: Manufacturer: syz [ 171.685244][ T980] usb 1-1: SerialNumber: syz [ 171.707909][ T980] hub 1-1:1.0: bad descriptor, ignoring hub [ 171.714120][ T980] hub 1-1:1.0: probe with driver hub failed with error -5 [ 171.933566][ T980] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 171.996281][ T980] usb 1-1: USB disconnect, device number 17 [ 172.124377][ T980] usblp0: removed [ 172.160699][ T7325] netlink: 'syz.1.474': attribute type 20 has an invalid length. [ 172.306013][ T7325] netlink: 12 bytes leftover after parsing attributes in process `syz.1.474'. [ 172.561538][ T7331] random: crng reseeded on system resumption [ 172.798764][ T7333] netlink: 'syz.2.480': attribute type 10 has an invalid length. [ 173.771299][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 173.827244][ T7354] netlink: 264 bytes leftover after parsing attributes in process `syz.1.489'. [ 173.985992][ T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 173.996069][ T24] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 174.019470][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 174.032888][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 174.045484][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 174.108021][ T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 174.119619][ T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 174.128305][ T24] usb 4-1: Product: syz [ 174.154234][ T24] usb 4-1: Manufacturer: syz [ 174.195513][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 174.201950][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 174.217287][ T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 174.236768][ T24] cdc_wdm 4-1:1.0: Unknown control protocol [ 174.509218][ T7364] xt_recent: Unsupported userspace flags (000000de) [ 174.904713][ T5891] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 175.064121][ T5891] usb 5-1: Using ep0 maxpacket: 16 [ 175.080052][ T5891] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.091748][ T5891] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 175.104137][ T5891] usb 5-1: New USB device found, idVendor=1d6b, idProduct=01ff, bcdDevice= 0.40 [ 175.113591][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.131001][ T5891] usb 5-1: Product: syz [ 175.139900][ T5891] usb 5-1: Manufacturer: syz [ 175.149134][ T5891] usb 5-1: SerialNumber: syz [ 175.163943][ T24] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 175.293955][ T24] usb 2-1: device descriptor read/64, error -71 [ 175.534217][ T24] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 175.663947][ T24] usb 2-1: device descriptor read/64, error -71 [ 175.706895][ T7366] hfs: unable to load iocharset "io#harset" [ 175.728183][ T5891] usb 5-1: 0:2 : does not exist [ 175.785712][ T24] usb usb2-port1: attempt power cycle [ 175.826049][ T5891] usb 5-1: USB disconnect, device number 14 [ 175.900717][ T5890] udevd[5890]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 176.153899][ T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 176.213231][ T24] usb 2-1: device descriptor read/8, error -71 [ 176.495262][ T24] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 176.541048][ T5900] usb 4-1: USB disconnect, device number 13 [ 176.553699][ T24] usb 2-1: device descriptor read/8, error -71 [ 176.704508][ T24] usb usb2-port1: unable to enumerate USB device [ 176.864665][ T7381] random: crng reseeded on system resumption [ 177.123291][ T7390] netlink: 'syz.2.501': attribute type 10 has an invalid length. [ 177.144967][ T7390] team0: Device hsr_slave_0 failed to register rx_handler [ 177.815782][ T7404] netlink: 12 bytes leftover after parsing attributes in process `syz.0.506'. [ 178.594364][ T7413] netlink: 'syz.1.507': attribute type 10 has an invalid length. [ 186.769139][ C0] sched: DL replenish lagged too much [ 194.624492][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.639435][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 216.023212][ T5846] Bluetooth: hci3: command 0x0406 tx timeout [ 216.048342][ T5846] Bluetooth: hci4: command 0x0406 tx timeout [ 216.064840][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 216.132241][ T5846] Bluetooth: hci0: command 0x0406 tx timeout [ 216.169848][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 237.687224][ T7418] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 255.974843][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.990174][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.604616][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.619308][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 353.147687][ T31] INFO: task kworker/0:5:5900 blocked for more than 148 seconds. [ 353.147712][ T31] Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 [ 353.147722][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 353.147731][ T31] task:kworker/0:5 state:D stack:22840 pid:5900 tgid:5900 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 353.147796][ T31] Workqueue: events_power_efficient reg_check_chans_work [ 353.147840][ T31] Call Trace: [ 353.147847][ T31] [ 353.147859][ T31] __schedule+0x16f5/0x4d00 [ 353.147898][ T31] ? schedule+0x165/0x360 [ 353.147923][ T31] ? __pfx___schedule+0x10/0x10 [ 353.147957][ T31] ? schedule+0x91/0x360 [ 353.147981][ T31] schedule+0x165/0x360 [ 353.148005][ T31] schedule_preempt_disabled+0x13/0x30 [ 353.148027][ T31] __mutex_lock+0x724/0xe80 [ 353.148053][ T31] ? __mutex_lock+0x51b/0xe80 [ 353.148082][ T31] ? reg_check_chans_work+0x164/0xf00 [ 353.148103][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 353.148126][ T31] ? lockdep_unlock+0x89/0x120 [ 353.148148][ T31] ? validate_chain+0x897/0x2140 [ 353.148176][ T31] reg_check_chans_work+0x164/0xf00 [ 353.148200][ T31] ? __lock_acquire+0xab9/0xd20 [ 353.148229][ T31] ? __pfx_reg_check_chans_work+0x10/0x10 [ 353.148249][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 353.148279][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 353.148300][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 353.148325][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 353.148351][ T31] process_scheduled_works+0xade/0x17b0 [ 353.148397][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 353.148435][ T31] worker_thread+0x8a0/0xda0 [ 353.148453][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 353.148482][ T31] ? __kthread_parkme+0x7b/0x200 [ 353.148506][ T31] kthread+0x711/0x8a0 [ 353.148527][ T31] ? __pfx_worker_thread+0x10/0x10 [ 353.148542][ T31] ? __pfx_kthread+0x10/0x10 [ 353.148562][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 353.148584][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.148606][ T31] ? __pfx_kthread+0x10/0x10 [ 353.148625][ T31] ret_from_fork+0x3f9/0x770 [ 353.148651][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 353.148679][ T31] ? __switch_to_asm+0x39/0x70 [ 353.148695][ T31] ? __switch_to_asm+0x33/0x70 [ 353.148711][ T31] ? __pfx_kthread+0x10/0x10 [ 353.148731][ T31] ret_from_fork_asm+0x1a/0x30 [ 353.148760][ T31] [ 353.148781][ T31] [ 353.148781][ T31] Showing all locks held in the system: [ 353.148788][ T31] 1 lock held by kthreadd/2: [ 353.148804][ T31] 3 locks held by kworker/0:0/9: [ 353.148813][ T31] 3 locks held by kworker/0:1/10: [ 353.148823][ T31] 4 locks held by kworker/u8:0/12: [ 353.148833][ T31] 3 locks held by kworker/u8:1/13: [ 353.148843][ T31] 1 lock held by kworker/R-mm_pe/14: [ 353.148852][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x88b/0xdd0 [ 353.148900][ T31] 3 locks held by kworker/1:0/24: [ 353.148910][ T31] 1 lock held by khungtaskd/31: [ 353.148920][ T31] #0: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 353.148962][ T31] 1 lock held by kcompactd0/34: [ 353.148972][ T31] 3 locks held by kworker/u8:2/36: [ 353.148982][ T31] 2 locks held by kworker/1:1/43: [ 353.148993][ T31] 3 locks held by kworker/u8:3/49: [ 353.149003][ T31] 3 locks held by kworker/u8:4/59: [ 353.149013][ T31] 3 locks held by kworker/u8:5/79: [ 353.149023][ T31] 3 locks held by kswapd0/87: [ 353.149035][ T31] 3 locks held by kworker/0:2/881: [ 353.149045][ T31] 3 locks held by kworker/1:2/980: [ 353.149055][ T31] 2 locks held by kworker/1:3/982: [ 353.149065][ T31] 3 locks held by kworker/u8:6/1097: [ 353.149076][ T31] 3 locks held by kworker/u8:7/1105: [ 353.149085][ T31] 3 locks held by kworker/u8:8/1146: [ 353.149095][ T31] 3 locks held by kworker/u8:9/1173: [ 353.149104][ T31] #0: ffff88814c4e2948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.149156][ T31] #1: ffffc90003cdfbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.149207][ T31] #2: ffffffff8f50ec88 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 353.149263][ T31] 1 lock held by kworker/R-mld/3175: [ 353.149272][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.149314][ T31] 2 locks held by kworker/R-bat_e/3406: [ 353.149324][ T31] 1 lock held by klogd/5196: [ 353.149334][ T31] 1 lock held by udevd/5207: [ 353.149343][ T31] 2 locks held by dhcpcd/5501: [ 353.149352][ T31] 4 locks held by dhcpcd/5502: [ 353.149361][ T31] 2 locks held by getty/5604: [ 353.149370][ T31] #0: ffff8880343610a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 353.149415][ T31] #1: ffffc90002fee2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 353.149468][ T31] 1 lock held by syz-executor/5827: [ 353.149478][ T31] 7 locks held by kworker/u9:2/5841: [ 353.149488][ T31] #0: ffff888025e56148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.149539][ T31] #1: ffffc9000438fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.149590][ T31] #2: ffff88807f770d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.149638][ T31] #3: ffff88807f770078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0 [ 353.149682][ T31] #4: ffffffff8f676ca8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 353.149726][ T31] #5: ffff8880274e9b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 353.149775][ T31] #6: ffffffff8e144b78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 353.149824][ T31] 5 locks held by kworker/u9:3/5843: [ 353.149833][ T31] #0: ffff888025e56948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.149883][ T31] #1: ffffc900043afbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.149934][ T31] #2: ffff888028928d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.149981][ T31] #3: ffff888028928078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0 [ 353.150023][ T31] #4: ffffffff8f879068 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560 [ 353.150068][ T31] 5 locks held by kworker/u9:5/5845: [ 353.150078][ T31] #0: ffff888031d1d948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.150127][ T31] #1: ffffc900043cfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.150178][ T31] #2: ffff888033620d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.150225][ T31] #3: ffff888033620078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0 [ 353.150268][ T31] #4: ffffffff8f676ca8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 353.150311][ T31] 4 locks held by kworker/0:3/5848: [ 353.150320][ T31] #0: ffff888141b44d48 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.150375][ T31] #1: ffffc900043ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.150440][ T31] #2: ffff888059c7d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 353.150492][ T31] #3: ffff8880560b2ad8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 353.150543][ T31] 2 locks held by syz-executor/5855: [ 353.150552][ T31] 3 locks held by syz-executor/5856: [ 353.150562][ T31] 1 lock held by syz-executor/5858: [ 353.150573][ T31] 1 lock held by kworker/R-wg-cr/5875: [ 353.150583][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.150624][ T31] 1 lock held by kworker/R-wg-cr/5879: [ 353.150634][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.150675][ T31] 1 lock held by kworker/R-wg-cr/5880: [ 353.150684][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.150725][ T31] 1 lock held by kworker/R-wg-cr/5882: [ 353.150736][ T31] 1 lock held by kworker/R-wg-cr/5884: [ 353.150745][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.150786][ T31] 1 lock held by kworker/R-wg-cr/5885: [ 353.150795][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.150841][ T31] 1 lock held by kworker/R-wg-cr/5887: [ 353.150851][ T31] #0: ffffffff8dfe5c08 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 353.150892][ T31] 3 locks held by kworker/0:4/5891: [ 353.150902][ T31] 3 locks held by kworker/1:4/5892: [ 353.150912][ T31] 3 locks held by kworker/1:5/5893: [ 353.150921][ T31] 3 locks held by kworker/1:6/5894: [ 353.150931][ T31] 4 locks held by kworker/0:5/5900: [ 353.150940][ T31] #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.150992][ T31] #1: ffffc90004647bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.151042][ T31] #2: ffffffff8f50ec88 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf00 [ 353.151086][ T31] #3: ffff888059b48768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x164/0xf00 [ 353.151130][ T31] 3 locks held by kworker/0:6/5905: [ 353.151140][ T31] 3 locks held by kworker/0:8/5945: [ 353.151151][ T31] 1 lock held by syz.2.504/7402: [ 353.151161][ T31] 6 locks held by syz.3.510/7422: [ 353.151171][ T31] 2 locks held by kworker/u8:10/7428: [ 353.151181][ T31] 3 locks held by kworker/u8:11/7430: [ 353.151190][ T31] 4 locks held by kworker/u8:12/7431: [ 353.151200][ T31] 4 locks held by kworker/u8:13/7432: [ 353.151209][ T31] #0: ffff888033fcd948 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.151264][ T31] #1: ffffc90004667bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.151316][ T31] #2: ffff888059d19308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 353.151366][ T31] #3: ffff888033ed34c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 353.151416][ T31] [ 353.151421][ T31] ============================================= [ 353.151421][ T31] [ 353.151440][ T31] NMI backtrace for cpu 0 [ 353.151455][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 353.151472][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.151481][ T31] Call Trace: [ 353.151487][ T31] [ 353.151493][ T31] dump_stack_lvl+0x189/0x250 [ 353.151516][ T31] ? __wake_up_klogd+0xd9/0x110 [ 353.151535][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.151559][ T31] ? __pfx__printk+0x10/0x10 [ 353.151584][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 353.151605][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 353.151621][ T31] ? _printk+0xcf/0x120 [ 353.151640][ T31] ? __pfx__printk+0x10/0x10 [ 353.151657][ T31] ? debug_show_all_locks+0x2e/0x180 [ 353.151669][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 353.151692][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 353.151716][ T31] watchdog+0xfee/0x1030 [ 353.151739][ T31] ? watchdog+0x1de/0x1030 [ 353.151765][ T31] kthread+0x711/0x8a0 [ 353.151784][ T31] ? __pfx_watchdog+0x10/0x10 [ 353.151812][ T31] ? __pfx_kthread+0x10/0x10 [ 353.151831][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 353.151850][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.151871][ T31] ? __pfx_kthread+0x10/0x10 [ 353.151888][ T31] ret_from_fork+0x3f9/0x770 [ 353.151912][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 353.151938][ T31] ? __switch_to_asm+0x39/0x70 [ 353.151952][ T31] ? __switch_to_asm+0x33/0x70 [ 353.151967][ T31] ? __pfx_kthread+0x10/0x10 [ 353.151984][ T31] ret_from_fork_asm+0x1a/0x30 [ 353.152011][ T31] [ 353.152016][ T31] Sending NMI from CPU 0 to CPUs 1: [ 353.152086][ C1] NMI backtrace for cpu 1 [ 353.152100][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 353.152121][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.152132][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 353.152159][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 75 23 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 353.152175][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2 [ 353.152191][ C1] RAX: 213553e07b0ee200 RBX: ffffffff81976078 RCX: 213553e07b0ee200 [ 353.152205][ C1] RDX: 0000000000000001 RSI: ffffffff8d979f2e RDI: ffffffff8be27240 [ 353.152217][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 353.152231][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0f5f0 [ 353.152244][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039dbb40 [ 353.152256][ C1] FS: 0000000000000000(0000) GS:ffff888125d5c000(0000) knlGS:0000000000000000 [ 353.152270][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 353.152282][ C1] CR2: 00007f24236d8457 CR3: 000000005cd5a000 CR4: 00000000003526f0 [ 353.152300][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 353.152310][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 353.152321][ C1] Call Trace: [ 353.152327][ C1] [ 353.152333][ C1] default_idle+0x13/0x20 [ 353.152349][ C1] default_idle_call+0x74/0xb0 [ 353.152367][ C1] do_idle+0x1e8/0x510 [ 353.152386][ C1] ? __pfx_do_idle+0x10/0x10 [ 353.152411][ C1] cpu_startup_entry+0x44/0x60 [ 353.152427][ C1] start_secondary+0x101/0x110 [ 353.152450][ C1] common_startup_64+0x13e/0x147 [ 353.152477][ C1] [ 353.153047][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 353.153060][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 353.153078][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 353.153087][ T31] Call Trace: [ 353.153093][ T31] [ 353.153100][ T31] dump_stack_lvl+0x99/0x250 [ 353.153125][ T31] ? __asan_memcpy+0x40/0x70 [ 353.153149][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.153173][ T31] ? __pfx__printk+0x10/0x10 [ 353.153199][ T31] panic+0x2db/0x790 [ 353.153234][ T31] ? __pfx_panic+0x10/0x10 [ 353.153257][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 353.153286][ T31] ? irq_work_queue+0xc3/0x140 [ 353.153315][ T31] watchdog+0x102d/0x1030 [ 353.153337][ T31] ? watchdog+0x1de/0x1030 [ 353.153363][ T31] kthread+0x711/0x8a0 [ 353.153383][ T31] ? __pfx_watchdog+0x10/0x10 [ 353.153402][ T31] ? __pfx_kthread+0x10/0x10 [ 353.153421][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 353.153440][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.153461][ T31] ? __pfx_kthread+0x10/0x10 [ 353.153478][ T31] ret_from_fork+0x3f9/0x770 [ 353.153502][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 353.153528][ T31] ? __switch_to_asm+0x39/0x70 [ 353.153543][ T31] ? __switch_to_asm+0x33/0x70 [ 353.153557][ T31] ? __pfx_kthread+0x10/0x10 [ 353.153576][ T31] ret_from_fork_asm+0x1a/0x30 [ 353.153603][ T31] [ 353.153976][ T31] Kernel Offset: disabled